Module Name: src
Committed By: riastradh
Date: Wed Oct 30 11:03:32 UTC 2024
Modified Files:
src/usr.sbin/npf/npftest: npftest.conf
src/usr.sbin/npf/npftest/libnpftest: npf_rule_test.c
Log Message:
npftest: Expand test cases to cover more compiler paths.
Cover masked ranges with full- and partial-word sizes.
PR bin/55403: npfctl miscompiles IPv6 rules
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/usr.sbin/npf/npftest/npftest.conf
cvs rdiff -u -r1.22 -r1.23 \
src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npftest/npftest.conf
diff -u src/usr.sbin/npf/npftest/npftest.conf:1.11 src/usr.sbin/npf/npftest/npftest.conf:1.12
--- src/usr.sbin/npf/npftest/npftest.conf:1.11 Wed Oct 30 10:12:32 2024
+++ src/usr.sbin/npf/npftest/npftest.conf Wed Oct 30 11:03:32 2024
@@ -1,4 +1,4 @@
-# $NetBSD: npftest.conf,v 1.11 2024/10/30 10:12:32 riastradh Exp $
+# $NetBSD: npftest.conf,v 1.12 2024/10/30 11:03:32 riastradh Exp $
$ext_if = "npftest0"
$int_if = "npftest1"
@@ -32,7 +32,7 @@ $net6_outer = 2001:db8:1::/48
# Example of multiple addresses with a common 32-bit word, taken from
# PR bin/55403: npfctl miscompiles IPv6 rules.
-$net6_pr55403 = { fe80::1, fe80::2 }
+$net6_pr55403 = { fe80::1, fe80::1000:0:0/95, fe80::2, fe80::2000:0:0/96, fe80::3, fe80::3000:0:0/97 }
$net_a = 10.100.0.0/16
$net_b = 10.255.0.0/16
Index: src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c
diff -u src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.22 src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.23
--- src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c:1.22 Wed Oct 30 10:12:32 2024
+++ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c Wed Oct 30 11:03:32 2024
@@ -53,47 +53,133 @@ static const struct test_case {
},
/*
- * Pass in any of the { fe80::1, fe80::2 } group.
+ * Pass in from any of the { fe80::1, fe80:1000:0:0/95,
+ * fe80::2, fe80::2000:0:0/96, fe80::3, fe80::3000:0:0/97 }
+ * group.
*/
- {
+ { /* fe80::1 */
.af = AF_INET6,
.src = "fe80::1", .dst = "fe80::adec:c91c:d116:7592",
.ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
- {
+ { /* fe80::1000:0:0/95 */
+ .af = AF_INET6,
+ .src = "fe80::1001:0:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::1000:0:0/95, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::1003:0:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ { /* fe80::2 */
.af = AF_INET6,
.src = "fe80::2", .dst = "fe80::adec:c91c:d116:7592",
.ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
- {
+ { /* fe80::2000:0:0/96 */
+ .af = AF_INET6,
+ .src = "fe80::2000:8000:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::2000:0:0/96, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::2001:8000:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ { /* fe80::3 */
.af = AF_INET6,
.src = "fe80::3", .dst = "fe80::adec:c91c:d116:7592",
.ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::3000:0:0/97 */
+ .af = AF_INET6,
+ .src = "fe80::3000:7fff:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::3000:0:0/97, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::3000:ffff:0", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ {
+ .af = AF_INET6,
+ .src = "fe80::4", .dst = "fe80::adec:c91c:d116:7592",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
},
/*
- * Pass in anything _not_ in the group { fe80::1, fe80::2 }, as
- * long as it is to that group.
+ * Pass in from anywhere _not_ in that group, as long as it is
+ * to that group.
*/
- {
+ { /* fe80::1 */
.af = AF_INET6,
.src = "fe80::adec:c91c:d116:7592", .dst = "fe80::1",
.ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
- {
+ { /* fe80::1000:0:0/95 */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::1001:0:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::1000:0:0/95, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::1003:0:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ { /* fe80::2 */
.af = AF_INET6,
.src = "fe80::adec:c91c:d116:7592", .dst = "fe80::2",
.ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_PASS, .ret = RESULT_PASS
},
- {
+ { /* fe80::2000:0:0/96 */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::2000:8000:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::2000:0:0/96, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::2001:8000:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ { /* fe80::3 */
.af = AF_INET6,
.src = "fe80::adec:c91c:d116:7592", .dst = "fe80::3",
.ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::3000:0:0/97 */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::3000:7fff:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_PASS, .ret = RESULT_PASS
+ },
+ { /* fe80::3000:0:0/97, one bit off */
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::3000:ffff:0",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
+ .stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
+ },
+ {
+ .af = AF_INET6,
+ .src = "fe80::adec:c91c:d116:7592", .dst = "fe80::4",
+ .ifname = IFNAME_INT, .di = PFIL_IN,
.stateful_ret = RESULT_BLOCK, .ret = RESULT_BLOCK
},
