sys/openbsd: prevent using vio0 as a virtual multicast interface

One of the root causes to reported "lost connection to test machine" is when the egress network interface is being used as a multicast interface: setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x66, &(0x7f0000000180)={0x2}, 0xc) Prevent such syscalls from being generated by limiting the range of allowed interface indices.
author: Anton Lindqvist <anton@basename.se> 2019-06-08 09:38:33 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2019-06-08 10:13:59 +0200
commit: 0159583c3bcfe4ece6b839712327cd955aabee66 (patch)
tree: f74cffa931e65dbbd878d09dcd70442aa431e9a4 /sys/openbsd/socket_inet6.txt
parent: cf9c3a505dd23f7f4e391c0c24c9a9d3b9b26385 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/openbsd/socket_inet6.txt b/sys/openbsd/socket_inet6.txt
index 48aef6b33..7eb456622 100644
--- a/sys/openbsd/socket_inet6.txt
+++ b/sys/openbsd/socket_inet6.txt
@@ -46,7 +46,9 @@ mif6ctl {
 	mif6c_mifi	int16
 	mif6c_flags	flags[mif6c_flags, int8]
 	vifc_threshold	int8
-	mif6c_pifi	int16
+# Do not allow low interface indices since one of them is likely to be the
+# egress interface vio0 used on GCE instances during fuzzing.
+	mif6c_pifi	int16[4:0xffff]
 	vifc_rate_limit	int32
 }
author	Anton Lindqvist <anton@basename.se>	2019-06-08 09:38:33 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2019-06-08 10:13:59 +0200
commit	0159583c3bcfe4ece6b839712327cd955aabee66 (patch)
tree	f74cffa931e65dbbd878d09dcd70442aa431e9a4 /sys/openbsd/socket_inet6.txt
parent	cf9c3a505dd23f7f4e391c0c24c9a9d3b9b26385 (diff)