diff options
| author | Anton Lindqvist <anton@basename.se> | 2019-06-08 09:38:33 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-06-08 10:13:59 +0200 |
| commit | 0159583c3bcfe4ece6b839712327cd955aabee66 (patch) | |
| tree | f74cffa931e65dbbd878d09dcd70442aa431e9a4 /sys/openbsd | |
| parent | cf9c3a505dd23f7f4e391c0c24c9a9d3b9b26385 (diff) | |
sys/openbsd: prevent using vio0 as a virtual multicast interface
One of the root causes to reported "lost connection to test machine" is
when the egress network interface is being used as a multicast
interface:
setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x66, &(0x7f0000000180)={0x2}, 0xc)
Prevent such syscalls from being generated by limiting the range of
allowed interface indices.
Diffstat (limited to 'sys/openbsd')
| -rw-r--r-- | sys/openbsd/gen/amd64.go | 4 | ||||
| -rw-r--r-- | sys/openbsd/socket_inet6.txt | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/sys/openbsd/gen/amd64.go b/sys/openbsd/gen/amd64.go index 68ebe113e..d82c59ca1 100644 --- a/sys/openbsd/gen/amd64.go +++ b/sys/openbsd/gen/amd64.go @@ -189,7 +189,7 @@ var structDescs_amd64 = []*KeyedStruct{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "mif6c_mifi", TypeSize: 2}}}, &FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "mif6c_flags", FldName: "mif6c_flags", TypeSize: 1}}, Vals: []uint64{1}, BitMask: true}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int8", FldName: "vifc_threshold", TypeSize: 1}}}, - &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "mif6c_pifi", TypeSize: 2}}}, + &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16", FldName: "mif6c_pifi", TypeSize: 2}}, Kind: 2, RangeBegin: 4, RangeEnd: 65535}, &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 2}}, IsPad: true}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "vifc_rate_limit", TypeSize: 4}}}, }}}, @@ -2970,4 +2970,4 @@ var consts_amd64 = []ConstValue{ {Name: "__MAP_NOREPLACE", Value: 2048}, } -const revision_amd64 = "046b8d64999817e17f0813efa9e374d2ee520a81" +const revision_amd64 = "6255253f9674826c8aeacb80503607f3c81dade2" diff --git a/sys/openbsd/socket_inet6.txt b/sys/openbsd/socket_inet6.txt index 48aef6b33..7eb456622 100644 --- a/sys/openbsd/socket_inet6.txt +++ b/sys/openbsd/socket_inet6.txt @@ -46,7 +46,9 @@ mif6ctl { mif6c_mifi int16 mif6c_flags flags[mif6c_flags, int8] vifc_threshold int8 - mif6c_pifi int16 +# Do not allow low interface indices since one of them is likely to be the +# egress interface vio0 used on GCE instances during fuzzing. + mif6c_pifi int16[4:0xffff] vifc_rate_limit int32 } |