From 0159583c3bcfe4ece6b839712327cd955aabee66 Mon Sep 17 00:00:00 2001
From: Anton Lindqvist <anton@basename.se>
Date: Sat, 8 Jun 2019 09:38:33 +0200
Subject: sys/openbsd: prevent using vio0 as a virtual multicast interface

One of the root causes to reported "lost connection to test machine" is
when the egress network interface is being used as a multicast
interface:

  setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0x66, &(0x7f0000000180)={0x2}, 0xc)

Prevent such syscalls from being generated by limiting the range of
allowed interface indices.
---
 sys/openbsd/socket_inet6.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/openbsd/socket_inet6.txt')

diff --git a/sys/openbsd/socket_inet6.txt b/sys/openbsd/socket_inet6.txt
index 48aef6b33..7eb456622 100644
--- a/sys/openbsd/socket_inet6.txt
+++ b/sys/openbsd/socket_inet6.txt
@@ -46,7 +46,9 @@ mif6ctl {
 	mif6c_mifi	int16
 	mif6c_flags	flags[mif6c_flags, int8]
 	vifc_threshold	int8
-	mif6c_pifi	int16
+# Do not allow low interface indices since one of them is likely to be the
+# egress interface vio0 used on GCE instances during fuzzing.
+	mif6c_pifi	int16[4:0xffff]
 	vifc_rate_limit	int32
 }
 
-- 
cgit mrf-deployment