Page MenuHomeFreeBSD

pf tests: Add test for max-src-states
ClosedPublic

Authored by vegeta_tuxpowered.net on Sep 28 2024, 8:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 15, 5:19 PM
Unknown Object (File)
Tue, Nov 12, 1:17 PM
Unknown Object (File)
Tue, Nov 12, 11:19 AM
Unknown Object (File)
Sun, Nov 10, 2:12 PM
Unknown Object (File)
Sun, Nov 10, 12:46 PM
Unknown Object (File)
Sat, Nov 9, 4:21 PM
Unknown Object (File)
Sat, Nov 9, 4:20 PM
Unknown Object (File)
Sat, Nov 9, 4:20 PM

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

Add test for another source, describe tests better, check for source nodes in order-independent manner.

tests/sys/netpfil/pf/src_track.sh
153

Shouldn't the third connection still succeed (because we set max-src-states 3)?

I haven't looked very closely at this yet, but that jumped out at me.

tests/sys/netpfil/pf/src_track.sh
153

That is how it works, pf stops creating new states after 2. I’ve looked at the code, it’s due to how struct pf_ksrc_node->states is abused for reference counting (or at least that is how I understand it). This counter is increased during source node creation and search, even before the state is really created. And then after increasing it’s compared using the >= operator.

I have a patch which fixes this and multiple other issues, mostly related to unlocked access to source nodes. I hope to upload it soon. All the patches im sending in the last days are picked from that big patch.

I can make another patch only to fix this off by one error, if you want it fixed separately.

This revision was not accepted when it landed; it landed in state Needs Review.Sep 30 2024, 9:06 AM
This revision was automatically updated to reflect the committed changes.