2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2020 Netflix, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/socket.h>
35 #include <sys/sysctl.h>
37 #include <netinet/in.h>
48 #define SYSCTLBAKFILE "tmp.net.inet.ip.portrange.randomized"
51 * Check if port allocation is randomized. If so, update it. Save the old
52 * value of the sysctl so it can be updated later.
55 disable_random_ports(void)
57 int error, fd, random_new, random_save;
61 * Pre-emptively unlink our restoration file, so we will do no
62 * restoration on error.
64 unlink(SYSCTLBAKFILE);
67 * Disable the net.inet.ip.portrange.randomized sysctl. Save the
68 * old value so we can restore it, if necessary.
71 sysctlsz = sizeof(random_save);
72 error = sysctlbyname("net.inet.ip.portrange.randomized", &random_save,
73 &sysctlsz, &random_new, sizeof(random_new));
75 warn("sysctlbyname(\"net.inet.ip.portrange.randomized\") "
77 atf_tc_skip("Unable to set sysctl");
79 if (sysctlsz != sizeof(random_save)) {
80 fprintf(stderr, "Error: unexpected sysctl value size "
81 "(expected %zu, actual %zu)\n", sizeof(random_save),
86 /* Open the backup file, write the contents, and close it. */
87 fd = open(SYSCTLBAKFILE, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL,
90 warn("error opening sysctl backup file");
93 error = write(fd, &random_save, sizeof(random_save));
95 warn("error writing saved value to sysctl backup file");
96 goto cleanup_and_restore;
98 if (error != (int)sizeof(random_save)) {
100 "Error writing saved value to sysctl backup file: "
101 "(expected %zu, actual %d)\n", sizeof(random_save), error);
102 goto cleanup_and_restore;
106 warn("error closing sysctl backup file");
109 (void)unlink(SYSCTLBAKFILE);
111 (void)sysctlbyname("net.inet.ip.portrange.randomized", NULL,
112 NULL, &random_save, sysctlsz);
113 atf_tc_skip("Error setting sysctl");
118 * Restore the sysctl value from the backup file and delete the backup file.
121 restore_random_ports(void)
123 int error, fd, random_save;
125 /* Open the backup file, read the contents, close it, and delete it. */
126 fd = open(SYSCTLBAKFILE, O_RDONLY);
128 warn("error opening sysctl backup file");
131 error = read(fd, &random_save, sizeof(random_save));
133 warn("error reading saved value from sysctl backup file");
136 if (error != (int)sizeof(random_save)) {
138 "Error reading saved value from sysctl backup file: "
139 "(expected %zu, actual %d)\n", sizeof(random_save), error);
144 warn("error closing sysctl backup file");
145 error = unlink(SYSCTLBAKFILE);
147 warn("error removing sysctl backup file");
149 /* Restore the saved sysctl value. */
150 error = sysctlbyname("net.inet.ip.portrange.randomized", NULL, NULL,
151 &random_save, sizeof(random_save));
153 warn("sysctlbyname(\"net.inet.ip.portrange.randomized\") "
154 "failed while restoring value");
158 * Given a domain and sockaddr, open a listening socket with automatic port
159 * selection. Then, try to connect 64K times. Ensure the connected socket never
160 * uses an overlapping port.
163 connect_loop(int domain, const struct sockaddr *addr)
166 struct sockaddr saddr;
167 struct sockaddr_in saddr4;
168 struct sockaddr_in6 saddr6;
171 int asock, csock, error, i, lsock;
172 const struct linger lopt = { 1, 0 };
175 * Disable the net.inet.ip.portrange.randomized sysctl. Assuming an
176 * otherwise idle system, this makes the kernel try all possible
177 * ports sequentially and makes it more likely it will try the
178 * port on which we have a listening socket.
180 disable_random_ports();
182 /* Setup the listen socket. */
183 lsock = socket(domain, SOCK_STREAM, 0);
184 ATF_REQUIRE_MSG(lsock >= 0, "socket() for listen socket failed: %s",
186 error = bind(lsock, addr, addr->sa_len);
187 ATF_REQUIRE_MSG(error == 0, "bind() failed: %s", strerror(errno));
188 error = listen(lsock, 1);
189 ATF_REQUIRE_MSG(error == 0, "listen() failed: %s", strerror(errno));
192 * Get the address of the listen socket, which will be the destination
193 * address for our connection attempts.
195 salen = sizeof(su_srvr);
196 error = getsockname(lsock, &su_srvr.saddr, &salen);
197 ATF_REQUIRE_MSG(error == 0,
198 "getsockname() for listen socket failed: %s",
200 ATF_REQUIRE_MSG(salen == (domain == PF_INET ?
201 sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)),
202 "unexpected sockaddr size");
203 ATF_REQUIRE_MSG(su_srvr.saddr.sa_len == (domain == PF_INET ?
204 sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)),
205 "unexpected sa_len size");
207 /* Open 64K connections in a loop. */
208 for (i = 0; i < 65536; i++) {
209 csock = socket(domain, SOCK_STREAM, 0);
210 ATF_REQUIRE_MSG(csock >= 0,
211 "socket() for client socket %d failed: %s",
214 error = connect(csock, &su_srvr.saddr, su_srvr.saddr.sa_len);
215 ATF_REQUIRE_MSG(error == 0,
216 "connect() for client socket %d failed: %s",
219 error = setsockopt(csock, SOL_SOCKET, SO_LINGER, &lopt,
221 ATF_REQUIRE_MSG(error == 0,
222 "Setting linger for client socket %d failed: %s",
225 /* Ascertain the client socket address. */
226 salen = sizeof(su_clnt);
227 error = getsockname(csock, &su_clnt.saddr, &salen);
228 ATF_REQUIRE_MSG(error == 0,
229 "getsockname() for client socket %d failed: %s",
231 ATF_REQUIRE_MSG(salen == (domain == PF_INET ?
232 sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6)),
233 "unexpected sockaddr size for client socket %d", i);
235 /* Ensure the ports do not match. */
238 ATF_REQUIRE_MSG(su_clnt.saddr4.sin_port !=
239 su_srvr.saddr4.sin_port,
240 "client socket %d using the same port as server",
244 ATF_REQUIRE_MSG(su_clnt.saddr6.sin6_port !=
245 su_srvr.saddr6.sin6_port,
246 "client socket %d using the same port as server",
251 /* Accept the socket and close both ends. */
252 asock = accept(lsock, NULL, NULL);
253 ATF_REQUIRE_MSG(asock >= 0,
254 "accept() failed for client socket %d: %s",
257 error = close(asock);
258 ATF_REQUIRE_MSG(error == 0,
259 "close() failed for accepted socket %d: %s",
262 error = close(csock);
263 ATF_REQUIRE_MSG(error == 0,
264 "close() failed for client socket %d: %s",
269 ATF_TC_WITH_CLEANUP(basic_ipv4);
270 ATF_TC_HEAD(basic_ipv4, tc)
273 atf_tc_set_md_var(tc, "require.user", "root");
274 atf_tc_set_md_var(tc, "require.config", "allow_sysctl_side_effects");
275 atf_tc_set_md_var(tc, "descr",
276 "Check automatic local port assignment during TCP connect calls");
279 ATF_TC_BODY(basic_ipv4, tc)
281 struct sockaddr_in saddr4;
283 memset(&saddr4, 0, sizeof(saddr4));
284 saddr4.sin_len = sizeof(saddr4);
285 saddr4.sin_family = AF_INET;
286 saddr4.sin_port = htons(0);
287 saddr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
289 connect_loop(PF_INET, (const struct sockaddr *)&saddr4);
292 ATF_TC_CLEANUP(basic_ipv4, tc)
295 restore_random_ports();
298 ATF_TC_WITH_CLEANUP(basic_ipv6);
299 ATF_TC_HEAD(basic_ipv6, tc)
302 atf_tc_set_md_var(tc, "require.user", "root");
303 atf_tc_set_md_var(tc, "require.config", "allow_sysctl_side_effects");
304 atf_tc_set_md_var(tc, "descr",
305 "Check automatic local port assignment during TCP connect calls");
308 ATF_TC_BODY(basic_ipv6, tc)
310 struct sockaddr_in6 saddr6;
312 memset(&saddr6, 0, sizeof(saddr6));
313 saddr6.sin6_len = sizeof(saddr6);
314 saddr6.sin6_family = AF_INET6;
315 saddr6.sin6_port = htons(0);
316 saddr6.sin6_addr = in6addr_loopback;
318 connect_loop(PF_INET6, (const struct sockaddr *)&saddr6);
321 ATF_TC_CLEANUP(basic_ipv6, tc)
324 restore_random_ports();
329 ATF_TP_ADD_TC(tp, basic_ipv4);
330 ATF_TP_ADD_TC(tp, basic_ipv6);
332 return (atf_no_error());