diff options
| author |   bluhm <bluhm@openbsd.org> | 2017-04-29 01:57:04 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2017-04-29 01:57:04 +0000 |
| commit | 542fa08729d78b4c23a476665cf8d5304ac5194f (patch) | |
| tree | d72b0a37c3ff8a06f95f5ce75eef1b6d92fda767 | |
| parent | sync (diff) | |
| download | wireguard-openbsd-542fa08729d78b4c23a476665cf8d5304ac5194f.tar.xz wireguard-openbsd-542fa08729d78b4c23a476665cf8d5304ac5194f.zip | |
Test that suslogd's UDP sockets bound to *.514 do not receive packets
if the -u insecure mode is not selected.
| -rw-r--r-- | regress/usr.sbin/syslogd/args-secure-udp.pl | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/regress/usr.sbin/syslogd/args-secure-udp.pl b/regress/usr.sbin/syslogd/args-secure-udp.pl new file mode 100644 index 00000000000..70e85d90d0b --- /dev/null +++ b/regress/usr.sbin/syslogd/args-secure-udp.pl @@ -0,0 +1,80 @@ +# The client writes messages to localhost IPv4 and IPv6 UDP socket. +# The syslogd does not receive them as it is started without -u. +# Check that client does send the message, but it is not in the file. +# Check with fstat that both *:514 sockets are bound. +# Check that there is no recvfrom localhost in syslogd ktrace. + +use strict; +use warnings; +use Socket; + +our %args = ( + client => { + connectaddr => "none", + redo => [ + { + domain => AF_INET, + addr => "127.0.0.1", + }, + { + domain => AF_INET, + addr => "127.0.0.1", + }, + { + domain => AF_INET6, + addr => "::1", + }, + ], + func => sub { + my $self = shift; + write_message($self, "client addr: ". $self->{connectaddr}); + if ($self->{cs}) { + # wait for possible icmp errors, port is open + sleep .1; + close($self->{cs}) + or die ref($self), " close failed: $!"; + }; + if (my $connect = shift @{$self->{redo}}) { + $self->{connectdomain} = $connect->{domain}; + $self->{connectaddr} = $connect->{addr}; + $self->{connectproto} = "udp"; + $self->{connectport} = "514"; + } else { + delete $self->{connectdomain}; + $self->{logsock} = { type => "native" }; + setlogsock($self->{logsock}) + or die ref($self), " setlogsock failed: $!"; + sleep .1; + write_log($self); + undef $self->{redo}; + } + }, + loggrep => { + qr/client addr:/ => 4, + get_testgrep() => 1, + } + }, + syslogd => { + options => [], + loghost => "/dev/null", + fstat => { + qr/^_syslogd syslogd .* internet6? dgram udp \*:514$/ => 2, + }, + ktrace => { + qr/127\.0\.0\.1/ => 0, + qr/\[::1\]/ => 0, + }, + }, + server => { + noserver => 1, + }, + file => { + loggrep => { + qr/client addr: none/ => 1, + qr/client addr:/ => 1, + get_testgrep() => 1, + } + }, +); + +1; |