sys/freebsd: Add pf ioctl()s

Tweak the building of the FreeBSD vm image to ensure pf is loaded at
startup, so that we can test it.

executor/defs.h

@@ -20,7 +20,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "f78432bae5c245e7b9b30dc20417edf7797ecce3"
+#define SYZ_REVISION "df0c7f110d9f80fc6efb916edd0244ecea6eeb9b"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096

executor/syscalls.h

@@ -423,6 +423,64 @@ const call_t syscalls[] = {
     {"getsockopt$sock_linger", 118},
     {"getsockopt$sock_timeval", 118},
     {"getuid", 24},
+    {"ioctl$DIOCADDADDR", 54},
+    {"ioctl$DIOCADDALTQV0", 54},
+    {"ioctl$DIOCADDALTQV1", 54},
+    {"ioctl$DIOCADDRULE", 54},
+    {"ioctl$DIOCADDSTATE", 54},
+    {"ioctl$DIOCBEGINADDRS", 54},
+    {"ioctl$DIOCCHANGEADDR", 54},
+    {"ioctl$DIOCCHANGEALTQV0", 54},
+    {"ioctl$DIOCCHANGEALTQV1", 54},
+    {"ioctl$DIOCCHANGERULE", 54},
+    {"ioctl$DIOCCLRIFFLAG", 54},
+    {"ioctl$DIOCCLRSTATES", 54},
+    {"ioctl$DIOCGETADDR", 54},
+    {"ioctl$DIOCGETADDRS", 54},
+    {"ioctl$DIOCGETALTQSV0", 54},
+    {"ioctl$DIOCGETALTQSV1", 54},
+    {"ioctl$DIOCGETALTQV0", 54},
+    {"ioctl$DIOCGETALTQV1", 54},
+    {"ioctl$DIOCGETLIMIT", 54},
+    {"ioctl$DIOCGETQSTATSV0", 54},
+    {"ioctl$DIOCGETQSTATSV1", 54},
+    {"ioctl$DIOCGETRULE", 54},
+    {"ioctl$DIOCGETRULES", 54},
+    {"ioctl$DIOCGETRULESET", 54},
+    {"ioctl$DIOCGETRULESETS", 54},
+    {"ioctl$DIOCGETSRCNODES", 54},
+    {"ioctl$DIOCGETSTATE", 54},
+    {"ioctl$DIOCGETSTATES", 54},
+    {"ioctl$DIOCGETSTATUS", 54},
+    {"ioctl$DIOCGETTIMEOUT", 54},
+    {"ioctl$DIOCIGETIFACES", 54},
+    {"ioctl$DIOCKILLSRCNODES", 54},
+    {"ioctl$DIOCKILLSTATES", 54},
+    {"ioctl$DIOCNATLOOK", 54},
+    {"ioctl$DIOCOSFPADD", 54},
+    {"ioctl$DIOCOSFPGET", 54},
+    {"ioctl$DIOCRADDADDRS", 54},
+    {"ioctl$DIOCRADDTABLES", 54},
+    {"ioctl$DIOCRCLRASTATS", 54},
+    {"ioctl$DIOCRCLRTABLES", 54},
+    {"ioctl$DIOCRCLRTSTATS", 54},
+    {"ioctl$DIOCRDELADDRS", 54},
+    {"ioctl$DIOCRDELTABLES", 54},
+    {"ioctl$DIOCRGETADDRS", 54},
+    {"ioctl$DIOCRGETASTATS", 54},
+    {"ioctl$DIOCRGETTABLES", 54},
+    {"ioctl$DIOCRGETTSTATS", 54},
+    {"ioctl$DIOCRINADEFINE", 54},
+    {"ioctl$DIOCRSETADDRS", 54},
+    {"ioctl$DIOCRSETTFLAGS", 54},
+    {"ioctl$DIOCRTSTADDRS", 54},
+    {"ioctl$DIOCSETIFFLAG", 54},
+    {"ioctl$DIOCSETLIMIT", 54},
+    {"ioctl$DIOCSETSTATUSIF", 54},
+    {"ioctl$DIOCSETTIMEOUT", 54},
+    {"ioctl$DIOCXBEGIN", 54},
+    {"ioctl$DIOCXCOMMIT", 54},
+    {"ioctl$DIOCXROLLBACK", 54},
     {"lchown", 254},
     {"link", 9},
     {"linkat", 495},
@@ -453,6 +511,7 @@ const call_t syscalls[] = {
     {"open", 5},
     {"open$dir", 5},
     {"openat", 499},
+    {"openat$ptmx", 499},
     {"pipe2", 542},
     {"poll", 209},
     {"ppoll", 545},

pkg/build/freebsd.go

@@ -64,6 +64,8 @@ sudo mount /dev/${md}p${partn} $tmpdir
 
 sudo MAKEOBJDIRPREFIX=%s make -C %s installkernel KERNCONF=%s DESTDIR=$tmpdir
 
+echo 'pf_load="YES"' | sudo tee -a /boot/loader.conf
+
 sudo umount $tmpdir
 sudo mdconfig -d -u ${md#md}
 `, objPrefix, kernelDir, confFile)

sys/freebsd/pf.txt

@@ -0,0 +1,120 @@
+## 
+
+include <sys/param.h>
+include <sys/socket.h>
+include <sys/cpuset.h>
+include <sys/lock.h>
+include <sys/rmlock.h>
+include <sys/mbuf.h>
+include <net/if.h>
+include <net/radix.h>
+include <net/vnet.h>
+include <netpfil/pf/pf.h>
+include <netpfil/pf/pf_mtag.h>
+
+include <net/pfvar.h>
+
+resource fd_pf[fd]
+
+openat$ptmx(fd const[AT_FDCWD], file ptr[in, string["/dev/pf"]], flags flags[open_flags], mode const[0]) fd_pf
+
+ioctl$DIOCADDRULE(fd fd_pf, cmd const[DIOCADDRULE], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULES(fd fd_pf, cmd const[DIOCGETRULES], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULE(fd fd_pf, cmd const[DIOCGETRULE], arg ptr[in, array[int8]])
+ioctl$DIOCCLRSTATES(fd fd_pf, cmd const[DIOCCLRSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCGETSTATE(fd fd_pf, cmd const[DIOCGETSTATE], arg ptr[in, array[int8]])
+ioctl$DIOCSETSTATUSIF(fd fd_pf, cmd const[DIOCSETSTATUSIF], arg ptr[in, pfioc_if])
+ioctl$DIOCGETSTATUS(fd fd_pf, cmd const[DIOCGETSTATUS], arg ptr[in, array[int8]])
+ioctl$DIOCNATLOOK(fd fd_pf, cmd const[DIOCNATLOOK], arg ptr[in, array[int8]])
+ioctl$DIOCGETSTATES(fd fd_pf, cmd const[DIOCGETSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGERULE(fd fd_pf, cmd const[DIOCCHANGERULE], arg ptr[in, array[int8]])
+ioctl$DIOCSETTIMEOUT(fd fd_pf, cmd const[DIOCSETTIMEOUT], arg ptr[in, pfioc_tm])
+ioctl$DIOCGETTIMEOUT(fd fd_pf, cmd const[DIOCGETTIMEOUT], arg ptr[in, pfioc_tm])
+ioctl$DIOCADDSTATE(fd fd_pf, cmd const[DIOCADDSTATE], arg ptr[in, array[int8]])
+ioctl$DIOCGETLIMIT(fd fd_pf, cmd const[DIOCGETLIMIT], arg ptr[in, pfioc_limit])
+ioctl$DIOCSETLIMIT(fd fd_pf, cmd const[DIOCSETLIMIT], arg ptr[in, pfioc_limit])
+ioctl$DIOCKILLSTATES(fd fd_pf, cmd const[DIOCKILLSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCADDALTQV0(fd fd_pf, cmd const[DIOCADDALTQV0], arg ptr[in, array[int8]])
+ioctl$DIOCADDALTQV1(fd fd_pf, cmd const[DIOCADDALTQV1], arg ptr[in, array[int8]])
+ioctl$DIOCGETALTQSV0(fd fd_pf, cmd const[DIOCGETALTQSV0], arg ptr[in, array[int8]])
+ioctl$DIOCGETALTQSV1(fd fd_pf, cmd const[DIOCGETALTQSV1], arg ptr[in, array[int8]])
+ioctl$DIOCGETALTQV0(fd fd_pf, cmd const[DIOCGETALTQV0], arg ptr[in, array[int8]])
+ioctl$DIOCGETALTQV1(fd fd_pf, cmd const[DIOCGETALTQV1], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGEALTQV0(fd fd_pf, cmd const[DIOCCHANGEALTQV0], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGEALTQV1(fd fd_pf, cmd const[DIOCCHANGEALTQV1], arg ptr[in, array[int8]])
+ioctl$DIOCGETQSTATSV0(fd fd_pf, cmd const[DIOCGETQSTATSV0], arg ptr[in, array[int8]])
+ioctl$DIOCGETQSTATSV1(fd fd_pf, cmd const[DIOCGETQSTATSV1], arg ptr[in, array[int8]])
+ioctl$DIOCBEGINADDRS(fd fd_pf, cmd const[DIOCBEGINADDRS], arg ptr[in, array[int8]])
+ioctl$DIOCADDADDR(fd fd_pf, cmd const[DIOCADDADDR], arg ptr[in, array[int8]])
+ioctl$DIOCGETADDRS(fd fd_pf, cmd const[DIOCGETADDRS], arg ptr[in, array[int8]])
+ioctl$DIOCGETADDR(fd fd_pf, cmd const[DIOCGETADDR], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGEADDR(fd fd_pf, cmd const[DIOCCHANGEADDR], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULESETS(fd fd_pf, cmd const[DIOCGETRULESETS], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULESET(fd fd_pf, cmd const[DIOCGETRULESET], arg ptr[in, array[int8]])
+ioctl$DIOCRCLRTABLES(fd fd_pf, cmd const[DIOCRCLRTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRADDTABLES(fd fd_pf, cmd const[DIOCRADDTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRDELTABLES(fd fd_pf, cmd const[DIOCRDELTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETTABLES(fd fd_pf, cmd const[DIOCRGETTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETTSTATS(fd fd_pf, cmd const[DIOCRGETTSTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRCLRTSTATS(fd fd_pf, cmd const[DIOCRCLRTSTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRSETTFLAGS(fd fd_pf, cmd const[DIOCRSETTFLAGS], arg ptr[in, pfioc_table])
+ioctl$DIOCRADDADDRS(fd fd_pf, cmd const[DIOCRADDADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRDELADDRS(fd fd_pf, cmd const[DIOCRDELADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRSETADDRS(fd fd_pf, cmd const[DIOCRSETADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETADDRS(fd fd_pf, cmd const[DIOCRGETADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRTSTADDRS(fd fd_pf, cmd const[DIOCRTSTADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETASTATS(fd fd_pf, cmd const[DIOCRGETASTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRCLRASTATS(fd fd_pf, cmd const[DIOCRCLRASTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRINADEFINE(fd fd_pf, cmd const[DIOCRINADEFINE], arg ptr[in, pfioc_table])
+ioctl$DIOCOSFPADD(fd fd_pf, cmd const[DIOCOSFPADD], arg ptr[in, array[int8]])
+ioctl$DIOCOSFPGET(fd fd_pf, cmd const[DIOCOSFPGET], arg ptr[in, array[int8]])
+ioctl$DIOCXBEGIN(fd fd_pf, cmd const[DIOCXBEGIN], arg ptr[in, array[int8]])
+ioctl$DIOCXCOMMIT(fd fd_pf, cmd const[DIOCXCOMMIT], arg ptr[in, array[int8]])
+ioctl$DIOCXROLLBACK(fd fd_pf, cmd const[DIOCXROLLBACK], arg ptr[in, array[int8]])
+ioctl$DIOCGETSRCNODES(fd fd_pf, cmd const[DIOCGETSRCNODES], arg ptr[in, array[int8]])
+ioctl$DIOCIGETIFACES(fd fd_pf, cmd const[DIOCIGETIFACES], arg ptr[in, pfioc_iface])
+ioctl$DIOCSETIFFLAG(fd fd_pf, cmd const[DIOCSETIFFLAG], arg ptr[in, pfioc_iface])
+ioctl$DIOCCLRIFFLAG(fd fd_pf, cmd const[DIOCCLRIFFLAG], arg ptr[in, pfioc_iface])
+ioctl$DIOCKILLSRCNODES(fd fd_pf, cmd const[DIOCKILLSRCNODES], arg ptr[in, array[int8]])
+
+pfioc_if {
+	ifname	int8[IFNAMSIZ]
+}
+
+pfioc_tm {
+	timeout	int32
+	seconds	int32
+}
+
+pfioc_limit {
+	index	int32
+	limit	int32
+}
+
+pfr_table {
+	pfrt_anchor	array[int8, MAXPATHLEN]
+	pfrt_name	array[int8, PF_TABLE_NAME_SIZE]
+	pfrt_flags	int32
+	pfrt_fback	int8
+}
+
+pfioc_table {
+	pfrio_table	pfr_table
+	pfrio_buffer	ptr[in, array[int8]]
+	pfrio_esize	int64
+	pfrio_size	int64
+	pfrio_size2	int64
+	pfrio_nadd	int64
+	pfrio_ndel	int64
+	pfrio_nchange	int64
+	pfrio_flags	int64
+	pfrio_ticket	int32
+}
+
+pfioc_iface {
+	pfiio_name	int8[IFNAMSIZ]
+	pfiio_buffer	ptr[in, array[int8]]
+	pfiio_esize	int32
+	pfiio_size	int32
+	pfiio_flags	int32
+}

sys/freebsd/pf_amd64.const

@@ -0,0 +1,73 @@
+# AT_FDCWD is not set
+DIOCADDRULE = 3420472324
+DIOCGETRULES = 3420472326
+DIOCGETRULE = 3420472327
+DIOCCLRSTATES = 3235922962
+DIOCGETSTATE = 3237102611
+DIOCSETSTATUSIF = 3222291476
+DIOCGETSTATUS = 3248505877
+DIOCCLRSTATUS = 536888342
+DIOCNATLOOK = 3226223639
+DIOCSETDEBUG = 3221505048
+DIOCGETSTATES = 3222291481
+DIOCCHANGERULE = 3420472346
+DIOCSETTIMEOUT = 3221767197
+DIOCGETTIMEOUT = 3221767198
+DIOCADDSTATE = 3237102629
+DIOCCLRRULECTRS = 536888358
+DIOCGETLIMIT = 3221767207
+DIOCSETLIMIT = 3221767208
+DIOCKILLSTATES = 3235922985
+DIOCSTARTALTQ = 536888362
+DIOCSTOPALTQ = 536888363
+DIOCADDALTQV0 = 3238020141
+DIOCADDALTQV1 = 3241165869
+DIOCGETALTQSV0 = 3238020143
+DIOCGETALTQSV1 = 3241165871
+DIOCGETALTQV0 = 3238020144
+DIOCGETALTQV1 = 3241165872
+DIOCCHANGEALTQV0 = 3238020145
+DIOCCHANGEALTQV1 = 3241165873
+DIOCGETQSTATSV0 = 3222815794
+DIOCGETQSTATSV1 = 3223340082
+DIOCBEGINADDRS = 3295691827
+DIOCADDADDR = 3295691828
+DIOCGETADDRS = 3295691829
+DIOCGETADDR = 3295691830
+DIOCCHANGEADDR = 3295691831
+DIOCGETRULESETS = 3292808250
+DIOCGETRULESET = 3292808251
+DIOCRCLRTABLES = 3293594684
+DIOCRADDTABLES = 3293594685
+DIOCRDELTABLES = 3293594686
+DIOCRGETTABLES = 3293594687
+DIOCRGETTSTATS = 3293594688
+DIOCRCLRTSTATS = 3293594689
+DIOCRCLRADDRS = 3293594690
+DIOCRADDADDRS = 3293594691
+DIOCRDELADDRS = 3293594692
+DIOCRSETADDRS = 3293594693
+DIOCRGETADDRS = 3293594694
+DIOCRGETASTATS = 3293594695
+DIOCRCLRASTATS = 3293594696
+DIOCRTSTADDRS = 3293594697
+DIOCRSETTFLAGS = 3293594698
+DIOCRINADEFINE = 3293594699
+DIOCOSFPFLUSH = 536888398
+DIOCOSFPADD = 3230155855
+DIOCOSFPGET = 3230155856
+DIOCXBEGIN = 3222291537
+DIOCXCOMMIT = 3222291538
+DIOCXROLLBACK = 3222291539
+DIOCGETSRCNODES = 3222291540
+DIOCCLRSRCNODES = 536888405
+DIOCSETHOSTID = 3221505110
+DIOCIGETIFACES = 3223864407
+DIOCSETIFFLAG = 3223864409
+DIOCCLRIFFLAG = 3223864410
+DIOCKILLSRCNODES = 3229631579
+MAXPATHLEN = 1024
+PF_TABLE_NAME_SIZE = 32
+IFNAMSIZ = 16
+SYS_ioctl = 54
+SYS_openat = 499

sys/freebsd/socket_inet6_amd64.const

@@ -33,28 +33,6 @@ IPV6_RTHDRDSTOPTS = 35
 IPV6_TCLASS = 61
 IPV6_UNICAST_HOPS = 4
 IPV6_V6ONLY = 27
-LINUX_AF_INET6 = 10
-LINUX_IPV6_CHECKSUM = 7
-LINUX_IPV6_DONTFRAG = 62
-LINUX_IPV6_DSTOPTS = 59
-LINUX_IPV6_HOPLIMIT = 52
-LINUX_IPV6_HOPOPTS = 54
-LINUX_IPV6_MULTICAST_HOPS = 18
-LINUX_IPV6_MULTICAST_IF = 17
-LINUX_IPV6_MULTICAST_LOOP = 19
-LINUX_IPV6_NEXTHOP = 9
-LINUX_IPV6_PATHMTU = 61
-LINUX_IPV6_PKTINFO = 50
-LINUX_IPV6_RECVDSTOPTS = 58
-LINUX_IPV6_RECVHOPLIMIT = 51
-LINUX_IPV6_RECVHOPOPTS = 53
-LINUX_IPV6_RECVPATHMTU = 60
-LINUX_IPV6_RECVPKTINFO = 49
-LINUX_IPV6_RECVRTHDR = 56
-LINUX_IPV6_RTHDR = 57
-LINUX_IPV6_RTHDRDSTOPTS = 55
-LINUX_IPV6_UNICAST_HOPS = 16
-LINUX_IPV6_V6ONLY = 26
 MCAST_BLOCK_SOURCE = 84
 MCAST_JOIN_GROUP = 80
 MCAST_JOIN_SOURCE_GROUP = 82

sys/freebsd/socket_unix_amd64.const

@@ -1,14 +1,7 @@
 # AUTOGENERATED FILE
 AF_UNIX = 1
 AF_UNSPEC = 0
-LINUX_AF_UNIX = 1
-LINUX_AF_UNSPEC = 0
 LINUX_SCM_CREDENTIALS = 2
-LINUX_SCM_RIGHTS = 1
-LINUX_SOCK_DGRAM = 2
-LINUX_SOCK_SEQPACKET = 5
-LINUX_SOCK_STREAM = 1
-LINUX_SOL_SOCKET = 1
 SCM_RIGHTS = 1
 SOCK_DGRAM = 2
 SOCK_SEQPACKET = 5