Skip to content
Permalink
Browse files

executor: add support for tap interfaces on FreeBSD

  • Loading branch information...
tuexen authored and dvyukov committed Dec 1, 2018
1 parent d898856 commit 5a58167323289751602879a986a1b9f95531a31b
Showing with 70 additions and 5 deletions.
  1. +16 −2 executor/common_bsd.h
  2. +1 −1 executor/defs.h
  3. +3 −0 executor/syscalls.h
  4. +15 −1 pkg/csource/generated.go
  5. +1 −0 pkg/host/host_freebsd.go
  6. +20 −1 sys/freebsd/gen/amd64.go
  7. +14 −0 sys/freebsd/vnet.txt
@@ -33,6 +33,10 @@ static uintptr_t syz_open_pts(void)

#endif // SYZ_EXECUTOR || __NR_syz_open_pts

#endif // GOOS_openbsd

#if GOOS_freebsd || GOOS_openbsd

#if SYZ_EXECUTOR || SYZ_TUN_ENABLE

#include <fcntl.h>
@@ -115,6 +119,12 @@ static void initialize_tun(int tun_id)
snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id);

tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
#if GOOS_freebsd
if ((tunfd < 0) && (errno == ENOENT)) {
execute_command(0, "kldload -q if_tap");
tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
}
#endif
if (tunfd == -1) {
#if SYZ_EXECUTOR
fail("tun: can't open %s\n", tun_device);
@@ -188,7 +198,11 @@ struct tcp_resources {
uint32 ack;
};

#if GOOS_freebsd
#include <net/ethernet.h>
#else
#include <net/ethertypes.h>
#endif
#include <net/if.h>
#include <net/if_arp.h>
#include <netinet/in.h>
@@ -250,13 +264,13 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
return 0;
}
#endif
#endif // GOOS_openbsd
#endif // GOOS_freebsd || GOOS_openbsd

#if SYZ_EXECUTOR || SYZ_SANDBOX_NONE
static void loop();
static int do_sandbox_none(void)
{
#if GOOS_openbsd && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
initialize_tun(procid);
#endif
loop();
@@ -20,7 +20,7 @@

#if GOARCH_amd64
#define GOARCH "amd64"
#define SYZ_REVISION "fe257e9b1cf5311f7b1627e649739577c6308e26"
#define SYZ_REVISION "4929654e4c6f12c8222436a5269c97497bd7efee"
#define SYZ_EXECUTOR_USES_FORK_SERVER 1
#define SYZ_EXECUTOR_USES_SHMEM 1
#define SYZ_PAGE_SIZE 4096
@@ -472,7 +472,10 @@ const call_t syscalls[] = {
{"symlink", 57},
{"symlinkat", 502},
{"sync", 36},
{"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
{"syz_execute_func", 0, (syscall_t)syz_execute_func},
{"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
{"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
{"truncate", 479},
{"unlink", 10},
{"unlinkat", 503},
@@ -428,6 +428,10 @@ static uintptr_t syz_open_pts(void)
#endif
#endif
#if GOOS_freebsd || GOOS_openbsd
#if SYZ_EXECUTOR || SYZ_TUN_ENABLE
#include <fcntl.h>
@@ -500,6 +504,12 @@ static void initialize_tun(int tun_id)
snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id);
tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
#if GOOS_freebsd
if ((tunfd < 0) && (errno == ENOENT)) {
execute_command(0, "kldload -q if_tap");
tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
}
#endif
if (tunfd == -1) {
#if SYZ_EXECUTOR
fail("tun: can't open %s\n", tun_device);
@@ -570,7 +580,11 @@ struct tcp_resources {
uint32 ack;
};
#if GOOS_freebsd
#include <net/ethernet.h>
#else
#include <net/ethertypes.h>
#endif
#include <net/if.h>
#include <net/if_arp.h>
#include <netinet/in.h>
@@ -634,7 +648,7 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
static void loop();
static int do_sandbox_none(void)
{
#if GOOS_openbsd && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
initialize_tun(procid);
#endif
loop();
@@ -13,4 +13,5 @@ func isSupported(c *prog.Syscall, sandbox string) (bool, string) {

func init() {
checkFeature[FeatureCoverage] = unconditionallyEnabled
checkFeature[FeatureNetworkInjection] = unconditionallyEnabled
}
@@ -31,6 +31,7 @@ var resources_amd64 = []*ResourceDesc{
{Name: "sock_udp", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in", "sock_udp"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
{Name: "sock_udp6", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in6", "sock_udp6"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
{Name: "sock_unix", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_unix"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
{Name: "tcp_seq_num", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"tcp_seq_num"}, Values: []uint64{1094861636}},
{Name: "uid", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"uid"}, Values: []uint64{0, 18446744073709551615}},
}

@@ -529,6 +530,10 @@ var structDescs_amd64 = []*KeyedStruct{
&ResourceType{TypeCommon: TypeCommon{TypeName: "sock_tcp", FldName: "f0", TypeSize: 4, ArgDir: 1}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "sock_tcp", FldName: "f1", TypeSize: 4, ArgDir: 1}},
}}},
{Key: StructKey{Name: "tcp_resources", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "tcp_resources", TypeSize: 8, ArgDir: 1}, Fields: []Type{
&ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "seq", TypeSize: 4, ArgDir: 1}},
&ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "ack", TypeSize: 4, ArgDir: 1}},
}}},
{Key: StructKey{Name: "timespec"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "timespec", TypeSize: 16}, Fields: []Type{
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "sec", TypeSize: 8}}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "nsec", TypeSize: 8}}},
@@ -1876,9 +1881,23 @@ var syscalls_amd64 = []*Syscall{
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
}},
{NR: 36, Name: "sync", CallName: "sync"},
{Name: "syz_emit_ethernet", CallName: "syz_emit_ethernet", Args: []Type{
&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "packet"},
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}},
}},
{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
}},
{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "ack_inc", TypeSize: 4}}},
}},
{Name: "syz_extract_tcp_res$synack", CallName: "syz_extract_tcp_res", Args: []Type{
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "seq_inc", TypeSize: 8}}, Val: 1},
&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "ack_inc", TypeSize: 8}}},
}},
{NR: 479, Name: "truncate", CallName: "truncate", Args: []Type{
&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}},
@@ -2414,4 +2433,4 @@ var consts_amd64 = []ConstValue{
{Name: "WUNTRACED", Value: 2},
}

const revision_amd64 = "fe257e9b1cf5311f7b1627e649739577c6308e26"
const revision_amd64 = "4929654e4c6f12c8222436a5269c97497bd7efee"
@@ -5,6 +5,20 @@ include <sys/types.h>
include <sys/socket.h>
include <netinet/in.h>

syz_emit_ethernet(len len[packet], packet ptr[in, array[int8]])

resource tcp_seq_num[int32]: 0x41424344

tcp_resources {
seq tcp_seq_num
ack tcp_seq_num
}

# These pseudo syscalls read a packet from tap device and extract tcp sequence and acknowledgement numbers from it.
# They also adds the inc arguments to the returned values, this way sequence numbers get incremented.
syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32)
syz_extract_tcp_res$synack(res ptr[out, tcp_resources], seq_inc const[1], ack_inc const[0])

# This corresponds to LOCAL_IPV4 ("172.20.%d.170" % pid) in executor/common.h
ipv4_addr_local {
a0 const[0xac, int8]

0 comments on commit 5a58167

Please sign in to comment.
You can’t perform that action at this time.