etc/protocols - sync with NetBSD-8
[minix.git] / tests / net / bpfilter / t_bpfilter.c
blob460b43e62d9bac406fbfc13ae360d3f5d490240b
1 /* $NetBSD: t_bpfilter.c,v 1.10 2015/02/11 23:39:07 alnsn Exp $ */
3 /*-
4 * Copyright (c) 2012 The NetBSD Foundation, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
27 #include <sys/cdefs.h>
28 __RCSID("$NetBSD: t_bpfilter.c,v 1.10 2015/02/11 23:39:07 alnsn Exp $");
30 #include <sys/param.h>
31 #include <sys/ioctl.h>
32 #include <sys/socket.h>
33 #include <sys/mbuf.h>
34 #include <sys/sysctl.h>
35 #include <sys/mman.h>
36 #include <sys/wait.h>
37 #include <unistd.h>
39 #include <net/if.h>
40 #include <net/if_ether.h>
41 #include <net/bpf.h>
43 #include <fcntl.h>
44 #include <stdint.h>
45 #include <stdio.h>
46 #include <string.h>
48 #include <rump/rump.h>
49 #include <rump/rump_syscalls.h>
51 /* XXX: atf-c.h has collisions with mbuf */
52 #undef m_type
53 #undef m_data
54 #include <atf-c.h>
56 #include "../../h_macros.h"
57 #include "../config/netconfig.c"
60 #define SNAPLEN UINT32_MAX
62 #define BMAGIC UINT32_C(0x37)
63 #define HMAGIC UINT32_C(0xc2c2)
64 #define WMAGIC UINT32_C(0x7d7d7d7d)
66 static const char magic_echo_reply_tail[7] = {
67 BMAGIC,
68 HMAGIC & 0xff,
69 HMAGIC & 0xff,
70 WMAGIC & 0xff,
71 WMAGIC & 0xff,
72 WMAGIC & 0xff,
73 WMAGIC & 0xff
77 * Match ICMP_ECHOREPLY packet with 7 magic bytes at the end.
79 static struct bpf_insn magic_echo_reply_prog[] = {
80 BPF_STMT(BPF_LD+BPF_ABS+BPF_B,
81 sizeof(struct ip) + offsetof(struct icmp, icmp_type)),
82 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ICMP_ECHOREPLY, 1, 0),
83 BPF_STMT(BPF_RET+BPF_K, 0),
85 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), /* A <- len */
86 BPF_STMT(BPF_ALU+BPF_SUB+BPF_K, 7), /* A <- A - 7 */
87 BPF_STMT(BPF_MISC+BPF_TAX, 0), /* X <- A */
89 BPF_STMT(BPF_LD+BPF_IND+BPF_B, 0),
90 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BMAGIC, 1, 0),
91 BPF_STMT(BPF_RET+BPF_K, 0),
93 BPF_STMT(BPF_LD+BPF_IND+BPF_H, 1),
94 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, HMAGIC, 1, 0),
95 BPF_STMT(BPF_RET+BPF_K, 0),
97 BPF_STMT(BPF_LD+BPF_IND+BPF_W, 3),
98 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, WMAGIC, 1, 0),
99 BPF_STMT(BPF_RET+BPF_K, 0),
101 BPF_STMT(BPF_RET+BPF_K, SNAPLEN)
104 static struct bpf_insn badmem_prog[] = {
105 BPF_STMT(BPF_LD+BPF_MEM, 5),
106 BPF_STMT(BPF_RET+BPF_A, 0),
109 static struct bpf_insn noinitA_prog[] = {
110 BPF_STMT(BPF_RET+BPF_A, 0),
113 static struct bpf_insn noinitX_prog[] = {
114 BPF_STMT(BPF_MISC+BPF_TXA, 0),
115 BPF_STMT(BPF_RET+BPF_A, 0),
118 static struct bpf_insn badjmp_prog[] = {
119 BPF_STMT(BPF_JMP+BPF_JA, 5),
120 BPF_STMT(BPF_RET+BPF_A, 0),
123 static struct bpf_insn negjmp_prog[] = {
124 BPF_STMT(BPF_JMP+BPF_JA, 0),
125 BPF_STMT(BPF_JMP+BPF_JA, UINT32_MAX - 1), // -2
126 BPF_STMT(BPF_RET+BPF_A, 0),
129 static struct bpf_insn badret_prog[] = {
130 BPF_STMT(BPF_RET+BPF_A+0x8000, 0),
133 static uint16_t
134 in_cksum(void *data, size_t len)
136 uint16_t *buf = data;
137 unsigned sum;
139 for (sum = 0; len > 1; len -= 2)
140 sum += *buf++;
141 if (len)
142 sum += *(uint8_t *)buf;
144 sum = (sum >> 16) + (sum & 0xffff);
145 sum += (sum >> 16);
147 return ~sum;
151 * Based on netcfg_rump_pingtest().
153 static bool __unused
154 pingtest(const char *dst, unsigned int wirelen, const char tail[7])
156 struct timeval tv;
157 struct sockaddr_in sin;
158 struct icmp *icmp;
159 char *pkt;
160 unsigned int pktsize;
161 socklen_t slen;
162 int s;
163 bool rv = false;
165 if (wirelen < ETHER_HDR_LEN + sizeof(struct ip))
166 return false;
168 pktsize = wirelen - ETHER_HDR_LEN - sizeof(struct ip);
169 if (pktsize < sizeof(struct icmp) + 7)
170 return false;
172 s = rump_sys_socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
173 if (s == -1)
174 return false;
176 pkt = NULL;
178 tv.tv_sec = 1;
179 tv.tv_usec = 0;
180 if (rump_sys_setsockopt(s, SOL_SOCKET, SO_RCVTIMEO,
181 &tv, sizeof(tv)) == -1)
182 goto out;
184 memset(&sin, 0, sizeof(sin));
185 sin.sin_len = sizeof(sin);
186 sin.sin_family = AF_INET;
187 sin.sin_addr.s_addr = inet_addr(dst);
189 pkt = calloc(1, pktsize);
190 icmp = (struct icmp *)pkt;
191 if (pkt == NULL)
192 goto out;
194 memcpy(pkt + pktsize - 7, tail, 7);
195 icmp->icmp_type = ICMP_ECHO;
196 icmp->icmp_id = htons(37);
197 icmp->icmp_seq = htons(1);
198 icmp->icmp_cksum = in_cksum(pkt, pktsize);
200 slen = sizeof(sin);
201 if (rump_sys_sendto(s, pkt, pktsize, 0,
202 (struct sockaddr *)&sin, slen) == -1) {
203 goto out;
206 if (rump_sys_recvfrom(s, pkt, pktsize, 0,
207 (struct sockaddr *)&sin, &slen) == -1)
208 goto out;
210 rv = true;
211 out:
212 if (pkt != NULL)
213 free(pkt);
214 rump_sys_close(s);
215 return rv;
218 static void
219 magic_ping_test(const char *name, unsigned int wirelen)
221 struct bpf_program prog;
222 struct bpf_stat bstat;
223 struct ifreq ifr;
224 struct timeval tv;
225 unsigned int bufsize;
226 bool pinged;
227 ssize_t n;
228 char *buf;
229 pid_t child;
230 int bpfd;
231 char token;
232 int channel[2];
234 struct bpf_hdr *hdr;
236 RL(pipe(channel));
238 prog.bf_len = __arraycount(magic_echo_reply_prog);
239 prog.bf_insns = magic_echo_reply_prog;
241 child = fork();
242 RZ(rump_init());
243 netcfg_rump_makeshmif(name, ifr.ifr_name);
245 switch (child) {
246 case -1:
247 atf_tc_fail_errno("fork failed");
248 case 0:
249 netcfg_rump_if(ifr.ifr_name, "10.1.1.10", "255.0.0.0");
250 close(channel[0]);
251 ATF_CHECK(write(channel[1], "U", 1) == 1);
252 close(channel[1]);
253 pause();
254 return;
255 default:
256 break;
259 netcfg_rump_if(ifr.ifr_name, "10.1.1.20", "255.0.0.0");
261 RL(bpfd = rump_sys_open("/dev/bpf", O_RDONLY));
263 tv.tv_sec = 0;
264 tv.tv_usec = 500;
265 RL(rump_sys_ioctl(bpfd, BIOCSRTIMEOUT, &tv));
267 RL(rump_sys_ioctl(bpfd, BIOCGBLEN, &bufsize));
268 RL(rump_sys_ioctl(bpfd, BIOCSETF, &prog));
269 RL(rump_sys_ioctl(bpfd, BIOCSETIF, &ifr));
271 close(channel[1]);
272 ATF_CHECK(read(channel[0], &token, 1) == 1 && token == 'U');
274 pinged = pingtest("10.1.1.10", wirelen, magic_echo_reply_tail);
275 ATF_CHECK(pinged);
277 buf = malloc(bufsize);
278 hdr = (struct bpf_hdr *)buf;
279 ATF_REQUIRE(buf != NULL);
280 ATF_REQUIRE(bufsize > sizeof(struct bpf_hdr));
282 n = rump_sys_read(bpfd, buf, bufsize);
284 ATF_CHECK(n > (int)sizeof(struct bpf_hdr));
285 ATF_CHECK(hdr->bh_caplen == MIN(SNAPLEN, wirelen));
287 RL(rump_sys_ioctl(bpfd, BIOCGSTATS, &bstat));
288 ATF_CHECK(bstat.bs_capt >= 1); /* XXX == 1 */
290 rump_sys_close(bpfd);
291 free(buf);
293 close(channel[0]);
295 kill(child, SIGKILL);
298 static int
299 send_bpf_prog(const char *ifname, struct bpf_program *prog)
301 struct ifreq ifr;
302 int bpfd, e, rv;
304 RZ(rump_init());
305 netcfg_rump_makeshmif(ifname, ifr.ifr_name);
306 netcfg_rump_if(ifr.ifr_name, "10.1.1.20", "255.0.0.0");
308 RL(bpfd = rump_sys_open("/dev/bpf", O_RDONLY));
310 rv = rump_sys_ioctl(bpfd, BIOCSETF, prog);
311 e = errno;
313 rump_sys_close(bpfd);
314 errno = e;
316 return rv;
319 ATF_TC(bpfiltercontig);
320 ATF_TC_HEAD(bpfiltercontig, tc)
323 atf_tc_set_md_var(tc, "descr", "Checks that bpf program "
324 "can read bytes from contiguous buffer.");
325 atf_tc_set_md_var(tc, "timeout", "30");
328 ATF_TC_BODY(bpfiltercontig, tc)
331 magic_ping_test("bpfiltercontig", 128);
335 ATF_TC(bpfiltermchain);
336 ATF_TC_HEAD(bpfiltermchain, tc)
339 atf_tc_set_md_var(tc, "descr", "Checks that bpf program "
340 "can read bytes from mbuf chain.");
341 atf_tc_set_md_var(tc, "timeout", "30");
344 ATF_TC_BODY(bpfiltermchain, tc)
347 magic_ping_test("bpfiltermchain", MINCLSIZE + 1);
351 ATF_TC(bpfilterbadmem);
352 ATF_TC_HEAD(bpfilterbadmem, tc)
355 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
356 "doesn't initialize memomy store is rejected by the kernel");
357 atf_tc_set_md_var(tc, "timeout", "30");
360 ATF_TC_BODY(bpfilterbadmem, tc)
362 struct bpf_program prog;
364 prog.bf_len = __arraycount(badmem_prog);
365 prog.bf_insns = badmem_prog;
366 ATF_CHECK_ERRNO(EINVAL, send_bpf_prog("bpfilterbadmem", &prog) == -1);
369 ATF_TC(bpfilternoinitA);
370 ATF_TC_HEAD(bpfilternoinitA, tc)
373 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
374 "doesn't initialize the A register is accepted by the kernel");
375 atf_tc_set_md_var(tc, "timeout", "30");
378 ATF_TC_BODY(bpfilternoinitA, tc)
380 struct bpf_program prog;
382 prog.bf_len = __arraycount(noinitA_prog);
383 prog.bf_insns = noinitA_prog;
384 RL(send_bpf_prog("bpfilternoinitA", &prog));
387 ATF_TC(bpfilternoinitX);
388 ATF_TC_HEAD(bpfilternoinitX, tc)
391 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
392 "doesn't initialize the X register is accepted by the kernel");
393 atf_tc_set_md_var(tc, "timeout", "30");
396 ATF_TC_BODY(bpfilternoinitX, tc)
398 struct bpf_program prog;
400 prog.bf_len = __arraycount(noinitX_prog);
401 prog.bf_insns = noinitX_prog;
402 RL(send_bpf_prog("bpfilternoinitX", &prog));
405 ATF_TC(bpfilterbadjmp);
406 ATF_TC_HEAD(bpfilterbadjmp, tc)
409 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
410 "jumps to invalid destination is rejected by the kernel");
411 atf_tc_set_md_var(tc, "timeout", "30");
414 ATF_TC_BODY(bpfilterbadjmp, tc)
416 struct bpf_program prog;
418 prog.bf_len = __arraycount(badjmp_prog);
419 prog.bf_insns = badjmp_prog;
420 ATF_CHECK_ERRNO(EINVAL, send_bpf_prog("bpfilterbadjmp", &prog) == -1);
423 ATF_TC(bpfilternegjmp);
424 ATF_TC_HEAD(bpfilternegjmp, tc)
427 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
428 "jumps backwards is rejected by the kernel");
429 atf_tc_set_md_var(tc, "timeout", "30");
432 ATF_TC_BODY(bpfilternegjmp, tc)
434 struct bpf_program prog;
436 prog.bf_len = __arraycount(negjmp_prog);
437 prog.bf_insns = negjmp_prog;
438 ATF_CHECK_ERRNO(EINVAL, send_bpf_prog("bpfilternegjmp", &prog) == -1);
441 ATF_TC(bpfilterbadret);
442 ATF_TC_HEAD(bpfilterbadret, tc)
445 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
446 "ends with invalid BPF_RET instruction is rejected by the kernel");
447 atf_tc_set_md_var(tc, "timeout", "30");
450 ATF_TC_BODY(bpfilterbadret, tc)
452 struct bpf_program prog;
453 struct bpf_insn *last;
455 prog.bf_len = __arraycount(badret_prog);
456 prog.bf_insns = badret_prog;
459 * The point of this test is checking a bad instruction of
460 * a valid class and with a valid BPF_RVAL data.
462 last = &prog.bf_insns[prog.bf_len - 1];
463 ATF_CHECK(BPF_CLASS(last->code) == BPF_RET &&
464 (BPF_RVAL(last->code) == BPF_K || BPF_RVAL(last->code) == BPF_A));
466 ATF_CHECK_ERRNO(EINVAL, send_bpf_prog("bpfilterbadret", &prog) == -1);
469 ATF_TP_ADD_TCS(tp)
472 ATF_TP_ADD_TC(tp, bpfiltercontig);
473 ATF_TP_ADD_TC(tp, bpfiltermchain);
474 ATF_TP_ADD_TC(tp, bpfilterbadmem);
475 ATF_TP_ADD_TC(tp, bpfilternoinitA);
476 ATF_TP_ADD_TC(tp, bpfilternoinitX);
477 ATF_TP_ADD_TC(tp, bpfilterbadjmp);
478 ATF_TP_ADD_TC(tp, bpfilternegjmp);
479 ATF_TP_ADD_TC(tp, bpfilterbadret);
481 return atf_no_error();