Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / b66431f7096c0f2afc2c7da2bddddacd22b8ce62 / . / patchpanel / datapath_fuzzer.cc
blob: b8cc11ecf963405fb77536b79562980cff299d64 [file] [log] [blame]
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <net/if.h>
6
7#include <fuzzer/FuzzedDataProvider.h>
8#include <string>
9#include <vector>
10
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]11#include <base/at_exit.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]12#include <base/bind.h>
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]13#include <base/bind_helpers.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]14#include <base/logging.h>
15
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]16#include "patchpanel/datapath.h"
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]17#include "patchpanel/firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]18#include "patchpanel/minijailed_process_runner.h"
19#include "patchpanel/multicast_forwarder.h"
20#include "patchpanel/net_util.h"
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame^]21#include "patchpanel/subnet.h"
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]22
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]23namespace patchpanel {
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]24
25// Always succeeds
26int ioctl_stub(int fd, unsigned long req, ...) {
27 return 0;
28}
29
30class RandomProcessRunner : public MinijailedProcessRunner {
31 public:
32 explicit RandomProcessRunner(FuzzedDataProvider* data_provider)
33 : data_provider_{data_provider} {}
Qijiang Fan6bc59e12020-11-11 02:51:06 +0900[diff] [blame]34 RandomProcessRunner(const RandomProcessRunner&) = delete;
35 RandomProcessRunner& operator=(const RandomProcessRunner&) = delete;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]36 ~RandomProcessRunner() = default;
37
38 int Run(const std::vector<std::string>& argv, bool log_failures) override {
39 return data_provider_->ConsumeBool();
40 }
41
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]42 private:
43 FuzzedDataProvider* data_provider_;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]44};
45
46namespace {
47
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]48constexpr pid_t kTestPID = -2;
49
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]50class Environment {
51 public:
52 Environment() {
hschame6711302020-11-20 17:08:14 +0900[diff] [blame]53 logging::SetMinLogLevel(logging::LOGGING_FATAL); // <- DISABLE LOGGING.
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]54 }
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]55 base::AtExitManager at_exit;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]56};
57
58extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]59 static Environment env;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]60
61 FuzzedDataProvider provider(data, size);
62 RandomProcessRunner runner(&provider);
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]63 Firewall firewall;
64 Datapath datapath(&runner, &firewall, ioctl_stub);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]65
66 while (provider.remaining_bytes() > 0) {
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]67 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
Hugo Benichi9ab5a052020-07-28 11:29:01 +0900[diff] [blame]68 std::string netns_name = provider.ConsumeRandomLengthString(10);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]69 std::string ifname = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]70 std::string ifname2 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame^]71 std::string ifname3 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]72 std::string bridge = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]73 uint32_t addr = provider.ConsumeIntegral<uint32_t>();
74 std::string addr_str = IPv4AddressToString(addr);
75 uint32_t prefix_len = provider.ConsumeIntegralInRange<uint32_t>(0, 31);
76 Subnet subnet(provider.ConsumeIntegral<int32_t>(), prefix_len,
hschamee9e3a12020-02-03 16:34:28 +0900[diff] [blame]77 base::DoNothing());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]78 std::unique_ptr<SubnetAddress> subnet_addr = subnet.AllocateAtOffset(0);
79 MacAddress mac;
80 std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(mac.size());
81 std::copy(std::begin(bytes), std::begin(bytes), std::begin(mac));
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame^]82 bool route_on_vpn = provider.ConsumeBool();
83
84 ConnectedNamespace nsinfo = {};
85 nsinfo.pid = kTestPID;
86 nsinfo.netns_name = netns_name;
87 nsinfo.source = TrafficSource::USER;
88 nsinfo.outbound_ifname = ifname;
89 nsinfo.route_on_vpn = route_on_vpn;
90 nsinfo.host_ifname = ifname2;
91 nsinfo.peer_ifname = ifname3;
92 nsinfo.peer_subnet =
93 std::make_unique<Subnet>(addr, prefix_len, base::DoNothing());
94 nsinfo.peer_mac_addr = mac;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]95
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]96 datapath.Start();
97 datapath.Stop();
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]98 datapath.AddBridge(ifname, addr, prefix_len);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]99 datapath.RemoveBridge(ifname);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame^]100 datapath.StartRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
101 route_on_vpn);
102 datapath.StopRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
103 route_on_vpn);
104 datapath.StartRoutingNamespace(nsinfo);
105 datapath.StopRoutingNamespace(nsinfo);
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]106 datapath.ConnectVethPair(pid, netns_name, ifname, ifname2, mac, addr,
107 prefix_len, provider.ConsumeBool());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]108 datapath.RemoveInterface(ifname);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]109 datapath.AddTAP(ifname, &mac, subnet_addr.get(), "");
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]110 datapath.RemoveTAP(ifname);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]111 datapath.AddIPv4Route(provider.ConsumeIntegral<uint32_t>(),
112 provider.ConsumeIntegral<uint32_t>(),
113 provider.ConsumeIntegral<uint32_t>());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]114 }
115
116 return 0;
117}
118
119} // namespace
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]120} // namespace patchpanel