Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / b05e4a6b92b2cfe608b6cd8d5d37168680fc080e / . / patchpanel / datapath_fuzzer.cc
blob: 7c05a17d06308d529f1940b0c0e2f597c3aa3324 [file] [log] [blame]
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <net/if.h>
6
7#include <fuzzer/FuzzedDataProvider.h>
8#include <string>
9#include <vector>
10
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]11#include <base/at_exit.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]12#include <base/bind.h>
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]13#include <base/bind_helpers.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]14#include <base/logging.h>
15
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]16#include "patchpanel/datapath.h"
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]17#include "patchpanel/firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]18#include "patchpanel/minijailed_process_runner.h"
19#include "patchpanel/multicast_forwarder.h"
20#include "patchpanel/net_util.h"
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]21#include "patchpanel/subnet.h"
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]22
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]23namespace patchpanel {
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]24
25// Always succeeds
26int ioctl_stub(int fd, unsigned long req, ...) {
27 return 0;
28}
29
30class RandomProcessRunner : public MinijailedProcessRunner {
31 public:
32 explicit RandomProcessRunner(FuzzedDataProvider* data_provider)
33 : data_provider_{data_provider} {}
Qijiang Fan6bc59e12020-11-11 02:51:06 +0900[diff] [blame]34 RandomProcessRunner(const RandomProcessRunner&) = delete;
35 RandomProcessRunner& operator=(const RandomProcessRunner&) = delete;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]36 ~RandomProcessRunner() = default;
37
38 int Run(const std::vector<std::string>& argv, bool log_failures) override {
39 return data_provider_->ConsumeBool();
40 }
41
Hugo Benichib5b44cc2020-12-11 11:01:02 +0900[diff] [blame]42 int RunSync(const std::vector<std::string>& argv,
43 brillo::Minijail* mj,
44 bool log_failures,
45 int* fd_stdout) override {
46 return data_provider_->ConsumeBool();
47 }
48
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]49 private:
50 FuzzedDataProvider* data_provider_;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]51};
52
53namespace {
54
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]55constexpr pid_t kTestPID = -2;
56
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]57class Environment {
58 public:
59 Environment() {
hschame6711302020-11-20 17:08:14 +0900[diff] [blame]60 logging::SetMinLogLevel(logging::LOGGING_FATAL); // <- DISABLE LOGGING.
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]61 }
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]62 base::AtExitManager at_exit;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]63};
64
65extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]66 static Environment env;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]67
68 FuzzedDataProvider provider(data, size);
69 RandomProcessRunner runner(&provider);
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]70 Firewall firewall;
71 Datapath datapath(&runner, &firewall, ioctl_stub);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]72
73 while (provider.remaining_bytes() > 0) {
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]74 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
Hugo Benichi9ab5a052020-07-28 11:29:01 +0900[diff] [blame]75 std::string netns_name = provider.ConsumeRandomLengthString(10);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]76 std::string ifname = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]77 std::string ifname2 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]78 std::string ifname3 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]79 std::string bridge = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]80 uint32_t addr = provider.ConsumeIntegral<uint32_t>();
81 std::string addr_str = IPv4AddressToString(addr);
82 uint32_t prefix_len = provider.ConsumeIntegralInRange<uint32_t>(0, 31);
83 Subnet subnet(provider.ConsumeIntegral<int32_t>(), prefix_len,
hschamee9e3a12020-02-03 16:34:28 +0900[diff] [blame]84 base::DoNothing());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]85 std::unique_ptr<SubnetAddress> subnet_addr = subnet.AllocateAtOffset(0);
86 MacAddress mac;
87 std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(mac.size());
88 std::copy(std::begin(bytes), std::begin(bytes), std::begin(mac));
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]89 bool route_on_vpn = provider.ConsumeBool();
90
91 ConnectedNamespace nsinfo = {};
92 nsinfo.pid = kTestPID;
93 nsinfo.netns_name = netns_name;
94 nsinfo.source = TrafficSource::USER;
95 nsinfo.outbound_ifname = ifname;
96 nsinfo.route_on_vpn = route_on_vpn;
97 nsinfo.host_ifname = ifname2;
98 nsinfo.peer_ifname = ifname3;
99 nsinfo.peer_subnet =
100 std::make_unique<Subnet>(addr, prefix_len, base::DoNothing());
101 nsinfo.peer_mac_addr = mac;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]102
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]103 datapath.Start();
104 datapath.Stop();
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]105 datapath.AddBridge(ifname, addr, prefix_len);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]106 datapath.RemoveBridge(ifname);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]107 datapath.StartRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
108 route_on_vpn);
109 datapath.StopRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
110 route_on_vpn);
111 datapath.StartRoutingNamespace(nsinfo);
112 datapath.StopRoutingNamespace(nsinfo);
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]113 datapath.ConnectVethPair(pid, netns_name, ifname, ifname2, mac, addr,
114 prefix_len, provider.ConsumeBool());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]115 datapath.RemoveInterface(ifname);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]116 datapath.AddTAP(ifname, &mac, subnet_addr.get(), "");
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]117 datapath.RemoveTAP(ifname);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]118 datapath.AddIPv4Route(provider.ConsumeIntegral<uint32_t>(),
119 provider.ConsumeIntegral<uint32_t>(),
120 provider.ConsumeIntegral<uint32_t>());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]121 }
122
123 return 0;
124}
125
126} // namespace
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]127} // namespace patchpanel