Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / c9a5cd52eadaa8ac49aa942605bbd180a8aa5b19 / . / patchpanel / datapath_fuzzer.cc
blob: 7c4c4512aa8509cc179a1b0992d063caac8d46aa [file] [log] [blame]
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <net/if.h>
6
7#include <fuzzer/FuzzedDataProvider.h>
8#include <string>
9#include <vector>
10
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]11#include <base/at_exit.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]12#include <base/bind.h>
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]13#include <base/bind_helpers.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]14#include <base/logging.h>
15
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]16#include "patchpanel/datapath.h"
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]17#include "patchpanel/firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]18#include "patchpanel/minijailed_process_runner.h"
19#include "patchpanel/multicast_forwarder.h"
20#include "patchpanel/net_util.h"
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]21#include "patchpanel/subnet.h"
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]22
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]23namespace patchpanel {
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]24
25// Always succeeds
26int ioctl_stub(int fd, unsigned long req, ...) {
27 return 0;
28}
29
30class RandomProcessRunner : public MinijailedProcessRunner {
31 public:
32 explicit RandomProcessRunner(FuzzedDataProvider* data_provider)
33 : data_provider_{data_provider} {}
Qijiang Fan6bc59e12020-11-11 02:51:06 +0900[diff] [blame]34 RandomProcessRunner(const RandomProcessRunner&) = delete;
35 RandomProcessRunner& operator=(const RandomProcessRunner&) = delete;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]36 ~RandomProcessRunner() = default;
37
38 int Run(const std::vector<std::string>& argv, bool log_failures) override {
39 return data_provider_->ConsumeBool();
40 }
41
Hugo Benichib5b44cc2020-12-11 11:01:02 +0900[diff] [blame]42 int RunSync(const std::vector<std::string>& argv,
Hugo Benichib5b44cc2020-12-11 11:01:02 +0900[diff] [blame]43 bool log_failures,
Jie Jiangc9a5cd52020-12-14 17:38:52 +0900[diff] [blame^]44 std::string* output) override {
Hugo Benichib5b44cc2020-12-11 11:01:02 +0900[diff] [blame]45 return data_provider_->ConsumeBool();
46 }
47
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]48 private:
49 FuzzedDataProvider* data_provider_;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]50};
51
52namespace {
53
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]54constexpr pid_t kTestPID = -2;
55
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]56class Environment {
57 public:
58 Environment() {
hschame6711302020-11-20 17:08:14 +0900[diff] [blame]59 logging::SetMinLogLevel(logging::LOGGING_FATAL); // <- DISABLE LOGGING.
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]60 }
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]61 base::AtExitManager at_exit;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]62};
63
64extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]65 static Environment env;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]66
67 FuzzedDataProvider provider(data, size);
68 RandomProcessRunner runner(&provider);
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]69 Firewall firewall;
70 Datapath datapath(&runner, &firewall, ioctl_stub);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]71
72 while (provider.remaining_bytes() > 0) {
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]73 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
Hugo Benichi9ab5a052020-07-28 11:29:01 +0900[diff] [blame]74 std::string netns_name = provider.ConsumeRandomLengthString(10);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]75 std::string ifname = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]76 std::string ifname2 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]77 std::string ifname3 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]78 std::string bridge = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]79 uint32_t addr = provider.ConsumeIntegral<uint32_t>();
80 std::string addr_str = IPv4AddressToString(addr);
81 uint32_t prefix_len = provider.ConsumeIntegralInRange<uint32_t>(0, 31);
82 Subnet subnet(provider.ConsumeIntegral<int32_t>(), prefix_len,
hschamee9e3a12020-02-03 16:34:28 +0900[diff] [blame]83 base::DoNothing());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]84 std::unique_ptr<SubnetAddress> subnet_addr = subnet.AllocateAtOffset(0);
85 MacAddress mac;
86 std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(mac.size());
87 std::copy(std::begin(bytes), std::begin(bytes), std::begin(mac));
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]88 bool route_on_vpn = provider.ConsumeBool();
89
90 ConnectedNamespace nsinfo = {};
91 nsinfo.pid = kTestPID;
92 nsinfo.netns_name = netns_name;
93 nsinfo.source = TrafficSource::USER;
94 nsinfo.outbound_ifname = ifname;
95 nsinfo.route_on_vpn = route_on_vpn;
96 nsinfo.host_ifname = ifname2;
97 nsinfo.peer_ifname = ifname3;
98 nsinfo.peer_subnet =
99 std::make_unique<Subnet>(addr, prefix_len, base::DoNothing());
100 nsinfo.peer_mac_addr = mac;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]101
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]102 datapath.Start();
103 datapath.Stop();
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]104 datapath.AddBridge(ifname, addr, prefix_len);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]105 datapath.RemoveBridge(ifname);
Hugo Benichib66431f2020-12-10 17:07:12 +0900[diff] [blame]106 datapath.StartRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
107 route_on_vpn);
108 datapath.StopRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN,
109 route_on_vpn);
110 datapath.StartRoutingNamespace(nsinfo);
111 datapath.StopRoutingNamespace(nsinfo);
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]112 datapath.ConnectVethPair(pid, netns_name, ifname, ifname2, mac, addr,
113 prefix_len, provider.ConsumeBool());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]114 datapath.RemoveInterface(ifname);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]115 datapath.AddTAP(ifname, &mac, subnet_addr.get(), "");
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]116 datapath.RemoveTAP(ifname);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]117 datapath.AddIPv4Route(provider.ConsumeIntegral<uint32_t>(),
118 provider.ConsumeIntegral<uint32_t>(),
119 provider.ConsumeIntegral<uint32_t>());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]120 }
121
122 return 0;
123}
124
125} // namespace
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]126} // namespace patchpanel