Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / 1af52394a7f0fb23a3982de6bb3a67bf19497d87 / . / patchpanel / datapath_fuzzer.cc
blob: 4a41bd3598ffa26ca4bab84d752dbf666536ae21 [file] [log] [blame]
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <net/if.h>
6
7#include <fuzzer/FuzzedDataProvider.h>
8#include <string>
9#include <vector>
10
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]11#include <base/at_exit.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]12#include <base/bind.h>
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]13#include <base/bind_helpers.h>
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]14#include <base/logging.h>
15
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]16#include "patchpanel/datapath.h"
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]17#include "patchpanel/firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]18#include "patchpanel/minijailed_process_runner.h"
19#include "patchpanel/multicast_forwarder.h"
20#include "patchpanel/net_util.h"
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]21
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]22namespace patchpanel {
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]23
24// Always succeeds
25int ioctl_stub(int fd, unsigned long req, ...) {
26 return 0;
27}
28
29class RandomProcessRunner : public MinijailedProcessRunner {
30 public:
31 explicit RandomProcessRunner(FuzzedDataProvider* data_provider)
32 : data_provider_{data_provider} {}
Qijiang Fan6bc59e12020-11-11 02:51:06 +0900[diff] [blame]33 RandomProcessRunner(const RandomProcessRunner&) = delete;
34 RandomProcessRunner& operator=(const RandomProcessRunner&) = delete;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]35 ~RandomProcessRunner() = default;
36
37 int Run(const std::vector<std::string>& argv, bool log_failures) override {
38 return data_provider_->ConsumeBool();
39 }
40
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]41 private:
42 FuzzedDataProvider* data_provider_;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]43};
44
45namespace {
46
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]47constexpr pid_t kTestPID = -2;
48
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]49class Environment {
50 public:
51 Environment() {
52 logging::SetMinLogLevel(logging::LOG_FATAL); // <- DISABLE LOGGING.
53 }
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]54 base::AtExitManager at_exit;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]55};
56
57extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
Jason Jeremy Imanbb5f2f82020-08-30 19:02:19 +0900[diff] [blame]58 static Environment env;
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]59
60 FuzzedDataProvider provider(data, size);
61 RandomProcessRunner runner(&provider);
Jason Jeremy Iman2096b512020-08-20 11:55:12 +0900[diff] [blame]62 Firewall firewall;
63 Datapath datapath(&runner, &firewall, ioctl_stub);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]64
65 while (provider.remaining_bytes() > 0) {
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]66 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
Hugo Benichi9ab5a052020-07-28 11:29:01 +0900[diff] [blame]67 std::string netns_name = provider.ConsumeRandomLengthString(10);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]68 std::string ifname = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]69 std::string ifname2 = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]70 std::string bridge = provider.ConsumeRandomLengthString(IFNAMSIZ - 1);
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]71 uint32_t addr = provider.ConsumeIntegral<uint32_t>();
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]72 uint32_t addr2 = provider.ConsumeIntegral<uint32_t>();
73 uint32_t addr3 = provider.ConsumeIntegral<uint32_t>();
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]74 std::string addr_str = IPv4AddressToString(addr);
75 uint32_t prefix_len = provider.ConsumeIntegralInRange<uint32_t>(0, 31);
76 Subnet subnet(provider.ConsumeIntegral<int32_t>(), prefix_len,
hschamee9e3a12020-02-03 16:34:28 +0900[diff] [blame]77 base::DoNothing());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]78 std::unique_ptr<SubnetAddress> subnet_addr = subnet.AllocateAtOffset(0);
79 MacAddress mac;
80 std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(mac.size());
81 std::copy(std::begin(bytes), std::begin(bytes), std::begin(mac));
82
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]83 datapath.Start();
84 datapath.Stop();
Garrick Evans495dfc42020-02-14 07:20:57 +0900[diff] [blame]85 datapath.AddBridge(ifname, addr, prefix_len);
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]86 datapath.RemoveBridge(ifname);
Hugo Benichibf811c62020-09-07 17:30:45 +0900[diff] [blame]87 datapath.StartRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN);
88 datapath.StopRoutingDevice(ifname, ifname2, addr, TrafficSource::UNKNOWN);
Hugo Benichi7c342672020-09-08 09:18:14 +0900[diff] [blame]89 datapath.StartRoutingNamespace(kTestPID, netns_name, ifname, ifname2, addr,
90 prefix_len, addr2, addr3, mac);
91 datapath.StopRoutingNamespace(netns_name, ifname, addr, prefix_len, addr2);
Hugo Benichi82ed5cf2020-09-08 21:30:22 +0900[diff] [blame]92 datapath.ConnectVethPair(pid, netns_name, ifname, ifname2, mac, addr,
93 prefix_len, provider.ConsumeBool());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]94 datapath.RemoveInterface(ifname);
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]95 datapath.AddTAP(ifname, &mac, subnet_addr.get(), "");
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]96 datapath.RemoveTAP(ifname);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]97 datapath.AddIPv4Route(provider.ConsumeIntegral<uint32_t>(),
98 provider.ConsumeIntegral<uint32_t>(),
99 provider.ConsumeIntegral<uint32_t>());
Hugo Benichib9b93fe2019-10-25 23:36:01 +0900[diff] [blame]100 }
101
102 return 0;
103}
104
105} // namespace
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]106} // namespace patchpanel