1 /* $NetBSD: t_bpfilter.c,v 1.8 2014/06/24 11:32:36 alnsn Exp $ */
4 * Copyright (c) 2012 The NetBSD Foundation, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
16 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __RCSID("$NetBSD: t_bpfilter.c,v 1.8 2014/06/24 11:32:36 alnsn Exp $");
30 #include <sys/param.h>
31 #include <sys/ioctl.h>
32 #include <sys/socket.h>
34 #include <sys/sysctl.h>
40 #include <net/if_ether.h>
48 #include <rump/rump.h>
49 #include <rump/rump_syscalls.h>
51 /* XXX: atf-c.h has collisions with mbuf */
56 #include "../../h_macros.h"
57 #include "../config/netconfig.c"
60 #define SNAPLEN UINT32_MAX
62 #define BMAGIC UINT32_C(0x37)
63 #define HMAGIC UINT32_C(0xc2c2)
64 #define WMAGIC UINT32_C(0x7d7d7d7d)
66 static const char magic_echo_reply_tail[7] = {
77 * Match ICMP_ECHOREPLY packet with 7 magic bytes at the end.
79 static struct bpf_insn magic_echo_reply_prog[] = {
80 BPF_STMT(BPF_LD+BPF_ABS+BPF_B,
81 sizeof(struct ip) + offsetof(struct icmp, icmp_type)),
82 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ICMP_ECHOREPLY, 1, 0),
83 BPF_STMT(BPF_RET+BPF_K, 0),
85 BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), /* A <- len */
86 BPF_STMT(BPF_ALU+BPF_SUB+BPF_K, 7), /* A <- A - 7 */
87 BPF_STMT(BPF_MISC+BPF_TAX, 0), /* X <- A */
89 BPF_STMT(BPF_LD+BPF_IND+BPF_B, 0),
90 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BMAGIC, 1, 0),
91 BPF_STMT(BPF_RET+BPF_K, 0),
93 BPF_STMT(BPF_LD+BPF_IND+BPF_H, 1),
94 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, HMAGIC, 1, 0),
95 BPF_STMT(BPF_RET+BPF_K, 0),
97 BPF_STMT(BPF_LD+BPF_IND+BPF_W, 3),
98 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, WMAGIC, 1, 0),
99 BPF_STMT(BPF_RET+BPF_K, 0),
101 BPF_STMT(BPF_RET+BPF_K, SNAPLEN)
104 static struct bpf_insn badmem_prog[] = {
105 BPF_STMT(BPF_LD+BPF_MEM, 5),
106 BPF_STMT(BPF_RET+BPF_A, 0),
109 static struct bpf_insn noinitA_prog[] = {
110 BPF_STMT(BPF_RET+BPF_A, 0),
113 static struct bpf_insn noinitX_prog[] = {
114 BPF_STMT(BPF_MISC+BPF_TXA, 0),
115 BPF_STMT(BPF_RET+BPF_A, 0),
119 in_cksum(void *data, size_t len)
121 uint16_t *buf = data;
124 for (sum = 0; len > 1; len -= 2)
127 sum += *(uint8_t *)buf;
129 sum = (sum >> 16) + (sum & 0xffff);
136 * Based on netcfg_rump_pingtest().
139 pingtest(const char *dst, unsigned int wirelen, const char tail[7])
142 struct sockaddr_in sin;
145 unsigned int pktsize;
150 if (wirelen < ETHER_HDR_LEN + sizeof(struct ip))
153 pktsize = wirelen - ETHER_HDR_LEN - sizeof(struct ip);
154 if (pktsize < sizeof(struct icmp) + 7)
157 s = rump_sys_socket(PF_INET, SOCK_RAW, IPPROTO_ICMP);
165 if (rump_sys_setsockopt(s, SOL_SOCKET, SO_RCVTIMEO,
166 &tv, sizeof(tv)) == -1)
169 memset(&sin, 0, sizeof(sin));
170 sin.sin_len = sizeof(sin);
171 sin.sin_family = AF_INET;
172 sin.sin_addr.s_addr = inet_addr(dst);
174 pkt = calloc(1, pktsize);
175 icmp = (struct icmp *)pkt;
179 memcpy(pkt + pktsize - 7, tail, 7);
180 icmp->icmp_type = ICMP_ECHO;
181 icmp->icmp_id = htons(37);
182 icmp->icmp_seq = htons(1);
183 icmp->icmp_cksum = in_cksum(pkt, pktsize);
186 if (rump_sys_sendto(s, pkt, pktsize, 0,
187 (struct sockaddr *)&sin, slen) == -1) {
191 if (rump_sys_recvfrom(s, pkt, pktsize, 0,
192 (struct sockaddr *)&sin, &slen) == -1)
204 magic_ping_test(const char *name, unsigned int wirelen)
206 struct bpf_program prog;
207 struct bpf_stat bstat;
210 unsigned int bufsize;
223 prog.bf_len = __arraycount(magic_echo_reply_prog);
224 prog.bf_insns = magic_echo_reply_prog;
228 netcfg_rump_makeshmif(name, ifr.ifr_name);
232 atf_tc_fail_errno("fork failed");
234 netcfg_rump_if(ifr.ifr_name, "10.1.1.10", "255.0.0.0");
236 ATF_CHECK(write(channel[1], "U", 1) == 1);
244 netcfg_rump_if(ifr.ifr_name, "10.1.1.20", "255.0.0.0");
246 RL(bpfd = rump_sys_open("/dev/bpf", O_RDONLY));
250 RL(rump_sys_ioctl(bpfd, BIOCSRTIMEOUT, &tv));
252 RL(rump_sys_ioctl(bpfd, BIOCGBLEN, &bufsize));
253 RL(rump_sys_ioctl(bpfd, BIOCSETF, &prog));
254 RL(rump_sys_ioctl(bpfd, BIOCSETIF, &ifr));
257 ATF_CHECK(read(channel[0], &token, 1) == 1 && token == 'U');
259 pinged = pingtest("10.1.1.10", wirelen, magic_echo_reply_tail);
262 buf = malloc(bufsize);
263 hdr = (struct bpf_hdr *)buf;
264 ATF_REQUIRE(buf != NULL);
265 ATF_REQUIRE(bufsize > sizeof(struct bpf_hdr));
267 n = rump_sys_read(bpfd, buf, bufsize);
269 ATF_CHECK(n > (int)sizeof(struct bpf_hdr));
270 ATF_CHECK(hdr->bh_caplen == MIN(SNAPLEN, wirelen));
272 RL(rump_sys_ioctl(bpfd, BIOCGSTATS, &bstat));
273 ATF_CHECK(bstat.bs_capt >= 1); /* XXX == 1 */
275 rump_sys_close(bpfd);
280 kill(child, SIGKILL);
284 send_bpf_prog(const char *ifname, struct bpf_program *prog)
290 netcfg_rump_makeshmif(ifname, ifr.ifr_name);
291 netcfg_rump_if(ifr.ifr_name, "10.1.1.20", "255.0.0.0");
293 RL(bpfd = rump_sys_open("/dev/bpf", O_RDONLY));
295 rv = rump_sys_ioctl(bpfd, BIOCSETF, prog);
298 rump_sys_close(bpfd);
304 ATF_TC(bpfiltercontig);
305 ATF_TC_HEAD(bpfiltercontig, tc)
308 atf_tc_set_md_var(tc, "descr", "Checks that bpf program "
309 "can read bytes from contiguous buffer.");
310 atf_tc_set_md_var(tc, "timeout", "30");
313 ATF_TC_BODY(bpfiltercontig, tc)
316 magic_ping_test("bpfiltercontig", 128);
320 ATF_TC(bpfiltermchain);
321 ATF_TC_HEAD(bpfiltermchain, tc)
324 atf_tc_set_md_var(tc, "descr", "Checks that bpf program "
325 "can read bytes from mbuf chain.");
326 atf_tc_set_md_var(tc, "timeout", "30");
329 ATF_TC_BODY(bpfiltermchain, tc)
332 magic_ping_test("bpfiltermchain", MINCLSIZE + 1);
336 ATF_TC(bpfilterbadmem);
337 ATF_TC_HEAD(bpfilterbadmem, tc)
340 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
341 "doesn't initialize memomy store is rejected by the kernel");
342 atf_tc_set_md_var(tc, "timeout", "30");
345 ATF_TC_BODY(bpfilterbadmem, tc)
347 struct bpf_program prog;
349 prog.bf_len = __arraycount(badmem_prog);
350 prog.bf_insns = badmem_prog;
351 ATF_CHECK_ERRNO(EINVAL, send_bpf_prog("bpfilterbadmem", &prog) == -1);
354 ATF_TC(bpfilternoinitA);
355 ATF_TC_HEAD(bpfilternoinitA, tc)
358 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
359 "doesn't initialize the A register is accepted by the kernel");
360 atf_tc_set_md_var(tc, "timeout", "30");
363 ATF_TC_BODY(bpfilternoinitA, tc)
365 struct bpf_program prog;
367 prog.bf_len = __arraycount(noinitA_prog);
368 prog.bf_insns = noinitA_prog;
369 RL(send_bpf_prog("bpfilternoinitA", &prog));
372 ATF_TC(bpfilternoinitX);
373 ATF_TC_HEAD(bpfilternoinitX, tc)
376 atf_tc_set_md_var(tc, "descr", "Checks that bpf program that "
377 "doesn't initialize the X register is accepted by the kernel");
378 atf_tc_set_md_var(tc, "timeout", "30");
381 ATF_TC_BODY(bpfilternoinitX, tc)
383 struct bpf_program prog;
385 prog.bf_len = __arraycount(noinitX_prog);
386 prog.bf_insns = noinitX_prog;
387 RL(send_bpf_prog("bpfilternoinitX", &prog));
393 ATF_TP_ADD_TC(tp, bpfiltercontig);
394 ATF_TP_ADD_TC(tp, bpfiltermchain);
395 ATF_TP_ADD_TC(tp, bpfilterbadmem);
396 ATF_TP_ADD_TC(tp, bpfilternoinitA);
397 ATF_TP_ADD_TC(tp, bpfilternoinitX);
399 return atf_no_error();