1 /* 2 * Check decoding of socket filters. 3 * 4 * Copyright (c) 2017 Dmitry V. Levin <ldv (at) altlinux.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 */ 29 30 #include "tests.h" 31 32 #include <stdio.h> 33 #include <unistd.h> 34 #include <netinet/in.h> 35 #include <sys/socket.h> 36 #include <linux/filter.h> 37 38 #define PRINT_STMT_SYM(pfx, code, k) PRINT_STMT_SYM_(pfx, #code, #k) 39 #define PRINT_STMT_SYM_(pfx, code, k) \ 40 printf("%sBPF_STMT(%s, %s)", pfx, code, k) 41 #define PRINT_STMT_VAL(pfx, code, k) PRINT_STMT_VAL_(pfx, #code, k) 42 #define PRINT_STMT_VAL_(pfx, code, k) \ 43 printf("%sBPF_STMT(%s, %#x)", pfx, code, k) 44 45 #define PRINT_JUMP(pfx, code, k, jt, jf) PRINT_JUMP_(pfx, #code, k, jt, jf) 46 #define PRINT_JUMP_(pfx, code, k, jt, jf) \ 47 printf("%sBPF_JUMP(%s, %#x, %#x, %#x)", pfx, code, k, jt, jf) 48 49 static const struct sock_filter bpf_filter[] = { 50 BPF_STMT(BPF_LD|BPF_B|BPF_ABS, SKF_LL_OFF+4), 51 BPF_STMT(BPF_LD|BPF_B|BPF_ABS, SKF_NET_OFF+8), 52 BPF_STMT(BPF_LD|BPF_B|BPF_ABS, SKF_AD_OFF+SKF_AD_PROTOCOL), 53 BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, IPPROTO_UDP, 0, 5), 54 BPF_STMT(BPF_LD|BPF_W|BPF_LEN, 0), 55 BPF_JUMP(BPF_JMP|BPF_K|BPF_JGE, 100, 0, 3), 56 BPF_STMT(BPF_LD|BPF_B|BPF_ABS, 42), 57 BPF_JUMP(BPF_JMP|BPF_K|BPF_JEQ, 'a', 0, 1), 58 BPF_STMT(BPF_RET|BPF_K, -1U), 59 BPF_STMT(BPF_RET|BPF_K, 0) 60 }; 61 62 static void 63 print_filter(void) 64 { 65 PRINT_STMT_SYM("[", BPF_LD|BPF_B|BPF_ABS, SKF_LL_OFF+4); 66 PRINT_STMT_SYM(", ", BPF_LD|BPF_B|BPF_ABS, SKF_NET_OFF+8); 67 PRINT_STMT_SYM(", ", BPF_LD|BPF_B|BPF_ABS, SKF_AD_OFF+SKF_AD_PROTOCOL); 68 PRINT_JUMP(", ", BPF_JMP|BPF_K|BPF_JEQ, IPPROTO_UDP, 0, 5); 69 PRINT_STMT_VAL(", ", BPF_LD|BPF_W|BPF_LEN, 0); 70 PRINT_JUMP(", ", BPF_JMP|BPF_K|BPF_JGE, 100, 0, 3); 71 PRINT_STMT_VAL(", ", BPF_LD|BPF_B|BPF_ABS, 42); 72 PRINT_JUMP(", ", BPF_JMP|BPF_K|BPF_JEQ, 'a', 0, 1); 73 PRINT_STMT_VAL(", ", BPF_RET|BPF_K, -1U); 74 PRINT_STMT_VAL(", ", BPF_RET|BPF_K, 0); 75 putchar(']'); 76 } 77 78 static const char *errstr; 79 80 static int 81 get_filter(int fd, void *val, socklen_t *len) 82 { 83 int rc = getsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, val, len); 84 errstr = sprintrc(rc); 85 return rc; 86 } 87 88 static int 89 set_filter(int fd, void *val, socklen_t len) 90 { 91 int rc = setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, val, len); 92 errstr = sprintrc(rc); 93 return rc; 94 } 95 96 int 97 main(void) 98 { 99 int rc; 100 struct sock_filter *const filter = 101 tail_memdup(bpf_filter, sizeof(bpf_filter)); 102 void *const efault = filter + ARRAY_SIZE(bpf_filter); 103 TAIL_ALLOC_OBJECT_CONST_PTR(struct sock_fprog, prog); 104 TAIL_ALLOC_OBJECT_CONST_PTR(socklen_t, len); 105 106 prog->len = ARRAY_SIZE(bpf_filter); 107 prog->filter = filter; 108 109 int fd = socket(AF_INET, SOCK_DGRAM, 0); 110 if (fd < 0) 111 perror_msg_and_skip("socket AF_INET SOCK_DGRAM"); 112 113 /* query sock_filter program length -> 0 */ 114 *len = BPF_MAXINSNS; 115 rc = get_filter(fd, NULL, len); 116 if (rc) 117 perror_msg_and_skip("getsockopt SOL_SOCKET SO_ATTACH_FILTER"); 118 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER" 119 ", NULL, [%u->0]) = 0\n", fd, BPF_MAXINSNS); 120 121 /* getsockopt NULL optlen - EFAULT */ 122 rc = get_filter(fd, NULL, NULL); 123 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, NULL, NULL)" 124 " = %s\n", fd, errstr); 125 126 /* attach a filter */ 127 rc = set_filter(fd, prog, sizeof(*prog)); 128 if (rc) 129 perror_msg_and_skip("setsockopt SOL_SOCKET SO_ATTACH_FILTER"); 130 printf("setsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, {len=%u, filter=", 131 fd, prog->len); 132 print_filter(); 133 printf("}, %u) = 0\n", (unsigned int) sizeof(*prog)); 134 135 /* setsockopt optlen is too small - EINVAL */ 136 rc = set_filter(fd, prog, sizeof(*prog) - 4); 137 printf("setsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, %p, %u) = %s\n", 138 fd, prog, (unsigned int) sizeof(*prog) - 4, errstr); 139 140 #ifdef SO_ATTACH_REUSEPORT_CBPF 141 rc = setsockopt(fd, SOL_SOCKET, SO_ATTACH_REUSEPORT_CBPF, 142 prog, sizeof(*prog)); 143 errstr = sprintrc(rc); 144 printf("setsockopt(%d, SOL_SOCKET, SO_ATTACH_REUSEPORT_CBPF" 145 ", {len=%u, filter=", fd, prog->len); 146 print_filter(); 147 printf("}, %u) = %s\n", (unsigned int) sizeof(*prog), errstr); 148 #endif 149 150 /* query sock_filter program length -> ARRAY_SIZE(bpf_filter) */ 151 *len = 0; 152 rc = get_filter(fd, efault, len); 153 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, %p" 154 ", [0->%u]) = %s\n", 155 fd, efault, (unsigned int) ARRAY_SIZE(bpf_filter), errstr); 156 157 /* getsockopt optlen is too small - EINVAL */ 158 *len = ARRAY_SIZE(bpf_filter) - 1; 159 rc = get_filter(fd, efault, len); 160 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, %p" 161 ", [%u]) = %s\n", 162 fd, efault, (unsigned int) ARRAY_SIZE(bpf_filter) - 1, errstr); 163 164 /* getsockopt optval EFAULT */ 165 *len = ARRAY_SIZE(bpf_filter); 166 rc = get_filter(fd, filter + 1, len); 167 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, %p" 168 ", [%u]) = %s\n", fd, filter + 1, 169 (unsigned int) ARRAY_SIZE(bpf_filter), errstr); 170 171 /* getsockopt optlen is too large - truncated */ 172 *len = ARRAY_SIZE(bpf_filter) + 1; 173 rc = get_filter(fd, filter, len); 174 printf("getsockopt(%d, SOL_SOCKET, SO_ATTACH_FILTER, ", fd); 175 print_filter(); 176 printf(", [%u->%d]) = %s\n", 177 (unsigned int) ARRAY_SIZE(bpf_filter) + 1, *len, errstr); 178 179 puts("+++ exited with 0 +++"); 180 return 0; 181 } 182