static void sanitise_socketcall(int childno)
{
unsigned long *args;
args = malloc(6 * sizeof(unsigned long));
shm->a1[childno] = rand() % 20;
switch (shm->a1[childno]) {
case SYS_SOCKET:
sanitise_socket(childno);
shm->syscallno[childno] = search_syscall_table(syscalls, max_nr_syscalls, "socket");
break;
case SYS_BIND:
break;
case SYS_CONNECT:
break;
case SYS_LISTEN:
break;
case SYS_ACCEPT:
break;
case SYS_GETSOCKNAME:
break;
case SYS_GETPEERNAME:
break;
case SYS_SOCKETPAIR:
break;
case SYS_SEND:
break;
case SYS_RECV:
break;
case SYS_SENDTO:
break;
case SYS_RECVFROM:
break;
case SYS_SHUTDOWN:
break;
case SYS_SETSOCKOPT:
break;
case SYS_GETSOCKOPT:
break;
case SYS_SENDMSG:
break;
case SYS_RECVMSG:
break;
case SYS_ACCEPT4:
break;
case SYS_RECVMMSG:
break;
case SYS_SENDMMSG:
break;
default:
break;
}
shm->a2[childno] = (unsigned long) args;
}
void generate_sockets(void)
{
struct flock fl = {
.l_type = F_WRLCK,
.l_whence = SEEK_SET,
};
int fd, n;
unsigned int i, tries;
int cachefile;
unsigned int nr_to_create = NR_SOCKET_FDS;
unsigned long domain, type, protocol;
unsigned int buffer[3];
cachefile = creat(cachefilename, S_IWUSR|S_IRUSR);
if (cachefile < 0) {
printf("Couldn't open cachefile for writing! (%s)\n",
strerror(errno));
exit(EXIT_FAILURE);
}
output(2, "taking writer lock for cachefile\n");
fl.l_pid = getpid();
fl.l_type = F_WRLCK;
if (fcntl(cachefile, F_SETLKW, &fl) == -1) {
perror("fcntl F_WRLCK F_SETLKW");
exit(EXIT_FAILURE);
}
output(2, "took writer lock for cachefile\n");
while (nr_to_create > 0) {
if (shm->exit_reason != STILL_RUNNING)
return;
for (i = 0; i < PF_MAX; i++)
sockarray[i] = 0;
for (i = 0; i < PF_MAX; i++) {
tries = 0;
if (sockarray[i] == MAX_PER_DOMAIN)
break;
/* Pretend we're child 0 and we've called sys_socket */
sanitise_socket(0);
domain = shm->a1[0];
type = shm->a2[0];
protocol = shm->a3[0];
if (do_specific_proto == TRUE)
domain = specific_proto;
else
domain = i;
fd = socket(domain, type, protocol);
if (fd > -1) {
shm->socket_fds[nr_sockets] = fd;
output(2, "fd[%i] = domain:%i type:0x%x protocol:%i\n",
fd, domain, type, protocol);
sockarray[i]++;
nr_sockets++;
nr_to_create--;
buffer[0] = domain;
buffer[1] = type;
buffer[2] = protocol;
n = write(cachefile, &buffer, sizeof(int) * 3);
if (n == -1) {
printf("something went wrong writing the cachefile!\n");
exit(EXIT_FAILURE);
}
if (nr_to_create == 0)
goto done;
} else {
tries++;
}
if (tries == MAX_TRIES_PER_DOMAIN)
break;
}
}
done:
fl.l_type = F_UNLCK;
if (fcntl(cachefile, F_SETLK, &fl) == -1) {
perror("fcntl F_SETLK");
exit(1);
}
output(2, "dropped writer lock for cachefile\n");
output(1, "created %d sockets\n", nr_sockets);
close(cachefile);
}
void generate_sockets(void)
{
struct flock fl = {
.l_type = F_WRLCK,
.l_whence = SEEK_SET,
};
int fd, n;
int cachefile;
unsigned int nr_to_create = NR_SOCKET_FDS;
unsigned long domain, type, protocol;
unsigned int buffer[3];
cachefile = creat(cachefilename, S_IWUSR|S_IRUSR);
if (cachefile < 0) {
printf("Couldn't open cachefile for writing! (%s)\n",
strerror(errno));
exit(EXIT_FAILURE);
}
if (verbose)
output(2, "taking writer lock for cachefile\n");
fl.l_pid = getpid();
fl.l_type = F_WRLCK;
if (fcntl(cachefile, F_SETLKW, &fl) == -1) {
perror("fcntl F_WRLCK F_SETLKW");
exit(EXIT_FAILURE);
}
if (verbose)
output(2, "took writer lock for cachefile\n");
while (nr_to_create > 0) {
if (shm->exit_reason != STILL_RUNNING)
return;
/* Pretend we're child 0 and we've called sys_socket */
sanitise_socket(0);
//FIXME: If we passed a specific domain, we want to sanitise
// the proto/type fields. Split it out of sanitise_socket()
if (do_specific_proto == TRUE)
domain = specific_proto;
else
domain = shm->a1[0];
type = shm->a2[0];
protocol = shm->a3[0];
fd = open_socket(domain, type, protocol);
if (fd > -1) {
nr_to_create--;
buffer[0] = domain;
buffer[1] = type;
buffer[2] = protocol;
n = write(cachefile, &buffer, sizeof(int) * 3);
if (n == -1) {
printf("something went wrong writing the cachefile!\n");
exit(EXIT_FAILURE);
}
if (nr_to_create == 0)
goto done;
}
/* check for ctrl-c */
if (shm->exit_reason != STILL_RUNNING)
return;
//FIXME: If we've passed -P and we're spinning here without making progress
// then we should abort after a few hundred loops.
}
done:
fl.l_type = F_UNLCK;
if (fcntl(cachefile, F_SETLK, &fl) == -1) {
perror("fcntl F_SETLK");
exit(1);
}
if (verbose)
output(2, "dropped writer lock for cachefile\n");
output(1, "created %d sockets\n", nr_sockets);
close(cachefile);
}
