static unsigned long handle_arg_sockaddr(struct syscallentry *entry, struct syscallrecord *rec, unsigned int argnum) { struct sockaddr *sockaddr = NULL; socklen_t sockaddrlen = 0; generate_sockaddr((struct sockaddr **)&sockaddr, &sockaddrlen, PF_NOHINT); switch (argnum) { case 1: if (entry->arg2type == ARG_SOCKADDRLEN) rec->a2 = sockaddrlen; break; case 2: if (entry->arg3type == ARG_SOCKADDRLEN) rec->a3 = sockaddrlen; break; case 3: if (entry->arg4type == ARG_SOCKADDRLEN) rec->a4 = sockaddrlen; break; case 4: if (entry->arg5type == ARG_SOCKADDRLEN) rec->a5 = sockaddrlen; break; case 5: if (entry->arg6type == ARG_SOCKADDRLEN) rec->a6 = sockaddrlen; break; case 6: break; } return (unsigned long) sockaddr; }
static void sanitise_sendmsg(int childno) { struct msghdr *msg; struct sockaddr *sa = NULL; socklen_t salen; msg = malloc(sizeof(struct msghdr)); shm->scratch[childno] = (unsigned long) msg; if (msg == NULL) { // just do something weird. shm->syscall[childno].a2 = (unsigned long) get_address(); return; } generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, rand() % TRINITY_PF_MAX); msg->msg_name = sa; msg->msg_namelen = salen; msg->msg_iov = get_address(); msg->msg_iovlen = get_len(); msg->msg_control = get_address(); msg->msg_controllen = get_len(); msg->msg_flags = rand32(); shm->syscall[childno].a2 = (unsigned long) msg; }
static int open_socket(unsigned int domain, unsigned int type, unsigned int protocol) { struct object *obj; struct sockaddr *sa = NULL; const struct netproto *proto; socklen_t salen; struct sockopt so = { 0, 0, 0, 0 }; int fd; fd = socket(domain, type, protocol); if (fd == -1) return fd; obj = add_socket(fd, domain, type, protocol); proto = net_protocols[domain].proto; if (proto != NULL) if (proto->socket_setup != NULL) proto->socket_setup(fd); // FIXME: // All of this needs to be broken out into child ops instead of // special casing it all at creation time. /* Set some random socket options. */ sso_socket(&obj->sockinfo.triplet, &so, fd); nr_sockets++; /* Sometimes, listen on created sockets. */ if (RAND_BOOL()) { int ret, one = 1; /* fake a sockaddr. */ generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, domain); ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); if (ret != -1) goto skip_bind; ret = bind(fd, sa, salen); if (ret != -1) (void) listen(fd, RAND_RANGE(1, 128)); // ret = accept4(fd, sa, &salen, SOCK_NONBLOCK); // if (ret != -1) { // obj = add_socket(ret, domain, type, protocol); // nr_sockets++; // } } skip_bind: if (sa != NULL) free(sa); return fd; }
static int open_socket(unsigned int domain, unsigned int type, unsigned int protocol) { int fd; __unused__ int ret; struct sockaddr *sa = NULL; socklen_t salen; struct sockopt so = { 0, 0, 0, 0 }; fd = socket(domain, type, protocol); if (fd == -1) return fd; shm->sockets[nr_sockets].fd = fd; shm->sockets[nr_sockets].triplet.family = domain; shm->sockets[nr_sockets].triplet.type = type; shm->sockets[nr_sockets].triplet.protocol = protocol; output(2, "fd[%i] = domain:%i (%s) type:0x%x protocol:%i\n", fd, domain, get_proto_name(domain), type, protocol); /* Set some random socket options. */ sso_socket(&shm->sockets[nr_sockets].triplet, &so, fd); nr_sockets++; /* Sometimes, listen on created sockets. */ if (rand_bool()) { /* fake a sockaddr. */ generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, domain); ret = bind(fd, sa, salen); /* if (ret == -1) debugf("bind: %s\n", strerror(errno)); else debugf("bind: success!\n"); */ ret = listen(fd, (rand() % 2) + 1); /* if (ret == -1) debugf("listen: %s\n", strerror(errno)); else debugf("listen: success!\n"); */ } /* If we didn't have a function for this sockaddr type, we would * have returned page_rand, so don't free() it or we segv. */ if (sa == (struct sockaddr *) page_rand) return fd; if (sa != NULL) free(sa); return fd; }
static int open_socket(unsigned int domain, unsigned int type, unsigned int protocol) { int fd; struct sockaddr *sa = NULL; socklen_t salen; struct sockopt so = { 0, 0, 0, 0 }; fd = socket(domain, type, protocol); if (fd == -1) return fd; shm->sockets[nr_sockets].fd = fd; shm->sockets[nr_sockets].triplet.family = domain; shm->sockets[nr_sockets].triplet.type = type; shm->sockets[nr_sockets].triplet.protocol = protocol; output(2, "fd[%i] = domain:%i (%s) type:0x%x protocol:%i\n", fd, domain, get_domain_name(domain), type, protocol); /* Set some random socket options. */ sso_socket(&shm->sockets[nr_sockets].triplet, &so, fd); nr_sockets++; /* Sometimes, listen on created sockets. */ if (RAND_BOOL()) { int ret; /* fake a sockaddr. */ generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, domain); ret = bind(fd, sa, salen); if (ret != -1) { (void) listen(fd, RAND_RANGE(1, 128)); } } if (sa != NULL) free(sa); return fd; }
/* * SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) */ static void sanitise_sendmsg(struct syscallrecord *rec) { struct socketinfo *si = (struct socketinfo *) rec->a1; struct msghdr *msg; struct sockaddr *sa = NULL; socklen_t salen = 0; if (si == NULL) // handle --disable-fds=sockets goto skip_si; rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1); generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, si->triplet.family); skip_si: msg = zmalloc(sizeof(struct msghdr)); msg->msg_name = sa; msg->msg_namelen = salen; if (RAND_BOOL()) { unsigned int num_entries; num_entries = RAND_RANGE(1, 3); msg->msg_iov = alloc_iovec(num_entries); msg->msg_iovlen = num_entries; } if (RAND_BOOL()) { msg->msg_controllen = rand32() % 20480; // /proc/sys/net/core/optmem_max msg->msg_control = get_address(); } else { msg->msg_controllen = 0; } if (ONE_IN(100)) msg->msg_flags = rand32(); else msg->msg_flags = 0; rec->a2 = (unsigned long) msg; }
static int open_socket(unsigned int domain, unsigned int type, unsigned int protocol) { int fd; struct sockaddr sa; socklen_t salen; fd = socket(domain, type, protocol); if (fd == -1) return fd; shm->socket_fds[nr_sockets] = fd; output(2, "fd[%i] = domain:%i (%s) type:0x%x protocol:%i\n", fd, domain, get_proto_name(domain), type, protocol); nr_sockets++; /* Sometimes, listen on created sockets. */ if (rand() % 2) { __unused__ int ret; /* fake a sockaddr. */ generate_sockaddr((unsigned long *) &sa, (unsigned long *) &salen, domain); ret = bind(fd, &sa, salen); /* if (ret == -1) printf("bind: %s\n", strerror(errno)); else printf("bind: success!\n"); */ ret = listen(fd, (rand() % 2) + 1); /* if (ret == -1) printf("listen: %s\n", strerror(errno)); else printf("listen: success!\n"); */ } return fd; }
/* * SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) */ static void sanitise_sendmsg(struct syscallrecord *rec) { struct msghdr *msg; struct sockaddr *sa = NULL; socklen_t salen; rec->a1 = generic_fd_from_socketinfo((struct socketinfo *) rec->a1); msg = zmalloc(sizeof(struct msghdr)); generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, rand() % TRINITY_PF_MAX); msg->msg_name = sa; msg->msg_namelen = salen; msg->msg_iov = get_address(); msg->msg_iovlen = get_len(); msg->msg_control = get_address(); msg->msg_controllen = get_len(); msg->msg_flags = rand32(); rec->a2 = (unsigned long) msg; }