executor: add support for tap interfaces on FreeBSD

7 files changed, 70 insertions, 5 deletions

diff --git a/executor/common_bsd.h b/executor/common_bsd.h
index be9fa4029..0d95dc42e 100644
--- a/executor/common_bsd.h
+++ b/executor/common_bsd.h
@@ -33,6 +33,10 @@ static uintptr_t syz_open_pts(void)
 
 #endif // SYZ_EXECUTOR || __NR_syz_open_pts
 
+#endif // GOOS_openbsd
+
+#if GOOS_freebsd || GOOS_openbsd
+
 #if SYZ_EXECUTOR || SYZ_TUN_ENABLE
 
 #include <fcntl.h>
@@ -115,6 +119,12 @@ static void initialize_tun(int tun_id)
 	snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id);
 
 	tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
+#if GOOS_freebsd
+	if ((tunfd < 0) && (errno == ENOENT)) {
+		execute_command(0, "kldload -q if_tap");
+		tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
+	}
+#endif
 	if (tunfd == -1) {
 #if SYZ_EXECUTOR
 		fail("tun: can't open %s\n", tun_device);
@@ -188,7 +198,11 @@ struct tcp_resources {
 	uint32 ack;
 };
 
+#if GOOS_freebsd
+#include <net/ethernet.h>
+#else
 #include <net/ethertypes.h>
+#endif
 #include <net/if.h>
 #include <net/if_arp.h>
 #include <netinet/in.h>
@@ -250,13 +264,13 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
 	return 0;
 }
 #endif
-#endif // GOOS_openbsd
+#endif // GOOS_freebsd || GOOS_openbsd
 
 #if SYZ_EXECUTOR || SYZ_SANDBOX_NONE
 static void loop();
 static int do_sandbox_none(void)
 {
-#if GOOS_openbsd && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
+#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
 	initialize_tun(procid);
 #endif
 	loop();
diff --git a/executor/defs.h b/executor/defs.h
index a68b51024..92c89a2ad 100644
--- a/executor/defs.h
+++ b/executor/defs.h
@@ -20,7 +20,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "fe257e9b1cf5311f7b1627e649739577c6308e26"
+#define SYZ_REVISION "4929654e4c6f12c8222436a5269c97497bd7efee"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
diff --git a/executor/syscalls.h b/executor/syscalls.h
index da4128612..b58ae2389 100644
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@@ -472,7 +472,10 @@ const call_t syscalls[] = {
     {"symlink", 57},
     {"symlinkat", 502},
     {"sync", 36},
+    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
     {"syz_execute_func", 0, (syscall_t)syz_execute_func},
+    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
+    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"truncate", 479},
     {"unlink", 10},
     {"unlinkat", 503},
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index d399fb405..c3e57da39 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -428,6 +428,10 @@ static uintptr_t syz_open_pts(void)
 
 #endif
 
+#endif
+
+#if GOOS_freebsd || GOOS_openbsd
+
 #if SYZ_EXECUTOR || SYZ_TUN_ENABLE
 
 #include <fcntl.h>
@@ -500,6 +504,12 @@ static void initialize_tun(int tun_id)
 	snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id);
 
 	tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
+#if GOOS_freebsd
+	if ((tunfd < 0) && (errno == ENOENT)) {
+		execute_command(0, "kldload -q if_tap");
+		tunfd = open(tun_device, O_RDWR | O_NONBLOCK);
+	}
+#endif
 	if (tunfd == -1) {
 #if SYZ_EXECUTOR
 		fail("tun: can't open %s\n", tun_device);
@@ -570,7 +580,11 @@ struct tcp_resources {
 	uint32 ack;
 };
 
+#if GOOS_freebsd
+#include <net/ethernet.h>
+#else
 #include <net/ethertypes.h>
+#endif
 #include <net/if.h>
 #include <net/if_arp.h>
 #include <netinet/in.h>
@@ -634,7 +648,7 @@ static long syz_extract_tcp_res(long a0, long a1, long a2)
 static void loop();
 static int do_sandbox_none(void)
 {
-#if GOOS_openbsd && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
+#if (GOOS_freebsd || GOOS_openbsd) && (SYZ_EXECUTOR || SYZ_TUN_ENABLE)
 	initialize_tun(procid);
 #endif
 	loop();
diff --git a/pkg/host/host_freebsd.go b/pkg/host/host_freebsd.go
index 238edd46d..f750929a5 100644
--- a/pkg/host/host_freebsd.go
+++ b/pkg/host/host_freebsd.go
@@ -13,4 +13,5 @@ func isSupported(c *prog.Syscall, sandbox string) (bool, string) {
 
 func init() {
 	checkFeature[FeatureCoverage] = unconditionallyEnabled
+	checkFeature[FeatureNetworkInjection] = unconditionallyEnabled
 }
diff --git a/sys/freebsd/gen/amd64.go b/sys/freebsd/gen/amd64.go
index 6ae801eaf..f3d47983b 100644
--- a/sys/freebsd/gen/amd64.go
+++ b/sys/freebsd/gen/amd64.go
@@ -31,6 +31,7 @@ var resources_amd64 = []*ResourceDesc{
 	{Name: "sock_udp", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in", "sock_udp"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
 	{Name: "sock_udp6", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in6", "sock_udp6"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
 	{Name: "sock_unix", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_unix"}, Values: []uint64{18446744073709551615, 18446744073709551516}},
+	{Name: "tcp_seq_num", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"tcp_seq_num"}, Values: []uint64{1094861636}},
 	{Name: "uid", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"uid"}, Values: []uint64{0, 18446744073709551615}},
 }
 
@@ -529,6 +530,10 @@ var structDescs_amd64 = []*KeyedStruct{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "sock_tcp", FldName: "f0", TypeSize: 4, ArgDir: 1}},
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "sock_tcp", FldName: "f1", TypeSize: 4, ArgDir: 1}},
 	}}},
+	{Key: StructKey{Name: "tcp_resources", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "tcp_resources", TypeSize: 8, ArgDir: 1}, Fields: []Type{
+		&ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "seq", TypeSize: 4, ArgDir: 1}},
+		&ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "ack", TypeSize: 4, ArgDir: 1}},
+	}}},
 	{Key: StructKey{Name: "timespec"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "timespec", TypeSize: 16}, Fields: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "sec", TypeSize: 8}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "nsec", TypeSize: 8}}},
@@ -1876,9 +1881,23 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{NR: 36, Name: "sync", CallName: "sync"},
+	{Name: "syz_emit_ethernet", CallName: "syz_emit_ethernet", Args: []Type{
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "packet"},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}},
+	}},
 	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}},
+	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "ack_inc", TypeSize: 4}}},
+	}},
+	{Name: "syz_extract_tcp_res$synack", CallName: "syz_extract_tcp_res", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
+		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "seq_inc", TypeSize: 8}}, Val: 1},
+		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "ack_inc", TypeSize: 8}}},
+	}},
 	{NR: 479, Name: "truncate", CallName: "truncate", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}},
@@ -2414,4 +2433,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }
 
-const revision_amd64 = "fe257e9b1cf5311f7b1627e649739577c6308e26"
+const revision_amd64 = "4929654e4c6f12c8222436a5269c97497bd7efee"
diff --git a/sys/freebsd/vnet.txt b/sys/freebsd/vnet.txt
index a65bc3691..195668a07 100644
--- a/sys/freebsd/vnet.txt
+++ b/sys/freebsd/vnet.txt
@@ -5,6 +5,20 @@ include <sys/types.h>
 include <sys/socket.h>
 include <netinet/in.h>
 
+syz_emit_ethernet(len len[packet], packet ptr[in, array[int8]])
+
+resource tcp_seq_num[int32]: 0x41424344
+
+tcp_resources {
+	seq	tcp_seq_num
+	ack	tcp_seq_num
+}
+
+# These pseudo syscalls read a packet from tap device and extract tcp sequence and acknowledgement numbers from it.
+# They also adds the inc arguments to the returned values, this way sequence numbers get incremented.
+syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32)
+syz_extract_tcp_res$synack(res ptr[out, tcp_resources], seq_inc const[1], ack_inc const[0])
+
 # This corresponds to LOCAL_IPV4 ("172.20.%d.170" % pid) in executor/common.h
 ipv4_addr_local {
 	a0	const[0xac, int8]