From 538a10560010f93f22b0a8912dbd221d077deaa4 Mon Sep 17 00:00:00 2001 From: Greg Steuck Date: Sat, 17 Nov 2018 15:42:37 -0800 Subject: executor: OpenBSD network package injection Squash of: * Doc typo * Ported some tun related functions. * Copy vnet.txt from linux to openbsd. * Simplified syz_emit_ethernet and stubbed out vnet.txt. * Undo clang-format header sorting: headers are order sensitive. * Uniquify tap devices by pid. * clang-format off for includes * Happier clang-format. * Partially revert "Uniquify tap devices by pid." Just rely on procid magic instead of getting it from a flag. --- sys/openbsd/gen/amd64.go | 21 ++++++++++++++++++++- sys/openbsd/vnet.txt | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 sys/openbsd/vnet.txt (limited to 'sys/openbsd') diff --git a/sys/openbsd/gen/amd64.go b/sys/openbsd/gen/amd64.go index 317e8f8e5..9b3b04f64 100644 --- a/sys/openbsd/gen/amd64.go +++ b/sys/openbsd/gen/amd64.go @@ -26,6 +26,7 @@ var resources_amd64 = []*ResourceDesc{ {Name: "sock_in", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in"}, Values: []uint64{18446744073709551615, 18446744073709551516}}, {Name: "sock_in6", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_in6"}, Values: []uint64{18446744073709551615, 18446744073709551516}}, {Name: "sock_unix", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"fd", "sock", "sock_unix"}, Values: []uint64{18446744073709551615, 18446744073709551516}}, + {Name: "tcp_seq_num", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"tcp_seq_num"}, Values: []uint64{1094861636}}, {Name: "uid", Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", TypeSize: 4}}}, Kind: []string{"uid"}, Values: []uint64{0, 18446744073709551615}}, } @@ -342,6 +343,10 @@ var structDescs_amd64 = []*KeyedStruct{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "pad1", TypeSize: 4, ArgDir: 1}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "pad2", TypeSize: 4, ArgDir: 1}}}, }}}, + {Key: StructKey{Name: "tcp_resources", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "tcp_resources", TypeSize: 8, ArgDir: 1}, Fields: []Type{ + &ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "seq", TypeSize: 4, ArgDir: 1}}, + &ResourceType{TypeCommon: TypeCommon{TypeName: "tcp_seq_num", FldName: "ack", TypeSize: 4, ArgDir: 1}}, + }}}, {Key: StructKey{Name: "termios"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "termios", TypeSize: 44}, Fields: []Type{ &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "iflag", TypeSize: 4}}}, &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "oflag", TypeSize: 4}}}, @@ -1461,9 +1466,23 @@ var syscalls_amd64 = []*Syscall{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, }}, {NR: 36, Name: "sync", CallName: "sync"}, + {Name: "syz_emit_ethernet", CallName: "syz_emit_ethernet", Args: []Type{ + &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "packet"}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}}, + }}, {Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}}, }}, + {Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, + &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}}, + &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "ack_inc", TypeSize: 4}}}, + }}, + {Name: "syz_extract_tcp_res$synack", CallName: "syz_extract_tcp_res", Args: []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}}, + &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "seq_inc", TypeSize: 8}}, Val: 1}, + &ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "ack_inc", TypeSize: 8}}}, + }}, {Name: "syz_open_pts", CallName: "syz_open_pts", Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}}, {NR: 200, Name: "truncate", CallName: "truncate", Args: []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}}, @@ -1893,4 +1912,4 @@ var consts_amd64 = []ConstValue{ {Name: "__MAP_NOREPLACE", Value: 2048}, } -const revision_amd64 = "df30b58093a18d87ed6803bfe65ec9af86f721a3" +const revision_amd64 = "05e6185f1ea57bbe311ffe3829b1cca890f472fc" diff --git a/sys/openbsd/vnet.txt b/sys/openbsd/vnet.txt new file mode 100644 index 000000000..1c9f99a04 --- /dev/null +++ b/sys/openbsd/vnet.txt @@ -0,0 +1,20 @@ +# Copyright 2018 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +# TODO(blackgnezdo): discover a cheap way to share protocol +# descriptions between different OSs. They are platform agnostic +# and should not need to be recreated on each platform. + +syz_emit_ethernet(len len[packet], packet ptr[in, array[int8]]) + +resource tcp_seq_num[int32]: 0x41424344 + +tcp_resources { + seq tcp_seq_num + ack tcp_seq_num +} + +# These pseudo syscalls read a packet from tap device and extract tcp sequence and acknowledgement numbers from it. +# They also adds the inc arguments to the returned values, this way sequence numbers get incremented. +syz_extract_tcp_res(res ptr[out, tcp_resources], seq_inc int32, ack_inc int32) +syz_extract_tcp_res$synack(res ptr[out, tcp_resources], seq_inc const[1], ack_inc const[0]) -- cgit mrf-deployment