From: Hangbin Liu <liuhangbin@gmail.com>
To: Trinity <trinity@vger.kernel.org>
Cc: Daniel Borkmann <dborkman@redhat.com>,
Hangbin Liu <liuhangbin@gmail.com>
Subject: [PATCH] trinity: add connection support for AF_INET and AF_INET6
Date: Mon, 4 Aug 2014 00:16:30 +0800 [thread overview]
Message-ID: <1407082590-17098-1-git-send-email-liuhangbin@gmail.com> (raw)
Trinity is a syscall fuzz tool for local host testing. But it would also be
very useful to fuzz during established sessions over the network. This patch
add simple connection ability for IPv4/IPv6 so user can use it as a
client/server and simulate as a real environment.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
include/net.h | 2 ++
include/params.h | 3 +++
net/proto-ipv4.c | 13 +++++++++++++
net/proto-ipv6.c | 14 ++++++++++++++
params.c | 25 +++++++++++++++++++++----
5 files changed, 53 insertions(+), 4 deletions(-)
diff --git a/include/net.h b/include/net.h
index 15c51a6..d7a0f0f 100644
--- a/include/net.h
+++ b/include/net.h
@@ -13,6 +13,8 @@ extern unsigned int nr_sockets;
/* protocol decoding */
extern unsigned int specific_proto;
+extern int server_port;
+extern char server_addr[INET6_ADDRSTRLEN];
/* glibc headers might be older than the kernel, so chances are we know
* about more protocols than glibc does. So we define our own PF_MAX */
diff --git a/include/params.h b/include/params.h
index 2ee0f7b..40d213e 100644
--- a/include/params.h
+++ b/include/params.h
@@ -52,3 +52,6 @@ extern unsigned int kernel_taint_mask;
extern bool kernel_taint_param_occured;
extern unsigned int user_specified_children;
+
+extern int server_port;
+extern char server_addr[INET6_ADDRSTRLEN];
diff --git a/net/proto-ipv4.c b/net/proto-ipv4.c
index 8babe6d..976197f 100644
--- a/net/proto-ipv4.c
+++ b/net/proto-ipv4.c
@@ -85,12 +85,25 @@ in_addr_t random_ipv4_address(void)
void ipv4_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
{
struct sockaddr_in *ipv4;
+ struct in_addr serv_addr;
ipv4 = zmalloc(sizeof(struct sockaddr_in));
ipv4->sin_family = PF_INET;
ipv4->sin_addr.s_addr = random_ipv4_address();
ipv4->sin_port = htons(rand() % 65535);
+
+ /* Client side if we supplied server_addr */
+ if (inet_pton(PF_INET, server_addr, &serv_addr) == 1)
+ ipv4->sin_addr = serv_addr;
+ /* Server side if we supplied port without addr, so listen on INADDR_ANY */
+ else if (server_port != 0)
+ ipv4->sin_addr.s_addr = htonl(INADDR_ANY);
+
+ /* Fuzz from port to (port + 100) if supplied */
+ if (server_port != 0)
+ ipv4->sin_port = htons(server_port + rand() % 100);
+
*addr = (struct sockaddr *) ipv4;
*addrlen = sizeof(struct sockaddr_in);
}
diff --git a/net/proto-ipv6.c b/net/proto-ipv6.c
index 16bceb3..bf62897 100644
--- a/net/proto-ipv6.c
+++ b/net/proto-ipv6.c
@@ -5,6 +5,7 @@
#include <linux/if.h>
#include <linux/if_arp.h>
#include <linux/if_packet.h>
+#include <arpa/inet.h>
#include <stdlib.h>
#include "net.h"
#include "random.h"
@@ -14,6 +15,7 @@
void ipv6_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
{
struct sockaddr_in6 *ipv6;
+ struct in6_addr serv_addr;
ipv6 = zmalloc(sizeof(struct sockaddr_in6));
@@ -23,6 +25,18 @@ void ipv6_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
ipv6->sin6_addr.s6_addr32[2] = 0;
ipv6->sin6_addr.s6_addr32[3] = htonl(1);
ipv6->sin6_port = htons(rand() % 65535);
+
+ /* Client side if we supplied server_addr */
+ if (inet_pton(PF_INET6, server_addr, &serv_addr) == 1)
+ ipv6->sin6_addr = serv_addr;
+ /* Server side if we supplied port without addr, so listen on in6addr_any */
+ else if (server_port != 0)
+ ipv6->sin6_addr = in6addr_any;
+
+ /* Fuzz from port to (port + 100) if supplied */
+ if (server_port != 0)
+ ipv6->sin6_port = htons(server_port + rand() % 100);
+
*addr = (struct sockaddr *) ipv6;
*addrlen = sizeof(struct sockaddr_in6);
}
diff --git a/params.c b/params.c
index df702e3..ee7f5cf 100644
--- a/params.c
+++ b/params.c
@@ -57,6 +57,9 @@ char *victim_path = NULL;
unsigned int kernel_taint_mask = 0xFFFFFFFF;
bool kernel_taint_param_occured = FALSE;
+int server_port = 0;
+char server_addr[INET6_ADDRSTRLEN] = "\0";
+
static void usage(void)
{
outputerr("%s\n", progname);
@@ -80,6 +83,8 @@ static void usage(void)
outputerr(" --syslog,-S: log important info to syslog. (useful if syslog is remote)\n");
outputerr(" --verbose,-v: increase output verbosity.\n");
outputerr(" --victims,-V: path to victim files.\n");
+ outputerr(" --server_addr: supply an IPv4 or IPv6 address to connect, no need for server side.\n");
+ outputerr(" --server_port: supply an server port to listen or connect, will fuzz between port to (port + 100)\n");
outputerr("\n");
outputerr(" -c#,@: target specific syscall (takes syscall name as parameter and optionally 32 or 64 as bit-width. Default:both).\n");
outputerr(" -N#: do # syscalls then exit.\n");
@@ -113,13 +118,16 @@ static const struct option longopts[] = {
{ "syslog", no_argument, NULL, 'S' },
{ "verbose", no_argument, NULL, 'v' },
{ "victims", required_argument, NULL, 'V' },
+ { "server_addr", required_argument, NULL, 0 },
+ { "server_port", required_argument, NULL, 0 },
{ NULL, 0, NULL, 0 } };
void parse_args(int argc, char *argv[])
{
int opt;
+ int opt_index = 0;
- while ((opt = getopt_long(argc, argv, paramstr, longopts, NULL)) != -1) {
+ while ((opt = getopt_long(argc, argv, paramstr, longopts, &opt_index)) != -1) {
switch (opt) {
default:
if (opt == '?')
@@ -128,9 +136,6 @@ void parse_args(int argc, char *argv[])
outputstd("opt:%c\n", opt);
return;
- case '\0':
- return;
-
case 'b':
init_bdev_list();
process_bdev_param(optarg);
@@ -294,6 +299,18 @@ void parse_args(int argc, char *argv[])
case 'X':
dropprivs = TRUE;
break;
+
+ case 0:
+ /*
+ * FIXME: It's really hard to find two reasonable short
+ * names since S s P p all have been used. Use long
+ * options before we fix this issue.
+ */
+ if (strcmp("server_addr", longopts[opt_index].name) == 0)
+ strcpy(server_addr, optarg);
+ if (strcmp("server_port", longopts[opt_index].name) == 0)
+ server_port = atoi(optarg);
+ break;
}
}
if (quiet_level > MAX_LOGLEVEL)
--
1.9.3
next reply other threads:[~2014-08-03 16:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-03 16:16 Hangbin Liu [this message]
2014-08-04 22:06 ` [PATCH] trinity: add connection support for AF_INET and AF_INET6 Dave Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1407082590-17098-1-git-send-email-liuhangbin@gmail.com \
--to=liuhangbin@gmail.com \
--cc=dborkman@redhat.com \
--cc=trinity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).