def testMarkBytecode(self):
family, addr = random.choice([(AF_INET, "127.0.0.1"),
(AF_INET6, "::1"),
(AF_INET6, "::ffff:127.0.0.1")])
s1, s2 = net_test.CreateSocketPair(family, SOCK_STREAM, addr)
s1.setsockopt(SOL_SOCKET, net_test.SO_MARK, 0xfff1234)
s2.setsockopt(SOL_SOCKET, net_test.SO_MARK, 0xf0f1235)
infos = self.FilterEstablishedSockets(0x1234, 0xffff)
self.assertFoundSockets(infos, [s1])
infos = self.FilterEstablishedSockets(0x1234, 0xfffe)
self.assertFoundSockets(infos, [s1, s2])
infos = self.FilterEstablishedSockets(0x1235, 0xffff)
self.assertFoundSockets(infos, [s2])
infos = self.FilterEstablishedSockets(0x0, 0x0)
self.assertFoundSockets(infos, [s1, s2])
infos = self.FilterEstablishedSockets(0xfff0000, 0xf0fed00)
self.assertEquals(0, len(infos))
with net_test.RunAsUid(12345):
self.assertRaisesErrno(EPERM, self.FilterEstablishedSockets,
0xfff0000, 0xf0fed00)
def CheckTCPConnection(self, mode, listensocket, netid, version,
myaddr, remoteaddr, packet, reply, msg):
establishing_ack = packets.ACK(version, remoteaddr, myaddr, reply)[1]
# Attempt to confuse the kernel.
self.InvalidateDstCache(version, remoteaddr, netid)
self.ReceivePacketOn(netid, establishing_ack)
# If we're using UID routing, the accept() call has to be run as a UID that
# is routed to the specified netid, because the UID of the socket returned
# by accept() is the effective UID of the process that calls it. It doesn't
# need to be the same UID; any UID that selects the same interface will do.
with net_test.RunAsUid(self.UidForNetid(netid)):
s, _ = listensocket.accept()
try:
# Check that data sent on the connection goes out on the right interface.
desc, data = packets.ACK(version, myaddr, remoteaddr, establishing_ack,
payload=UDP_PAYLOAD)
s.send(UDP_PAYLOAD)
self.ExpectPacketOn(netid, msg + ": expecting %s" % desc, data)
self.InvalidateDstCache(version, remoteaddr, netid)
# Keep up our end of the conversation.
ack = packets.ACK(version, remoteaddr, myaddr, data)[1]
self.InvalidateDstCache(version, remoteaddr, netid)
self.ReceivePacketOn(netid, ack)
mark = self.GetSocketMark(s)
finally:
self.InvalidateDstCache(version, remoteaddr, netid)
s.close()
self.InvalidateDstCache(version, remoteaddr, netid)
if mode == self.MODE_INCOMING_MARK:
self.assertEquals(netid, mark,
msg + ": Accepted socket: Expected mark %d, got %d" % (
netid, mark))
elif mode != self.MODE_EXPLICIT_MARK:
self.assertEquals(0, self.GetSocketMark(listensocket))
# Check the FIN was sent on the right interface, and ack it. We don't expect
# this to fail because by the time the connection is established things are
# likely working, but a) extra tests are always good and b) extra packets
# like the FIN (and retransmitted FINs) could cause later tests that expect
# no packets to fail.
desc, fin = packets.FIN(version, myaddr, remoteaddr, ack)
self.ExpectPacketOn(netid, msg + ": expecting %s after close" % desc, fin)
desc, finack = packets.FIN(version, remoteaddr, myaddr, fin)
self.ReceivePacketOn(netid, finack)
# Since we called close() earlier, the userspace socket object is gone, so
# the socket has no UID. If we're doing UID routing, the ack might be routed
# incorrectly. Not much we can do here.
desc, finackack = packets.ACK(version, myaddr, remoteaddr, finack)
self.ExpectPacketOn(netid, msg + ": expecting final ack", finackack)
def BuildSocket(self, version, constructor, netid, routing_mode):
uid = self.UidForNetid(netid) if routing_mode == "uid" else None
with net_test.RunAsUid(uid):
family = self.GetProtocolFamily(version)
s = constructor(family)
if routing_mode not in [None, "uid"]:
self.SelectInterface(s, netid, routing_mode)
return s
def CheckPermissions(self, socktype):
s = socket(AF_INET6, socktype, 0)
self.SelectInterface(s, random.choice(self.NETIDS), "mark")
if socktype == SOCK_STREAM:
s.listen(1)
expectedstate = tcp_test.TCP_LISTEN
else:
s.connect((self.GetRemoteAddress(6), 53))
expectedstate = tcp_test.TCP_ESTABLISHED
with net_test.RunAsUid(12345):
self.assertRaisesErrno(EPERM, self.sock_diag.CloseSocketFromFd, s)
self.sock_diag.CloseSocketFromFd(s)
self.assertRaises(ValueError, self.sock_diag.CloseSocketFromFd, s)
def testGetSocketUid(self):
self.map_fd = CreateMap(BPF_MAP_TYPE_HASH, KEY_SIZE, VALUE_SIZE,
TOTAL_ENTRIES)
# Set up the instruction with uid at BPF_REG_0.
instructions = [
BpfMov64Reg(BPF_REG_6, BPF_REG_1),
BpfFuncCall(BPF_FUNC_get_socket_uid)
]
# Concatenate the generic packet count bpf program to it.
instructions += (INS_BPF_PARAM_STORE +
BpfFuncCountPacketInit(self.map_fd) +
INS_SK_FILTER_ACCEPT + INS_PACK_COUNT_UPDATE +
INS_SK_FILTER_ACCEPT)
self.prog_fd = BpfProgLoad(BPF_PROG_TYPE_SOCKET_FILTER, instructions)
packet_count = 10
uid = 12345
with net_test.RunAsUid(uid):
self.assertRaisesErrno(errno.ENOENT, LookupMap, self.map_fd, uid)
SocketUDPLoopBack(packet_count, 4, self.prog_fd)
self.assertEquals(packet_count, LookupMap(self.map_fd, uid).value)
DeleteMap(self.map_fd, uid)
SocketUDPLoopBack(packet_count, 6, self.prog_fd)
self.assertEquals(packet_count, LookupMap(self.map_fd, uid).value)
def assertSocketMarkIs(self, s, mark):
diag_msg, attrs = self.sock_diag.FindSockInfoFromFd(s)
self.assertMarkIs(mark, attrs)
with net_test.RunAsUid(12345):
diag_msg, attrs = self.sock_diag.FindSockInfoFromFd(s)
self.assertMarkIs(None, attrs)