UDP and TCP raw socket support.

PiperOrigin-RevId: 249511348 Change-Id: I34539092cc85032d9473ff4dd308fc29dc9bfd6b
author: Kevin Krakauer <krakauer@google.com> 2019-05-22 13:44:07 -0700
committer: Shentubot <shentubot@google.com> 2019-05-22 13:45:15 -0700
commit: c1cdf18e7bd21a9785462914ca8aa2056c81369a (patch)
tree: 2d53aca7fb685405940c49ac83f29743a5c96293 /test/syscalls/linux/raw_socket_icmp.cc
parent: 69eac1198f3dae9a41ddf1903e9dda7972ed5d77 (diff)
1 files changed, 453 insertions, 0 deletions
diff --git a/test/syscalls/linux/raw_socket_icmp.cc b/test/syscalls/linux/raw_socket_icmp.cc
new file mode 100644
index 000000000..24d9dc79a
--- /dev/null
+++ b/test/syscalls/linux/raw_socket_icmp.cc
@@ -0,0 +1,453 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <linux/capability.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <algorithm>
+#include <cstdint>
+
+#include "gtest/gtest.h"
+#include "test/syscalls/linux/socket_test_util.h"
+#include "test/syscalls/linux/unix_domain_socket_test_util.h"
+#include "test/util/capability_util.h"
+#include "test/util/file_descriptor.h"
+#include "test/util/test_util.h"
+
+namespace gvisor {
+namespace testing {
+
+namespace {
+
+// Compute the internet checksum of the ICMP header (assuming no payload).
+static uint16_t Checksum(struct icmphdr* icmp) {
+  uint32_t total = 0;
+  uint16_t* num = reinterpret_cast<uint16_t*>(icmp);
+
+  // This is just the ICMP header, so there's an even number of bytes.
+  static_assert(
+      sizeof(*icmp) % sizeof(*num) == 0,
+      "sizeof(struct icmphdr) is not an integer multiple of sizeof(uint16_t)");
+  for (unsigned int i = 0; i < sizeof(*icmp); i += sizeof(*num)) {
+    total += *num;
+    num++;
+  }
+
+  // Combine the upper and lower 16 bits. This happens twice in case the first
+  // combination causes a carry.
+  unsigned short upper = total >> 16;
+  unsigned short lower = total & 0xffff;
+  total = upper + lower;
+  upper = total >> 16;
+  lower = total & 0xffff;
+  total = upper + lower;
+
+  return ~total;
+}
+
+// The size of an empty ICMP packet and IP header together.
+constexpr size_t kEmptyICMPSize = 28;
+
+// ICMP raw sockets get their own special tests because Linux automatically
+// responds to ICMP echo requests, and thus a single echo request sent via
+// loopback leads to 2 received ICMP packets.
+
+class RawSocketICMPTest : public ::testing::Test {
+ protected:
+  // Creates a socket to be used in tests.
+  void SetUp() override;
+
+  // Closes the socket created by SetUp().
+  void TearDown() override;
+
+  // Checks that both an ICMP echo request and reply are received. Calls should
+  // be wrapped in ASSERT_NO_FATAL_FAILURE.
+  void ExpectICMPSuccess(const struct icmphdr& icmp);
+
+  // Sends icmp via s_.
+  void SendEmptyICMP(const struct icmphdr& icmp);
+
+  // Sends icmp via s_ to the given address.
+  void SendEmptyICMPTo(int sock, const struct sockaddr_in& addr,
+                       const struct icmphdr& icmp);
+
+  // Reads from s_ into recv_buf.
+  void ReceiveICMP(char* recv_buf, size_t recv_buf_len, size_t expected_size,
+                   struct sockaddr_in* src);
+
+  // Reads from sock into recv_buf.
+  void ReceiveICMPFrom(char* recv_buf, size_t recv_buf_len,
+                       size_t expected_size, struct sockaddr_in* src, int sock);
+
+  // The socket used for both reading and writing.
+  int s_;
+
+  // The loopback address.
+  struct sockaddr_in addr_;
+};
+
+void RawSocketICMPTest::SetUp() {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  ASSERT_THAT(s_ = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP), SyscallSucceeds());
+
+  addr_ = {};
+
+  // "On raw sockets sin_port is set to the IP protocol." - ip(7).
+  addr_.sin_port = IPPROTO_IP;
+  addr_.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+  addr_.sin_family = AF_INET;
+}
+
+void RawSocketICMPTest::TearDown() {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  EXPECT_THAT(close(s_), SyscallSucceeds());
+}
+
+// We'll only read an echo in this case, as the kernel won't respond to the
+// malformed ICMP checksum.
+TEST_F(RawSocketICMPTest, SendAndReceiveBadChecksum) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for checksum, sequence,
+  // and ID. None of that should matter for raw sockets - the kernel should
+  // still give us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2012;
+  icmp.un.echo.id = 2014;
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMP(icmp));
+
+  // Veryify that we get the echo, then that there's nothing else to read.
+  char recv_buf[kEmptyICMPSize];
+  struct sockaddr_in src;
+  ASSERT_NO_FATAL_FAILURE(
+      ReceiveICMP(recv_buf, sizeof(recv_buf), sizeof(struct icmphdr), &src));
+  EXPECT_EQ(memcmp(&src, &addr_, sizeof(src)), 0);
+  // The packet should be identical to what we sent.
+  EXPECT_EQ(memcmp(recv_buf + sizeof(struct iphdr), &icmp, sizeof(icmp)), 0);
+
+  // And there should be nothing left to read.
+  EXPECT_THAT(RetryEINTR(recv)(s_, recv_buf, sizeof(recv_buf), MSG_DONTWAIT),
+              SyscallFailsWithErrno(EAGAIN));
+}
+//
+// Send and receive an ICMP packet.
+TEST_F(RawSocketICMPTest, SendAndReceive) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for sequence and ID.
+  // None of that should matter for raw sockets - the kernel should still give
+  // us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2012;
+  icmp.un.echo.id = 2014;
+  icmp.checksum = Checksum(&icmp);
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMP(icmp));
+
+  ASSERT_NO_FATAL_FAILURE(ExpectICMPSuccess(icmp));
+}
+
+// We should be able to create multiple raw sockets for the same protocol and
+// receive the same packet on both.
+TEST_F(RawSocketICMPTest, MultipleSocketReceive) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  FileDescriptor s2 =
+      ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_RAW, IPPROTO_ICMP));
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for sequence and ID.
+  // None of that should matter for raw sockets - the kernel should still give
+  // us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2016;
+  icmp.un.echo.id = 2018;
+  icmp.checksum = Checksum(&icmp);
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMP(icmp));
+
+  // Both sockets will receive the echo request and reply in indeterminate
+  // order, so we'll need to read 2 packets from each.
+
+  // Receive on socket 1.
+  constexpr int kBufSize = kEmptyICMPSize;
+  std::vector<char[kBufSize]> recv_buf1(2);
+  struct sockaddr_in src;
+  for (int i = 0; i < 2; i++) {
+    ASSERT_NO_FATAL_FAILURE(ReceiveICMP(recv_buf1[i],
+                                        ABSL_ARRAYSIZE(recv_buf1[i]),
+                                        sizeof(struct icmphdr), &src));
+    EXPECT_EQ(memcmp(&src, &addr_, sizeof(src)), 0);
+  }
+
+  // Receive on socket 2.
+  std::vector<char[kBufSize]> recv_buf2(2);
+  for (int i = 0; i < 2; i++) {
+    ASSERT_NO_FATAL_FAILURE(
+        ReceiveICMPFrom(recv_buf2[i], ABSL_ARRAYSIZE(recv_buf2[i]),
+                        sizeof(struct icmphdr), &src, s2.get()));
+    EXPECT_EQ(memcmp(&src, &addr_, sizeof(src)), 0);
+  }
+
+  // Ensure both sockets receive identical packets.
+  int types[] = {ICMP_ECHO, ICMP_ECHOREPLY};
+  for (int type : types) {
+    auto match_type = [=](char buf[kBufSize]) {
+      struct icmphdr* icmp =
+          reinterpret_cast<struct icmphdr*>(buf + sizeof(struct iphdr));
+      return icmp->type == type;
+    };
+    const char* icmp1 =
+        *std::find_if(recv_buf1.begin(), recv_buf1.end(), match_type);
+    const char* icmp2 =
+        *std::find_if(recv_buf2.begin(), recv_buf2.end(), match_type);
+    ASSERT_NE(icmp1, *recv_buf1.end());
+    ASSERT_NE(icmp2, *recv_buf2.end());
+    EXPECT_EQ(memcmp(icmp1 + sizeof(struct iphdr), icmp2 + sizeof(struct iphdr),
+                     sizeof(icmp)),
+              0);
+  }
+}
+
+// A raw ICMP socket and ping socket should both receive the ICMP packets
+// indended for the ping socket.
+TEST_F(RawSocketICMPTest, RawAndPingSockets) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  FileDescriptor ping_sock =
+      ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP));
+
+  // Ping sockets take care of the ICMP ID and checksum.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.un.echo.sequence = *static_cast<unsigned short*>(&icmp.un.echo.sequence);
+  ASSERT_THAT(RetryEINTR(sendto)(ping_sock.get(), &icmp, sizeof(icmp), 0,
+                                 reinterpret_cast<struct sockaddr*>(&addr_),
+                                 sizeof(addr_)),
+              SyscallSucceedsWithValue(sizeof(icmp)));
+
+  // Receive on socket 1, which receives the echo request and reply in
+  // indeterminate order.
+  constexpr int kBufSize = kEmptyICMPSize;
+  std::vector<char[kBufSize]> recv_buf1(2);
+  struct sockaddr_in src;
+  for (int i = 0; i < 2; i++) {
+    ASSERT_NO_FATAL_FAILURE(
+        ReceiveICMP(recv_buf1[i], kBufSize, sizeof(struct icmphdr), &src));
+    EXPECT_EQ(memcmp(&src, &addr_, sizeof(src)), 0);
+  }
+
+  // Receive on socket 2. Ping sockets only get the echo reply, not the initial
+  // echo.
+  char ping_recv_buf[kBufSize];
+  ASSERT_THAT(RetryEINTR(recv)(ping_sock.get(), ping_recv_buf, kBufSize, 0),
+              SyscallSucceedsWithValue(sizeof(struct icmphdr)));
+
+  // Ensure both sockets receive identical echo reply packets.
+  auto match_type_raw = [=](char buf[kBufSize]) {
+    struct icmphdr* icmp =
+        reinterpret_cast<struct icmphdr*>(buf + sizeof(struct iphdr));
+    return icmp->type == ICMP_ECHOREPLY;
+  };
+  char* raw_reply =
+      *std::find_if(recv_buf1.begin(), recv_buf1.end(), match_type_raw);
+  ASSERT_NE(raw_reply, *recv_buf1.end());
+  EXPECT_EQ(
+      memcmp(raw_reply + sizeof(struct iphdr), ping_recv_buf, sizeof(icmp)), 0);
+}
+
+// Test that connect() sends packets to the right place.
+TEST_F(RawSocketICMPTest, SendAndReceiveViaConnect) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  ASSERT_THAT(
+      connect(s_, reinterpret_cast<struct sockaddr*>(&addr_), sizeof(addr_)),
+      SyscallSucceeds());
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for sequence and ID.
+  // None of that should matter for raw sockets - the kernel should still give
+  // us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2003;
+  icmp.un.echo.id = 2004;
+  icmp.checksum = Checksum(&icmp);
+  ASSERT_THAT(send(s_, &icmp, sizeof(icmp), 0),
+              SyscallSucceedsWithValue(sizeof(icmp)));
+
+  ASSERT_NO_FATAL_FAILURE(ExpectICMPSuccess(icmp));
+}
+
+// Bind to localhost, then send and receive packets.
+TEST_F(RawSocketICMPTest, BindSendAndReceive) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  ASSERT_THAT(
+      bind(s_, reinterpret_cast<struct sockaddr*>(&addr_), sizeof(addr_)),
+      SyscallSucceeds());
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for checksum, sequence,
+  // and ID. None of that should matter for raw sockets - the kernel should
+  // still give us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2004;
+  icmp.un.echo.id = 2007;
+  icmp.checksum = Checksum(&icmp);
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMP(icmp));
+
+  ASSERT_NO_FATAL_FAILURE(ExpectICMPSuccess(icmp));
+}
+
+// Bind and connect to localhost and send/receive packets.
+TEST_F(RawSocketICMPTest, BindConnectSendAndReceive) {
+  SKIP_IF(!ASSERT_NO_ERRNO_AND_VALUE(HaveCapability(CAP_NET_RAW)));
+
+  ASSERT_THAT(
+      bind(s_, reinterpret_cast<struct sockaddr*>(&addr_), sizeof(addr_)),
+      SyscallSucceeds());
+  ASSERT_THAT(
+      connect(s_, reinterpret_cast<struct sockaddr*>(&addr_), sizeof(addr_)),
+      SyscallSucceeds());
+
+  // Prepare and send an ICMP packet. Use arbitrary junk for checksum, sequence,
+  // and ID. None of that should matter for raw sockets - the kernel should
+  // still give us the packet.
+  struct icmphdr icmp;
+  icmp.type = ICMP_ECHO;
+  icmp.code = 0;
+  icmp.checksum = 0;
+  icmp.un.echo.sequence = 2010;
+  icmp.un.echo.id = 7;
+  icmp.checksum = Checksum(&icmp);
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMP(icmp));
+
+  ASSERT_NO_FATAL_FAILURE(ExpectICMPSuccess(icmp));
+}
+
+void RawSocketICMPTest::ExpectICMPSuccess(const struct icmphdr& icmp) {
+  // We're going to receive both the echo request and reply, but the order is
+  // indeterminate.
+  char recv_buf[kEmptyICMPSize];
+  struct sockaddr_in src;
+  bool received_request = false;
+  bool received_reply = false;
+
+  for (int i = 0; i < 2; i++) {
+    // Receive the packet.
+    ASSERT_NO_FATAL_FAILURE(ReceiveICMP(recv_buf, ABSL_ARRAYSIZE(recv_buf),
+                                        sizeof(struct icmphdr), &src));
+    EXPECT_EQ(memcmp(&src, &addr_, sizeof(src)), 0);
+    struct icmphdr* recvd_icmp =
+        reinterpret_cast<struct icmphdr*>(recv_buf + sizeof(struct iphdr));
+    switch (recvd_icmp->type) {
+      case ICMP_ECHO:
+        EXPECT_FALSE(received_request);
+        received_request = true;
+        // The packet should be identical to what we sent.
+        EXPECT_EQ(memcmp(recv_buf + sizeof(struct iphdr), &icmp, sizeof(icmp)),
+                  0);
+        break;
+
+      case ICMP_ECHOREPLY:
+        EXPECT_FALSE(received_reply);
+        received_reply = true;
+        // Most fields should be the same.
+        EXPECT_EQ(recvd_icmp->code, icmp.code);
+        EXPECT_EQ(recvd_icmp->un.echo.sequence, icmp.un.echo.sequence);
+        EXPECT_EQ(recvd_icmp->un.echo.id, icmp.un.echo.id);
+        // A couple are different.
+        EXPECT_EQ(recvd_icmp->type, ICMP_ECHOREPLY);
+        // The checksum is computed in such a way that it is guaranteed to have
+        // changed.
+        EXPECT_NE(recvd_icmp->checksum, icmp.checksum);
+        break;
+    }
+  }
+
+  ASSERT_TRUE(received_request);
+  ASSERT_TRUE(received_reply);
+}
+
+void RawSocketICMPTest::SendEmptyICMP(const struct icmphdr& icmp) {
+  ASSERT_NO_FATAL_FAILURE(SendEmptyICMPTo(s_, addr_, icmp));
+}
+
+void RawSocketICMPTest::SendEmptyICMPTo(int sock,
+                                        const struct sockaddr_in& addr,
+                                        const struct icmphdr& icmp) {
+  // It's safe to use const_cast here because sendmsg won't modify the iovec or
+  // address.
+  struct iovec iov = {};
+  iov.iov_base = static_cast<void*>(const_cast<struct icmphdr*>(&icmp));
+  iov.iov_len = sizeof(icmp);
+  struct msghdr msg = {};
+  msg.msg_name = static_cast<void*>(const_cast<struct sockaddr_in*>(&addr));
+  msg.msg_namelen = sizeof(addr);
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_flags = 0;
+  ASSERT_THAT(sendmsg(sock, &msg, 0), SyscallSucceedsWithValue(sizeof(icmp)));
+}
+
+void RawSocketICMPTest::ReceiveICMP(char* recv_buf, size_t recv_buf_len,
+                                    size_t expected_size,
+                                    struct sockaddr_in* src) {
+  ASSERT_NO_FATAL_FAILURE(
+      ReceiveICMPFrom(recv_buf, recv_buf_len, expected_size, src, s_));
+}
+
+void RawSocketICMPTest::ReceiveICMPFrom(char* recv_buf, size_t recv_buf_len,
+                                        size_t expected_size,
+                                        struct sockaddr_in* src, int sock) {
+  struct iovec iov = {};
+  iov.iov_base = recv_buf;
+  iov.iov_len = recv_buf_len;
+  struct msghdr msg = {};
+  msg.msg_name = src;
+  msg.msg_namelen = sizeof(*src);
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_flags = 0;
+  // We should receive the ICMP packet plus 20 bytes of IP header.
+  ASSERT_THAT(recvmsg(sock, &msg, 0),
+              SyscallSucceedsWithValue(expected_size + sizeof(struct iphdr)));
+}
+
+}  // namespace
+
+}  // namespace testing
+}  // namespace gvisor
author	Kevin Krakauer <krakauer@google.com>	2019-05-22 13:44:07 -0700
committer	Shentubot <shentubot@google.com>	2019-05-22 13:45:15 -0700
commit	c1cdf18e7bd21a9785462914ca8aa2056c81369a (patch)
tree	2d53aca7fb685405940c49ac83f29743a5c96293 /test/syscalls/linux/raw_socket_icmp.cc
parent	69eac1198f3dae9a41ddf1903e9dda7972ed5d77 (diff)