Fix netebpfext verifier bug with prog types other than xdp (#1870)
Co-authored-by: Alan Jowett <alanjo@microsoft.com>
This commit is contained in:
Dave Thaler
GitHub
Родитель
83a0fef35c
Коммит
9020751748
|
|
@ -68,6 +68,24 @@ _fwp_engine::classify_test_packet(_In_ const GUID* layer_guid, NET_IFINDEX if_in
|
|||
return result.actionType;
|
||||
}
|
||||
|
||||
void
|
||||
_fwp_engine::test_bind()
|
||||
{
|
||||
// TODO(issue #1869): implement bind callout.
|
||||
}
|
||||
|
||||
void
|
||||
_fwp_engine::test_cgroup_sock_addr()
|
||||
{
|
||||
// TODO(issue #1869): implement sock_addr callout.
|
||||
}
|
||||
|
||||
void
|
||||
_fwp_engine::test_sock_ops()
|
||||
{
|
||||
// TODO(issue #1869): implement sock_ops callout.
|
||||
}
|
||||
|
||||
typedef struct _fwp_injection_handle
|
||||
{
|
||||
ADDRESS_FAMILY address_family;
|
||||
|
|
|
|||
|
|
@ -77,6 +77,15 @@ typedef class _fwp_engine
|
|||
FWP_ACTION_TYPE
|
||||
classify_test_packet(_In_ const GUID* layer_guid, NET_IFINDEX if_index);
|
||||
|
||||
void
|
||||
test_bind();
|
||||
|
||||
void
|
||||
test_cgroup_sock_addr();
|
||||
|
||||
void
|
||||
test_sock_ops();
|
||||
|
||||
static _fwp_engine*
|
||||
get()
|
||||
{
|
||||
|
|
|
|||
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичные данные
tests/libfuzzer/netebpfext_fuzzer/corpus/xdp
Двоичные данные
tests/libfuzzer/netebpfext_fuzzer/corpus/xdp
Двоичный файл не отображается.
|
|
@ -159,25 +159,25 @@ FUZZ_EXPORT int __cdecl LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
|||
return 0;
|
||||
}
|
||||
|
||||
FWP_ACTION_TYPE result;
|
||||
|
||||
// Verify we successfully attached to netebpfext.
|
||||
if (client_context.provider_binding_context == nullptr) {
|
||||
goto Done;
|
||||
}
|
||||
|
||||
// Classify an inbound packet that should pass.
|
||||
client_context.metadata = *metadata;
|
||||
result = helper.classify_test_packet(&FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE, if_index);
|
||||
if (result != FWP_ACTION_PERMIT && result != FWP_ACTION_BLOCK) {
|
||||
goto Done;
|
||||
}
|
||||
|
||||
// Classify an inbound packet that should be dropped.
|
||||
client_context.metadata = *metadata;
|
||||
result = helper.classify_test_packet(&FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE, if_index);
|
||||
if (result != FWP_ACTION_PERMIT && result != FWP_ACTION_BLOCK) {
|
||||
goto Done;
|
||||
switch (prog_type) {
|
||||
case BPF_PROG_TYPE_XDP:
|
||||
(void)helper.classify_test_packet(&FWPM_LAYER_INBOUND_MAC_FRAME_NATIVE, if_index);
|
||||
break;
|
||||
case BPF_PROG_TYPE_BIND:
|
||||
helper.test_bind();
|
||||
break;
|
||||
case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
|
||||
helper.test_cgroup_sock_addr();
|
||||
break;
|
||||
case BPF_PROG_TYPE_SOCK_OPS:
|
||||
helper.test_sock_ops();
|
||||
break;
|
||||
}
|
||||
|
||||
Done:
|
||||
|
|
|
|||
|
|
@ -39,6 +39,24 @@ typedef class _netebpf_ext_helper
|
|||
return _fwp_engine::get()->classify_test_packet(layer_guid, if_index);
|
||||
}
|
||||
|
||||
void
|
||||
test_bind()
|
||||
{
|
||||
return _fwp_engine::get()->test_bind();
|
||||
}
|
||||
|
||||
void
|
||||
test_cgroup_sock_addr()
|
||||
{
|
||||
return _fwp_engine::get()->test_cgroup_sock_addr();
|
||||
}
|
||||
|
||||
void
|
||||
test_sock_ops()
|
||||
{
|
||||
return _fwp_engine::get()->test_sock_ops();
|
||||
}
|
||||
|
||||
private:
|
||||
bool trace_initiated = false;
|
||||
bool ndis_handle_initialized = false;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче