xref: /freebsd/tests/sys/kern/socket_accf.c (revision 3877025f52ee205fe99ad4ff68229933d57e4bcb) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2022-2024 Gleb Smirnoff <glebius@FreeBSD.org>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include <sys/socket.h>
29 #include <netinet/in.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <stdlib.h>
33 
34 #include <atf-c.h>
35 
36 static int
37 listensock(struct sockaddr_in *sin)
38 {
39 	int l;
40 
41 	ATF_REQUIRE((l = socket(PF_INET, SOCK_STREAM, 0)) > 0);
42 	ATF_REQUIRE(fcntl(l, F_SETFL, O_NONBLOCK) != -1);
43 	ATF_REQUIRE(setsockopt(l, SOL_SOCKET, SO_REUSEADDR, &(socklen_t){1},
44 	    sizeof(int)) == 0);
45 	*sin = (struct sockaddr_in){
46 		.sin_len = sizeof(sin),
47 		.sin_family = AF_INET,
48 		.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
49 	};
50 	ATF_REQUIRE(bind(l, (struct sockaddr *)sin, sizeof(*sin)) == 0);
51 	ATF_REQUIRE(getsockname(l, (struct sockaddr *)sin,
52 	    &(socklen_t){ sizeof(*sin) }) == 0);
53 	ATF_REQUIRE(listen(l, -1) == 0);
54 
55 	return (l);
56 }
57 
58 static int
59 clientsock(struct sockaddr_in *sin)
60 {
61 	int s;
62 
63 	ATF_REQUIRE((s = socket(PF_INET, SOCK_STREAM, 0)) > 0);
64 	ATF_REQUIRE(connect(s, (struct sockaddr *)sin, sizeof(*sin)) == 0);
65 
66 	return (s);
67 }
68 
69 static void
70 accfon(int l, struct accept_filter_arg *af)
71 {
72 	if (setsockopt(l, SOL_SOCKET, SO_ACCEPTFILTER, af, sizeof(*af)) != 0) {
73 		atf_tc_fail("setsockopt(SO_ACCEPTFILTER): %s", strerror(errno));
74 	}
75 }
76 
77 /*
78  * XXX: return from send(2) on a localhost connection doesn't guarantee that
79  * netisr has fully processed and delivered the data to the remote local
80  * socket.  Sleep a fraction of second to "guarantee" that it did.
81  */
82 static ssize_t
83 usend(int s, const void *msg, size_t len)
84 {
85 	ssize_t rv;
86 
87 	rv = send(s, msg, len, 0);
88 	usleep(100000);
89 	return (rv);
90 }
91 
92 ATF_TC(data);
93 ATF_TC_HEAD(data, tc)
94 {
95 	atf_tc_set_md_var(tc, "require.kmods", "accf_data");
96 }
97 ATF_TC_BODY(data, tc)
98 {
99 	struct accept_filter_arg afa = {
100 		.af_name = "dataready"
101 	};
102 	struct sockaddr_in sin;
103 	int l, s, a;
104 
105 	l = listensock(&sin);
106 	accfon(l, &afa);
107 	s = clientsock(&sin);
108 	ATF_REQUIRE(accept(l, NULL, 0) == -1);
109 	ATF_REQUIRE(errno == EAGAIN);
110 	ATF_REQUIRE(usend(s, "foo", sizeof("foo")) == sizeof("foo"));
111 	ATF_REQUIRE((a = accept(l, NULL, 0)) > 0);
112 }
113 
114 ATF_TC(http);
115 ATF_TC_HEAD(http, tc)
116 {
117 	atf_tc_set_md_var(tc, "require.kmods", "accf_http");
118 }
119 ATF_TC_BODY(http, tc)
120 {
121 	struct accept_filter_arg afa = {
122 		.af_name = "httpready"
123 	};
124 	struct sockaddr_in sin;
125 	int l, s, a;
126 
127 	l = listensock(&sin);
128 	accfon(l, &afa);
129 	s = clientsock(&sin);
130 
131 	/* 1) No data. */
132 	ATF_REQUIRE(accept(l, NULL, 0) == -1);
133 	ATF_REQUIRE(errno == EAGAIN);
134 
135 	/* 2) Data, that doesn't look like HTTP. */
136 	ATF_REQUIRE(usend(s, "foo", sizeof("foo")) == sizeof("foo"));
137 	ATF_REQUIRE((a = accept(l, NULL, 0)) > 0);
138 
139 	close(s);
140 	close(a);
141 
142 #define	CHUNK1	"GET / "
143 #define	CHUNK2	"HTTP/1.0\r\n\n"
144 #define	LEN(c)	(sizeof(c) - 1)
145 
146 	/* 3) Partial HTTP. */
147 	s = clientsock(&sin);
148 	ATF_REQUIRE(usend(s, CHUNK1, LEN(CHUNK1)) == LEN(CHUNK1));
149 	ATF_REQUIRE(accept(l, NULL, 0) == -1);
150 	ATF_REQUIRE(errno == EAGAIN);
151 
152 	/* 4) Complete HTTP. */
153 	ATF_REQUIRE(usend(s, CHUNK2, LEN(CHUNK2)) == LEN(CHUNK2));
154 	ATF_REQUIRE((a = accept(l, NULL, 0)) > 0);
155 }
156 
157 ATF_TC(tls);
158 ATF_TC_HEAD(tls, tc)
159 {
160 	atf_tc_set_md_var(tc, "require.kmods", "accf_tls");
161 }
162 ATF_TC_BODY(tls, tc)
163 {
164 	struct accept_filter_arg afa = {
165 		.af_name = "tlsready"
166 	};
167 	struct sockaddr_in sin;
168 	int l, s, a;
169 
170 	l = listensock(&sin);
171 	accfon(l, &afa);
172 	s = clientsock(&sin);
173 
174 	/* 1) No data. */
175 	ATF_REQUIRE(accept(l, NULL, 0) == -1);
176 	ATF_REQUIRE(errno == EAGAIN);
177 
178 	/* 2) Less than 5 bytes. */
179 	ATF_REQUIRE(usend(s, "foo", sizeof("foo")) == sizeof("foo"));
180 	ATF_REQUIRE(errno == EAGAIN);
181 
182 	/* 3) Something that doesn't look like TLS handshake. */
183 	ATF_REQUIRE(usend(s, "bar", sizeof("bar")) == sizeof("bar"));
184 	ATF_REQUIRE((a = accept(l, NULL, 0)) > 0);
185 
186 	close(s);
187 	close(a);
188 
189 	/* 4) Partial TLS record. */
190 	s = clientsock(&sin);
191 	struct {
192 		uint8_t  type;
193 		uint16_t version;
194 		uint16_t length;
195 	} __attribute__((__packed__)) header = {
196 		.type = 0x16,
197 		.length = htons((uint16_t)(arc4random() % 16384)),
198 	};
199 	_Static_assert(sizeof(header) == 5, "");
200 	ATF_REQUIRE(usend(s, &header, sizeof(header)) == sizeof(header));
201 	ssize_t sent = 0;
202 	do {
203 		size_t len;
204 		char *buf;
205 
206 		ATF_REQUIRE(accept(l, NULL, 0) == -1);
207 		ATF_REQUIRE(errno == EAGAIN);
208 
209 		len = arc4random() % 1024;
210 		buf = alloca(len);
211 		ATF_REQUIRE(usend(s, buf, len) == (ssize_t)len);
212 		sent += len;
213 	} while (sent < ntohs(header.length));
214 	/* TLS header with bytes >= declared length. */
215 	ATF_REQUIRE((a = accept(l, NULL, 0)) > 0);
216 }
217 
218 /* Check changing to a different filter. */
219 ATF_TC(change);
220 ATF_TC_HEAD(change, tc)
221 {
222 	atf_tc_set_md_var(tc, "require.kmods", "accf_data accf_http");
223 }
224 ATF_TC_BODY(change, tc)
225 {
226 	struct accept_filter_arg dfa = {
227 		.af_name = "dataready"
228 	};
229 	struct accept_filter_arg hfa = {
230 		.af_name = "httpready"
231 	};
232 	struct sockaddr_in sin;
233 	int n, l;
234 
235 	l = listensock(&sin);
236 	accfon(l, &dfa);
237 
238 	/* Refuse to change filter without explicit removal of the old one. */
239 	ATF_REQUIRE(setsockopt(l, SOL_SOCKET, SO_ACCEPTFILTER, &hfa,
240 	    sizeof(hfa)) != 0 && errno == EBUSY);
241 
242 	/* But allow after clearing. */
243 	ATF_REQUIRE(setsockopt(l, SOL_SOCKET, SO_ACCEPTFILTER, NULL, 0) == 0);
244 	ATF_REQUIRE(setsockopt(l, SOL_SOCKET, SO_ACCEPTFILTER, &hfa,
245 	    sizeof(hfa)) == 0);
246 
247 	/* Must be listening socket. */
248 	ATF_REQUIRE((n = socket(PF_INET, SOCK_STREAM, 0)) > 0);
249 	ATF_REQUIRE(setsockopt(n, SOL_SOCKET, SO_ACCEPTFILTER, &dfa,
250 	    sizeof(dfa)) != 0 && errno == EINVAL);
251 }
252 
253 ATF_TP_ADD_TCS(tp)
254 {
255 	ATF_TP_ADD_TC(tp, data);
256 	ATF_TP_ADD_TC(tp, http);
257 	ATF_TP_ADD_TC(tp, tls);
258 	ATF_TP_ADD_TC(tp, change);
259 
260 	return (atf_no_error());
261 }
262