diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2023-05-16 03:19:01 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-05-16 07:20:25 +0200 |
| commit | 7ab2bda2e69d4a862572be4b5e389a6aa864470d (patch) | |
| tree | fa9653204a4ab9581b76499c95d76d16d467301d /cooker/cooker.h | |
| parent | 049bd1ca828da835f2903b88adcf9ce0bdacd6e4 (diff) | |
| download | seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.gz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.bz2 seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.lz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.xz seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.tar.zst seitan-7ab2bda2e69d4a862572be4b5e389a6aa864470d.zip | |
cooker, seitan: Now with 100% more gluten
Pseudorandom changes and progress around cooker and seitan:
- cooker:
- rename matching functions, split match.c
- fix up SELECT semantics
- add some form of handling for all syscalls in the example
(some stubs)
- OP_CMP for all basic and compound types except for flags
- link jumps to next block and next match
- completed implementation of tags
- gluten write
- filter clean-ups, write filters (probably not working)
- seitan:
- load gluten and source instructions and data from there
$ ./seitan-cooker cooker/example.hjson example.gluten example.bpf
Parsing block 0
Parsing match 0: connect
Found description for connect
0: OP_NR: if syscall number is not 0, jump to next block
Parsing match argument fd
setting tag reference 'fd'
tag 'fd' now refers to seccomp data at 0
Parsing match argument addr
allocating 128 at offset 0
1: OP_LOAD: #0 < args[1] (size: 128)
C#0: (INT) 1
2: OP_CMP: if temporary data: #0 NE (size: 4) read-only data: #0, jump to next block
C#4: (STRING:24) /var/run/pr-helper.sock
3: OP_CMP: if temporary data: #0 NE (size: 24) read-only data: #4, jump to next block
Linking match...
Linking block...
linked jump of instruction #0 to #4
linked jump of instruction #2 to #4
linked jump of instruction #3 to #4
Parsing block 1
Parsing match 0: ioctl
Found description for ioctl
4: OP_NR: if syscall number is not 112, jump to next block
Parsing match argument path
Parsing match argument request
C#28: (INT) 1074025674
5: OP_CMP: if seccomp data: #1 NE (size: 4) read-only data: #28, jump to next block
Parsing match argument ifr
allocating 40 at offset 128
6: OP_LOAD: #128 < args[2] (size: 40)
C#32: (STRING:5) tap0
7: OP_CMP: if temporary data: #128 NE (size: 5) read-only data: #32, jump to next block
C#37: (INT) 1
8: OP_CMP: if temporary data: #128 NE (size: 4) read-only data: #37, jump to next block
Linking match...
Linking block...
linked jump of instruction #4 to #9
linked jump of instruction #5 to #9
linked jump of instruction #7 to #9
linked jump of instruction #8 to #9
Parsing block 2
Parsing match 0: unshare
Found description for unshare
9: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #9 to #10
Parsing block 3
Parsing match 0: unshare
Found description for unshare
10: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument flags
Linking match...
Linking block...
linked jump of instruction #10 to #11
Parsing block 4
Parsing match 0: mknod
Found description for mknod
11: OP_NR: if syscall number is not 164, jump to next block
Parsing match argument path
allocating 1 at offset 168
12: OP_LOAD: #168 < args[0] (size: 1)
setting tag reference 'path'
tag 'path' now refers to temporary data at 168
Parsing match argument mode
Parsing match argument major
Parsing match argument minor
setting tag reference 'minor'
tag 'minor' now refers to seccomp data at 2
Linking match...
Linking block...
linked jump of instruction #11 to #13
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'cooker/cooker.h')
| -rw-r--r-- | cooker/cooker.h | 101 |
1 files changed, 83 insertions, 18 deletions
diff --git a/cooker/cooker.h b/cooker/cooker.h index a1cc360..82b24f7 100644 --- a/cooker/cooker.h +++ b/cooker/cooker.h @@ -6,6 +6,9 @@ #ifndef COOKER_H #define COOKER_H +#define _GNU_SOURCE +#include <fcntl.h> +#include <unistd.h> #include <stddef.h> #include <stdint.h> #include <stdio.h> @@ -14,27 +17,46 @@ #include <sys/types.h> #include <arpa/inet.h> -#define REFS_MAX 256 -#define REF_NAMEMAX 256 +#define TAGS_MAX 256 #define CALL_ARGS 6 struct num; struct field; struct select; +/** + * union desc - Description of lists of numbers, structs or selector fields + * @d_num: Pointer to a list of numbers and their labels + * @d_struct: Pointer to a struct description + * @d_select: Pointer to description of a selector + */ union desc { struct num *d_num; struct field *d_struct; struct select *d_select; }; +/** + * union value - Represent a generic value used internally by cooker + * @v_int: Value of type int + * @v_u32: Value of type u32 + * @v_num: Value of type long long, or any other numeric type + * @v_str: String, directly from JSON + */ union value { int v_int; uint32_t v_u32; long long v_num; + const char *v_str; }; +/** + * enum type - Types of values for arguments and fields within arguments + */ enum type { + UNDEF = 0, + NONE, + INT, INTMASK, INTFLAGS, @@ -43,6 +65,10 @@ enum type { U32MASK, U32FLAGS, + U64, + U64MASK, + U64FLAGS, + LONG, LONGMASK, LONGFLAGS, @@ -51,6 +77,7 @@ enum type { STRUCT, SELECT, + SELECTED, PID, @@ -68,16 +95,24 @@ enum type { #define TYPE_IS_COMPOUND(t) ((t) == STRUCT || (t) == SELECT) #define TYPE_IS_NUM(t) ((t) == INT || (t) == U32 || (t) == LONG) -enum jump_type { - NEXT_BLOCK, - END, -}; - +/** + * struct num - A numeric value and its label + * @name: Label for numeric value + * @value: Numeric value + */ struct num { char *name; long long value; }; +/** + * struct field - Field inside a struct + * @name: Name of field + * @type: Type of field + * @offset: Offset of field within struct, in bytes + * @strlen: Length of string for string types, 0 otherwise + * @desc: Description of possible values for field, or linked struct + */ struct field { char *name; enum type type; @@ -88,21 +123,27 @@ struct field { union desc desc; }; -struct select_num { - long long value; +/** + * struct select_target - Description of value selected by selector field + * @type: Type of value + * @size: Size to dereference for pointers, 0 otherwise + * @desc: Description for selected value + */ +struct select_target { + enum type type; /* TODO: Almost a struct arg? */ + size_t size; - enum type type; union desc desc; }; -struct select { - struct field *field; - - union { - struct select_num *d_num; - } desc; -}; - +/** + * struct arg - Description of part of, or complete system call argument + * @pos: Index of argument in system call + * @name: JSON name used for matches and calls + * @type: Argument type + * @size: Size of pointed area if any, 0 otherwise + * @desc: Description of list of numbers, struct or selector field + */ struct arg { int pos; char *name; @@ -113,4 +154,28 @@ struct arg { union desc desc; }; +/** + * struct select_num - List of possible selections based on numeric selector + * @value: Numeric value of the selector + * @target: Argument description defined by this selector + */ +struct select_num { + long long value; + + struct arg target; +}; + +/** + * struct select - Association between argument description and selected values + * @field: Description of argument operating the selection + * @d_num: List of possible selections + */ +struct select { + struct field *field; + + union { + struct select_num *d_num; + } desc; +}; + #endif /* COOKER_H */ |