aboutgitcodelistschat:MatrixIRC
path: root/tests
diff options
context:
space:
mode:
authorAlice Frosi <afrosi@redhat.com>2023-03-31 14:57:19 +0200
committerAlice Frosi <afrosi@redhat.com>2023-04-03 14:43:21 +0200
commit481076deafd78f34a5e5f8b827a34ab9a25931c9 (patch)
treeb72f386f5a30603b281de9674eb0605aad00e57e /tests
parent79aa938d899c451fed517005c22d00cb03f4bad2 (diff)
downloadseitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar.gz
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar.bz2
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar.lz
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar.xz
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.tar.zst
seitan-481076deafd78f34a5e5f8b827a34ab9a25931c9.zip
fix filter test
Diffstat (limited to 'tests')
-rw-r--r--tests/unit/test_filter.c1
-rw-r--r--tests/unit/test_filter_build.c156
2 files changed, 72 insertions, 85 deletions
diff --git a/tests/unit/test_filter.c b/tests/unit/test_filter.c
index 9583b56..c1e0949 100644
--- a/tests/unit/test_filter.c
+++ b/tests/unit/test_filter.c
@@ -37,7 +37,6 @@ static int generate_install_filter(struct args_target *at)
}
}
size = create_bfp_program(table, filter, 1);
- //bpf_disasm_all(filter, size);
return install_filter(filter, size);
}
diff --git a/tests/unit/test_filter_build.c b/tests/unit/test_filter_build.c
index 5d3373d..55e2a2b 100644
--- a/tests/unit/test_filter_build.c
+++ b/tests/unit/test_filter_build.c
@@ -46,14 +46,13 @@ START_TEST(test_single_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 3),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 2),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
- /* l3 */ EQ(nr, 0, 1),
- /* l4 */ JUMPA(0),
- /* l5 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l6 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l3 */ EQ(nr, 1, 0),
+ /* l4 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l5 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
size = create_bfp_program(table, result,
@@ -83,19 +82,20 @@ START_TEST(test_single_instr_two_args)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 6),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 8),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
- /* l3 */ EQ(nr, 0, 4),
- /* l4 */ EQ(123, 0, 2),
- /* l5 */ EQ(321, 0, 1),
- /* l6 */ JUMPA(2),
- /* l7 */ JUMPA(0),
- /* l8 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l9 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l3 */ EQ(nr, 0, 6),
+ /* l4 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l5 */ EQ(123, 0, 2),
+ /* l6 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l7 */ EQ(321, 0, 1),
+ /* l8 */ JUMPA(2),
+ /* l9 */ JUMPA(0),
+ /* l10 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l11 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
-
size = create_bfp_program(table, result,
sizeof(table) / sizeof(table[0]));
ck_assert_uint_eq(size, sizeof(expected) / sizeof(expected[0]));
@@ -119,19 +119,17 @@ START_TEST(test_two_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 6),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 4),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
/* ------- level0 -------- */
/* l3 */ JGE(49, 1, 0),
- /* ------- level0 -------- */
- /* l4 */ EQ(42, 1, 3),
- /* l5 */ EQ(49, 1, 2),
- /* l6 */ JUMPA(1),
- /* l7 */ JUMPA(0),
- /* l8 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l9 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* ------- leaves -------- */
+ /* l4 */ EQ(42, 2, 1),
+ /* l5 */ EQ(49, 1, 0),
+ /* l6 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l7 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
struct sock_filter result[30];
@@ -161,7 +159,7 @@ START_TEST(test_multiple_instr_no_args)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 18),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 13),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
@@ -174,19 +172,13 @@ START_TEST(test_multiple_instr_no_args)
/* l6 */ JGE(43, 4, 3),
/* l7 */ JGE(45, 5, 4),
/* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(10),
+ /* l9 */ JUMPA(5),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 4, 9),
- /* l11 */ EQ(43, 4, 8),
- /* l12 */ EQ(44, 4, 7),
- /* l13 */ EQ(45, 4, 6),
- /* l14 */ EQ(46, 4, 5),
- /* ------- args ---------- */
- /* l15 */ JUMPA(4),
- /* l16 */ JUMPA(3),
- /* l17 */ JUMPA(2),
- /* l18 */ JUMPA(1),
- /* l19 */ JUMPA(0),
+ /* l10 */ EQ(42, 5, 4),
+ /* l11 */ EQ(43, 4, 3),
+ /* l12 */ EQ(44, 3, 2),
+ /* l13 */ EQ(45, 2, 1),
+ /* l14 */ EQ(46, 1, 0),
/* l20 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
/* l21 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
@@ -225,7 +217,7 @@ START_TEST(test_multiple_instr_with_args)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 24),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 25),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
@@ -238,37 +230,36 @@ START_TEST(test_multiple_instr_with_args)
/* l6 */ JGE(43, 4, 3),
/* l7 */ JGE(45, 5, 4),
/* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(16),
+ /* l9 */ JUMPA(17),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 4, 15),
- /* l11 */ EQ(43, 6, 14),
- /* l12 */ EQ(44, 6, 13),
- /* l13 */ EQ(45, 6, 12),
- /* l14 */ EQ(46, 8, 11),
+ /* l10 */ EQ(42, 4, 16),
+ /* l11 */ EQ(43, 16, 15),
+ /* l12 */ EQ(44, 15, 14),
+ /* l13 */ EQ(45, 6, 13),
+ /* l14 */ EQ(46, 13, 12),
/* ------- args ---------- */
- /* l15 */ EQ(123, 0, 2),
- /* l16 */ EQ(321, 0, 1),
- /* l17 */ JUMPA(9), /* notify */
- /* l18 */ JUMPA(7),
- /* ----- end call42 ------ */
- /* l19 */ JUMPA(6),
- /* ----- end call43 ------ */
- /* l20 */ JUMPA(5),
+ /* l15 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l16 */ EQ(123, 0, 2),
+ /* l17 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l18 */ EQ(321, 0, 1),
+ /* l19 */ JUMPA(8), /* notify */
+ /* l20 */ JUMPA(6),
/* ----- end call44 ------ */
- /* l21 */ EQ(123, 0, 2),
- /* l22 */ EQ(321, 0, 1),
- /* l23 */ JUMPA(3), /* notify */
- /* l24 */ JUMPA(1),
- /* ----- end call45 ------ */
- /* l25 */ JUMPA(0),
+ /* l21 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l22 */ EQ(123, 0, 2),
+ /* l23 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l24 */ EQ(321, 0, 1),
+ /* l25 */ JUMPA(2), /* notify */
+ /* l26 */ JUMPA(0),
/* ----- end call46 ------ */
- /* l26 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l27 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l27 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l28 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
struct sock_filter result[sizeof(expected) / sizeof(expected[0]) + 10];
size = create_bfp_program(table, result,
sizeof(table) / sizeof(table[0]));
+ // bpf_disasm_all(result, size);
ck_assert_uint_eq(size, sizeof(expected) / sizeof(expected[0]));
ck_assert(filter_eq(expected, result,
sizeof(expected) / sizeof(expected[0])));
@@ -306,7 +297,7 @@ START_TEST(test_multiple_instance_same_instr)
/* l0 */ BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, arch))),
/* l1 */
- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 26),
+ BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SEITAN_AUDIT_ARCH, 0, 27),
/* l2 */
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
(offsetof(struct seccomp_data, nr))),
@@ -319,34 +310,31 @@ START_TEST(test_multiple_instance_same_instr)
/* l6 */ JGE(43, 4, 3),
/* l7 */ JGE(45, 5, 4),
/* l8 */ JGE(46, 6, 5),
- /* l9 */ JUMPA(18),
+ /* l9 */ JUMPA(19),
/* -------- leaves ------- */
- /* l10 */ EQ(42, 4, 17),
- /* l11 */ EQ(43, 6, 16),
- /* l12 */ EQ(44, 6, 15),
- /* l13 */ EQ(45, 6, 14),
- /* l14 */ EQ(46, 8, 13),
+ /* l10 */ EQ(42, 4, 18),
+ /* l11 */ EQ(43, 18, 17),
+ /* l12 */ EQ(44, 17, 16),
+ /* l13 */ EQ(45, 6, 15),
+ /* l14 */ EQ(46, 15, 14),
/* ------- args ---------- */
- /* l15 */ EQ(123, 0, 1),
- /* l16 */ JUMPA(12), /* notify */
- /* l17 */ EQ(321, 0, 1),
- /* l18 */ JUMPA(10), /* notify */
- /* l19 */ JUMPA(8),
- /* ----- end call42 ------ */
- /* l20 */ JUMPA(7),
- /* ----- end call43 ------ */
- /* l21 */ JUMPA(6),
+ /* l15 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l16 */ EQ(123, 0, 1),
+ /* l17 */ JUMPA(12), /* notify */
+ /* l18 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l19 */ EQ(321, 0, 1),
+ /* l20 */ JUMPA(9), /* notify */
+ /* l21 */ JUMPA(7),
/* ----- end call44 ------ */
- /* l22 */ EQ(123, 0, 1),
- /* l23 */ JUMPA(5), /* notify */
- /* l24 */ EQ(321, 0, 1),
- /* l25 */ JUMPA(3), /* notify */
- /* l26 */ JUMPA(1),
- /* ----- end call45 ------ */
- /* l27 */ JUMPA(0),
- /* ----- end call46 ------ */
- /* l28 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
- /* l29 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
+ /* l22 */ LOAD(offsetof(struct seccomp_data, args[1])),
+ /* l23 */ EQ(123, 0, 1),
+ /* l24 */ JUMPA(5), /* notify */
+ /* l25 */ LOAD(offsetof(struct seccomp_data, args[2])),
+ /* l26 */ EQ(321, 0, 1),
+ /* l27 */ JUMPA(2), /* notify */
+ /* l28 */ JUMPA(0),
+ /* l29 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),
+ /* l30 */ BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_USER_NOTIF),
};
struct sock_filter result[sizeof(expected) / sizeof(expected[0]) + 10];
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 09:18:06 +0000