Skip to content

Commit

Permalink
Fix netfilter test's setsockopt to actually succeed
Browse files Browse the repository at this point in the history
  • Loading branch information
@rocallahan
rocallahan committed Dec 22, 2023
1 parent 78d8098 commit e21ebb8
Showing 1 changed file with 5 additions and 27 deletions.
32 changes: 5 additions & 27 deletions src/test/netfilter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,19 +61,6 @@ int main(void) {
test_assert(ret == 0);
test_assert(getentries_size == sizeof(struct ipt_get_entries) + info.size);

// matches will be empty
struct xt_entry_target target;
const char* target_name = "MASQUERADE";
target.u.user.target_size = strlen(target_name) - 1;
memcpy(target.u.user.name, target_name, strlen(target_name) - 1);

struct ipt_entry entry;
memset(&entry, 0, sizeof(struct ipt_entry));
entry.ip.src.s_addr = 0x10;
entry.ip.smsk.s_addr = 0xffffff;
entry.target_offset = 0x70;
entry.next_offset = 0x98;

// Allocate space to receive counters
struct xt_counters* counters =
malloc(sizeof(struct xt_counters) * info.num_entries);
Expand All @@ -82,8 +69,9 @@ int main(void) {

struct ipt_replace repl;
strcpy(repl.name, "nat");
repl.num_entries = info.num_entries + 1;
repl.size = info.size + entry.next_offset;
repl.valid_hooks = info.valid_hooks;
repl.num_entries = info.num_entries;
repl.size = info.size;
memcpy(repl.hook_entry, info.hook_entry, sizeof(repl.hook_entry));
memcpy(repl.underflow, info.underflow, sizeof(repl.underflow));
repl.num_counters = info.num_entries;
Expand All @@ -95,28 +83,18 @@ int main(void) {
// Assemble structure
memcpy(final, &repl, sizeof(struct ipt_replace));

// Copy over original entries and insert our new one as the second-to-last one
char* src_ptr = (char*)entries->entrytable;
char* dest_ptr = (char*)((struct ipt_replace*)final)->entries;
for (size_t i = 0; i < info.num_entries; ++i) {
if (i == info.num_entries - 2) {
memcpy(dest_ptr, &entry, sizeof(struct ipt_entry));
dest_ptr += sizeof(struct ipt_entry);
memcpy(dest_ptr, &target, sizeof(struct xt_entry_target));
dest_ptr += sizeof(struct xt_entry_target);
size_t npad = entry.next_offset - sizeof(struct xt_entry_target);
memset(dest_ptr, 0, npad);
dest_ptr += npad;
}
struct ipt_entry* cur_entry = (struct ipt_entry*)src_ptr;
memcpy(dest_ptr, src_ptr, cur_entry->next_offset);
dest_ptr += cur_entry->next_offset;
src_ptr += cur_entry->next_offset;
}

// Finally pass this off to the kernel
test_assert(
setsockopt(sock_fd, SOL_IP, IPT_SO_SET_REPLACE, final, final_size));
ret = setsockopt(sock_fd, SOL_IP, IPT_SO_SET_REPLACE, final, final_size);
test_assert(ret == 0);

// Verify that the counters array was overwritten. Since we don't know the
// exact value here, just make sure some bytes were written. After every byte
Expand Down

0 comments on commit e21ebb8

Please sign in to comment.