1 /*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <android-base/unique_fd.h>
18 #include <android/multinetwork.h>
19 #include <arpa/inet.h>
20 #include <gmock/gmock.h>
21 #include <gtest/gtest.h>
22 #include <inttypes.h>
23 #include <net/if.h>
24 #include <netinet/tcp.h>
25 #include <sys/socket.h>
26 #include <sys/types.h>
27 #include <unistd.h>
28
29 #include <chrono>
30 #include <thread>
31 #include <vector>
32
33 #include "netdbpf/NetworkTracePoller.h"
34
35 using ::testing::AllOf;
36 using ::testing::AnyOf;
37 using ::testing::Each;
38 using ::testing::Eq;
39 using ::testing::Field;
40 using ::testing::Test;
41
42 namespace android {
43 namespace bpf {
44 namespace internal {
45 // Use uint32 max to cause the handler to never Loop. Instead, the tests will
46 // manually drive things by calling ConsumeAll explicitly.
47 constexpr uint32_t kNeverPoll = std::numeric_limits<uint32_t>::max();
48
bindAndListen(int s)49 __be16 bindAndListen(int s) {
50 sockaddr_in sin = {.sin_family = AF_INET};
51 socklen_t len = sizeof(sin);
52 if (bind(s, (sockaddr*)&sin, sizeof(sin))) return 0;
53 if (listen(s, 1)) return 0;
54 if (getsockname(s, (sockaddr*)&sin, &len)) return 0;
55 return sin.sin_port;
56 }
57
58 // This takes tcp flag constants from the standard library and makes them usable
59 // with the flags we get from BPF. The standard library flags are big endian
60 // whereas the BPF flags are reported in host byte order. BPF also trims the
61 // flags down to the 8 single-bit flag bits (fin, syn, rst, etc).
FlagToHost(__be32 be_unix_flags)62 constexpr inline uint8_t FlagToHost(__be32 be_unix_flags) {
63 return ntohl(be_unix_flags) >> 16;
64 }
65
66 // Pretty prints all fields for a list of packets (useful for debugging).
67 struct PacketPrinter {
68 const std::vector<PacketTrace>& data;
69 static constexpr char kTcpFlagNames[] = "FSRPAUEC";
70
operator <<(std::ostream & os,const PacketPrinter & d)71 friend std::ostream& operator<<(std::ostream& os, const PacketPrinter& d) {
72 os << "Packet count: " << d.data.size();
73 for (const PacketTrace& info : d.data) {
74 os << "\nifidx=" << info.ifindex;
75 os << ", len=" << info.length;
76 os << ", uid=" << info.uid;
77 os << ", tag=" << info.tag;
78 os << ", sport=" << info.sport;
79 os << ", dport=" << info.dport;
80 os << ", direction=" << (info.egress ? "egress" : "ingress");
81 os << ", proto=" << static_cast<int>(info.ipProto);
82 os << ", ip=" << static_cast<int>(info.ipVersion);
83 os << ", flags=";
84 for (int i = 0; i < 8; i++) {
85 os << ((info.tcpFlags & (1 << i)) ? kTcpFlagNames[i] : '.');
86 }
87 }
88 return os;
89 }
90 };
91
92 class NetworkTracePollerTest : public testing::Test {
93 protected:
SetUp()94 void SetUp() {
95 if (access(PACKET_TRACE_RINGBUF_PATH, R_OK)) {
96 GTEST_SKIP() << "Network tracing is not enabled/loaded on this build.";
97 }
98 if (sizeof(void*) != 8) {
99 GTEST_SKIP() << "Network tracing requires 64-bit build.";
100 }
101 }
102 };
103
TEST_F(NetworkTracePollerTest,PollWhileInactive)104 TEST_F(NetworkTracePollerTest, PollWhileInactive) {
105 NetworkTracePoller handler([&](const std::vector<PacketTrace>& pkt) {});
106
107 // One succeed after start and before stop.
108 EXPECT_FALSE(handler.ConsumeAll());
109 ASSERT_TRUE(handler.Start(kNeverPoll));
110 EXPECT_TRUE(handler.ConsumeAll());
111 ASSERT_TRUE(handler.Stop());
112 EXPECT_FALSE(handler.ConsumeAll());
113 }
114
TEST_F(NetworkTracePollerTest,ConcurrentSessions)115 TEST_F(NetworkTracePollerTest, ConcurrentSessions) {
116 // Simulate two concurrent sessions (two starts followed by two stops). Check
117 // that tracing is stopped only after both sessions finish.
118 NetworkTracePoller handler([&](const std::vector<PacketTrace>& pkt) {});
119
120 ASSERT_TRUE(handler.Start(kNeverPoll));
121 EXPECT_TRUE(handler.ConsumeAll());
122
123 ASSERT_TRUE(handler.Start(kNeverPoll));
124 EXPECT_TRUE(handler.ConsumeAll());
125
126 ASSERT_TRUE(handler.Stop());
127 EXPECT_TRUE(handler.ConsumeAll());
128
129 ASSERT_TRUE(handler.Stop());
130 EXPECT_FALSE(handler.ConsumeAll());
131 }
132
TEST_F(NetworkTracePollerTest,TraceTcpSession)133 TEST_F(NetworkTracePollerTest, TraceTcpSession) {
134 __be16 server_port = 0;
135 std::vector<PacketTrace> packets, unmatched;
136
137 // Record all packets with the bound address and current uid. This callback is
138 // involked only within ConsumeAll, at which point the port should have
139 // already been filled in and all packets have been processed.
140 NetworkTracePoller handler([&](const std::vector<PacketTrace>& pkts) {
141 for (const PacketTrace& pkt : pkts) {
142 if ((pkt.sport == server_port || pkt.dport == server_port) &&
143 pkt.uid == getuid()) {
144 packets.push_back(pkt);
145 } else {
146 // There may be spurious packets not caused by the test. These are only
147 // captured so that we can report them to help debug certain errors.
148 unmatched.push_back(pkt);
149 }
150 }
151 });
152
153 ASSERT_TRUE(handler.Start(kNeverPoll));
154 const uint32_t kClientTag = 2468;
155 const uint32_t kServerTag = 1357;
156
157 // Go through a typical connection sequence between two v4 sockets using tcp.
158 // This covers connection handshake, shutdown, and one data packet.
159 {
160 android::base::unique_fd clientsocket(socket(AF_INET, SOCK_STREAM, 0));
161 ASSERT_NE(-1, clientsocket) << "Failed to open client socket";
162 ASSERT_EQ(android_tag_socket(clientsocket, kClientTag), 0);
163
164 android::base::unique_fd serversocket(socket(AF_INET, SOCK_STREAM, 0));
165 ASSERT_NE(-1, serversocket) << "Failed to open server socket";
166 ASSERT_EQ(android_tag_socket(serversocket, kServerTag), 0);
167
168 server_port = bindAndListen(serversocket);
169 ASSERT_NE(0, server_port) << "Can't bind to server port";
170
171 sockaddr_in addr = {.sin_family = AF_INET, .sin_port = server_port};
172 ASSERT_EQ(0, connect(clientsocket, (sockaddr*)&addr, sizeof(addr)))
173 << "connect to loopback failed: " << strerror(errno);
174
175 int accepted = accept(serversocket, nullptr, nullptr);
176 ASSERT_NE(-1, accepted) << "accept connection failed: " << strerror(errno);
177
178 const char data[] = "abcdefghijklmnopqrstuvwxyz";
179 EXPECT_EQ(send(clientsocket, data, sizeof(data), 0), sizeof(data))
180 << "failed to send message: " << strerror(errno);
181
182 char buff[100] = {};
183 EXPECT_EQ(recv(accepted, buff, sizeof(buff), 0), sizeof(data))
184 << "failed to receive message: " << strerror(errno);
185
186 EXPECT_EQ(std::string(data), std::string(buff));
187 }
188
189 // Poll until we get all the packets (typically we get it first try).
190 for (int attempt = 0; attempt < 10; attempt++) {
191 ASSERT_TRUE(handler.ConsumeAll());
192 if (packets.size() >= 12) break;
193 std::this_thread::sleep_for(std::chrono::milliseconds(5));
194 }
195
196 ASSERT_TRUE(handler.Stop());
197
198 // There are 12 packets in total (6 messages: each seen by client & server):
199 // 1. Client connects to server with syn
200 // 2. Server responds with syn ack
201 // 3. Client responds with ack
202 // 4. Client sends data with psh ack
203 // 5. Server acks the data packet
204 // 6. Client closes connection with fin ack
205 ASSERT_EQ(packets.size(), 12)
206 << PacketPrinter{packets}
207 << "\nUnmatched packets: " << PacketPrinter{unmatched};
208
209 // All packets should be TCP packets.
210 EXPECT_THAT(packets, Each(Field(&PacketTrace::ipProto, Eq(IPPROTO_TCP))));
211
212 // Packet 1: client requests connection with server.
213 EXPECT_EQ(packets[0].egress, 1) << PacketPrinter{packets};
214 EXPECT_EQ(packets[0].dport, server_port) << PacketPrinter{packets};
215 EXPECT_EQ(packets[0].tag, kClientTag) << PacketPrinter{packets};
216 EXPECT_EQ(packets[0].tcpFlags, FlagToHost(TCP_FLAG_SYN))
217 << PacketPrinter{packets};
218
219 // Packet 2: server receives request from client.
220 EXPECT_EQ(packets[1].egress, 0) << PacketPrinter{packets};
221 EXPECT_EQ(packets[1].dport, server_port) << PacketPrinter{packets};
222 EXPECT_EQ(packets[1].tag, kServerTag) << PacketPrinter{packets};
223 EXPECT_EQ(packets[1].tcpFlags, FlagToHost(TCP_FLAG_SYN))
224 << PacketPrinter{packets};
225
226 // Packet 3: server replies back with syn ack.
227 EXPECT_EQ(packets[2].egress, 1) << PacketPrinter{packets};
228 EXPECT_EQ(packets[2].sport, server_port) << PacketPrinter{packets};
229 EXPECT_EQ(packets[2].tcpFlags, FlagToHost(TCP_FLAG_SYN | TCP_FLAG_ACK))
230 << PacketPrinter{packets};
231
232 // Packet 4: client receives the server's syn ack.
233 EXPECT_EQ(packets[3].egress, 0) << PacketPrinter{packets};
234 EXPECT_EQ(packets[3].sport, server_port) << PacketPrinter{packets};
235 EXPECT_EQ(packets[3].tcpFlags, FlagToHost(TCP_FLAG_SYN | TCP_FLAG_ACK))
236 << PacketPrinter{packets};
237 }
238
239 } // namespace internal
240 } // namespace bpf
241 } // namespace android
242