started llmp tcp clientloop, renaming

2020-12-07 17:11:11 +01:00 · 2020-12-07 17:11:11 +01:00 · 63e2647607
commit 63e2647607
parent 7e43f4dfe6
4 changed files with 284 additions and 258 deletions
--- a/afl/llmp_test/src/main.rs
+++ b/afl/llmp_test/src/main.rs
@ -13,40 +13,40 @@ use afl::events::llmp_translated::*;
 const TAG_SIMPLE_U32_V1: u32 = 0x51300321;
 const TAG_MATH_RESULT_V1: u32 = 0x77474331;

-unsafe fn llmp_test_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! {
+unsafe fn llmp_test_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! {
    let mut counter: u32 = 0;
    loop {
        counter += 1;

-        let llmp_message = llmp_client_alloc_next(client, size_of::<u32>());
+        let msg = llmp_client_alloc_next(client, size_of::<u32>());
        core::ptr::copy(
            counter.to_be_bytes().as_ptr(),
-            (*llmp_message).buf.as_mut_ptr(),
+            (*msg).buf.as_mut_ptr(),
            size_of::<u32>(),
        );
-        (*llmp_message).tag = TAG_SIMPLE_U32_V1;
-        llmp_client_send(client, llmp_message).unwrap();
+        (*msg).tag = TAG_SIMPLE_U32_V1;
+        llmp_client_send(client, msg).unwrap();

        thread::sleep(time::Duration::from_millis(100));
    }
 }

-unsafe fn u32_from_msg(message: *const llmp_message) -> u32 {
+unsafe fn u32_from_msg(msg: *const LlmpMsg) -> u32 {
    u32::from_be_bytes(
-        alloc::slice::from_raw_parts((*message).buf.as_ptr(), size_of::<u32>())
+        alloc::slice::from_raw_parts((*msg).buf.as_ptr(), size_of::<u32>())
            .try_into()
            .unwrap(),
    )
 }

-unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) -> ! {
+unsafe fn test_adder_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! {
    let mut last_result: u32 = 0;
    let mut current_result: u32 = 0;
    loop {
        let mut msg_counter = 0;
        loop {
            let last_msg = llmp_client_recv(client);
-            if last_msg == 0 as *mut llmp_message {
+            if last_msg == 0 as *mut LlmpMsg {
                break;
            }
            msg_counter += 1;
@ -64,14 +64,14 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) ->
                msg_counter, current_result
            );

-            let llmp_message = llmp_client_alloc_next(client, size_of::<u32>());
+            let msg = llmp_client_alloc_next(client, size_of::<u32>());
            core::ptr::copy(
                current_result.to_be_bytes().as_ptr(),
-                (*llmp_message).buf.as_mut_ptr(),
+                (*msg).buf.as_mut_ptr(),
                size_of::<u32>(),
            );
-            (*llmp_message).tag = TAG_MATH_RESULT_V1;
-            llmp_client_send(client, llmp_message).unwrap();
+            (*msg).tag = TAG_MATH_RESULT_V1;
+            llmp_client_send(client, msg).unwrap();
            last_result = current_result;
        }

@ -81,10 +81,10 @@ unsafe fn test_adder_clientloop(client: *mut llmp_client, _data: *mut c_void) ->

 unsafe fn broker_message_hook(
    _broker: *mut LlmpBroker,
-    client_metadata: *mut llmp_broker_client_metadata,
-    message: *mut llmp_message,
+    client_metadata: *mut LlmpBrokerClientMetadata,
+    message: *mut LlmpMsg,
    _data: *mut c_void,
-) -> LlmpMessageHookResult {
+) -> LlmpMsgHookResult {
    match (*message).tag {
        TAG_SIMPLE_U32_V1 => {
            println!(
@ -92,18 +92,18 @@ unsafe fn broker_message_hook(
                (*client_metadata).pid,
                u32_from_msg(message)
            );
-            LlmpMessageHookResult::ForwardToClients
+            LlmpMsgHookResult::ForwardToClients
        }
        TAG_MATH_RESULT_V1 => {
            println!(
                "Adder Client has this current result: {:?}",
                u32_from_msg(message)
            );
-            LlmpMessageHookResult::Handled
+            LlmpMsgHookResult::Handled
        }
        _ => {
            println!("Unknwon message id received!");
-            LlmpMessageHookResult::ForwardToClients
+            LlmpMsgHookResult::ForwardToClients
        }
    }
 }
--- a/afl/src/events/llmp.rs
+++ b/afl/src/events/llmp.rs
@ -1,15 +1,63 @@
 use core::marker::PhantomData;
-use std::ptr;
+use core::ptr;
+use std::{ffi::c_void, io::Read, io::Write, net::TcpListener};

 use crate::{
    corpus::Corpus, engines::State, executors::Executor, inputs::Input, utils::Rand, AflError,
 };

 use super::{
-    llmp_translated::{LlmpBroker, LlmpClientloopFn, LlmpMessageHookFn},
+    llmp_translated::{LlmpBroker, LlmpClient, LlmpClientloopFn, LlmpMsgHookFn},
    Event, EventManager,
 };

+pub unsafe fn llmp_tcp_server_clientloop(client: *mut LlmpClient, _data: *mut c_void) -> ! {
+    // Later in the execution, after the initial map filled up,
+    // the current broacast map will will point to a different map.
+    // However, the original map is (as of now) never freed, new clients will start
+    // to read from the initial map id.
+    let initial_broadcasts_map_str = client
+        .as_ref()
+        .unwrap()
+        .current_broadcast_map
+        .as_ref()
+        .unwrap()
+        .shm_str;
+
+    let listener = TcpListener::bind("0.0.0.0:3333").unwrap();
+    // accept connections and process them, spawning a new thread for each one
+    println!("Server listening on port 3333");
+    loop {
+        let (mut stream, addr) = match listener.accept() {
+            Ok(res) => res,
+            Err(e) => {
+                dbg!("Ignoring failed accept", e);
+                continue;
+            }
+        };
+        dbg!("New connection", addr, stream.peer_addr().unwrap());
+        match stream.write(&initial_broadcasts_map_str as &[u8]) {
+            Ok(_) => {} // fire & forget
+            Err(e) => {
+                dbg!("Could not send to shmap to client", e);
+                continue;
+            }
+        };
+        let mut new_client_map_str: [u8; 20] = Default::default();
+        let map_str_len = match stream.read(&mut new_client_map_str) {
+            Ok(res) => res,
+            Err(e) => {
+                dbg!("Ignoring failed read from client", e);
+                continue;
+            }
+        };
+        if map_str_len < 20 {
+            dbg!("Didn't receive a complete shmap id str from client. Ignoring.");
+            continue;
+        }
+    }
+}
+
 /// Eventmanager for multi-processed application
 #[cfg(feature = "std")]
 pub struct LLMPEventManager<S, C, E, I, R>
@ -40,7 +88,7 @@ where
        true
    }

-    fn fire(&mut self, event: Event<S, C, E, I, R>) -> Result<(), AflError> {
+    fn fire(&mut self, _event: Event<S, C, E, I, R>) -> Result<(), AflError> {
        //self.events.push(event);

        // TODO: Serde serialize, llmp send
@ -48,7 +96,7 @@ where
        Ok(())
    }

-    fn process(&mut self, state: &mut S, corpus: &mut C) -> Result<usize, AflError> {
+    fn process(&mut self, _state: &mut S, _corpus: &mut C) -> Result<usize, AflError> {
        // TODO: iterators
        /*
        let mut handled = vec![];
@ -90,7 +138,7 @@ where
    /// Forks n processes, calls broker handler and client handlers, never returns.
    pub fn spawn(
        process_count: usize,
-        broker_message_hook: LlmpMessageHookFn,
+        broker_message_hook: LlmpMsgHookFn,
        clientloops: LlmpClientloopFn,
    ) -> ! {
        unsafe {
--- a/afl/src/events/llmp_translated.rs
+++ b/afl/src/events/llmp_translated.rs
--- a/afl/src/events/shmem_translated.rs
+++ b/afl/src/events/shmem_translated.rs
@ -76,26 +76,26 @@ pub const AFL_RET_SUCCESS: c_uint = 0;

 #[derive(Copy, Clone)]
 #[repr(C)]
-pub struct afl_shmem {
-    pub shm_str: [c_char; 20],
+pub struct AflShmem {
+    pub shm_str: [u8; 20],
    pub shm_id: c_int,
    pub map: *mut c_uchar,
    pub map_size: c_ulong,
 }

-pub unsafe fn afl_shmem_deinit(mut shm: *mut afl_shmem) {
+pub unsafe fn afl_shmem_deinit(mut shm: *mut AflShmem) {
    if shm.is_null() || (*shm).map.is_null() {
        /* Serialized map id */
        // Not set or not initialized;
        return;
    }
-    (*shm).shm_str[0 as usize] = '\u{0}' as c_char;
+    (*shm).shm_str[0 as usize] = '\u{0}' as u8;
    shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds);
    (*shm).map = 0 as *mut c_uchar;
 }
 // Functions to create Shared memory region, for observation channels and
 // opening inputs and stuff.
-pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut c_uchar {
+pub unsafe fn afl_shmem_init(mut shm: *mut AflShmem, map_size: c_ulong) -> *mut c_uchar {
    (*shm).map_size = map_size;
    (*shm).map = 0 as *mut c_uchar;
    (*shm).shm_id = shmget(
@ -104,7 +104,7 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut
        0o1000 as c_int | 0o2000 as c_int | 0o600 as c_int,
    );
    if (*shm).shm_id < 0 as c_int {
-        (*shm).shm_str[0] = '\u{0}' as c_char;
+        (*shm).shm_str[0] = '\u{0}' as u8;
        return 0 as *mut c_uchar;
    }
    snprintf(
@ -114,19 +114,19 @@ pub unsafe fn afl_shmem_init(mut shm: *mut afl_shmem, map_size: c_ulong) -> *mut
        (*shm).shm_id,
    );
    (*shm).shm_str[(::std::mem::size_of::<[c_char; 20]>() as c_ulong)
-        .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as c_char;
+        .wrapping_sub(1 as c_int as c_ulong) as usize] = '\u{0}' as u8;
    (*shm).map = shmat((*shm).shm_id, 0 as *const c_void, 0 as c_int) as *mut c_uchar;
    if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar || (*shm).map.is_null() {
        shmctl((*shm).shm_id, 0 as c_int, 0 as *mut shmid_ds);
        (*shm).shm_id = -(1 as c_int);
-        (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char;
+        (*shm).shm_str[0 as c_int as usize] = '\u{0}' as u8;
        return 0 as *mut c_uchar;
    }
    return (*shm).map;
 }

 pub unsafe fn afl_shmem_by_str(
-    mut shm: *mut afl_shmem,
+    mut shm: *mut AflShmem,
    shm_str: &CStr,
    map_size: c_ulong,
 ) -> *mut c_uchar {
@ -149,7 +149,7 @@ pub unsafe fn afl_shmem_by_str(
    if (*shm).map == -(1 as c_int) as *mut c_void as *mut c_uchar {
        (*shm).map = 0 as *mut c_uchar;
        (*shm).map_size = 0 as c_int as c_ulong;
-        (*shm).shm_str[0 as c_int as usize] = '\u{0}' as c_char;
+        (*shm).shm_str[0 as c_int as usize] = '\u{0}' as u8;
        return 0 as *mut c_uchar;
    }
    return (*shm).map;
@ -157,7 +157,7 @@ pub unsafe fn afl_shmem_by_str(

 /* Write sharedmap as env var */
 /* Write sharedmap as env var and the size as name#_SIZE */
-pub unsafe fn afl_shmem_to_env_var(shmem: &afl_shmem, env_name: &CStr) -> c_uint {
+pub unsafe fn afl_shmem_to_env_var(shmem: &AflShmem, env_name: &CStr) -> c_uint {
    let env_len = env_name.to_bytes().len();
    if env_len == 0 || env_len > 200 || (*shmem).shm_str[0 as c_int as usize] == 0 {
        return AFL_RET_NULL_PTR;