2011-02-08 17:45:35 +03:00
|
|
|
/* $NetBSD: hijack.c,v 1.34 2011/02/08 14:45:35 pooka Exp $ */
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
|
|
|
/*-
|
|
|
|
* Copyright (c) 2011 Antti Kantee. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
|
|
|
|
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
|
|
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
2011-02-08 17:45:35 +03:00
|
|
|
__RCSID("$NetBSD: hijack.c,v 1.34 2011/02/08 14:45:35 pooka Exp $");
|
2011-01-26 21:48:32 +03:00
|
|
|
|
|
|
|
#define __ssp_weak_name(fun) _hijack_ ## fun
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/types.h>
|
2011-01-18 14:04:10 +03:00
|
|
|
#include <sys/event.h>
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/poll.h>
|
|
|
|
|
|
|
|
#include <rump/rumpclient.h>
|
|
|
|
#include <rump/rump_syscalls.h>
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <dlfcn.h>
|
|
|
|
#include <err.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <poll.h>
|
|
|
|
#include <pthread.h>
|
2011-01-08 21:11:46 +03:00
|
|
|
#include <signal.h>
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
#include <stdarg.h>
|
2011-01-17 19:27:54 +03:00
|
|
|
#include <stdbool.h>
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2011-02-06 18:48:20 +03:00
|
|
|
#include <string.h>
|
2011-01-08 21:11:46 +03:00
|
|
|
#include <time.h>
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
#include <unistd.h>
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
enum dualcall {
|
|
|
|
DUALCALL_WRITE, DUALCALL_WRITEV,
|
|
|
|
DUALCALL_IOCTL, DUALCALL_FCNTL,
|
|
|
|
DUALCALL_SOCKET, DUALCALL_ACCEPT, DUALCALL_BIND, DUALCALL_CONNECT,
|
|
|
|
DUALCALL_GETPEERNAME, DUALCALL_GETSOCKNAME, DUALCALL_LISTEN,
|
|
|
|
DUALCALL_RECVFROM, DUALCALL_RECVMSG,
|
|
|
|
DUALCALL_SENDTO, DUALCALL_SENDMSG,
|
|
|
|
DUALCALL_GETSOCKOPT, DUALCALL_SETSOCKOPT,
|
|
|
|
DUALCALL_SHUTDOWN,
|
|
|
|
DUALCALL_READ, DUALCALL_READV,
|
2011-02-08 17:45:35 +03:00
|
|
|
DUALCALL_DUP, DUALCALL_DUP2,
|
|
|
|
DUALCALL_CLOSE,
|
2011-01-25 15:18:33 +03:00
|
|
|
DUALCALL_POLLTS,
|
2011-02-08 17:45:35 +03:00
|
|
|
DUALCALL_KEVENT,
|
2011-01-25 15:18:33 +03:00
|
|
|
DUALCALL__NUM
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
};
|
|
|
|
|
2011-01-17 19:27:54 +03:00
|
|
|
#define RSYS_STRING(a) __STRING(a)
|
|
|
|
#define RSYS_NAME(a) RSYS_STRING(__CONCAT(RUMP_SYS_RENAME_,a))
|
|
|
|
|
2011-01-18 22:41:02 +03:00
|
|
|
/*
|
|
|
|
* Would be nice to get this automatically in sync with libc.
|
|
|
|
* Also, this does not work for compat-using binaries!
|
|
|
|
*/
|
|
|
|
#if !__NetBSD_Prereq__(5,99,7)
|
2011-02-07 13:28:18 +03:00
|
|
|
#define REALSELECT select
|
|
|
|
#define REALPOLLTS pollts
|
2011-02-08 17:45:35 +03:00
|
|
|
#define REALKEVENT kevent
|
2011-01-18 22:41:02 +03:00
|
|
|
#else
|
2011-02-07 13:28:18 +03:00
|
|
|
#define REALSELECT _sys___select50
|
|
|
|
#define REALPOLLTS _sys___pollts50
|
2011-02-08 17:45:35 +03:00
|
|
|
#define REALKEVENT _sys___kevent50
|
2011-01-25 15:18:33 +03:00
|
|
|
#endif
|
2011-02-07 15:23:05 +03:00
|
|
|
#define REALREAD _sys_read
|
2011-01-18 22:41:02 +03:00
|
|
|
|
2011-02-07 13:28:18 +03:00
|
|
|
int REALSELECT(int, fd_set *, fd_set *, fd_set *, struct timeval *);
|
|
|
|
int REALPOLLTS(struct pollfd *, nfds_t,
|
2011-01-25 20:37:00 +03:00
|
|
|
const struct timespec *, const sigset_t *);
|
2011-02-08 17:45:35 +03:00
|
|
|
int REALKEVENT(int, const struct kevent *, size_t, struct kevent *, size_t,
|
|
|
|
const struct timespec *);
|
2011-02-07 15:23:05 +03:00
|
|
|
ssize_t REALREAD(int, void *, size_t);
|
2011-01-25 15:18:33 +03:00
|
|
|
|
|
|
|
#define S(a) __STRING(a)
|
|
|
|
struct sysnames {
|
|
|
|
enum dualcall scm_callnum;
|
|
|
|
const char *scm_hostname;
|
|
|
|
const char *scm_rumpname;
|
|
|
|
} syscnames[] = {
|
|
|
|
{ DUALCALL_SOCKET, "__socket30", RSYS_NAME(SOCKET) },
|
|
|
|
{ DUALCALL_ACCEPT, "accept", RSYS_NAME(ACCEPT) },
|
|
|
|
{ DUALCALL_BIND, "bind", RSYS_NAME(BIND) },
|
|
|
|
{ DUALCALL_CONNECT, "connect", RSYS_NAME(CONNECT) },
|
|
|
|
{ DUALCALL_GETPEERNAME, "getpeername", RSYS_NAME(GETPEERNAME) },
|
|
|
|
{ DUALCALL_GETSOCKNAME, "getsockname", RSYS_NAME(GETSOCKNAME) },
|
|
|
|
{ DUALCALL_LISTEN, "listen", RSYS_NAME(LISTEN) },
|
|
|
|
{ DUALCALL_RECVFROM, "recvfrom", RSYS_NAME(RECVFROM) },
|
|
|
|
{ DUALCALL_RECVMSG, "recvmsg", RSYS_NAME(RECVMSG) },
|
|
|
|
{ DUALCALL_SENDTO, "sendto", RSYS_NAME(SENDTO) },
|
|
|
|
{ DUALCALL_SENDMSG, "sendmsg", RSYS_NAME(SENDMSG) },
|
|
|
|
{ DUALCALL_GETSOCKOPT, "getsockopt", RSYS_NAME(GETSOCKOPT) },
|
|
|
|
{ DUALCALL_SETSOCKOPT, "setsockopt", RSYS_NAME(SETSOCKOPT) },
|
|
|
|
{ DUALCALL_SHUTDOWN, "shutdown", RSYS_NAME(SHUTDOWN) },
|
2011-02-07 15:23:05 +03:00
|
|
|
{ DUALCALL_READ, S(REALREAD), RSYS_NAME(READ) },
|
2011-01-25 15:18:33 +03:00
|
|
|
{ DUALCALL_READV, "readv", RSYS_NAME(READV) },
|
|
|
|
{ DUALCALL_WRITE, "write", RSYS_NAME(WRITE) },
|
|
|
|
{ DUALCALL_WRITEV, "writev", RSYS_NAME(WRITEV) },
|
|
|
|
{ DUALCALL_IOCTL, "ioctl", RSYS_NAME(IOCTL) },
|
|
|
|
{ DUALCALL_FCNTL, "fcntl", RSYS_NAME(FCNTL) },
|
2011-02-08 17:45:35 +03:00
|
|
|
{ DUALCALL_DUP, "dup", RSYS_NAME(DUP) },
|
2011-01-25 15:18:33 +03:00
|
|
|
{ DUALCALL_DUP2, "dup2", RSYS_NAME(DUP2) },
|
|
|
|
{ DUALCALL_CLOSE, "close", RSYS_NAME(CLOSE) },
|
2011-02-07 13:28:18 +03:00
|
|
|
{ DUALCALL_POLLTS, S(REALPOLLTS), RSYS_NAME(POLLTS) },
|
2011-02-08 17:45:35 +03:00
|
|
|
{ DUALCALL_KEVENT, S(REALKEVENT), RSYS_NAME(KEVENT) },
|
2011-01-25 15:18:33 +03:00
|
|
|
};
|
|
|
|
#undef S
|
|
|
|
|
|
|
|
struct bothsys {
|
|
|
|
void *bs_host;
|
|
|
|
void *bs_rump;
|
|
|
|
} syscalls[DUALCALL__NUM];
|
|
|
|
#define GETSYSCALL(which, name) syscalls[DUALCALL_##name].bs_##which
|
|
|
|
|
2011-02-05 19:57:39 +03:00
|
|
|
pid_t (*host_fork)(void);
|
|
|
|
int (*host_daemon)(int, int);
|
2011-01-25 15:18:33 +03:00
|
|
|
|
|
|
|
static unsigned dup2mask;
|
|
|
|
#define ISDUP2D(fd) (1<<(fd) & dup2mask)
|
|
|
|
|
|
|
|
//#define DEBUGJACK
|
|
|
|
#ifdef DEBUGJACK
|
|
|
|
#define DPRINTF(x) mydprintf x
|
|
|
|
static void
|
|
|
|
mydprintf(const char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
if (ISDUP2D(STDERR_FILENO))
|
|
|
|
return;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
|
|
|
|
#else
|
|
|
|
#define DPRINTF(x)
|
2011-01-18 22:41:02 +03:00
|
|
|
#endif
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
#define FDCALL(type, name, rcname, args, proto, vars) \
|
|
|
|
type name args \
|
|
|
|
{ \
|
|
|
|
type (*fun) proto; \
|
|
|
|
\
|
2011-02-08 15:20:11 +03:00
|
|
|
DPRINTF(("%s -> %d\n", __STRING(name), fd)); \
|
2011-01-25 15:18:33 +03:00
|
|
|
if (fd_isrump(fd)) { \
|
|
|
|
fun = syscalls[rcname].bs_rump; \
|
|
|
|
fd = fd_host2rump(fd); \
|
|
|
|
} else { \
|
|
|
|
fun = syscalls[rcname].bs_host; \
|
|
|
|
} \
|
|
|
|
\
|
|
|
|
return fun vars; \
|
|
|
|
}
|
|
|
|
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
/*
|
|
|
|
* This is called from librumpclient in case of LD_PRELOAD.
|
|
|
|
* It ensures correct RTLD_NEXT.
|
2011-02-07 22:34:39 +03:00
|
|
|
*
|
|
|
|
* ... except, it's apparently extremely difficult to force
|
|
|
|
* at least gcc to generate an actual stack frame here. So
|
|
|
|
* sprinkle some volatile foobar and baz to throw the optimizer
|
|
|
|
* off the scent and generate a variable assignment with the
|
|
|
|
* return value. The posterboy for this meltdown is amd64
|
|
|
|
* with -O2. At least with gcc 4.1.3 i386 works regardless of
|
|
|
|
* optimization.
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
*/
|
2011-02-07 22:34:39 +03:00
|
|
|
volatile int rumphijack_unrope; /* there, unhang yourself */
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
static void *
|
|
|
|
hijackdlsym(void *handle, const char *symbol)
|
|
|
|
{
|
2011-02-07 22:34:39 +03:00
|
|
|
void *rv;
|
|
|
|
|
|
|
|
rv = dlsym(handle, symbol);
|
|
|
|
rumphijack_unrope = *(volatile int *)rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-02-07 22:34:39 +03:00
|
|
|
return (void *)rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
/* low calorie sockets? */
|
2011-01-18 22:41:02 +03:00
|
|
|
static bool hostlocalsockets = true;
|
2011-01-09 22:56:33 +03:00
|
|
|
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
static void __attribute__((constructor))
|
|
|
|
rcinit(void)
|
|
|
|
{
|
2011-02-06 18:48:20 +03:00
|
|
|
char buf[64];
|
2011-01-27 21:12:19 +03:00
|
|
|
extern void *(*rumpclient_dlsym)(void *, const char *);
|
2011-01-25 15:53:45 +03:00
|
|
|
unsigned i, j;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-27 21:12:19 +03:00
|
|
|
rumpclient_dlsym = hijackdlsym;
|
2011-01-08 17:19:27 +03:00
|
|
|
host_fork = dlsym(RTLD_NEXT, "fork");
|
2011-02-05 19:57:39 +03:00
|
|
|
host_daemon = dlsym(RTLD_NEXT, "daemon");
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
/*
|
|
|
|
* In theory cannot print anything during lookups because
|
|
|
|
* we might not have the call vector set up. so, the errx()
|
|
|
|
* is a bit of a strech, but it might work.
|
|
|
|
*/
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
for (i = 0; i < DUALCALL__NUM; i++) {
|
|
|
|
/* build runtime O(1) access */
|
|
|
|
for (j = 0; j < __arraycount(syscnames); j++) {
|
|
|
|
if (syscnames[j].scm_callnum == i)
|
|
|
|
break;
|
|
|
|
}
|
2011-01-09 13:28:46 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
if (j == __arraycount(syscnames))
|
|
|
|
errx(1, "rumphijack error: syscall pos %d missing", i);
|
2011-01-09 13:28:46 +03:00
|
|
|
|
2011-01-27 21:12:19 +03:00
|
|
|
syscalls[i].bs_host = dlsym(RTLD_NEXT,
|
|
|
|
syscnames[j].scm_hostname);
|
2011-01-25 15:18:33 +03:00
|
|
|
if (syscalls[i].bs_host == NULL)
|
|
|
|
errx(1, "hostcall %s not found missing",
|
|
|
|
syscnames[j].scm_hostname);
|
2011-01-09 13:28:46 +03:00
|
|
|
|
2011-01-27 21:12:19 +03:00
|
|
|
syscalls[i].bs_rump = dlsym(RTLD_NEXT,
|
|
|
|
syscnames[j].scm_rumpname);
|
2011-01-25 15:18:33 +03:00
|
|
|
if (syscalls[i].bs_rump == NULL)
|
|
|
|
errx(1, "rumpcall %s not found missing",
|
|
|
|
syscnames[j].scm_rumpname);
|
|
|
|
}
|
2011-01-09 13:28:46 +03:00
|
|
|
|
2011-01-27 21:05:16 +03:00
|
|
|
if (rumpclient_init() == -1)
|
2011-01-25 15:18:33 +03:00
|
|
|
err(1, "rumpclient init");
|
2011-02-06 18:48:20 +03:00
|
|
|
|
|
|
|
/* set client persistence level */
|
|
|
|
if (getenv_r("RUMPHIJACK_RETRY", buf, sizeof(buf)) == -1) {
|
|
|
|
if (errno == ERANGE)
|
|
|
|
err(1, "invalid RUMPHIJACK_RETRY");
|
|
|
|
rumpclient_setconnretry(RUMPCLIENT_RETRYCONN_INFTIME);
|
|
|
|
} else {
|
|
|
|
if (strcmp(buf, "die") == 0)
|
|
|
|
rumpclient_setconnretry(RUMPCLIENT_RETRYCONN_DIE);
|
|
|
|
else if (strcmp(buf, "inftime") == 0)
|
|
|
|
rumpclient_setconnretry(RUMPCLIENT_RETRYCONN_INFTIME);
|
|
|
|
else if (strcmp(buf, "once") == 0)
|
|
|
|
rumpclient_setconnretry(RUMPCLIENT_RETRYCONN_ONCE);
|
|
|
|
else {
|
|
|
|
time_t timeout;
|
|
|
|
|
|
|
|
timeout = (time_t)strtoll(buf, NULL, 10);
|
|
|
|
if (timeout <= 0)
|
|
|
|
errx(1, "RUMPHIJACK_RETRY must be keyword "
|
|
|
|
"or a positive integer, got: %s", buf);
|
|
|
|
|
|
|
|
rumpclient_setconnretry(timeout);
|
|
|
|
}
|
|
|
|
}
|
2011-01-25 15:18:33 +03:00
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-08 17:19:27 +03:00
|
|
|
/* XXX: need runtime selection. low for now due to FD_SETSIZE */
|
|
|
|
#define HIJACK_FDOFF 128
|
|
|
|
#define HIJACK_ASSERT 128 /* XXX */
|
|
|
|
static int
|
|
|
|
fd_rump2host(int fd)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (fd == -1)
|
|
|
|
return fd;
|
|
|
|
|
|
|
|
if (!ISDUP2D(fd))
|
|
|
|
fd += HIJACK_FDOFF;
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
fd_host2rump(int fd)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (!ISDUP2D(fd))
|
|
|
|
fd -= HIJACK_FDOFF;
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool
|
|
|
|
fd_isrump(int fd)
|
|
|
|
{
|
|
|
|
|
|
|
|
return ISDUP2D(fd) || fd >= HIJACK_FDOFF;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define assertfd(_fd_) assert(ISDUP2D(_fd_) || (_fd_) >= HIJACK_ASSERT)
|
|
|
|
#undef HIJACK_FDOFF
|
|
|
|
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int __socket30(int, int, int);
|
|
|
|
int
|
|
|
|
__socket30(int domain, int type, int protocol)
|
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*op_socket)(int, int, int);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int fd;
|
2011-01-09 22:56:33 +03:00
|
|
|
bool dohost;
|
|
|
|
|
|
|
|
dohost = hostlocalsockets && (domain == AF_LOCAL);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
if (dohost)
|
2011-01-25 15:18:33 +03:00
|
|
|
op_socket = GETSYSCALL(host, SOCKET);
|
2011-01-09 22:56:33 +03:00
|
|
|
else
|
2011-01-25 15:18:33 +03:00
|
|
|
op_socket = GETSYSCALL(rump, SOCKET);
|
|
|
|
fd = op_socket(domain, type, protocol);
|
2011-01-08 17:19:27 +03:00
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
if (!dohost)
|
|
|
|
fd = fd_rump2host(fd);
|
|
|
|
DPRINTF(("socket <- %d\n", fd));
|
2011-01-08 17:19:27 +03:00
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
return fd;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
accept(int s, struct sockaddr *addr, socklen_t *addrlen)
|
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*op_accept)(int, struct sockaddr *, socklen_t *);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int fd;
|
2011-01-09 22:56:33 +03:00
|
|
|
bool isrump;
|
|
|
|
|
|
|
|
isrump = fd_isrump(s);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-08 17:19:27 +03:00
|
|
|
DPRINTF(("accept -> %d", s));
|
2011-01-09 22:56:33 +03:00
|
|
|
if (isrump) {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_accept = GETSYSCALL(rump, ACCEPT);
|
2011-01-09 22:56:33 +03:00
|
|
|
s = fd_host2rump(s);
|
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_accept = GETSYSCALL(host, ACCEPT);
|
2011-01-09 22:56:33 +03:00
|
|
|
}
|
2011-01-25 15:18:33 +03:00
|
|
|
fd = op_accept(s, addr, addrlen);
|
2011-01-09 22:56:33 +03:00
|
|
|
if (fd != -1 && isrump)
|
|
|
|
fd = fd_rump2host(fd);
|
|
|
|
|
|
|
|
DPRINTF((" <- %d\n", fd));
|
2011-01-08 17:19:27 +03:00
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
return fd;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
/*
|
|
|
|
* ioctl and fcntl are varargs calls and need special treatment
|
|
|
|
*/
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int
|
2011-01-25 15:18:33 +03:00
|
|
|
ioctl(int fd, unsigned long cmd, ...)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*op_ioctl)(int, unsigned long cmd, ...);
|
|
|
|
va_list ap;
|
|
|
|
int rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
DPRINTF(("ioctl -> %d\n", fd));
|
|
|
|
if (fd_isrump(fd)) {
|
|
|
|
fd = fd_host2rump(fd);
|
|
|
|
op_ioctl = GETSYSCALL(rump, IOCTL);
|
2011-01-09 22:56:33 +03:00
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_ioctl = GETSYSCALL(host, IOCTL);
|
2011-01-09 22:56:33 +03:00
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
va_start(ap, cmd);
|
|
|
|
rv = op_ioctl(fd, cmd, va_arg(ap, void *));
|
|
|
|
va_end(ap);
|
|
|
|
return rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-02-08 17:45:35 +03:00
|
|
|
|
|
|
|
/* TODO: support F_DUPFD, F_CLOSEM, F_MAXFD */
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int
|
2011-01-25 15:18:33 +03:00
|
|
|
fcntl(int fd, int cmd, ...)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*op_fcntl)(int, int, ...);
|
|
|
|
va_list ap;
|
|
|
|
int rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
DPRINTF(("fcntl -> %d\n", fd));
|
|
|
|
if (fd_isrump(fd)) {
|
|
|
|
fd = fd_host2rump(fd);
|
|
|
|
op_fcntl = GETSYSCALL(rump, FCNTL);
|
2011-01-19 14:27:01 +03:00
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_fcntl = GETSYSCALL(host, FCNTL);
|
2011-01-19 14:27:01 +03:00
|
|
|
}
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
va_start(ap, cmd);
|
|
|
|
rv = op_fcntl(fd, cmd, va_arg(ap, void *));
|
|
|
|
va_end(ap);
|
|
|
|
return rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
/*
|
|
|
|
* write cannot issue a standard debug printf due to recursion
|
|
|
|
*/
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
ssize_t
|
2011-01-25 15:18:33 +03:00
|
|
|
write(int fd, const void *buf, size_t blen)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
ssize_t (*op_write)(int, const void *, size_t);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
if (fd_isrump(fd)) {
|
|
|
|
fd = fd_host2rump(fd);
|
|
|
|
op_write = GETSYSCALL(rump, WRITE);
|
2011-01-09 22:56:33 +03:00
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_write = GETSYSCALL(host, WRITE);
|
2011-01-09 22:56:33 +03:00
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
return op_write(fd, buf, blen);
|
2011-01-08 17:19:27 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* dup2 is special. we allow dup2 of a rump kernel fd to 0-2 since
|
|
|
|
* many programs do that. dup2 of a rump kernel fd to another value
|
|
|
|
* not >= fdoff is an error.
|
|
|
|
*
|
|
|
|
* Note: cannot rump2host newd, because it is often hardcoded.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
dup2(int oldd, int newd)
|
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*host_dup2)(int, int);
|
2011-01-08 17:19:27 +03:00
|
|
|
int rv;
|
|
|
|
|
|
|
|
DPRINTF(("dup2 -> %d (o) -> %d (n)\n", oldd, newd));
|
|
|
|
|
|
|
|
if (fd_isrump(oldd)) {
|
|
|
|
if (!(newd >= 0 && newd <= 2))
|
|
|
|
return EBADF;
|
|
|
|
oldd = fd_host2rump(oldd);
|
|
|
|
rv = rump_sys_dup2(oldd, newd);
|
|
|
|
if (rv != -1)
|
2011-01-18 14:04:10 +03:00
|
|
|
dup2mask |= 1<<newd;
|
2011-01-08 17:19:27 +03:00
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
host_dup2 = syscalls[DUALCALL_DUP2].bs_host;
|
2011-01-18 14:04:10 +03:00
|
|
|
rv = host_dup2(oldd, newd);
|
2011-01-08 17:19:27 +03:00
|
|
|
}
|
2011-01-18 14:04:10 +03:00
|
|
|
|
|
|
|
return rv;
|
2011-01-08 17:19:27 +03:00
|
|
|
}
|
|
|
|
|
2011-02-08 17:45:35 +03:00
|
|
|
int
|
|
|
|
dup(int oldd)
|
|
|
|
{
|
|
|
|
int (*op_dup)(int);
|
|
|
|
int newd;
|
|
|
|
|
|
|
|
DPRINTF(("dup -> %d\n", oldd));
|
|
|
|
if (fd_isrump(oldd)) {
|
|
|
|
op_dup = GETSYSCALL(rump, DUP);
|
|
|
|
} else {
|
|
|
|
op_dup = GETSYSCALL(host, DUP);
|
|
|
|
}
|
|
|
|
|
|
|
|
newd = op_dup(oldd);
|
|
|
|
|
|
|
|
if (fd_isrump(oldd))
|
|
|
|
newd = fd_rump2host(newd);
|
|
|
|
DPRINTF(("dup <- %d\n", newd));
|
|
|
|
|
|
|
|
return newd;
|
|
|
|
}
|
|
|
|
|
2011-01-08 17:19:27 +03:00
|
|
|
/*
|
|
|
|
* We just wrap fork the appropriate rump client calls to preserve
|
|
|
|
* the file descriptors of the forked parent in the child, but
|
|
|
|
* prevent double use of connection fd.
|
|
|
|
*/
|
|
|
|
pid_t
|
|
|
|
fork()
|
|
|
|
{
|
|
|
|
struct rumpclient_fork *rf;
|
|
|
|
pid_t rv;
|
|
|
|
|
|
|
|
DPRINTF(("fork\n"));
|
|
|
|
|
|
|
|
if ((rf = rumpclient_prefork()) == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
switch ((rv = host_fork())) {
|
|
|
|
case -1:
|
|
|
|
/* XXX: cancel rf */
|
|
|
|
break;
|
|
|
|
case 0:
|
|
|
|
if (rumpclient_fork_init(rf) == -1)
|
2011-02-05 19:59:24 +03:00
|
|
|
rv = -1;
|
2011-01-08 17:19:27 +03:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
DPRINTF(("fork returns %d\n", rv));
|
|
|
|
return rv;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-02-05 19:57:39 +03:00
|
|
|
int
|
|
|
|
daemon(int nochdir, int noclose)
|
|
|
|
{
|
|
|
|
struct rumpclient_fork *rf;
|
|
|
|
|
|
|
|
if ((rf = rumpclient_prefork()) == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (host_daemon(nochdir, noclose) == -1)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (rumpclient_fork_init(rf) == -1)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
/*
|
2011-01-25 15:18:33 +03:00
|
|
|
* select is done by calling poll.
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
*/
|
|
|
|
int
|
2011-02-07 13:28:18 +03:00
|
|
|
REALSELECT(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
|
2011-01-09 00:30:24 +03:00
|
|
|
struct timeval *timeout)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-09 00:30:24 +03:00
|
|
|
struct pollfd *pfds;
|
|
|
|
struct timespec ts, *tsp = NULL;
|
2011-01-25 15:53:45 +03:00
|
|
|
nfds_t realnfds;
|
|
|
|
int i, j;
|
2011-01-09 00:30:24 +03:00
|
|
|
int rv, incr;
|
|
|
|
|
2011-01-09 22:56:33 +03:00
|
|
|
DPRINTF(("select\n"));
|
|
|
|
|
2011-01-09 00:30:24 +03:00
|
|
|
/*
|
|
|
|
* Well, first we must scan the fds to figure out how many
|
|
|
|
* fds there really are. This is because up to and including
|
2011-01-25 15:18:33 +03:00
|
|
|
* nb5 poll() silently refuses nfds > process_maxopen_fds.
|
2011-01-09 00:30:24 +03:00
|
|
|
* Seems to be fixed in current, thank the maker.
|
|
|
|
* god damn cluster...bomb.
|
|
|
|
*/
|
|
|
|
|
|
|
|
for (i = 0, realnfds = 0; i < nfds; i++) {
|
|
|
|
if (readfds && FD_ISSET(i, readfds)) {
|
|
|
|
realnfds++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (writefds && FD_ISSET(i, writefds)) {
|
|
|
|
realnfds++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (exceptfds && FD_ISSET(i, exceptfds)) {
|
|
|
|
realnfds++;
|
|
|
|
continue;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-01-09 17:15:06 +03:00
|
|
|
if (realnfds) {
|
|
|
|
pfds = malloc(sizeof(*pfds) * realnfds);
|
|
|
|
if (!pfds)
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
pfds = NULL;
|
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-01-09 00:30:24 +03:00
|
|
|
for (i = 0, j = 0; i < nfds; i++) {
|
|
|
|
incr = 0;
|
|
|
|
pfds[j].events = pfds[j].revents = 0;
|
|
|
|
if (readfds && FD_ISSET(i, readfds)) {
|
|
|
|
pfds[j].fd = i;
|
|
|
|
pfds[j].events |= POLLIN;
|
|
|
|
incr=1;
|
|
|
|
}
|
|
|
|
if (writefds && FD_ISSET(i, writefds)) {
|
|
|
|
pfds[j].fd = i;
|
|
|
|
pfds[j].events |= POLLOUT;
|
|
|
|
incr=1;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
2011-01-09 00:30:24 +03:00
|
|
|
if (exceptfds && FD_ISSET(i, exceptfds)) {
|
|
|
|
pfds[j].fd = i;
|
|
|
|
pfds[j].events |= POLLHUP|POLLERR;
|
|
|
|
incr=1;
|
|
|
|
}
|
|
|
|
if (incr)
|
|
|
|
j++;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-09 00:30:24 +03:00
|
|
|
if (timeout) {
|
|
|
|
TIMEVAL_TO_TIMESPEC(timeout, &ts);
|
|
|
|
tsp = &ts;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
2011-02-07 13:28:18 +03:00
|
|
|
rv = REALPOLLTS(pfds, realnfds, tsp, NULL);
|
2011-01-09 00:30:24 +03:00
|
|
|
if (rv <= 0)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ok, harvest results. first zero out entries (can't use
|
|
|
|
* FD_ZERO for the obvious select-me-not reason). whee.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
if (readfds)
|
|
|
|
FD_CLR(i, readfds);
|
|
|
|
if (writefds)
|
|
|
|
FD_CLR(i, writefds);
|
|
|
|
if (exceptfds)
|
|
|
|
FD_CLR(i, exceptfds);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-09 00:30:24 +03:00
|
|
|
/* and then plug in the results */
|
2011-01-25 15:53:45 +03:00
|
|
|
for (i = 0; i < (int)realnfds; i++) {
|
2011-01-09 00:30:24 +03:00
|
|
|
if (readfds) {
|
|
|
|
if (pfds[i].revents & POLLIN) {
|
|
|
|
FD_SET(pfds[i].fd, readfds);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (writefds) {
|
|
|
|
if (pfds[i].revents & POLLOUT) {
|
|
|
|
FD_SET(pfds[i].fd, writefds);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (exceptfds) {
|
|
|
|
if (pfds[i].revents & (POLLHUP|POLLERR)) {
|
|
|
|
FD_SET(pfds[i].fd, exceptfds);
|
|
|
|
}
|
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
2011-01-09 00:30:24 +03:00
|
|
|
|
|
|
|
out:
|
|
|
|
free(pfds);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
checkpoll(struct pollfd *fds, nfds_t nfds, int *hostcall, int *rumpcall)
|
|
|
|
{
|
|
|
|
nfds_t i;
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2011-01-18 17:51:14 +03:00
|
|
|
if (fds[i].fd == -1)
|
|
|
|
continue;
|
|
|
|
|
2011-01-08 17:19:27 +03:00
|
|
|
if (fd_isrump(fds[i].fd))
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
(*rumpcall)++;
|
2011-01-08 17:19:27 +03:00
|
|
|
else
|
|
|
|
(*hostcall)++;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2011-01-08 17:19:27 +03:00
|
|
|
adjustpoll(struct pollfd *fds, nfds_t nfds, int (*fdadj)(int))
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
|
|
|
nfds_t i;
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2011-01-08 17:19:27 +03:00
|
|
|
fds[i].fd = fdadj(fds[i].fd);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* poll is easy as long as the call comes in the fds only in one
|
|
|
|
* kernel. otherwise its quite tricky...
|
|
|
|
*/
|
|
|
|
struct pollarg {
|
|
|
|
struct pollfd *pfds;
|
|
|
|
nfds_t nfds;
|
2011-01-08 21:11:46 +03:00
|
|
|
const struct timespec *ts;
|
|
|
|
const sigset_t *sigmask;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int pipefd;
|
|
|
|
int errnum;
|
|
|
|
};
|
|
|
|
|
|
|
|
static void *
|
|
|
|
hostpoll(void *arg)
|
|
|
|
{
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*op_pollts)(struct pollfd *, nfds_t, const struct timespec *,
|
|
|
|
const sigset_t *);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
struct pollarg *parg = arg;
|
|
|
|
intptr_t rv;
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
op_pollts = syscalls[DUALCALL_POLLTS].bs_host;
|
|
|
|
rv = op_pollts(parg->pfds, parg->nfds, parg->ts, parg->sigmask);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
if (rv == -1)
|
|
|
|
parg->errnum = errno;
|
|
|
|
rump_sys_write(parg->pipefd, &rv, sizeof(rv));
|
|
|
|
|
|
|
|
return (void *)(intptr_t)rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2011-02-07 13:28:18 +03:00
|
|
|
REALPOLLTS(struct pollfd *fds, nfds_t nfds, const struct timespec *ts,
|
2011-01-08 21:11:46 +03:00
|
|
|
const sigset_t *sigmask)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-08 21:11:46 +03:00
|
|
|
int (*op_pollts)(struct pollfd *, nfds_t, const struct timespec *,
|
|
|
|
const sigset_t *);
|
2011-01-25 15:18:33 +03:00
|
|
|
int (*host_close)(int);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
int hostcall = 0, rumpcall = 0;
|
|
|
|
pthread_t pt;
|
|
|
|
nfds_t i;
|
|
|
|
int rv;
|
|
|
|
|
2011-01-08 17:19:27 +03:00
|
|
|
DPRINTF(("poll\n"));
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
checkpoll(fds, nfds, &hostcall, &rumpcall);
|
|
|
|
|
|
|
|
if (hostcall && rumpcall) {
|
|
|
|
struct pollfd *pfd_host = NULL, *pfd_rump = NULL;
|
|
|
|
int rpipe[2] = {-1,-1}, hpipe[2] = {-1,-1};
|
|
|
|
struct pollarg parg;
|
|
|
|
uintptr_t lrv;
|
|
|
|
int sverrno = 0, trv;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* ok, this is where it gets tricky. We must support
|
|
|
|
* this since it's a very common operation in certain
|
|
|
|
* types of software (telnet, netcat, etc). We allocate
|
|
|
|
* two vectors and run two poll commands in separate
|
|
|
|
* threads. Whichever returns first "wins" and the
|
|
|
|
* other kernel's fds won't show activity.
|
|
|
|
*/
|
|
|
|
rv = -1;
|
|
|
|
|
|
|
|
/* allocate full vector for O(n) joining after call */
|
|
|
|
pfd_host = malloc(sizeof(*pfd_host)*(nfds+1));
|
|
|
|
if (!pfd_host)
|
|
|
|
goto out;
|
|
|
|
pfd_rump = malloc(sizeof(*pfd_rump)*(nfds+1));
|
|
|
|
if (!pfd_rump) {
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* split vectors */
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2011-01-08 21:11:46 +03:00
|
|
|
if (fds[i].fd == -1) {
|
|
|
|
pfd_host[i].fd = -1;
|
|
|
|
pfd_rump[i].fd = -1;
|
|
|
|
} else if (fd_isrump(fds[i].fd)) {
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
pfd_host[i].fd = -1;
|
2011-01-08 17:19:27 +03:00
|
|
|
pfd_rump[i].fd = fd_host2rump(fds[i].fd);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
pfd_rump[i].events = fds[i].events;
|
2011-01-08 17:19:27 +03:00
|
|
|
} else {
|
|
|
|
pfd_rump[i].fd = -1;
|
|
|
|
pfd_host[i].fd = fds[i].fd;
|
|
|
|
pfd_host[i].events = fds[i].events;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
2011-01-18 19:00:04 +03:00
|
|
|
fds[i].revents = 0;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* then, open two pipes, one for notifications
|
|
|
|
* to each kernel.
|
|
|
|
*/
|
|
|
|
if (rump_sys_pipe(rpipe) == -1)
|
|
|
|
goto out;
|
|
|
|
if (pipe(hpipe) == -1)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
pfd_host[nfds].fd = hpipe[0];
|
|
|
|
pfd_host[nfds].events = POLLIN;
|
|
|
|
pfd_rump[nfds].fd = rpipe[0];
|
|
|
|
pfd_rump[nfds].events = POLLIN;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* then, create a thread to do host part and meanwhile
|
|
|
|
* do rump kernel part right here
|
|
|
|
*/
|
|
|
|
|
|
|
|
parg.pfds = pfd_host;
|
|
|
|
parg.nfds = nfds+1;
|
2011-01-08 21:11:46 +03:00
|
|
|
parg.ts = ts;
|
|
|
|
parg.sigmask = sigmask;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
parg.pipefd = rpipe[1];
|
|
|
|
pthread_create(&pt, NULL, hostpoll, &parg);
|
|
|
|
|
2011-01-25 15:18:33 +03:00
|
|
|
op_pollts = syscalls[DUALCALL_POLLTS].bs_rump;
|
2011-01-08 21:11:46 +03:00
|
|
|
lrv = op_pollts(pfd_rump, nfds+1, ts, NULL);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
sverrno = errno;
|
|
|
|
write(hpipe[1], &rv, sizeof(rv));
|
|
|
|
pthread_join(pt, (void *)&trv);
|
|
|
|
|
|
|
|
/* check who "won" and merge results */
|
|
|
|
if (lrv != 0 && pfd_host[nfds].revents & POLLIN) {
|
|
|
|
rv = trv;
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
if (pfd_rump[i].fd != -1)
|
|
|
|
fds[i].revents = pfd_rump[i].revents;
|
|
|
|
}
|
|
|
|
sverrno = parg.errnum;
|
|
|
|
} else if (trv != 0 && pfd_rump[nfds].revents & POLLIN) {
|
|
|
|
rv = trv;
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
if (pfd_host[i].fd != -1)
|
|
|
|
fds[i].revents = pfd_host[i].revents;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rv = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
out:
|
2011-01-25 15:18:33 +03:00
|
|
|
host_close = syscalls[DUALCALL_CLOSE].bs_host;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
if (rpipe[0] != -1)
|
|
|
|
rump_sys_close(rpipe[0]);
|
|
|
|
if (rpipe[1] != -1)
|
|
|
|
rump_sys_close(rpipe[1]);
|
|
|
|
if (hpipe[0] != -1)
|
2011-01-17 19:30:09 +03:00
|
|
|
host_close(hpipe[0]);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
if (hpipe[1] != -1)
|
2011-01-17 19:30:09 +03:00
|
|
|
host_close(hpipe[1]);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
free(pfd_host);
|
|
|
|
free(pfd_rump);
|
|
|
|
errno = sverrno;
|
|
|
|
} else {
|
|
|
|
if (hostcall) {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_pollts = syscalls[DUALCALL_POLLTS].bs_host;
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
} else {
|
2011-01-25 15:18:33 +03:00
|
|
|
op_pollts = syscalls[DUALCALL_POLLTS].bs_rump;
|
2011-01-08 17:19:27 +03:00
|
|
|
adjustpoll(fds, nfds, fd_host2rump);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
2011-01-08 21:11:46 +03:00
|
|
|
rv = op_pollts(fds, nfds, ts, sigmask);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
if (rumpcall)
|
2011-01-08 17:19:27 +03:00
|
|
|
adjustpoll(fds, nfds, fd_rump2host);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2011-02-05 15:38:19 +03:00
|
|
|
poll(struct pollfd *fds, nfds_t nfds, int timeout)
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
{
|
2011-01-08 21:11:46 +03:00
|
|
|
struct timespec ts;
|
|
|
|
struct timespec *tsp = NULL;
|
|
|
|
|
|
|
|
if (timeout != INFTIM) {
|
|
|
|
ts.tv_sec = timeout / 1000;
|
2011-01-18 17:45:30 +03:00
|
|
|
ts.tv_nsec = (timeout % 1000) * 1000*1000;
|
2011-01-08 21:11:46 +03:00
|
|
|
|
|
|
|
tsp = &ts;
|
|
|
|
}
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
|
2011-02-07 13:28:18 +03:00
|
|
|
return REALPOLLTS(fds, nfds, tsp, NULL);
|
Begin work on a syscall hijacking library which can be LD_PRELOADed
to convince non-rumped applications to communicate with a rump
kernel instead of the host kernel. The precision of what goes
where is not exactly surgical, but for example when wanting to
debug a web server's TCP/IP stack interaction, it might be enough.
When all you have is a hand grenade, all problems look like a ....
hmm?
There's still plenty to figure out. For example, I'm not sure what
the user interface will be like. Now it just attempts to hijack
network communication. It also needs to sync with symbol renaming
in libc, and maybe autogenerate the non-schizophrenic wrappers
where the communication is heading to exactly one destination, lest
I'll be a mummmy by the time I finish writing them all. As a fun
example of a non-non-schizophrenic one, consider poll().
Work in progress, but I managed to get two non-rumped netcats
talking to each other or fetching the index from a non-rumped
thttpd. telnet works in one direction (i can read the data from
netcat, but anything i send back is not printed). bozohttpd uses
dup2() which i haven't bothered to address yet, etcetc.
(not hooking this up the build for now)
2011-01-07 22:52:43 +03:00
|
|
|
}
|
2011-01-18 14:04:10 +03:00
|
|
|
|
|
|
|
int
|
2011-02-08 17:45:35 +03:00
|
|
|
REALKEVENT(int kq, const struct kevent *changelist, size_t nchanges,
|
2011-01-18 14:04:10 +03:00
|
|
|
struct kevent *eventlist, size_t nevents,
|
|
|
|
const struct timespec *timeout)
|
|
|
|
{
|
2011-02-08 17:45:35 +03:00
|
|
|
int (*op_kevent)(int, const struct kevent *, size_t,
|
|
|
|
struct kevent *, size_t, const struct timespec *);
|
|
|
|
const struct kevent *ev;
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check that we don't attempt to kevent rump kernel fd's.
|
|
|
|
* That needs similar treatment to select/poll, but is slightly
|
|
|
|
* trickier since we need to manage to different kq descriptors.
|
|
|
|
* (TODO, in case you're wondering).
|
|
|
|
*/
|
|
|
|
for (i = 0; i < nchanges; i++) {
|
|
|
|
ev = &changelist[i];
|
|
|
|
if (ev->filter == EVFILT_READ || ev->filter == EVFILT_WRITE ||
|
|
|
|
ev->filter == EVFILT_VNODE) {
|
|
|
|
if (fd_isrump(ev->ident))
|
|
|
|
return ENOTSUP;
|
|
|
|
}
|
|
|
|
}
|
2011-01-18 14:04:10 +03:00
|
|
|
|
2011-02-08 17:45:35 +03:00
|
|
|
op_kevent = GETSYSCALL(host, ACCEPT);
|
|
|
|
return op_kevent(kq, changelist, nchanges, eventlist, nevents, timeout);
|
2011-01-18 14:04:10 +03:00
|
|
|
}
|
2011-01-25 15:18:33 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Rest are std type calls.
|
|
|
|
*/
|
|
|
|
|
|
|
|
FDCALL(int, bind, DUALCALL_BIND, \
|
|
|
|
(int fd, const struct sockaddr *name, socklen_t namelen), \
|
|
|
|
(int, const struct sockaddr *, socklen_t), \
|
|
|
|
(fd, name, namelen))
|
|
|
|
|
|
|
|
FDCALL(int, connect, DUALCALL_CONNECT, \
|
|
|
|
(int fd, const struct sockaddr *name, socklen_t namelen), \
|
|
|
|
(int, const struct sockaddr *, socklen_t), \
|
|
|
|
(fd, name, namelen))
|
|
|
|
|
|
|
|
FDCALL(int, getpeername, DUALCALL_GETPEERNAME, \
|
|
|
|
(int fd, struct sockaddr *name, socklen_t *namelen), \
|
|
|
|
(int, struct sockaddr *, socklen_t *), \
|
|
|
|
(fd, name, namelen))
|
|
|
|
|
|
|
|
FDCALL(int, getsockname, DUALCALL_GETSOCKNAME, \
|
|
|
|
(int fd, struct sockaddr *name, socklen_t *namelen), \
|
|
|
|
(int, struct sockaddr *, socklen_t *), \
|
|
|
|
(fd, name, namelen))
|
|
|
|
|
|
|
|
FDCALL(int, listen, DUALCALL_LISTEN, \
|
|
|
|
(int fd, int backlog), \
|
|
|
|
(int, int), \
|
|
|
|
(fd, backlog))
|
|
|
|
|
|
|
|
FDCALL(ssize_t, recvfrom, DUALCALL_RECVFROM, \
|
|
|
|
(int fd, void *buf, size_t len, int flags, \
|
|
|
|
struct sockaddr *from, socklen_t *fromlen), \
|
|
|
|
(int, void *, size_t, int, struct sockaddr *, socklen_t *), \
|
|
|
|
(fd, buf, len, flags, from, fromlen))
|
|
|
|
|
|
|
|
FDCALL(ssize_t, sendto, DUALCALL_SENDTO, \
|
|
|
|
(int fd, const void *buf, size_t len, int flags, \
|
|
|
|
const struct sockaddr *to, socklen_t tolen), \
|
|
|
|
(int, const void *, size_t, int, \
|
|
|
|
const struct sockaddr *, socklen_t), \
|
|
|
|
(fd, buf, len, flags, to, tolen))
|
|
|
|
|
|
|
|
FDCALL(ssize_t, recvmsg, DUALCALL_RECVMSG, \
|
|
|
|
(int fd, struct msghdr *msg, int flags), \
|
|
|
|
(int, struct msghdr *, int), \
|
|
|
|
(fd, msg, flags))
|
|
|
|
|
|
|
|
FDCALL(ssize_t, sendmsg, DUALCALL_SENDMSG, \
|
|
|
|
(int fd, const struct msghdr *msg, int flags), \
|
|
|
|
(int, const struct msghdr *, int), \
|
|
|
|
(fd, msg, flags))
|
|
|
|
|
|
|
|
FDCALL(int, getsockopt, DUALCALL_GETSOCKOPT, \
|
|
|
|
(int fd, int level, int optn, void *optval, socklen_t *optlen), \
|
|
|
|
(int, int, int, void *, socklen_t *), \
|
|
|
|
(fd, level, optn, optval, optlen))
|
|
|
|
|
|
|
|
FDCALL(int, setsockopt, DUALCALL_SETSOCKOPT, \
|
|
|
|
(int fd, int level, int optn, \
|
|
|
|
const void *optval, socklen_t optlen), \
|
|
|
|
(int, int, int, const void *, socklen_t), \
|
|
|
|
(fd, level, optn, optval, optlen))
|
|
|
|
|
|
|
|
FDCALL(int, shutdown, DUALCALL_SHUTDOWN, \
|
|
|
|
(int fd, int how), \
|
|
|
|
(int, int), \
|
|
|
|
(fd, how))
|
|
|
|
|
2011-01-26 21:48:32 +03:00
|
|
|
#if _FORTIFY_SOURCE > 0
|
|
|
|
#define STUB(fun) __ssp_weak_name(fun)
|
|
|
|
ssize_t _sys_readlink(const char * __restrict, char * __restrict, size_t);
|
|
|
|
ssize_t
|
|
|
|
STUB(readlink)(const char * __restrict path, char * __restrict buf,
|
|
|
|
size_t bufsiz)
|
|
|
|
{
|
|
|
|
return _sys_readlink(path, buf, bufsiz);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *_sys_getcwd(char *, size_t);
|
|
|
|
char *
|
|
|
|
STUB(getcwd)(char *buf, size_t size)
|
|
|
|
{
|
|
|
|
return _sys_getcwd(buf, size);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
#define STUB(fun) fun
|
|
|
|
#endif
|
|
|
|
|
2011-02-07 15:23:05 +03:00
|
|
|
FDCALL(ssize_t, REALREAD, DUALCALL_READ, \
|
2011-01-25 15:18:33 +03:00
|
|
|
(int fd, void *buf, size_t buflen), \
|
|
|
|
(int, void *, size_t), \
|
|
|
|
(fd, buf, buflen))
|
|
|
|
|
2011-01-25 15:21:36 +03:00
|
|
|
FDCALL(ssize_t, readv, DUALCALL_READV, \
|
2011-01-25 15:18:33 +03:00
|
|
|
(int fd, const struct iovec *iov, int iovcnt), \
|
|
|
|
(int, const struct iovec *, int), \
|
|
|
|
(fd, iov, iovcnt))
|
|
|
|
|
|
|
|
FDCALL(ssize_t, writev, DUALCALL_WRITEV, \
|
|
|
|
(int fd, const struct iovec *iov, int iovcnt), \
|
|
|
|
(int, const struct iovec *, int), \
|
|
|
|
(fd, iov, iovcnt))
|
|
|
|
|
|
|
|
FDCALL(int, close, DUALCALL_CLOSE, \
|
|
|
|
(int fd), \
|
|
|
|
(int), \
|
|
|
|
(fd))
|