From c80a93cd93e55f0c6b346632181c56e1fc387b96 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Fri, 18 Jan 2013 21:18:57 +0100 Subject: [PATCH] trafgen: different seeds for forks, drop privs later Signed-off-by: Daniel Borkmann --- src/trafgen.c | 40 +++++++++++++++++----------------------- src/trafgen_parser.y | 5 ++--- src/xutils.c | 14 ++++++++++++++ src/xutils.h | 1 + 4 files changed, 34 insertions(+), 26 deletions(-) diff --git a/src/trafgen.c b/src/trafgen.c index fe733f1a..afdf726d 100644 --- a/src/trafgen.c +++ b/src/trafgen.c @@ -60,9 +60,11 @@ #include "csum.h" struct ctx { - bool rand, rfraw, jumbo_support, verbose, smoke_test; + bool rand, rfraw, jumbo_support, verbose, smoke_test, enforce; unsigned long kpull, num, gap, reserve_size, cpus; struct sockaddr_in dest; + uid_t uid; + gid_t gid; char *device, *device_trans, *rhost; }; @@ -691,6 +693,8 @@ static void xmit_slowpath_or_die(struct ctx *ctx, int cpu) if (ctx->smoke_test) icmp_sock = xmit_smoke_setup(ctx); + drop_privileges(ctx->enforce, ctx->uid, ctx->gid); + bug_on(gettimeofday(&start, NULL)); while (likely(sigint == 0) && likely(num > 0)) { @@ -781,6 +785,8 @@ static void xmit_fastpath_or_die(struct ctx *ctx, int cpu) alloc_tx_ring_frames(&tx_ring); bind_tx_ring(sock, &tx_ring, ifindex); + drop_privileges(ctx->enforce, ctx->uid, ctx->gid); + if (ctx->kpull) interval = ctx->kpull; if (ctx->num > 0) @@ -1020,19 +1026,17 @@ static unsigned int generate_srand_seed(void) int main(int argc, char **argv) { - bool slow = false, invoke_cpp = false, enforce = false; + bool slow = false, invoke_cpp = false; int c, opt_index, i, j, vals[4] = {0}, irq; char *confname = NULL, *ptr; unsigned long cpus_tmp; unsigned long long tx_packets, tx_bytes; struct ctx ctx; - uid_t uid = getuid(); - gid_t gid = getgid(); fmemset(&ctx, 0, sizeof(ctx)); ctx.cpus = get_number_cpus_online(); - - seed = generate_srand_seed(); + ctx.uid = getuid(); + ctx.gid = getgid(); while ((c = getopt_long(argc, argv, short_options, long_options, &opt_index)) != EOF) { @@ -1081,12 +1085,12 @@ int main(int argc, char **argv) confname = xstrdup(optarg); break; case 'u': - uid = strtoul(optarg, NULL, 0); - enforce = true; + ctx.uid = strtoul(optarg, NULL, 0); + ctx.enforce = true; break; case 'g': - gid = strtoul(optarg, NULL, 0); - enforce = true; + ctx.gid = strtoul(optarg, NULL, 0); + ctx.enforce = true; break; case 'k': ctx.kpull = strtoul(optarg, NULL, 0); @@ -1157,17 +1161,6 @@ int main(int argc, char **argv) } } - if (enforce) { - if (uid == getuid()) - panic("Uid cannot be the same as the current user!\n"); - if (gid == getgid()) - panic("Gid cannot be the same as the current user!\n"); - } - if (setgid(gid) != 0) - panic("Unable to drop group privileges: %s!\n", strerror(errno)); - if (setuid(uid) != 0) - panic("Unable to drop user privileges: %s!\n", strerror(errno)); - if (argc < 5) help(); if (ctx.device == NULL) @@ -1185,8 +1178,6 @@ int main(int argc, char **argv) header(); - srand(seed); - set_system_socket_memory(vals); if (ctx.rfraw) { @@ -1210,6 +1201,9 @@ int main(int argc, char **argv) switch (pid) { case 0: + seed = generate_srand_seed(); + srand(seed); + cpu_affinity(i); main_loop(&ctx, confname, slow, i, invoke_cpp); diff --git a/src/trafgen_parser.y b/src/trafgen_parser.y index 85bb3e61..e49cc87a 100644 --- a/src/trafgen_parser.y +++ b/src/trafgen_parser.y @@ -571,11 +571,10 @@ int compile_packets(char *file, int verbose, int cpu, bool invoke_cpp) if (invoke_cpp) { char cmd[256]; - slprintf(tmp_file, sizeof(tmp_file), ".tmp.%s", file); + slprintf(tmp_file, sizeof(tmp_file), ".tmp-%u-%s", rand(), file); slprintf(cmd, sizeof(cmd), "cpp %s > %s", file, tmp_file); system(cmd); - xfree(file); file = tmp_file; } @@ -584,7 +583,7 @@ int compile_packets(char *file, int verbose, int cpu, bool invoke_cpp) else yyin = fopen(file, "r"); if (!yyin) - panic("Cannot open file!\n"); + panic("Cannot open %s: %s!\n", file, strerror(errno)); realloc_packet(); yyparse(); diff --git a/src/xutils.c b/src/xutils.c index 45b74b22..c93168eb 100644 --- a/src/xutils.c +++ b/src/xutils.c @@ -249,6 +249,20 @@ int adjust_dbm_level(int in_dbm, int dbm_val) return dbm_val - 0x100; } +void drop_privileges(bool enforce, uid_t uid, gid_t gid) +{ + if (enforce) { + if (uid == getuid()) + panic("Uid cannot be the same as the current user!\n"); + if (gid == getgid()) + panic("Gid cannot be the same as the current user!\n"); + } + if (setgid(gid) != 0) + panic("Unable to drop group privileges: %s!\n", strerror(errno)); + if (setuid(uid) != 0) + panic("Unable to drop user privileges: %s!\n", strerror(errno)); +} + int get_system_socket_mem(int which) { int fd, val = -1; diff --git a/src/xutils.h b/src/xutils.h index 536fe7f3..58ac1204 100644 --- a/src/xutils.h +++ b/src/xutils.h @@ -57,6 +57,7 @@ extern void sock_print_net_stats(int sock, unsigned long skipped); extern int device_ifindex(const char *ifname); extern short device_get_flags(const char *ifname); extern void device_set_flags(const char *ifname, const short flags); +extern void drop_privileges(bool enforce, uid_t uid, gid_t gid); extern int set_nonblocking(int fd); extern int set_nonblocking_sloppy(int fd); extern int set_reuseaddr(int fd); -- 2.11.4.GIT