1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2020 Facebook */
3
4 #define _GNU_SOURCE
5 #include <sched.h>
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <sys/socket.h>
9 #include <linux/compiler.h>
10
11 #include "test_progs.h"
12 #include "cgroup_helpers.h"
13 #include "network_helpers.h"
14 #include "test_tcp_hdr_options.h"
15 #include "test_tcp_hdr_options.skel.h"
16 #include "test_misc_tcp_hdr_options.skel.h"
17
18 #define LO_ADDR6 "::1"
19 #define CG_NAME "/tcpbpf-hdr-opt-test"
20
21 struct bpf_test_option exp_passive_estab_in;
22 struct bpf_test_option exp_active_estab_in;
23 struct bpf_test_option exp_passive_fin_in;
24 struct bpf_test_option exp_active_fin_in;
25 struct hdr_stg exp_passive_hdr_stg;
26 struct hdr_stg exp_active_hdr_stg = { .active = true, };
27
28 static struct test_misc_tcp_hdr_options *misc_skel;
29 static struct test_tcp_hdr_options *skel;
30 static int lport_linum_map_fd;
31 static int hdr_stg_map_fd;
32 static __u32 duration;
33 static int cg_fd;
34
35 struct sk_fds {
36 int srv_fd;
37 int passive_fd;
38 int active_fd;
39 int passive_lport;
40 int active_lport;
41 };
42
create_netns(void)43 static int create_netns(void)
44 {
45 if (CHECK(unshare(CLONE_NEWNET), "create netns",
46 "unshare(CLONE_NEWNET): %s (%d)",
47 strerror(errno), errno))
48 return -1;
49
50 if (CHECK(system("ip link set dev lo up"), "run ip cmd",
51 "failed to bring lo link up\n"))
52 return -1;
53
54 return 0;
55 }
56
write_sysctl(const char * sysctl,const char * value)57 static int write_sysctl(const char *sysctl, const char *value)
58 {
59 int fd, err, len;
60
61 fd = open(sysctl, O_WRONLY);
62 if (CHECK(fd == -1, "open sysctl", "open(%s): %s (%d)\n",
63 sysctl, strerror(errno), errno))
64 return -1;
65
66 len = strlen(value);
67 err = write(fd, value, len);
68 close(fd);
69 if (CHECK(err != len, "write sysctl",
70 "write(%s, %s): err:%d %s (%d)\n",
71 sysctl, value, err, strerror(errno), errno))
72 return -1;
73
74 return 0;
75 }
76
print_hdr_stg(const struct hdr_stg * hdr_stg,const char * prefix)77 static void print_hdr_stg(const struct hdr_stg *hdr_stg, const char *prefix)
78 {
79 fprintf(stderr, "%s{active:%u, resend_syn:%u, syncookie:%u, fastopen:%u}\n",
80 prefix ? : "", hdr_stg->active, hdr_stg->resend_syn,
81 hdr_stg->syncookie, hdr_stg->fastopen);
82 }
83
print_option(const struct bpf_test_option * opt,const char * prefix)84 static void print_option(const struct bpf_test_option *opt, const char *prefix)
85 {
86 fprintf(stderr, "%s{flags:0x%x, max_delack_ms:%u, rand:0x%x}\n",
87 prefix ? : "", opt->flags, opt->max_delack_ms, opt->rand);
88 }
89
sk_fds_close(struct sk_fds * sk_fds)90 static void sk_fds_close(struct sk_fds *sk_fds)
91 {
92 close(sk_fds->srv_fd);
93 close(sk_fds->passive_fd);
94 close(sk_fds->active_fd);
95 }
96
sk_fds_shutdown(struct sk_fds * sk_fds)97 static int sk_fds_shutdown(struct sk_fds *sk_fds)
98 {
99 int ret, abyte;
100
101 shutdown(sk_fds->active_fd, SHUT_WR);
102 ret = read(sk_fds->passive_fd, &abyte, sizeof(abyte));
103 if (CHECK(ret != 0, "read-after-shutdown(passive_fd):",
104 "ret:%d %s (%d)\n",
105 ret, strerror(errno), errno))
106 return -1;
107
108 shutdown(sk_fds->passive_fd, SHUT_WR);
109 ret = read(sk_fds->active_fd, &abyte, sizeof(abyte));
110 if (CHECK(ret != 0, "read-after-shutdown(active_fd):",
111 "ret:%d %s (%d)\n",
112 ret, strerror(errno), errno))
113 return -1;
114
115 return 0;
116 }
117
sk_fds_connect(struct sk_fds * sk_fds,bool fast_open)118 static int sk_fds_connect(struct sk_fds *sk_fds, bool fast_open)
119 {
120 const char fast[] = "FAST!!!";
121 struct sockaddr_in6 addr6;
122 socklen_t len;
123
124 sk_fds->srv_fd = start_server(AF_INET6, SOCK_STREAM, LO_ADDR6, 0, 0);
125 if (CHECK(sk_fds->srv_fd == -1, "start_server", "%s (%d)\n",
126 strerror(errno), errno))
127 goto error;
128
129 if (fast_open)
130 sk_fds->active_fd = fastopen_connect(sk_fds->srv_fd, fast,
131 sizeof(fast), 0);
132 else
133 sk_fds->active_fd = connect_to_fd(sk_fds->srv_fd, 0);
134
135 if (CHECK_FAIL(sk_fds->active_fd == -1)) {
136 close(sk_fds->srv_fd);
137 goto error;
138 }
139
140 len = sizeof(addr6);
141 if (CHECK(getsockname(sk_fds->srv_fd, (struct sockaddr *)&addr6,
142 &len), "getsockname(srv_fd)", "%s (%d)\n",
143 strerror(errno), errno))
144 goto error_close;
145 sk_fds->passive_lport = ntohs(addr6.sin6_port);
146
147 len = sizeof(addr6);
148 if (CHECK(getsockname(sk_fds->active_fd, (struct sockaddr *)&addr6,
149 &len), "getsockname(active_fd)", "%s (%d)\n",
150 strerror(errno), errno))
151 goto error_close;
152 sk_fds->active_lport = ntohs(addr6.sin6_port);
153
154 sk_fds->passive_fd = accept(sk_fds->srv_fd, NULL, 0);
155 if (CHECK(sk_fds->passive_fd == -1, "accept(srv_fd)", "%s (%d)\n",
156 strerror(errno), errno))
157 goto error_close;
158
159 if (fast_open) {
160 char bytes_in[sizeof(fast)];
161 int ret;
162
163 ret = read(sk_fds->passive_fd, bytes_in, sizeof(bytes_in));
164 if (CHECK(ret != sizeof(fast), "read fastopen syn data",
165 "expected=%lu actual=%d\n", sizeof(fast), ret)) {
166 close(sk_fds->passive_fd);
167 goto error_close;
168 }
169 }
170
171 return 0;
172
173 error_close:
174 close(sk_fds->active_fd);
175 close(sk_fds->srv_fd);
176
177 error:
178 memset(sk_fds, -1, sizeof(*sk_fds));
179 return -1;
180 }
181
check_hdr_opt(const struct bpf_test_option * exp,const struct bpf_test_option * act,const char * hdr_desc)182 static int check_hdr_opt(const struct bpf_test_option *exp,
183 const struct bpf_test_option *act,
184 const char *hdr_desc)
185 {
186 if (CHECK(memcmp(exp, act, sizeof(*exp)),
187 "expected-vs-actual", "unexpected %s\n", hdr_desc)) {
188 print_option(exp, "expected: ");
189 print_option(act, " actual: ");
190 return -1;
191 }
192
193 return 0;
194 }
195
check_hdr_stg(const struct hdr_stg * exp,int fd,const char * stg_desc)196 static int check_hdr_stg(const struct hdr_stg *exp, int fd,
197 const char *stg_desc)
198 {
199 struct hdr_stg act;
200
201 if (CHECK(bpf_map_lookup_elem(hdr_stg_map_fd, &fd, &act),
202 "map_lookup(hdr_stg_map_fd)", "%s %s (%d)\n",
203 stg_desc, strerror(errno), errno))
204 return -1;
205
206 if (CHECK(memcmp(exp, &act, sizeof(*exp)),
207 "expected-vs-actual", "unexpected %s\n", stg_desc)) {
208 print_hdr_stg(exp, "expected: ");
209 print_hdr_stg(&act, " actual: ");
210 return -1;
211 }
212
213 return 0;
214 }
215
check_error_linum(const struct sk_fds * sk_fds)216 static int check_error_linum(const struct sk_fds *sk_fds)
217 {
218 unsigned int nr_errors = 0;
219 struct linum_err linum_err;
220 int lport;
221
222 lport = sk_fds->passive_lport;
223 if (!bpf_map_lookup_elem(lport_linum_map_fd, &lport, &linum_err)) {
224 fprintf(stderr,
225 "bpf prog error out at lport:passive(%d), linum:%u err:%d\n",
226 lport, linum_err.linum, linum_err.err);
227 nr_errors++;
228 }
229
230 lport = sk_fds->active_lport;
231 if (!bpf_map_lookup_elem(lport_linum_map_fd, &lport, &linum_err)) {
232 fprintf(stderr,
233 "bpf prog error out at lport:active(%d), linum:%u err:%d\n",
234 lport, linum_err.linum, linum_err.err);
235 nr_errors++;
236 }
237
238 return nr_errors;
239 }
240
check_hdr_and_close_fds(struct sk_fds * sk_fds)241 static void check_hdr_and_close_fds(struct sk_fds *sk_fds)
242 {
243 const __u32 expected_inherit_cb_flags =
244 BPF_SOCK_OPS_PARSE_UNKNOWN_HDR_OPT_CB_FLAG |
245 BPF_SOCK_OPS_WRITE_HDR_OPT_CB_FLAG |
246 BPF_SOCK_OPS_STATE_CB_FLAG;
247
248 if (sk_fds_shutdown(sk_fds))
249 goto check_linum;
250
251 if (CHECK(expected_inherit_cb_flags != skel->bss->inherit_cb_flags,
252 "Unexpected inherit_cb_flags", "0x%x != 0x%x\n",
253 skel->bss->inherit_cb_flags, expected_inherit_cb_flags))
254 goto check_linum;
255
256 if (check_hdr_stg(&exp_passive_hdr_stg, sk_fds->passive_fd,
257 "passive_hdr_stg"))
258 goto check_linum;
259
260 if (check_hdr_stg(&exp_active_hdr_stg, sk_fds->active_fd,
261 "active_hdr_stg"))
262 goto check_linum;
263
264 if (check_hdr_opt(&exp_passive_estab_in, &skel->bss->passive_estab_in,
265 "passive_estab_in"))
266 goto check_linum;
267
268 if (check_hdr_opt(&exp_active_estab_in, &skel->bss->active_estab_in,
269 "active_estab_in"))
270 goto check_linum;
271
272 if (check_hdr_opt(&exp_passive_fin_in, &skel->bss->passive_fin_in,
273 "passive_fin_in"))
274 goto check_linum;
275
276 check_hdr_opt(&exp_active_fin_in, &skel->bss->active_fin_in,
277 "active_fin_in");
278
279 check_linum:
280 CHECK_FAIL(check_error_linum(sk_fds));
281 sk_fds_close(sk_fds);
282 }
283
prepare_out(void)284 static void prepare_out(void)
285 {
286 skel->bss->active_syn_out = exp_passive_estab_in;
287 skel->bss->passive_synack_out = exp_active_estab_in;
288
289 skel->bss->active_fin_out = exp_passive_fin_in;
290 skel->bss->passive_fin_out = exp_active_fin_in;
291 }
292
reset_test(void)293 static void reset_test(void)
294 {
295 size_t optsize = sizeof(struct bpf_test_option);
296 int lport, err;
297
298 memset(&skel->bss->passive_synack_out, 0, optsize);
299 memset(&skel->bss->passive_fin_out, 0, optsize);
300
301 memset(&skel->bss->passive_estab_in, 0, optsize);
302 memset(&skel->bss->passive_fin_in, 0, optsize);
303
304 memset(&skel->bss->active_syn_out, 0, optsize);
305 memset(&skel->bss->active_fin_out, 0, optsize);
306
307 memset(&skel->bss->active_estab_in, 0, optsize);
308 memset(&skel->bss->active_fin_in, 0, optsize);
309
310 skel->bss->inherit_cb_flags = 0;
311
312 skel->data->test_kind = TCPOPT_EXP;
313 skel->data->test_magic = 0xeB9F;
314
315 memset(&exp_passive_estab_in, 0, optsize);
316 memset(&exp_active_estab_in, 0, optsize);
317 memset(&exp_passive_fin_in, 0, optsize);
318 memset(&exp_active_fin_in, 0, optsize);
319
320 memset(&exp_passive_hdr_stg, 0, sizeof(exp_passive_hdr_stg));
321 memset(&exp_active_hdr_stg, 0, sizeof(exp_active_hdr_stg));
322 exp_active_hdr_stg.active = true;
323
324 err = bpf_map_get_next_key(lport_linum_map_fd, NULL, &lport);
325 while (!err) {
326 bpf_map_delete_elem(lport_linum_map_fd, &lport);
327 err = bpf_map_get_next_key(lport_linum_map_fd, &lport, &lport);
328 }
329 }
330
fastopen_estab(void)331 static void fastopen_estab(void)
332 {
333 struct bpf_link *link;
334 struct sk_fds sk_fds;
335
336 hdr_stg_map_fd = bpf_map__fd(skel->maps.hdr_stg_map);
337 lport_linum_map_fd = bpf_map__fd(skel->maps.lport_linum_map);
338
339 exp_passive_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS;
340 exp_passive_estab_in.rand = 0xfa;
341 exp_passive_estab_in.max_delack_ms = 11;
342
343 exp_active_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS;
344 exp_active_estab_in.rand = 0xce;
345 exp_active_estab_in.max_delack_ms = 22;
346
347 exp_passive_hdr_stg.fastopen = true;
348
349 prepare_out();
350
351 /* Allow fastopen without fastopen cookie */
352 if (write_sysctl("/proc/sys/net/ipv4/tcp_fastopen", "1543"))
353 return;
354
355 link = bpf_program__attach_cgroup(skel->progs.estab, cg_fd);
356 if (CHECK(IS_ERR(link), "attach_cgroup(estab)", "err: %ld\n",
357 PTR_ERR(link)))
358 return;
359
360 if (sk_fds_connect(&sk_fds, true)) {
361 bpf_link__destroy(link);
362 return;
363 }
364
365 check_hdr_and_close_fds(&sk_fds);
366 bpf_link__destroy(link);
367 }
368
syncookie_estab(void)369 static void syncookie_estab(void)
370 {
371 struct bpf_link *link;
372 struct sk_fds sk_fds;
373
374 hdr_stg_map_fd = bpf_map__fd(skel->maps.hdr_stg_map);
375 lport_linum_map_fd = bpf_map__fd(skel->maps.lport_linum_map);
376
377 exp_passive_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS;
378 exp_passive_estab_in.rand = 0xfa;
379 exp_passive_estab_in.max_delack_ms = 11;
380
381 exp_active_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS |
382 OPTION_F_RESEND;
383 exp_active_estab_in.rand = 0xce;
384 exp_active_estab_in.max_delack_ms = 22;
385
386 exp_passive_hdr_stg.syncookie = true;
387 exp_active_hdr_stg.resend_syn = true,
388
389 prepare_out();
390
391 /* Clear the RESEND to ensure the bpf prog can learn
392 * want_cookie and set the RESEND by itself.
393 */
394 skel->bss->passive_synack_out.flags &= ~OPTION_F_RESEND;
395
396 /* Enforce syncookie mode */
397 if (write_sysctl("/proc/sys/net/ipv4/tcp_syncookies", "2"))
398 return;
399
400 link = bpf_program__attach_cgroup(skel->progs.estab, cg_fd);
401 if (CHECK(IS_ERR(link), "attach_cgroup(estab)", "err: %ld\n",
402 PTR_ERR(link)))
403 return;
404
405 if (sk_fds_connect(&sk_fds, false)) {
406 bpf_link__destroy(link);
407 return;
408 }
409
410 check_hdr_and_close_fds(&sk_fds);
411 bpf_link__destroy(link);
412 }
413
fin(void)414 static void fin(void)
415 {
416 struct bpf_link *link;
417 struct sk_fds sk_fds;
418
419 hdr_stg_map_fd = bpf_map__fd(skel->maps.hdr_stg_map);
420 lport_linum_map_fd = bpf_map__fd(skel->maps.lport_linum_map);
421
422 exp_passive_fin_in.flags = OPTION_F_RAND;
423 exp_passive_fin_in.rand = 0xfa;
424
425 exp_active_fin_in.flags = OPTION_F_RAND;
426 exp_active_fin_in.rand = 0xce;
427
428 prepare_out();
429
430 if (write_sysctl("/proc/sys/net/ipv4/tcp_syncookies", "1"))
431 return;
432
433 link = bpf_program__attach_cgroup(skel->progs.estab, cg_fd);
434 if (CHECK(IS_ERR(link), "attach_cgroup(estab)", "err: %ld\n",
435 PTR_ERR(link)))
436 return;
437
438 if (sk_fds_connect(&sk_fds, false)) {
439 bpf_link__destroy(link);
440 return;
441 }
442
443 check_hdr_and_close_fds(&sk_fds);
444 bpf_link__destroy(link);
445 }
446
__simple_estab(bool exprm)447 static void __simple_estab(bool exprm)
448 {
449 struct bpf_link *link;
450 struct sk_fds sk_fds;
451
452 hdr_stg_map_fd = bpf_map__fd(skel->maps.hdr_stg_map);
453 lport_linum_map_fd = bpf_map__fd(skel->maps.lport_linum_map);
454
455 exp_passive_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS;
456 exp_passive_estab_in.rand = 0xfa;
457 exp_passive_estab_in.max_delack_ms = 11;
458
459 exp_active_estab_in.flags = OPTION_F_RAND | OPTION_F_MAX_DELACK_MS;
460 exp_active_estab_in.rand = 0xce;
461 exp_active_estab_in.max_delack_ms = 22;
462
463 prepare_out();
464
465 if (!exprm) {
466 skel->data->test_kind = 0xB9;
467 skel->data->test_magic = 0;
468 }
469
470 if (write_sysctl("/proc/sys/net/ipv4/tcp_syncookies", "1"))
471 return;
472
473 link = bpf_program__attach_cgroup(skel->progs.estab, cg_fd);
474 if (CHECK(IS_ERR(link), "attach_cgroup(estab)", "err: %ld\n",
475 PTR_ERR(link)))
476 return;
477
478 if (sk_fds_connect(&sk_fds, false)) {
479 bpf_link__destroy(link);
480 return;
481 }
482
483 check_hdr_and_close_fds(&sk_fds);
484 bpf_link__destroy(link);
485 }
486
no_exprm_estab(void)487 static void no_exprm_estab(void)
488 {
489 __simple_estab(false);
490 }
491
simple_estab(void)492 static void simple_estab(void)
493 {
494 __simple_estab(true);
495 }
496
misc(void)497 static void misc(void)
498 {
499 const char send_msg[] = "MISC!!!";
500 char recv_msg[sizeof(send_msg)];
501 const unsigned int nr_data = 2;
502 struct bpf_link *link;
503 struct sk_fds sk_fds;
504 int i, ret;
505
506 lport_linum_map_fd = bpf_map__fd(misc_skel->maps.lport_linum_map);
507
508 if (write_sysctl("/proc/sys/net/ipv4/tcp_syncookies", "1"))
509 return;
510
511 link = bpf_program__attach_cgroup(misc_skel->progs.misc_estab, cg_fd);
512 if (CHECK(IS_ERR(link), "attach_cgroup(misc_estab)", "err: %ld\n",
513 PTR_ERR(link)))
514 return;
515
516 if (sk_fds_connect(&sk_fds, false)) {
517 bpf_link__destroy(link);
518 return;
519 }
520
521 for (i = 0; i < nr_data; i++) {
522 /* MSG_EOR to ensure skb will not be combined */
523 ret = send(sk_fds.active_fd, send_msg, sizeof(send_msg),
524 MSG_EOR);
525 if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n",
526 ret))
527 goto check_linum;
528
529 ret = read(sk_fds.passive_fd, recv_msg, sizeof(recv_msg));
530 if (CHECK(ret != sizeof(send_msg), "read(msg)", "ret:%d\n",
531 ret))
532 goto check_linum;
533 }
534
535 if (sk_fds_shutdown(&sk_fds))
536 goto check_linum;
537
538 CHECK(misc_skel->bss->nr_syn != 1, "unexpected nr_syn",
539 "expected (1) != actual (%u)\n",
540 misc_skel->bss->nr_syn);
541
542 CHECK(misc_skel->bss->nr_data != nr_data, "unexpected nr_data",
543 "expected (%u) != actual (%u)\n",
544 nr_data, misc_skel->bss->nr_data);
545
546 /* The last ACK may have been delayed, so it is either 1 or 2. */
547 CHECK(misc_skel->bss->nr_pure_ack != 1 &&
548 misc_skel->bss->nr_pure_ack != 2,
549 "unexpected nr_pure_ack",
550 "expected (1 or 2) != actual (%u)\n",
551 misc_skel->bss->nr_pure_ack);
552
553 CHECK(misc_skel->bss->nr_fin != 1, "unexpected nr_fin",
554 "expected (1) != actual (%u)\n",
555 misc_skel->bss->nr_fin);
556
557 check_linum:
558 CHECK_FAIL(check_error_linum(&sk_fds));
559 sk_fds_close(&sk_fds);
560 bpf_link__destroy(link);
561 }
562
563 struct test {
564 const char *desc;
565 void (*run)(void);
566 };
567
568 #define DEF_TEST(name) { #name, name }
569 static struct test tests[] = {
570 DEF_TEST(simple_estab),
571 DEF_TEST(no_exprm_estab),
572 DEF_TEST(syncookie_estab),
573 DEF_TEST(fastopen_estab),
574 DEF_TEST(fin),
575 DEF_TEST(misc),
576 };
577
test_tcp_hdr_options(void)578 void test_tcp_hdr_options(void)
579 {
580 int i;
581
582 skel = test_tcp_hdr_options__open_and_load();
583 if (CHECK(!skel, "open and load skel", "failed"))
584 return;
585
586 misc_skel = test_misc_tcp_hdr_options__open_and_load();
587 if (CHECK(!misc_skel, "open and load misc test skel", "failed"))
588 goto skel_destroy;
589
590 cg_fd = test__join_cgroup(CG_NAME);
591 if (CHECK_FAIL(cg_fd < 0))
592 goto skel_destroy;
593
594 for (i = 0; i < ARRAY_SIZE(tests); i++) {
595 if (!test__start_subtest(tests[i].desc))
596 continue;
597
598 if (create_netns())
599 break;
600
601 tests[i].run();
602
603 reset_test();
604 }
605
606 close(cg_fd);
607 skel_destroy:
608 test_misc_tcp_hdr_options__destroy(misc_skel);
609 test_tcp_hdr_options__destroy(skel);
610 }
611