1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2020 Cloudflare
3 #include <error.h>
4 #include <netinet/tcp.h>
5
6 #include "test_progs.h"
7 #include "test_skmsg_load_helpers.skel.h"
8 #include "test_sockmap_update.skel.h"
9 #include "test_sockmap_invalid_update.skel.h"
10 #include "test_sockmap_skb_verdict_attach.skel.h"
11 #include "bpf_iter_sockmap.skel.h"
12
13 #define TCP_REPAIR 19 /* TCP sock is under repair right now */
14
15 #define TCP_REPAIR_ON 1
16 #define TCP_REPAIR_OFF_NO_WP -1 /* Turn off without window probes */
17
connected_socket_v4(void)18 static int connected_socket_v4(void)
19 {
20 struct sockaddr_in addr = {
21 .sin_family = AF_INET,
22 .sin_port = htons(80),
23 .sin_addr = { inet_addr("127.0.0.1") },
24 };
25 socklen_t len = sizeof(addr);
26 int s, repair, err;
27
28 s = socket(AF_INET, SOCK_STREAM, 0);
29 if (CHECK_FAIL(s == -1))
30 goto error;
31
32 repair = TCP_REPAIR_ON;
33 err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
34 if (CHECK_FAIL(err))
35 goto error;
36
37 err = connect(s, (struct sockaddr *)&addr, len);
38 if (CHECK_FAIL(err))
39 goto error;
40
41 repair = TCP_REPAIR_OFF_NO_WP;
42 err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
43 if (CHECK_FAIL(err))
44 goto error;
45
46 return s;
47 error:
48 perror(__func__);
49 close(s);
50 return -1;
51 }
52
compare_cookies(struct bpf_map * src,struct bpf_map * dst)53 static void compare_cookies(struct bpf_map *src, struct bpf_map *dst)
54 {
55 __u32 i, max_entries = bpf_map__max_entries(src);
56 int err, duration = 0, src_fd, dst_fd;
57
58 src_fd = bpf_map__fd(src);
59 dst_fd = bpf_map__fd(dst);
60
61 for (i = 0; i < max_entries; i++) {
62 __u64 src_cookie, dst_cookie;
63
64 err = bpf_map_lookup_elem(src_fd, &i, &src_cookie);
65 if (err && errno == ENOENT) {
66 err = bpf_map_lookup_elem(dst_fd, &i, &dst_cookie);
67 CHECK(!err, "map_lookup_elem(dst)", "element %u not deleted\n", i);
68 CHECK(err && errno != ENOENT, "map_lookup_elem(dst)", "%s\n",
69 strerror(errno));
70 continue;
71 }
72 if (CHECK(err, "lookup_elem(src)", "%s\n", strerror(errno)))
73 continue;
74
75 err = bpf_map_lookup_elem(dst_fd, &i, &dst_cookie);
76 if (CHECK(err, "lookup_elem(dst)", "%s\n", strerror(errno)))
77 continue;
78
79 CHECK(dst_cookie != src_cookie, "cookie mismatch",
80 "%llu != %llu (pos %u)\n", dst_cookie, src_cookie, i);
81 }
82 }
83
84 /* Create a map, populate it with one socket, and free the map. */
test_sockmap_create_update_free(enum bpf_map_type map_type)85 static void test_sockmap_create_update_free(enum bpf_map_type map_type)
86 {
87 const int zero = 0;
88 int s, map, err;
89
90 s = connected_socket_v4();
91 if (CHECK_FAIL(s < 0))
92 return;
93
94 map = bpf_create_map(map_type, sizeof(int), sizeof(int), 1, 0);
95 if (CHECK_FAIL(map < 0)) {
96 perror("bpf_create_map");
97 goto out;
98 }
99
100 err = bpf_map_update_elem(map, &zero, &s, BPF_NOEXIST);
101 if (CHECK_FAIL(err)) {
102 perror("bpf_map_update");
103 goto out;
104 }
105
106 out:
107 close(map);
108 close(s);
109 }
110
test_skmsg_helpers(enum bpf_map_type map_type)111 static void test_skmsg_helpers(enum bpf_map_type map_type)
112 {
113 struct test_skmsg_load_helpers *skel;
114 int err, map, verdict;
115
116 skel = test_skmsg_load_helpers__open_and_load();
117 if (CHECK_FAIL(!skel)) {
118 perror("test_skmsg_load_helpers__open_and_load");
119 return;
120 }
121
122 verdict = bpf_program__fd(skel->progs.prog_msg_verdict);
123 map = bpf_map__fd(skel->maps.sock_map);
124
125 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
126 if (CHECK_FAIL(err)) {
127 perror("bpf_prog_attach");
128 goto out;
129 }
130
131 err = bpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT);
132 if (CHECK_FAIL(err)) {
133 perror("bpf_prog_detach2");
134 goto out;
135 }
136 out:
137 test_skmsg_load_helpers__destroy(skel);
138 }
139
test_sockmap_update(enum bpf_map_type map_type)140 static void test_sockmap_update(enum bpf_map_type map_type)
141 {
142 struct bpf_prog_test_run_attr tattr;
143 int err, prog, src, duration = 0;
144 struct test_sockmap_update *skel;
145 struct bpf_map *dst_map;
146 const __u32 zero = 0;
147 char dummy[14] = {0};
148 __s64 sk;
149
150 sk = connected_socket_v4();
151 if (CHECK(sk == -1, "connected_socket_v4", "cannot connect\n"))
152 return;
153
154 skel = test_sockmap_update__open_and_load();
155 if (CHECK(!skel, "open_and_load", "cannot load skeleton\n"))
156 goto close_sk;
157
158 prog = bpf_program__fd(skel->progs.copy_sock_map);
159 src = bpf_map__fd(skel->maps.src);
160 if (map_type == BPF_MAP_TYPE_SOCKMAP)
161 dst_map = skel->maps.dst_sock_map;
162 else
163 dst_map = skel->maps.dst_sock_hash;
164
165 err = bpf_map_update_elem(src, &zero, &sk, BPF_NOEXIST);
166 if (CHECK(err, "update_elem(src)", "errno=%u\n", errno))
167 goto out;
168
169 tattr = (struct bpf_prog_test_run_attr){
170 .prog_fd = prog,
171 .repeat = 1,
172 .data_in = dummy,
173 .data_size_in = sizeof(dummy),
174 };
175
176 err = bpf_prog_test_run_xattr(&tattr);
177 if (CHECK_ATTR(err || !tattr.retval, "bpf_prog_test_run",
178 "errno=%u retval=%u\n", errno, tattr.retval))
179 goto out;
180
181 compare_cookies(skel->maps.src, dst_map);
182
183 out:
184 test_sockmap_update__destroy(skel);
185 close_sk:
186 close(sk);
187 }
188
test_sockmap_invalid_update(void)189 static void test_sockmap_invalid_update(void)
190 {
191 struct test_sockmap_invalid_update *skel;
192 int duration = 0;
193
194 skel = test_sockmap_invalid_update__open_and_load();
195 if (CHECK(skel, "open_and_load", "verifier accepted map_update\n"))
196 test_sockmap_invalid_update__destroy(skel);
197 }
198
test_sockmap_copy(enum bpf_map_type map_type)199 static void test_sockmap_copy(enum bpf_map_type map_type)
200 {
201 DECLARE_LIBBPF_OPTS(bpf_iter_attach_opts, opts);
202 int err, len, src_fd, iter_fd, duration = 0;
203 union bpf_iter_link_info linfo = {};
204 __u32 i, num_sockets, num_elems;
205 struct bpf_iter_sockmap *skel;
206 __s64 *sock_fd = NULL;
207 struct bpf_link *link;
208 struct bpf_map *src;
209 char buf[64];
210
211 skel = bpf_iter_sockmap__open_and_load();
212 if (CHECK(!skel, "bpf_iter_sockmap__open_and_load", "skeleton open_and_load failed\n"))
213 return;
214
215 if (map_type == BPF_MAP_TYPE_SOCKMAP) {
216 src = skel->maps.sockmap;
217 num_elems = bpf_map__max_entries(src);
218 num_sockets = num_elems - 1;
219 } else {
220 src = skel->maps.sockhash;
221 num_elems = bpf_map__max_entries(src) - 1;
222 num_sockets = num_elems;
223 }
224
225 sock_fd = calloc(num_sockets, sizeof(*sock_fd));
226 if (CHECK(!sock_fd, "calloc(sock_fd)", "failed to allocate\n"))
227 goto out;
228
229 for (i = 0; i < num_sockets; i++)
230 sock_fd[i] = -1;
231
232 src_fd = bpf_map__fd(src);
233
234 for (i = 0; i < num_sockets; i++) {
235 sock_fd[i] = connected_socket_v4();
236 if (CHECK(sock_fd[i] == -1, "connected_socket_v4", "cannot connect\n"))
237 goto out;
238
239 err = bpf_map_update_elem(src_fd, &i, &sock_fd[i], BPF_NOEXIST);
240 if (CHECK(err, "map_update", "failed: %s\n", strerror(errno)))
241 goto out;
242 }
243
244 linfo.map.map_fd = src_fd;
245 opts.link_info = &linfo;
246 opts.link_info_len = sizeof(linfo);
247 link = bpf_program__attach_iter(skel->progs.copy, &opts);
248 if (!ASSERT_OK_PTR(link, "attach_iter"))
249 goto out;
250
251 iter_fd = bpf_iter_create(bpf_link__fd(link));
252 if (CHECK(iter_fd < 0, "create_iter", "create_iter failed\n"))
253 goto free_link;
254
255 /* do some tests */
256 while ((len = read(iter_fd, buf, sizeof(buf))) > 0)
257 ;
258 if (CHECK(len < 0, "read", "failed: %s\n", strerror(errno)))
259 goto close_iter;
260
261 /* test results */
262 if (CHECK(skel->bss->elems != num_elems, "elems", "got %u expected %u\n",
263 skel->bss->elems, num_elems))
264 goto close_iter;
265
266 if (CHECK(skel->bss->socks != num_sockets, "socks", "got %u expected %u\n",
267 skel->bss->socks, num_sockets))
268 goto close_iter;
269
270 compare_cookies(src, skel->maps.dst);
271
272 close_iter:
273 close(iter_fd);
274 free_link:
275 bpf_link__destroy(link);
276 out:
277 for (i = 0; sock_fd && i < num_sockets; i++)
278 if (sock_fd[i] >= 0)
279 close(sock_fd[i]);
280 if (sock_fd)
281 free(sock_fd);
282 bpf_iter_sockmap__destroy(skel);
283 }
284
test_sockmap_skb_verdict_attach(enum bpf_attach_type first,enum bpf_attach_type second)285 static void test_sockmap_skb_verdict_attach(enum bpf_attach_type first,
286 enum bpf_attach_type second)
287 {
288 struct test_sockmap_skb_verdict_attach *skel;
289 int err, map, verdict;
290
291 skel = test_sockmap_skb_verdict_attach__open_and_load();
292 if (CHECK_FAIL(!skel)) {
293 perror("test_sockmap_skb_verdict_attach__open_and_load");
294 return;
295 }
296
297 verdict = bpf_program__fd(skel->progs.prog_skb_verdict);
298 map = bpf_map__fd(skel->maps.sock_map);
299
300 err = bpf_prog_attach(verdict, map, first, 0);
301 if (CHECK_FAIL(err)) {
302 perror("bpf_prog_attach");
303 goto out;
304 }
305
306 err = bpf_prog_attach(verdict, map, second, 0);
307 ASSERT_EQ(err, -EBUSY, "prog_attach_fail");
308
309 err = bpf_prog_detach2(verdict, map, first);
310 if (CHECK_FAIL(err)) {
311 perror("bpf_prog_detach2");
312 goto out;
313 }
314 out:
315 test_sockmap_skb_verdict_attach__destroy(skel);
316 }
317
test_sockmap_basic(void)318 void test_sockmap_basic(void)
319 {
320 if (test__start_subtest("sockmap create_update_free"))
321 test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKMAP);
322 if (test__start_subtest("sockhash create_update_free"))
323 test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKHASH);
324 if (test__start_subtest("sockmap sk_msg load helpers"))
325 test_skmsg_helpers(BPF_MAP_TYPE_SOCKMAP);
326 if (test__start_subtest("sockhash sk_msg load helpers"))
327 test_skmsg_helpers(BPF_MAP_TYPE_SOCKHASH);
328 if (test__start_subtest("sockmap update"))
329 test_sockmap_update(BPF_MAP_TYPE_SOCKMAP);
330 if (test__start_subtest("sockhash update"))
331 test_sockmap_update(BPF_MAP_TYPE_SOCKHASH);
332 if (test__start_subtest("sockmap update in unsafe context"))
333 test_sockmap_invalid_update();
334 if (test__start_subtest("sockmap copy"))
335 test_sockmap_copy(BPF_MAP_TYPE_SOCKMAP);
336 if (test__start_subtest("sockhash copy"))
337 test_sockmap_copy(BPF_MAP_TYPE_SOCKHASH);
338 if (test__start_subtest("sockmap skb_verdict attach")) {
339 test_sockmap_skb_verdict_attach(BPF_SK_SKB_VERDICT,
340 BPF_SK_SKB_STREAM_VERDICT);
341 test_sockmap_skb_verdict_attach(BPF_SK_SKB_STREAM_VERDICT,
342 BPF_SK_SKB_VERDICT);
343 }
344 }
345