1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2020 Cloudflare
3 #include <error.h>
4 #include <netinet/tcp.h>
5 #include <sys/epoll.h>
6
7 #include "test_progs.h"
8 #include "test_skmsg_load_helpers.skel.h"
9 #include "test_sockmap_update.skel.h"
10 #include "test_sockmap_invalid_update.skel.h"
11 #include "test_sockmap_skb_verdict_attach.skel.h"
12 #include "test_sockmap_progs_query.skel.h"
13 #include "test_sockmap_pass_prog.skel.h"
14 #include "test_sockmap_drop_prog.skel.h"
15 #include "bpf_iter_sockmap.skel.h"
16
17 #include "sockmap_helpers.h"
18
19 #define TCP_REPAIR 19 /* TCP sock is under repair right now */
20
21 #define TCP_REPAIR_ON 1
22 #define TCP_REPAIR_OFF_NO_WP -1 /* Turn off without window probes */
23
connected_socket_v4(void)24 static int connected_socket_v4(void)
25 {
26 struct sockaddr_in addr = {
27 .sin_family = AF_INET,
28 .sin_port = htons(80),
29 .sin_addr = { inet_addr("127.0.0.1") },
30 };
31 socklen_t len = sizeof(addr);
32 int s, repair, err;
33
34 s = socket(AF_INET, SOCK_STREAM, 0);
35 if (!ASSERT_GE(s, 0, "socket"))
36 goto error;
37
38 repair = TCP_REPAIR_ON;
39 err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
40 if (!ASSERT_OK(err, "setsockopt(TCP_REPAIR)"))
41 goto error;
42
43 err = connect(s, (struct sockaddr *)&addr, len);
44 if (!ASSERT_OK(err, "connect"))
45 goto error;
46
47 repair = TCP_REPAIR_OFF_NO_WP;
48 err = setsockopt(s, SOL_TCP, TCP_REPAIR, &repair, sizeof(repair));
49 if (!ASSERT_OK(err, "setsockopt(TCP_REPAIR)"))
50 goto error;
51
52 return s;
53 error:
54 perror(__func__);
55 close(s);
56 return -1;
57 }
58
compare_cookies(struct bpf_map * src,struct bpf_map * dst)59 static void compare_cookies(struct bpf_map *src, struct bpf_map *dst)
60 {
61 __u32 i, max_entries = bpf_map__max_entries(src);
62 int err, src_fd, dst_fd;
63
64 src_fd = bpf_map__fd(src);
65 dst_fd = bpf_map__fd(dst);
66
67 for (i = 0; i < max_entries; i++) {
68 __u64 src_cookie, dst_cookie;
69
70 err = bpf_map_lookup_elem(src_fd, &i, &src_cookie);
71 if (err && errno == ENOENT) {
72 err = bpf_map_lookup_elem(dst_fd, &i, &dst_cookie);
73 ASSERT_ERR(err, "map_lookup_elem(dst)");
74 ASSERT_EQ(errno, ENOENT, "map_lookup_elem(dst)");
75 continue;
76 }
77 if (!ASSERT_OK(err, "lookup_elem(src)"))
78 continue;
79
80 err = bpf_map_lookup_elem(dst_fd, &i, &dst_cookie);
81 if (!ASSERT_OK(err, "lookup_elem(dst)"))
82 continue;
83
84 ASSERT_EQ(dst_cookie, src_cookie, "cookie mismatch");
85 }
86 }
87
88 /* Create a map, populate it with one socket, and free the map. */
test_sockmap_create_update_free(enum bpf_map_type map_type)89 static void test_sockmap_create_update_free(enum bpf_map_type map_type)
90 {
91 const int zero = 0;
92 int s, map, err;
93
94 s = connected_socket_v4();
95 if (!ASSERT_GE(s, 0, "connected_socket_v4"))
96 return;
97
98 map = bpf_map_create(map_type, NULL, sizeof(int), sizeof(int), 1, NULL);
99 if (!ASSERT_GE(map, 0, "bpf_map_create"))
100 goto out;
101
102 err = bpf_map_update_elem(map, &zero, &s, BPF_NOEXIST);
103 if (!ASSERT_OK(err, "bpf_map_update"))
104 goto out;
105
106 out:
107 close(map);
108 close(s);
109 }
110
test_skmsg_helpers(enum bpf_map_type map_type)111 static void test_skmsg_helpers(enum bpf_map_type map_type)
112 {
113 struct test_skmsg_load_helpers *skel;
114 int err, map, verdict;
115
116 skel = test_skmsg_load_helpers__open_and_load();
117 if (!ASSERT_OK_PTR(skel, "test_skmsg_load_helpers__open_and_load"))
118 return;
119
120 verdict = bpf_program__fd(skel->progs.prog_msg_verdict);
121 map = bpf_map__fd(skel->maps.sock_map);
122
123 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
124 if (!ASSERT_OK(err, "bpf_prog_attach"))
125 goto out;
126
127 err = bpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT);
128 if (!ASSERT_OK(err, "bpf_prog_detach2"))
129 goto out;
130 out:
131 test_skmsg_load_helpers__destroy(skel);
132 }
133
test_sockmap_update(enum bpf_map_type map_type)134 static void test_sockmap_update(enum bpf_map_type map_type)
135 {
136 int err, prog, src;
137 struct test_sockmap_update *skel;
138 struct bpf_map *dst_map;
139 const __u32 zero = 0;
140 char dummy[14] = {0};
141 LIBBPF_OPTS(bpf_test_run_opts, topts,
142 .data_in = dummy,
143 .data_size_in = sizeof(dummy),
144 .repeat = 1,
145 );
146 __s64 sk;
147
148 sk = connected_socket_v4();
149 if (!ASSERT_NEQ(sk, -1, "connected_socket_v4"))
150 return;
151
152 skel = test_sockmap_update__open_and_load();
153 if (!ASSERT_OK_PTR(skel, "open_and_load"))
154 goto close_sk;
155
156 prog = bpf_program__fd(skel->progs.copy_sock_map);
157 src = bpf_map__fd(skel->maps.src);
158 if (map_type == BPF_MAP_TYPE_SOCKMAP)
159 dst_map = skel->maps.dst_sock_map;
160 else
161 dst_map = skel->maps.dst_sock_hash;
162
163 err = bpf_map_update_elem(src, &zero, &sk, BPF_NOEXIST);
164 if (!ASSERT_OK(err, "update_elem(src)"))
165 goto out;
166
167 err = bpf_prog_test_run_opts(prog, &topts);
168 if (!ASSERT_OK(err, "test_run"))
169 goto out;
170 if (!ASSERT_NEQ(topts.retval, 0, "test_run retval"))
171 goto out;
172
173 compare_cookies(skel->maps.src, dst_map);
174
175 out:
176 test_sockmap_update__destroy(skel);
177 close_sk:
178 close(sk);
179 }
180
test_sockmap_invalid_update(void)181 static void test_sockmap_invalid_update(void)
182 {
183 struct test_sockmap_invalid_update *skel;
184
185 skel = test_sockmap_invalid_update__open_and_load();
186 if (!ASSERT_NULL(skel, "open_and_load"))
187 test_sockmap_invalid_update__destroy(skel);
188 }
189
test_sockmap_copy(enum bpf_map_type map_type)190 static void test_sockmap_copy(enum bpf_map_type map_type)
191 {
192 DECLARE_LIBBPF_OPTS(bpf_iter_attach_opts, opts);
193 int err, len, src_fd, iter_fd;
194 union bpf_iter_link_info linfo = {};
195 __u32 i, num_sockets, num_elems;
196 struct bpf_iter_sockmap *skel;
197 __s64 *sock_fd = NULL;
198 struct bpf_link *link;
199 struct bpf_map *src;
200 char buf[64];
201
202 skel = bpf_iter_sockmap__open_and_load();
203 if (!ASSERT_OK_PTR(skel, "bpf_iter_sockmap__open_and_load"))
204 return;
205
206 if (map_type == BPF_MAP_TYPE_SOCKMAP) {
207 src = skel->maps.sockmap;
208 num_elems = bpf_map__max_entries(src);
209 num_sockets = num_elems - 1;
210 } else {
211 src = skel->maps.sockhash;
212 num_elems = bpf_map__max_entries(src) - 1;
213 num_sockets = num_elems;
214 }
215
216 sock_fd = calloc(num_sockets, sizeof(*sock_fd));
217 if (!ASSERT_OK_PTR(sock_fd, "calloc(sock_fd)"))
218 goto out;
219
220 for (i = 0; i < num_sockets; i++)
221 sock_fd[i] = -1;
222
223 src_fd = bpf_map__fd(src);
224
225 for (i = 0; i < num_sockets; i++) {
226 sock_fd[i] = connected_socket_v4();
227 if (!ASSERT_NEQ(sock_fd[i], -1, "connected_socket_v4"))
228 goto out;
229
230 err = bpf_map_update_elem(src_fd, &i, &sock_fd[i], BPF_NOEXIST);
231 if (!ASSERT_OK(err, "map_update"))
232 goto out;
233 }
234
235 linfo.map.map_fd = src_fd;
236 opts.link_info = &linfo;
237 opts.link_info_len = sizeof(linfo);
238 link = bpf_program__attach_iter(skel->progs.copy, &opts);
239 if (!ASSERT_OK_PTR(link, "attach_iter"))
240 goto out;
241
242 iter_fd = bpf_iter_create(bpf_link__fd(link));
243 if (!ASSERT_GE(iter_fd, 0, "create_iter"))
244 goto free_link;
245
246 /* do some tests */
247 while ((len = read(iter_fd, buf, sizeof(buf))) > 0)
248 ;
249 if (!ASSERT_GE(len, 0, "read"))
250 goto close_iter;
251
252 /* test results */
253 if (!ASSERT_EQ(skel->bss->elems, num_elems, "elems"))
254 goto close_iter;
255
256 if (!ASSERT_EQ(skel->bss->socks, num_sockets, "socks"))
257 goto close_iter;
258
259 compare_cookies(src, skel->maps.dst);
260
261 close_iter:
262 close(iter_fd);
263 free_link:
264 bpf_link__destroy(link);
265 out:
266 for (i = 0; sock_fd && i < num_sockets; i++)
267 if (sock_fd[i] >= 0)
268 close(sock_fd[i]);
269 if (sock_fd)
270 free(sock_fd);
271 bpf_iter_sockmap__destroy(skel);
272 }
273
test_sockmap_skb_verdict_attach(enum bpf_attach_type first,enum bpf_attach_type second)274 static void test_sockmap_skb_verdict_attach(enum bpf_attach_type first,
275 enum bpf_attach_type second)
276 {
277 struct test_sockmap_skb_verdict_attach *skel;
278 int err, map, verdict;
279
280 skel = test_sockmap_skb_verdict_attach__open_and_load();
281 if (!ASSERT_OK_PTR(skel, "open_and_load"))
282 return;
283
284 verdict = bpf_program__fd(skel->progs.prog_skb_verdict);
285 map = bpf_map__fd(skel->maps.sock_map);
286
287 err = bpf_prog_attach(verdict, map, first, 0);
288 if (!ASSERT_OK(err, "bpf_prog_attach"))
289 goto out;
290
291 err = bpf_prog_attach(verdict, map, second, 0);
292 ASSERT_EQ(err, -EBUSY, "prog_attach_fail");
293
294 err = bpf_prog_detach2(verdict, map, first);
295 if (!ASSERT_OK(err, "bpf_prog_detach2"))
296 goto out;
297 out:
298 test_sockmap_skb_verdict_attach__destroy(skel);
299 }
300
query_prog_id(int prog_fd)301 static __u32 query_prog_id(int prog_fd)
302 {
303 struct bpf_prog_info info = {};
304 __u32 info_len = sizeof(info);
305 int err;
306
307 err = bpf_prog_get_info_by_fd(prog_fd, &info, &info_len);
308 if (!ASSERT_OK(err, "bpf_prog_get_info_by_fd") ||
309 !ASSERT_EQ(info_len, sizeof(info), "bpf_prog_get_info_by_fd"))
310 return 0;
311
312 return info.id;
313 }
314
test_sockmap_progs_query(enum bpf_attach_type attach_type)315 static void test_sockmap_progs_query(enum bpf_attach_type attach_type)
316 {
317 struct test_sockmap_progs_query *skel;
318 int err, map_fd, verdict_fd;
319 __u32 attach_flags = 0;
320 __u32 prog_ids[3] = {};
321 __u32 prog_cnt = 3;
322
323 skel = test_sockmap_progs_query__open_and_load();
324 if (!ASSERT_OK_PTR(skel, "test_sockmap_progs_query__open_and_load"))
325 return;
326
327 map_fd = bpf_map__fd(skel->maps.sock_map);
328
329 if (attach_type == BPF_SK_MSG_VERDICT)
330 verdict_fd = bpf_program__fd(skel->progs.prog_skmsg_verdict);
331 else
332 verdict_fd = bpf_program__fd(skel->progs.prog_skb_verdict);
333
334 err = bpf_prog_query(map_fd, attach_type, 0 /* query flags */,
335 &attach_flags, prog_ids, &prog_cnt);
336 ASSERT_OK(err, "bpf_prog_query failed");
337 ASSERT_EQ(attach_flags, 0, "wrong attach_flags on query");
338 ASSERT_EQ(prog_cnt, 0, "wrong program count on query");
339
340 err = bpf_prog_attach(verdict_fd, map_fd, attach_type, 0);
341 if (!ASSERT_OK(err, "bpf_prog_attach failed"))
342 goto out;
343
344 prog_cnt = 1;
345 err = bpf_prog_query(map_fd, attach_type, 0 /* query flags */,
346 &attach_flags, prog_ids, &prog_cnt);
347 ASSERT_OK(err, "bpf_prog_query failed");
348 ASSERT_EQ(attach_flags, 0, "wrong attach_flags on query");
349 ASSERT_EQ(prog_cnt, 1, "wrong program count on query");
350 ASSERT_EQ(prog_ids[0], query_prog_id(verdict_fd),
351 "wrong prog_ids on query");
352
353 bpf_prog_detach2(verdict_fd, map_fd, attach_type);
354 out:
355 test_sockmap_progs_query__destroy(skel);
356 }
357
358 #define MAX_EVENTS 10
test_sockmap_skb_verdict_shutdown(void)359 static void test_sockmap_skb_verdict_shutdown(void)
360 {
361 struct epoll_event ev, events[MAX_EVENTS];
362 int n, err, map, verdict, s, c1, p1;
363 struct test_sockmap_pass_prog *skel;
364 int epollfd;
365 int zero = 0;
366 char b;
367
368 skel = test_sockmap_pass_prog__open_and_load();
369 if (!ASSERT_OK_PTR(skel, "open_and_load"))
370 return;
371
372 verdict = bpf_program__fd(skel->progs.prog_skb_verdict);
373 map = bpf_map__fd(skel->maps.sock_map_rx);
374
375 err = bpf_prog_attach(verdict, map, BPF_SK_SKB_STREAM_VERDICT, 0);
376 if (!ASSERT_OK(err, "bpf_prog_attach"))
377 goto out;
378
379 s = socket_loopback(AF_INET, SOCK_STREAM);
380 if (s < 0)
381 goto out;
382 err = create_pair(s, AF_INET, SOCK_STREAM, &c1, &p1);
383 if (err < 0)
384 goto out;
385
386 err = bpf_map_update_elem(map, &zero, &c1, BPF_NOEXIST);
387 if (err < 0)
388 goto out_close;
389
390 shutdown(p1, SHUT_WR);
391
392 ev.events = EPOLLIN;
393 ev.data.fd = c1;
394
395 epollfd = epoll_create1(0);
396 if (!ASSERT_GT(epollfd, -1, "epoll_create(0)"))
397 goto out_close;
398 err = epoll_ctl(epollfd, EPOLL_CTL_ADD, c1, &ev);
399 if (!ASSERT_OK(err, "epoll_ctl(EPOLL_CTL_ADD)"))
400 goto out_close;
401 err = epoll_wait(epollfd, events, MAX_EVENTS, -1);
402 if (!ASSERT_EQ(err, 1, "epoll_wait(fd)"))
403 goto out_close;
404
405 n = recv(c1, &b, 1, SOCK_NONBLOCK);
406 ASSERT_EQ(n, 0, "recv_timeout(fin)");
407 out_close:
408 close(c1);
409 close(p1);
410 out:
411 test_sockmap_pass_prog__destroy(skel);
412 }
413
test_sockmap_skb_verdict_fionread(bool pass_prog)414 static void test_sockmap_skb_verdict_fionread(bool pass_prog)
415 {
416 int expected, zero = 0, sent, recvd, avail;
417 int err, map, verdict, s, c0, c1, p0, p1;
418 struct test_sockmap_pass_prog *pass;
419 struct test_sockmap_drop_prog *drop;
420 char buf[256] = "0123456789";
421
422 if (pass_prog) {
423 pass = test_sockmap_pass_prog__open_and_load();
424 if (!ASSERT_OK_PTR(pass, "open_and_load"))
425 return;
426 verdict = bpf_program__fd(pass->progs.prog_skb_verdict);
427 map = bpf_map__fd(pass->maps.sock_map_rx);
428 expected = sizeof(buf);
429 } else {
430 drop = test_sockmap_drop_prog__open_and_load();
431 if (!ASSERT_OK_PTR(drop, "open_and_load"))
432 return;
433 verdict = bpf_program__fd(drop->progs.prog_skb_verdict);
434 map = bpf_map__fd(drop->maps.sock_map_rx);
435 /* On drop data is consumed immediately and copied_seq inc'd */
436 expected = 0;
437 }
438
439
440 err = bpf_prog_attach(verdict, map, BPF_SK_SKB_STREAM_VERDICT, 0);
441 if (!ASSERT_OK(err, "bpf_prog_attach"))
442 goto out;
443
444 s = socket_loopback(AF_INET, SOCK_STREAM);
445 if (!ASSERT_GT(s, -1, "socket_loopback(s)"))
446 goto out;
447 err = create_socket_pairs(s, AF_INET, SOCK_STREAM, &c0, &c1, &p0, &p1);
448 if (!ASSERT_OK(err, "create_socket_pairs(s)"))
449 goto out;
450
451 err = bpf_map_update_elem(map, &zero, &c1, BPF_NOEXIST);
452 if (!ASSERT_OK(err, "bpf_map_update_elem(c1)"))
453 goto out_close;
454
455 sent = xsend(p1, &buf, sizeof(buf), 0);
456 ASSERT_EQ(sent, sizeof(buf), "xsend(p0)");
457 err = ioctl(c1, FIONREAD, &avail);
458 ASSERT_OK(err, "ioctl(FIONREAD) error");
459 ASSERT_EQ(avail, expected, "ioctl(FIONREAD)");
460 /* On DROP test there will be no data to read */
461 if (pass_prog) {
462 recvd = recv_timeout(c1, &buf, sizeof(buf), SOCK_NONBLOCK, IO_TIMEOUT_SEC);
463 ASSERT_EQ(recvd, sizeof(buf), "recv_timeout(c0)");
464 }
465
466 out_close:
467 close(c0);
468 close(p0);
469 close(c1);
470 close(p1);
471 out:
472 if (pass_prog)
473 test_sockmap_pass_prog__destroy(pass);
474 else
475 test_sockmap_drop_prog__destroy(drop);
476 }
477
test_sockmap_skb_verdict_peek(void)478 static void test_sockmap_skb_verdict_peek(void)
479 {
480 int err, map, verdict, s, c1, p1, zero = 0, sent, recvd, avail;
481 struct test_sockmap_pass_prog *pass;
482 char snd[256] = "0123456789";
483 char rcv[256] = "0";
484
485 pass = test_sockmap_pass_prog__open_and_load();
486 if (!ASSERT_OK_PTR(pass, "open_and_load"))
487 return;
488 verdict = bpf_program__fd(pass->progs.prog_skb_verdict);
489 map = bpf_map__fd(pass->maps.sock_map_rx);
490
491 err = bpf_prog_attach(verdict, map, BPF_SK_SKB_STREAM_VERDICT, 0);
492 if (!ASSERT_OK(err, "bpf_prog_attach"))
493 goto out;
494
495 s = socket_loopback(AF_INET, SOCK_STREAM);
496 if (!ASSERT_GT(s, -1, "socket_loopback(s)"))
497 goto out;
498
499 err = create_pair(s, AF_INET, SOCK_STREAM, &c1, &p1);
500 if (!ASSERT_OK(err, "create_pairs(s)"))
501 goto out;
502
503 err = bpf_map_update_elem(map, &zero, &c1, BPF_NOEXIST);
504 if (!ASSERT_OK(err, "bpf_map_update_elem(c1)"))
505 goto out_close;
506
507 sent = xsend(p1, snd, sizeof(snd), 0);
508 ASSERT_EQ(sent, sizeof(snd), "xsend(p1)");
509 recvd = recv(c1, rcv, sizeof(rcv), MSG_PEEK);
510 ASSERT_EQ(recvd, sizeof(rcv), "recv(c1)");
511 err = ioctl(c1, FIONREAD, &avail);
512 ASSERT_OK(err, "ioctl(FIONREAD) error");
513 ASSERT_EQ(avail, sizeof(snd), "after peek ioctl(FIONREAD)");
514 recvd = recv(c1, rcv, sizeof(rcv), 0);
515 ASSERT_EQ(recvd, sizeof(rcv), "recv(p0)");
516 err = ioctl(c1, FIONREAD, &avail);
517 ASSERT_OK(err, "ioctl(FIONREAD) error");
518 ASSERT_EQ(avail, 0, "after read ioctl(FIONREAD)");
519
520 out_close:
521 close(c1);
522 close(p1);
523 out:
524 test_sockmap_pass_prog__destroy(pass);
525 }
526
test_sockmap_basic(void)527 void test_sockmap_basic(void)
528 {
529 if (test__start_subtest("sockmap create_update_free"))
530 test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKMAP);
531 if (test__start_subtest("sockhash create_update_free"))
532 test_sockmap_create_update_free(BPF_MAP_TYPE_SOCKHASH);
533 if (test__start_subtest("sockmap sk_msg load helpers"))
534 test_skmsg_helpers(BPF_MAP_TYPE_SOCKMAP);
535 if (test__start_subtest("sockhash sk_msg load helpers"))
536 test_skmsg_helpers(BPF_MAP_TYPE_SOCKHASH);
537 if (test__start_subtest("sockmap update"))
538 test_sockmap_update(BPF_MAP_TYPE_SOCKMAP);
539 if (test__start_subtest("sockhash update"))
540 test_sockmap_update(BPF_MAP_TYPE_SOCKHASH);
541 if (test__start_subtest("sockmap update in unsafe context"))
542 test_sockmap_invalid_update();
543 if (test__start_subtest("sockmap copy"))
544 test_sockmap_copy(BPF_MAP_TYPE_SOCKMAP);
545 if (test__start_subtest("sockhash copy"))
546 test_sockmap_copy(BPF_MAP_TYPE_SOCKHASH);
547 if (test__start_subtest("sockmap skb_verdict attach")) {
548 test_sockmap_skb_verdict_attach(BPF_SK_SKB_VERDICT,
549 BPF_SK_SKB_STREAM_VERDICT);
550 test_sockmap_skb_verdict_attach(BPF_SK_SKB_STREAM_VERDICT,
551 BPF_SK_SKB_VERDICT);
552 }
553 if (test__start_subtest("sockmap msg_verdict progs query"))
554 test_sockmap_progs_query(BPF_SK_MSG_VERDICT);
555 if (test__start_subtest("sockmap stream_parser progs query"))
556 test_sockmap_progs_query(BPF_SK_SKB_STREAM_PARSER);
557 if (test__start_subtest("sockmap stream_verdict progs query"))
558 test_sockmap_progs_query(BPF_SK_SKB_STREAM_VERDICT);
559 if (test__start_subtest("sockmap skb_verdict progs query"))
560 test_sockmap_progs_query(BPF_SK_SKB_VERDICT);
561 if (test__start_subtest("sockmap skb_verdict shutdown"))
562 test_sockmap_skb_verdict_shutdown();
563 if (test__start_subtest("sockmap skb_verdict fionread"))
564 test_sockmap_skb_verdict_fionread(true);
565 if (test__start_subtest("sockmap skb_verdict fionread on drop"))
566 test_sockmap_skb_verdict_fionread(false);
567 if (test__start_subtest("sockmap skb_verdict msg_f_peek"))
568 test_sockmap_skb_verdict_peek();
569 }
570