143d2b88cSDaniel Borkmann // SPDX-License-Identifier: GPL-2.0
243d2b88cSDaniel Borkmann
343d2b88cSDaniel Borkmann #include <test_progs.h>
443d2b88cSDaniel Borkmann
543d2b88cSDaniel Borkmann #include "connect4_dropper.skel.h"
643d2b88cSDaniel Borkmann
743d2b88cSDaniel Borkmann #include "cgroup_helpers.h"
843d2b88cSDaniel Borkmann #include "network_helpers.h"
943d2b88cSDaniel Borkmann
run_test(int cgroup_fd,int server_fd,bool classid)1043d2b88cSDaniel Borkmann static int run_test(int cgroup_fd, int server_fd, bool classid)
1143d2b88cSDaniel Borkmann {
1243d2b88cSDaniel Borkmann struct network_helper_opts opts = {
1343d2b88cSDaniel Borkmann .must_fail = true,
1443d2b88cSDaniel Borkmann };
1543d2b88cSDaniel Borkmann struct connect4_dropper *skel;
1643d2b88cSDaniel Borkmann int fd, err = 0;
1743d2b88cSDaniel Borkmann
1843d2b88cSDaniel Borkmann skel = connect4_dropper__open_and_load();
1943d2b88cSDaniel Borkmann if (!ASSERT_OK_PTR(skel, "skel_open"))
2043d2b88cSDaniel Borkmann return -1;
2143d2b88cSDaniel Borkmann
2243d2b88cSDaniel Borkmann skel->links.connect_v4_dropper =
2343d2b88cSDaniel Borkmann bpf_program__attach_cgroup(skel->progs.connect_v4_dropper,
2443d2b88cSDaniel Borkmann cgroup_fd);
2543d2b88cSDaniel Borkmann if (!ASSERT_OK_PTR(skel->links.connect_v4_dropper, "prog_attach")) {
2643d2b88cSDaniel Borkmann err = -1;
2743d2b88cSDaniel Borkmann goto out;
2843d2b88cSDaniel Borkmann }
2943d2b88cSDaniel Borkmann
3043d2b88cSDaniel Borkmann if (classid && !ASSERT_OK(join_classid(), "join_classid")) {
3143d2b88cSDaniel Borkmann err = -1;
3243d2b88cSDaniel Borkmann goto out;
3343d2b88cSDaniel Borkmann }
3443d2b88cSDaniel Borkmann
3543d2b88cSDaniel Borkmann fd = connect_to_fd_opts(server_fd, &opts);
3643d2b88cSDaniel Borkmann if (fd < 0)
3743d2b88cSDaniel Borkmann err = -1;
3843d2b88cSDaniel Borkmann else
3943d2b88cSDaniel Borkmann close(fd);
4043d2b88cSDaniel Borkmann out:
4143d2b88cSDaniel Borkmann connect4_dropper__destroy(skel);
4243d2b88cSDaniel Borkmann return err;
4343d2b88cSDaniel Borkmann }
4443d2b88cSDaniel Borkmann
test_cgroup_v1v2(void)4543d2b88cSDaniel Borkmann void test_cgroup_v1v2(void)
4643d2b88cSDaniel Borkmann {
4743d2b88cSDaniel Borkmann struct network_helper_opts opts = {};
4843d2b88cSDaniel Borkmann int server_fd, client_fd, cgroup_fd;
49*445e72c7SYucong Sun static const int port = 60120;
5043d2b88cSDaniel Borkmann
5143d2b88cSDaniel Borkmann /* Step 1: Check base connectivity works without any BPF. */
5243d2b88cSDaniel Borkmann server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
5343d2b88cSDaniel Borkmann if (!ASSERT_GE(server_fd, 0, "server_fd"))
5443d2b88cSDaniel Borkmann return;
5543d2b88cSDaniel Borkmann client_fd = connect_to_fd_opts(server_fd, &opts);
5643d2b88cSDaniel Borkmann if (!ASSERT_GE(client_fd, 0, "client_fd")) {
5743d2b88cSDaniel Borkmann close(server_fd);
5843d2b88cSDaniel Borkmann return;
5943d2b88cSDaniel Borkmann }
6043d2b88cSDaniel Borkmann close(client_fd);
6143d2b88cSDaniel Borkmann close(server_fd);
6243d2b88cSDaniel Borkmann
6343d2b88cSDaniel Borkmann /* Step 2: Check BPF policy prog attached to cgroups drops connectivity. */
6443d2b88cSDaniel Borkmann cgroup_fd = test__join_cgroup("/connect_dropper");
6543d2b88cSDaniel Borkmann if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd"))
6643d2b88cSDaniel Borkmann return;
6743d2b88cSDaniel Borkmann server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
6843d2b88cSDaniel Borkmann if (!ASSERT_GE(server_fd, 0, "server_fd")) {
6943d2b88cSDaniel Borkmann close(cgroup_fd);
7043d2b88cSDaniel Borkmann return;
7143d2b88cSDaniel Borkmann }
7243d2b88cSDaniel Borkmann ASSERT_OK(run_test(cgroup_fd, server_fd, false), "cgroup-v2-only");
7343d2b88cSDaniel Borkmann setup_classid_environment();
7443d2b88cSDaniel Borkmann set_classid(42);
7543d2b88cSDaniel Borkmann ASSERT_OK(run_test(cgroup_fd, server_fd, true), "cgroup-v1v2");
7643d2b88cSDaniel Borkmann cleanup_classid_environment();
7743d2b88cSDaniel Borkmann close(server_fd);
7843d2b88cSDaniel Borkmann close(cgroup_fd);
7943d2b88cSDaniel Borkmann }
80