1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <test_progs.h> 4 5 #include "connect4_dropper.skel.h" 6 7 #include "cgroup_helpers.h" 8 #include "network_helpers.h" 9 10 static int run_test(int cgroup_fd, int server_fd, bool classid) 11 { 12 struct network_helper_opts opts = { 13 .must_fail = true, 14 }; 15 struct connect4_dropper *skel; 16 int fd, err = 0; 17 18 skel = connect4_dropper__open_and_load(); 19 if (!ASSERT_OK_PTR(skel, "skel_open")) 20 return -1; 21 22 skel->links.connect_v4_dropper = 23 bpf_program__attach_cgroup(skel->progs.connect_v4_dropper, 24 cgroup_fd); 25 if (!ASSERT_OK_PTR(skel->links.connect_v4_dropper, "prog_attach")) { 26 err = -1; 27 goto out; 28 } 29 30 if (classid && !ASSERT_OK(join_classid(), "join_classid")) { 31 err = -1; 32 goto out; 33 } 34 35 fd = connect_to_fd_opts(server_fd, &opts); 36 if (fd < 0) 37 err = -1; 38 else 39 close(fd); 40 out: 41 connect4_dropper__destroy(skel); 42 return err; 43 } 44 45 void test_cgroup_v1v2(void) 46 { 47 struct network_helper_opts opts = {}; 48 int server_fd, client_fd, cgroup_fd; 49 static const int port = 60123; 50 51 /* Step 1: Check base connectivity works without any BPF. */ 52 server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0); 53 if (!ASSERT_GE(server_fd, 0, "server_fd")) 54 return; 55 client_fd = connect_to_fd_opts(server_fd, &opts); 56 if (!ASSERT_GE(client_fd, 0, "client_fd")) { 57 close(server_fd); 58 return; 59 } 60 close(client_fd); 61 close(server_fd); 62 63 /* Step 2: Check BPF policy prog attached to cgroups drops connectivity. */ 64 cgroup_fd = test__join_cgroup("/connect_dropper"); 65 if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd")) 66 return; 67 server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0); 68 if (!ASSERT_GE(server_fd, 0, "server_fd")) { 69 close(cgroup_fd); 70 return; 71 } 72 ASSERT_OK(run_test(cgroup_fd, server_fd, false), "cgroup-v2-only"); 73 setup_classid_environment(); 74 set_classid(42); 75 ASSERT_OK(run_test(cgroup_fd, server_fd, true), "cgroup-v1v2"); 76 cleanup_classid_environment(); 77 close(server_fd); 78 close(cgroup_fd); 79 } 80