1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) Meta Platforms, Inc. and affiliates. */
3 
4 #define _GNU_SOURCE
5 #include <sched.h>
6 #include <linux/socket.h>
7 #include <linux/tls.h>
8 #include <net/if.h>
9 
10 #include "test_progs.h"
11 #include "cgroup_helpers.h"
12 #include "network_helpers.h"
13 
14 #include "setget_sockopt.skel.h"
15 
16 #define CG_NAME "/setget-sockopt-test"
17 
18 static const char addr4_str[] = "127.0.0.1";
19 static const char addr6_str[] = "::1";
20 static struct setget_sockopt *skel;
21 static int cg_fd;
22 
23 static int create_netns(void)
24 {
25 	if (!ASSERT_OK(unshare(CLONE_NEWNET), "create netns"))
26 		return -1;
27 
28 	if (!ASSERT_OK(system("ip link set dev lo up"), "set lo up"))
29 		return -1;
30 
31 	if (!ASSERT_OK(system("ip link add dev binddevtest1 type veth peer name binddevtest2"),
32 		       "add veth"))
33 		return -1;
34 
35 	if (!ASSERT_OK(system("ip link set dev binddevtest1 up"),
36 		       "bring veth up"))
37 		return -1;
38 
39 	return 0;
40 }
41 
42 static void test_tcp(int family)
43 {
44 	struct setget_sockopt__bss *bss = skel->bss;
45 	int sfd, cfd;
46 
47 	memset(bss, 0, sizeof(*bss));
48 
49 	sfd = start_server(family, SOCK_STREAM,
50 			   family == AF_INET6 ? addr6_str : addr4_str, 0, 0);
51 	if (!ASSERT_GE(sfd, 0, "start_server"))
52 		return;
53 
54 	cfd = connect_to_fd(sfd, 0);
55 	if (!ASSERT_GE(cfd, 0, "connect_to_fd_server")) {
56 		close(sfd);
57 		return;
58 	}
59 	close(sfd);
60 	close(cfd);
61 
62 	ASSERT_EQ(bss->nr_listen, 1, "nr_listen");
63 	ASSERT_EQ(bss->nr_connect, 1, "nr_connect");
64 	ASSERT_EQ(bss->nr_active, 1, "nr_active");
65 	ASSERT_EQ(bss->nr_passive, 1, "nr_passive");
66 	ASSERT_EQ(bss->nr_socket_post_create, 2, "nr_socket_post_create");
67 	ASSERT_EQ(bss->nr_binddev, 2, "nr_bind");
68 }
69 
70 static void test_udp(int family)
71 {
72 	struct setget_sockopt__bss *bss = skel->bss;
73 	int sfd;
74 
75 	memset(bss, 0, sizeof(*bss));
76 
77 	sfd = start_server(family, SOCK_DGRAM,
78 			   family == AF_INET6 ? addr6_str : addr4_str, 0, 0);
79 	if (!ASSERT_GE(sfd, 0, "start_server"))
80 		return;
81 	close(sfd);
82 
83 	ASSERT_GE(bss->nr_socket_post_create, 1, "nr_socket_post_create");
84 	ASSERT_EQ(bss->nr_binddev, 1, "nr_bind");
85 }
86 
87 static void test_ktls(int family)
88 {
89 	struct tls12_crypto_info_aes_gcm_128 aes128;
90 	struct setget_sockopt__bss *bss = skel->bss;
91 	int cfd = -1, sfd = -1, fd = -1, ret;
92 	char buf;
93 
94 	memset(bss, 0, sizeof(*bss));
95 
96 	sfd = start_server(family, SOCK_STREAM,
97 			   family == AF_INET6 ? addr6_str : addr4_str, 0, 0);
98 	if (!ASSERT_GE(sfd, 0, "start_server"))
99 		return;
100 	fd = connect_to_fd(sfd, 0);
101 	if (!ASSERT_GE(fd, 0, "connect_to_fd"))
102 		goto err_out;
103 
104 	cfd = accept(sfd, NULL, 0);
105 	if (!ASSERT_GE(cfd, 0, "accept"))
106 		goto err_out;
107 
108 	close(sfd);
109 	sfd = -1;
110 
111 	/* Setup KTLS */
112 	ret = setsockopt(fd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
113 	if (!ASSERT_OK(ret, "setsockopt"))
114 		goto err_out;
115 	ret = setsockopt(cfd, IPPROTO_TCP, TCP_ULP, "tls", sizeof("tls"));
116 	if (!ASSERT_OK(ret, "setsockopt"))
117 		goto err_out;
118 
119 	memset(&aes128, 0, sizeof(aes128));
120 	aes128.info.version = TLS_1_2_VERSION;
121 	aes128.info.cipher_type = TLS_CIPHER_AES_GCM_128;
122 
123 	ret = setsockopt(fd, SOL_TLS, TLS_TX, &aes128, sizeof(aes128));
124 	if (!ASSERT_OK(ret, "setsockopt"))
125 		goto err_out;
126 
127 	ret = setsockopt(cfd, SOL_TLS, TLS_RX, &aes128, sizeof(aes128));
128 	if (!ASSERT_OK(ret, "setsockopt"))
129 		goto err_out;
130 
131 	/* KTLS is enabled */
132 
133 	close(fd);
134 	/* At this point, the cfd socket is at the CLOSE_WAIT state
135 	 * and still run TLS protocol.  The test for
136 	 * BPF_TCP_CLOSE_WAIT should be run at this point.
137 	 */
138 	ret = read(cfd, &buf, sizeof(buf));
139 	ASSERT_EQ(ret, 0, "read");
140 	close(cfd);
141 
142 	ASSERT_EQ(bss->nr_listen, 1, "nr_listen");
143 	ASSERT_EQ(bss->nr_connect, 1, "nr_connect");
144 	ASSERT_EQ(bss->nr_active, 1, "nr_active");
145 	ASSERT_EQ(bss->nr_passive, 1, "nr_passive");
146 	ASSERT_EQ(bss->nr_socket_post_create, 2, "nr_socket_post_create");
147 	ASSERT_EQ(bss->nr_binddev, 2, "nr_bind");
148 	ASSERT_EQ(bss->nr_fin_wait1, 1, "nr_fin_wait1");
149 	return;
150 
151 err_out:
152 	close(fd);
153 	close(cfd);
154 	close(sfd);
155 }
156 
157 void test_setget_sockopt(void)
158 {
159 	cg_fd = test__join_cgroup(CG_NAME);
160 	if (cg_fd < 0)
161 		return;
162 
163 	if (create_netns())
164 		goto done;
165 
166 	skel = setget_sockopt__open();
167 	if (!ASSERT_OK_PTR(skel, "open skel"))
168 		goto done;
169 
170 	strcpy(skel->rodata->veth, "binddevtest1");
171 	skel->rodata->veth_ifindex = if_nametoindex("binddevtest1");
172 	if (!ASSERT_GT(skel->rodata->veth_ifindex, 0, "if_nametoindex"))
173 		goto done;
174 
175 	if (!ASSERT_OK(setget_sockopt__load(skel), "load skel"))
176 		goto done;
177 
178 	skel->links.skops_sockopt =
179 		bpf_program__attach_cgroup(skel->progs.skops_sockopt, cg_fd);
180 	if (!ASSERT_OK_PTR(skel->links.skops_sockopt, "attach cgroup"))
181 		goto done;
182 
183 	skel->links.socket_post_create =
184 		bpf_program__attach_cgroup(skel->progs.socket_post_create, cg_fd);
185 	if (!ASSERT_OK_PTR(skel->links.socket_post_create, "attach_cgroup"))
186 		goto done;
187 
188 	test_tcp(AF_INET6);
189 	test_tcp(AF_INET);
190 	test_udp(AF_INET6);
191 	test_udp(AF_INET);
192 	test_ktls(AF_INET6);
193 	test_ktls(AF_INET);
194 
195 done:
196 	setget_sockopt__destroy(skel);
197 	close(cg_fd);
198 }
199