1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2018 Facebook
3 
4 #include <stdlib.h>
5 #include <string.h>
6 #include <unistd.h>
7 
8 #include <arpa/inet.h>
9 #include <net/if.h>
10 #include <netinet/in.h>
11 #include <sys/socket.h>
12 #include <sys/types.h>
13 
14 
15 #include <bpf/bpf.h>
16 #include <bpf/libbpf.h>
17 
18 #include "bpf_rlimit.h"
19 #include "cgroup_helpers.h"
20 
21 #define CGROUP_PATH		"/skb_cgroup_test"
22 #define NUM_CGROUP_LEVELS	4
23 
24 /* RFC 4291, Section 2.7.1 */
25 #define LINKLOCAL_MULTICAST	"ff02::1"
26 
27 static int mk_dst_addr(const char *ip, const char *iface,
28 		       struct sockaddr_in6 *dst)
29 {
30 	memset(dst, 0, sizeof(*dst));
31 
32 	dst->sin6_family = AF_INET6;
33 	dst->sin6_port = htons(1025);
34 
35 	if (inet_pton(AF_INET6, ip, &dst->sin6_addr) != 1) {
36 		log_err("Invalid IPv6: %s", ip);
37 		return -1;
38 	}
39 
40 	dst->sin6_scope_id = if_nametoindex(iface);
41 	if (!dst->sin6_scope_id) {
42 		log_err("Failed to get index of iface: %s", iface);
43 		return -1;
44 	}
45 
46 	return 0;
47 }
48 
49 static int send_packet(const char *iface)
50 {
51 	struct sockaddr_in6 dst;
52 	char msg[] = "msg";
53 	int err = 0;
54 	int fd = -1;
55 
56 	if (mk_dst_addr(LINKLOCAL_MULTICAST, iface, &dst))
57 		goto err;
58 
59 	fd = socket(AF_INET6, SOCK_DGRAM, 0);
60 	if (fd == -1) {
61 		log_err("Failed to create UDP socket");
62 		goto err;
63 	}
64 
65 	if (sendto(fd, &msg, sizeof(msg), 0, (const struct sockaddr *)&dst,
66 		   sizeof(dst)) == -1) {
67 		log_err("Failed to send datagram");
68 		goto err;
69 	}
70 
71 	goto out;
72 err:
73 	err = -1;
74 out:
75 	if (fd >= 0)
76 		close(fd);
77 	return err;
78 }
79 
80 int get_map_fd_by_prog_id(int prog_id)
81 {
82 	struct bpf_prog_info info = {};
83 	__u32 info_len = sizeof(info);
84 	__u32 map_ids[1];
85 	int prog_fd = -1;
86 	int map_fd = -1;
87 
88 	prog_fd = bpf_prog_get_fd_by_id(prog_id);
89 	if (prog_fd < 0) {
90 		log_err("Failed to get fd by prog id %d", prog_id);
91 		goto err;
92 	}
93 
94 	info.nr_map_ids = 1;
95 	info.map_ids = (__u64) (unsigned long) map_ids;
96 
97 	if (bpf_obj_get_info_by_fd(prog_fd, &info, &info_len)) {
98 		log_err("Failed to get info by prog fd %d", prog_fd);
99 		goto err;
100 	}
101 
102 	if (!info.nr_map_ids) {
103 		log_err("No maps found for prog fd %d", prog_fd);
104 		goto err;
105 	}
106 
107 	map_fd = bpf_map_get_fd_by_id(map_ids[0]);
108 	if (map_fd < 0)
109 		log_err("Failed to get fd by map id %d", map_ids[0]);
110 err:
111 	if (prog_fd >= 0)
112 		close(prog_fd);
113 	return map_fd;
114 }
115 
116 int check_ancestor_cgroup_ids(int prog_id)
117 {
118 	__u64 actual_ids[NUM_CGROUP_LEVELS], expected_ids[NUM_CGROUP_LEVELS];
119 	__u32 level;
120 	int err = 0;
121 	int map_fd;
122 
123 	expected_ids[0] = 0x100000001;	/* root cgroup */
124 	expected_ids[1] = get_cgroup_id("");
125 	expected_ids[2] = get_cgroup_id(CGROUP_PATH);
126 	expected_ids[3] = 0; /* non-existent cgroup */
127 
128 	map_fd = get_map_fd_by_prog_id(prog_id);
129 	if (map_fd < 0)
130 		goto err;
131 
132 	for (level = 0; level < NUM_CGROUP_LEVELS; ++level) {
133 		if (bpf_map_lookup_elem(map_fd, &level, &actual_ids[level])) {
134 			log_err("Failed to lookup key %d", level);
135 			goto err;
136 		}
137 		if (actual_ids[level] != expected_ids[level]) {
138 			log_err("%llx (actual) != %llx (expected), level: %u\n",
139 				actual_ids[level], expected_ids[level], level);
140 			goto err;
141 		}
142 	}
143 
144 	goto out;
145 err:
146 	err = -1;
147 out:
148 	if (map_fd >= 0)
149 		close(map_fd);
150 	return err;
151 }
152 
153 int main(int argc, char **argv)
154 {
155 	int cgfd = -1;
156 	int err = 0;
157 
158 	if (argc < 3) {
159 		fprintf(stderr, "Usage: %s iface prog_id\n", argv[0]);
160 		exit(EXIT_FAILURE);
161 	}
162 
163 	if (setup_cgroup_environment())
164 		goto err;
165 
166 	cgfd = create_and_get_cgroup(CGROUP_PATH);
167 	if (!cgfd)
168 		goto err;
169 
170 	if (join_cgroup(CGROUP_PATH))
171 		goto err;
172 
173 	if (send_packet(argv[1]))
174 		goto err;
175 
176 	if (check_ancestor_cgroup_ids(atoi(argv[2])))
177 		goto err;
178 
179 	goto out;
180 err:
181 	err = -1;
182 out:
183 	close(cgfd);
184 	cleanup_cgroup_environment();
185 	printf("[%s]\n", err ? "FAIL" : "PASS");
186 	return err;
187 }
188