SOCK_ADDR_TEST_GETPEERNAME,
};
-typedef void *(*load_fn)(int cgroup_fd);
+typedef void *(*load_fn)(int cgroup_fd,
+ enum bpf_attach_type attach_type,
+ bool expect_reject);
typedef void (*destroy_fn)(void *skel);
static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
/* BPF prog properties */
load_fn loadfn;
destroy_fn destroyfn;
+ enum bpf_attach_type attach_type;
/* Socket operations */
struct sock_ops *ops;
/* Socket properties */
const char *expected_addr;
unsigned short expected_port;
const char *expected_src_addr;
+ /* Expected test result */
+ enum {
+ LOAD_REJECT,
+ ATTACH_REJECT,
+ SYSCALL_EPERM,
+ SYSCALL_ENOTSUPP,
+ SUCCESS,
+ } expected_result;
};
#define BPF_SKEL_FUNCS(skel_name, prog_name) \
-static void *prog_name##_load(int cgroup_fd) \
+static void *prog_name##_load(int cgroup_fd, \
+ enum bpf_attach_type attach_type, \
+ bool expect_reject) \
{ \
- struct skel_name *skel; \
- skel = skel_name##__open_and_load(); \
+ struct skel_name *skel = skel_name##__open(); \
if (!ASSERT_OK_PTR(skel, "skel_open")) \
goto cleanup; \
+ if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \
+ attach_type), \
+ "set_expected_attach_type")) \
+ goto cleanup; \
+ if (skel_name##__load(skel)) { \
+ ASSERT_TRUE(expect_reject, "unexpected rejection"); \
+ goto cleanup; \
+ } \
+ if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
+ goto cleanup; \
skel->links.prog_name = bpf_program__attach_cgroup( \
skel->progs.prog_name, cgroup_fd); \
if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \
"bind4: bind (stream)",
bind_v4_prog_load,
bind_v4_prog_destroy,
+ BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: bind (dgram)",
bind_v4_prog_load,
bind_v4_prog_destroy,
+ BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind (stream)",
bind_v6_prog_load,
bind_v6_prog_destroy,
+ BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind (dgram)",
bind_v6_prog_load,
bind_v6_prog_destroy,
+ BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
+ SUCCESS,
},
/* bind - kernel calls */
"bind4: kernel_bind (stream)",
bind_v4_prog_load,
bind_v4_prog_destroy,
+ BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
+ NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: kernel_bind (dgram)",
bind_v4_prog_load,
bind_v4_prog_destroy,
+ BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
+ NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind (stream)",
bind_v6_prog_load,
bind_v6_prog_destroy,
+ BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
+ NULL,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind (dgram)",
bind_v6_prog_load,
bind_v6_prog_destroy,
+ BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
+ NULL,
+ SUCCESS,
},
/* connect - system calls */
"connect4: connect (stream)",
connect_v4_prog_load,
connect_v4_prog_destroy,
+ BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: connect (dgram)",
connect_v4_prog_load,
connect_v4_prog_destroy,
+ BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect (stream)",
connect_v6_prog_load,
connect_v6_prog_destroy,
+ BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect (dgram)",
connect_v6_prog_load,
connect_v6_prog_destroy,
+ BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: connect (stream)",
connect_unix_prog_load,
connect_unix_prog_destroy,
+ BPF_CGROUP_UNIX_CONNECT,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* connect - kernel calls */
"connect4: kernel_connect (stream)",
connect_v4_prog_load,
connect_v4_prog_destroy,
+ BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: kernel_connect (dgram)",
connect_v4_prog_load,
connect_v4_prog_destroy,
+ BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect (stream)",
connect_v6_prog_load,
connect_v6_prog_destroy,
+ BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect (dgram)",
connect_v6_prog_load,
connect_v6_prog_destroy,
+ BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: kernel_connect (dgram)",
connect_unix_prog_load,
connect_unix_prog_destroy,
+ BPF_CGROUP_UNIX_CONNECT,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* sendmsg - system calls */
"sendmsg4: sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
+ BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
+ BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
+ BPF_CGROUP_UNIX_SENDMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* sendmsg - kernel calls (sock_sendmsg) */
"sendmsg4: sock_sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
+ BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sock_sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
+ BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sock_sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
+ BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* sendmsg - kernel calls (kernel_sendmsg) */
"sendmsg4: kernel_sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
+ BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: kernel_sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
+ BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sock_sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
+ BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* recvmsg - system calls */
"recvmsg4: recvfrom (dgram)",
recvmsg4_prog_load,
recvmsg4_prog_destroy,
+ BPF_CGROUP_UDP4_RECVMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg6: recvfrom (dgram)",
recvmsg6_prog_load,
recvmsg6_prog_destroy,
+ BPF_CGROUP_UDP6_RECVMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg_unix: recvfrom (dgram)",
recvmsg_unix_prog_load,
recvmsg_unix_prog_destroy,
+ BPF_CGROUP_UNIX_RECVMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_ADDRESS,
+ SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg_unix: recvfrom (stream)",
recvmsg_unix_prog_load,
recvmsg_unix_prog_destroy,
+ BPF_CGROUP_UNIX_RECVMSG,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_ADDRESS,
+ SUCCESS,
},
/* getsockname - system calls */
"getsockname_unix",
getsockname_unix_prog_load,
getsockname_unix_prog_destroy,
+ BPF_CGROUP_UNIX_GETSOCKNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
/* getpeername - system calls */
"getpeername_unix",
getpeername_unix_prog_load,
getpeername_unix_prog_destroy,
+ BPF_CGROUP_UNIX_GETPEERNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
+ SUCCESS,
},
};
if (!test__start_subtest(test->name))
continue;
- skel = test->loadfn(cgroup_fd);
+ skel = test->loadfn(cgroup_fd, test->attach_type,
+ test->expected_result == LOAD_REJECT);
if (!skel)
continue;
projects / linux.git / commitdiff