Google Git
Sign in
android-kvm / linux / 4eb98b7760e8078dbc984ee08b02b5b4c3cff088 / . / tools / testing / selftests / bpf / prog_tests / sock_addr.c
blob: a6ee7f8d4f7915aa5f904517f23cb15254621286 [file] [log] [blame]
// SPDX-License-Identifier: GPL-2.0
#include <sys/un.h>
#include "test_progs.h"
#include "sock_addr_kern.skel.h"
#include "bind4_prog.skel.h"
#include "bind6_prog.skel.h"
#include "connect_unix_prog.skel.h"
#include "connect4_prog.skel.h"
#include "connect6_prog.skel.h"
#include "sendmsg4_prog.skel.h"
#include "sendmsg6_prog.skel.h"
#include "recvmsg4_prog.skel.h"
#include "recvmsg6_prog.skel.h"
#include "sendmsg_unix_prog.skel.h"
#include "recvmsg_unix_prog.skel.h"
#include "getsockname4_prog.skel.h"
#include "getsockname6_prog.skel.h"
#include "getsockname_unix_prog.skel.h"
#include "getpeername4_prog.skel.h"
#include "getpeername6_prog.skel.h"
#include "getpeername_unix_prog.skel.h"
#include "network_helpers.h"
#ifndef ENOTSUPP
# define ENOTSUPP 524
#endif
#define TEST_NS "sock_addr"
#define TEST_IF_PREFIX "test_sock_addr"
#define TEST_IPV4 "127.0.0.4"
#define TEST_IPV6 "::6"
#define SERV4_IP "192.168.1.254"
#define SERV4_REWRITE_IP "127.0.0.1"
#define SRC4_IP "172.16.0.1"
#define SRC4_REWRITE_IP TEST_IPV4
#define SERV4_PORT 4040
#define SERV4_REWRITE_PORT 4444
#define SERV6_IP "face:b00c:1234:5678::abcd"
#define SERV6_REWRITE_IP "::1"
#define SERV6_V4MAPPED_IP "::ffff:192.168.0.4"
#define SRC6_IP "::1"
#define SRC6_REWRITE_IP TEST_IPV6
#define WILDCARD6_IP "::"
#define SERV6_PORT 6060
#define SERV6_REWRITE_PORT 6666
#define SERVUN_ADDRESS "bpf_cgroup_unix_test"
#define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite"
#define SRCUN_ADDRESS "bpf_cgroup_unix_test_src"
#define save_errno_do(op) ({ int __save = errno; op; errno = __save; })
enum sock_addr_test_type {
SOCK_ADDR_TEST_BIND,
SOCK_ADDR_TEST_CONNECT,
SOCK_ADDR_TEST_SENDMSG,
SOCK_ADDR_TEST_RECVMSG,
SOCK_ADDR_TEST_GETSOCKNAME,
SOCK_ADDR_TEST_GETPEERNAME,
};
typedef void *(*load_fn)(int cgroup_fd,
enum bpf_attach_type attach_type,
bool expect_reject);
typedef void (*destroy_fn)(void *skel);
static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
const struct sockaddr_storage *addr2, socklen_t addr2_len,
bool cmp_port);
struct init_sock_args {
int af;
int type;
};
struct addr_args {
char addr[sizeof(struct sockaddr_storage)];
int addrlen;
};
struct sendmsg_args {
struct addr_args addr;
char msg[10];
int msglen;
};
static struct sock_addr_kern *skel;
static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size)
{
LIBBPF_OPTS(bpf_test_run_opts, topts);
struct bpf_program *prog;
int prog_fd, err;
topts.ctx_in = ctx;
topts.ctx_size_in = ctx_size;
prog = bpf_object__find_program_by_name(skel->obj, prog_name);
if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
goto err;
prog_fd = bpf_program__fd(prog);
err = bpf_prog_test_run_opts(prog_fd, &topts);
if (!ASSERT_OK(err, prog_name))
goto err;
err = topts.retval;
errno = -topts.retval;
goto out;
err:
err = -1;
out:
return err;
}
static int kernel_init_sock(int af, int type, int protocol)
{
struct init_sock_args args = {
.af = af,
.type = type,
};
return run_bpf_prog("init_sock", &args, sizeof(args));
}
static int kernel_close_sock(int fd)
{
return run_bpf_prog("close_sock", NULL, 0);
}
static int sock_addr_op(const char *name, struct sockaddr *addr,
socklen_t *addrlen, bool expect_change)
{
struct addr_args args;
int err;
if (addrlen)
args.addrlen = *addrlen;
if (addr)
memcpy(&args.addr, addr, *addrlen);
err = run_bpf_prog(name, &args, sizeof(args));
if (!expect_change && addr)
if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
*addrlen,
(struct sockaddr_storage *)&args.addr,
args.addrlen, 1),
0, "address_param_modified"))
return -1;
if (addrlen)
*addrlen = args.addrlen;
if (addr)
memcpy(addr, &args.addr, *addrlen);
return err;
}
static int send_msg_op(const char *name, struct sockaddr *addr,
socklen_t addrlen, const char *msg, int msglen)
{
struct sendmsg_args args;
int err;
memset(&args, 0, sizeof(args));
memcpy(&args.addr.addr, addr, addrlen);
args.addr.addrlen = addrlen;
memcpy(args.msg, msg, msglen);
args.msglen = msglen;
err = run_bpf_prog(name, &args, sizeof(args));
if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
addrlen,
(struct sockaddr_storage *)&args.addr.addr,
args.addr.addrlen, 1),
0, "address_param_modified"))
return -1;
return err;
}
static int kernel_connect(struct sockaddr *addr, socklen_t addrlen)
{
return sock_addr_op("kernel_connect", addr, &addrlen, false);
}
static int kernel_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
{
return sock_addr_op("kernel_bind", addr, &addrlen, false);
}
static int kernel_listen(void)
{
return sock_addr_op("kernel_listen", NULL, NULL, false);
}
static int kernel_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
char *msg, int msglen)
{
return send_msg_op("kernel_sendmsg", addr, addrlen, msg, msglen);
}
static int sock_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
char *msg, int msglen)
{
return send_msg_op("sock_sendmsg", addr, addrlen, msg, msglen);
}
static int kernel_getsockname(int fd, struct sockaddr *addr, socklen_t *addrlen)
{
return sock_addr_op("kernel_getsockname", addr, addrlen, true);
}
static int kernel_getpeername(int fd, struct sockaddr *addr, socklen_t *addrlen)
{
return sock_addr_op("kernel_getpeername", addr, addrlen, true);
}
int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, socklen_t addrlen,
const struct network_helper_opts *opts)
{
int err;
if (!ASSERT_OK(kernel_init_sock(addr->ss_family, type, 0),
"kernel_init_sock"))
goto err;
if (kernel_connect((struct sockaddr *)addr, addrlen) < 0)
goto err;
/* Test code expects a "file descriptor" on success. */
err = 1;
goto out;
err:
err = -1;
save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
out:
return err;
}
int kernel_start_server(int family, int type, const char *addr_str, __u16 port,
int timeout_ms)
{
struct sockaddr_storage addr;
socklen_t addrlen;
int err;
if (!ASSERT_OK(kernel_init_sock(family, type, 0), "kernel_init_sock"))
goto err;
if (make_sockaddr(family, addr_str, port, &addr, &addrlen))
goto err;
if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0)
goto err;
if (type == SOCK_STREAM) {
if (!ASSERT_OK(kernel_listen(), "kernel_listen"))
goto err;
}
/* Test code expects a "file descriptor" on success. */
err = 1;
goto out;
err:
err = -1;
save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
out:
return err;
}
struct sock_ops {
int (*connect_to_addr)(int type, const struct sockaddr_storage *addr,
socklen_t addrlen,
const struct network_helper_opts *opts);
int (*start_server)(int family, int type, const char *addr_str,
__u16 port, int timeout_ms);
int (*socket)(int famil, int type, int protocol);
int (*bind)(int fd, struct sockaddr *addr, socklen_t addrlen);
int (*getsockname)(int fd, struct sockaddr *addr, socklen_t *addrlen);
int (*getpeername)(int fd, struct sockaddr *addr, socklen_t *addrlen);
int (*sendmsg)(int fd, struct sockaddr *addr, socklen_t addrlen,
char *msg, int msglen);
int (*close)(int fd);
};
static int user_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
char *msg, int msglen)
{
struct msghdr hdr;
struct iovec iov;
memset(&iov, 0, sizeof(iov));
iov.iov_base = msg;
iov.iov_len = msglen;
memset(&hdr, 0, sizeof(hdr));
hdr.msg_name = (void *)addr;
hdr.msg_namelen = addrlen;
hdr.msg_iov = &iov;
hdr.msg_iovlen = 1;
return sendmsg(fd, &hdr, 0);
}
static int user_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
{
return bind(fd, (const struct sockaddr *)addr, addrlen);
}
struct sock_ops user_ops = {
.connect_to_addr = connect_to_addr,
.start_server = start_server,
.socket = socket,
.bind = user_bind,
.getsockname = getsockname,
.getpeername = getpeername,
.sendmsg = user_sendmsg,
.close = close,
};
struct sock_ops kern_ops_sock_sendmsg = {
.connect_to_addr = kernel_connect_to_addr,
.start_server = kernel_start_server,
.socket = kernel_init_sock,
.bind = kernel_bind,
.getsockname = kernel_getsockname,
.getpeername = kernel_getpeername,
.sendmsg = sock_sendmsg,
.close = kernel_close_sock,
};
struct sock_ops kern_ops_kernel_sendmsg = {
.connect_to_addr = kernel_connect_to_addr,
.start_server = kernel_start_server,
.socket = kernel_init_sock,
.bind = kernel_bind,
.getsockname = kernel_getsockname,
.getpeername = kernel_getpeername,
.sendmsg = kernel_sendmsg,
.close = kernel_close_sock,
};
struct sock_addr_test {
enum sock_addr_test_type type;
const char *name;
/* BPF prog properties */
load_fn loadfn;
destroy_fn destroyfn;
enum bpf_attach_type attach_type;
/* Socket operations */
struct sock_ops *ops;
/* Socket properties */
int socket_family;
int socket_type;
/* IP:port pairs for BPF prog to override */
const char *requested_addr;
unsigned short requested_port;
const char *expected_addr;
unsigned short expected_port;
const char *expected_src_addr;
/* Expected test result */
enum {
LOAD_REJECT,
ATTACH_REJECT,
SYSCALL_EPERM,
SYSCALL_ENOTSUPP,
SUCCESS,
} expected_result;
};
#define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \
static void *prog_name##_load_raw(int cgroup_fd, \
enum bpf_attach_type attach_type, \
bool expect_reject) \
{ \
struct skel_name *skel = skel_name##__open(); \
int prog_fd = -1; \
if (!ASSERT_OK_PTR(skel, "skel_open")) \
goto cleanup; \
if (!ASSERT_OK(skel_name##__load(skel), "load")) \
goto cleanup; \
prog_fd = bpf_program__fd(skel->progs.prog_name); \
if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \
goto cleanup; \
if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \
BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \
ASSERT_TRUE(expect_reject, "unexpected rejection"); \
goto cleanup; \
} \
if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
goto cleanup; \
cleanup: \
if (prog_fd > 0) \
bpf_prog_detach(cgroup_fd, attach_type); \
skel_name##__destroy(skel); \
return NULL; \
} \
static void prog_name##_destroy_raw(void *progfd) \
{ \
/* No-op. *_load_raw does all cleanup. */ \
} \
#define BPF_SKEL_FUNCS(skel_name, prog_name) \
static void *prog_name##_load(int cgroup_fd, \
enum bpf_attach_type attach_type, \
bool expect_reject) \
{ \
struct skel_name *skel = skel_name##__open(); \
if (!ASSERT_OK_PTR(skel, "skel_open")) \
goto cleanup; \
if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \
attach_type), \
"set_expected_attach_type")) \
goto cleanup; \
if (skel_name##__load(skel)) { \
ASSERT_TRUE(expect_reject, "unexpected rejection"); \
goto cleanup; \
} \
if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
goto cleanup; \
skel->links.prog_name = bpf_program__attach_cgroup( \
skel->progs.prog_name, cgroup_fd); \
if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \
goto cleanup; \
return skel; \
cleanup: \
skel_name##__destroy(skel); \
return NULL; \
} \
static void prog_name##_destroy(void *skel) \
{ \
skel_name##__destroy(skel); \
}
BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog);
BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog);
BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog);
BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog);
BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog);
BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog);
BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog);
BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog);
BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog);
BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog);
BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog);
BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog);
BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog);
BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog);
BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog);
BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog);
BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog);
BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog);
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog);
BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog);
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog);
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog);
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog);
BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog);
BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog);
BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog);
BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog);
BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog);
BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog);
BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog);
BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog);
BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog);
BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog);
BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog);
BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog);
BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog);
BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog);
BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog);
BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog);
BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog);
BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog);
BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog);
BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog);
BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog);
BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog);
static struct sock_addr_test tests[] = {
/* bind - system calls */
{
SOCK_ADDR_TEST_BIND,
"bind4: bind (stream)",
bind_v4_prog_load,
bind_v4_prog_destroy,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: bind deny (stream)",
bind_v4_deny_prog_load,
bind_v4_deny_prog_destroy,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: bind (dgram)",
bind_v4_prog_load,
bind_v4_prog_destroy,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: bind deny (dgram)",
bind_v4_deny_prog_load,
bind_v4_deny_prog_destroy,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: load prog with wrong expected attach type",
bind_v4_prog_load,
bind_v4_prog_destroy,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: attach prog with wrong attach type",
bind_v4_prog_load_raw,
bind_v4_prog_destroy_raw,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind (stream)",
bind_v6_prog_load,
bind_v6_prog_destroy,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind deny (stream)",
bind_v6_deny_prog_load,
bind_v6_deny_prog_destroy,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind (dgram)",
bind_v6_prog_load,
bind_v6_prog_destroy,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: bind deny (dgram)",
bind_v6_deny_prog_load,
bind_v6_deny_prog_destroy,
BPF_CGROUP_INET6_BIND,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: load prog with wrong expected attach type",
bind_v6_prog_load,
bind_v6_prog_destroy,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET6,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: attach prog with wrong attach type",
bind_v6_prog_load_raw,
bind_v6_prog_destroy_raw,
BPF_CGROUP_INET4_BIND,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
/* bind - kernel calls */
{
SOCK_ADDR_TEST_BIND,
"bind4: kernel_bind (stream)",
bind_v4_prog_load,
bind_v4_prog_destroy,
BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: kernel_bind deny (stream)",
bind_v4_deny_prog_load,
bind_v4_deny_prog_destroy,
BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: kernel_bind (dgram)",
bind_v4_prog_load,
bind_v4_prog_destroy,
BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind4: kernel_bind deny (dgram)",
bind_v4_deny_prog_load,
bind_v4_deny_prog_destroy,
BPF_CGROUP_INET4_BIND,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind (stream)",
bind_v6_prog_load,
bind_v6_prog_destroy,
BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind deny (stream)",
bind_v6_deny_prog_load,
bind_v6_deny_prog_destroy,
BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind (dgram)",
bind_v6_prog_load,
bind_v6_prog_destroy,
BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_BIND,
"bind6: kernel_bind deny (dgram)",
bind_v6_deny_prog_load,
bind_v6_deny_prog_destroy,
BPF_CGROUP_INET6_BIND,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
NULL,
SYSCALL_EPERM,
},
/* connect - system calls */
{
SOCK_ADDR_TEST_CONNECT,
"connect4: connect (stream)",
connect_v4_prog_load,
connect_v4_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: connect deny (stream)",
connect_v4_deny_prog_load,
connect_v4_deny_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: connect (dgram)",
connect_v4_prog_load,
connect_v4_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: connect deny (dgram)",
connect_v4_deny_prog_load,
connect_v4_deny_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: load prog with wrong expected attach type",
connect_v4_prog_load,
connect_v4_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: attach prog with wrong attach type",
connect_v4_prog_load_raw,
connect_v4_prog_destroy_raw,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect (stream)",
connect_v6_prog_load,
connect_v6_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect deny (stream)",
connect_v6_deny_prog_load,
connect_v6_deny_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect (dgram)",
connect_v6_prog_load,
connect_v6_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: connect deny (dgram)",
connect_v6_deny_prog_load,
connect_v6_deny_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: load prog with wrong expected attach type",
connect_v6_prog_load,
connect_v6_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET6,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: attach prog with wrong attach type",
connect_v6_prog_load_raw,
connect_v6_prog_destroy_raw,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_INET,
SOCK_STREAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: connect (stream)",
connect_unix_prog_load,
connect_unix_prog_destroy,
BPF_CGROUP_UNIX_CONNECT,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: connect deny (stream)",
connect_unix_deny_prog_load,
connect_unix_deny_prog_destroy,
BPF_CGROUP_UNIX_CONNECT,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: attach prog with wrong attach type",
connect_unix_prog_load_raw,
connect_unix_prog_destroy_raw,
BPF_CGROUP_INET4_CONNECT,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
ATTACH_REJECT,
},
/* connect - kernel calls */
{
SOCK_ADDR_TEST_CONNECT,
"connect4: kernel_connect (stream)",
connect_v4_prog_load,
connect_v4_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: kernel_connect deny (stream)",
connect_v4_deny_prog_load,
connect_v4_deny_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: kernel_connect (dgram)",
connect_v4_prog_load,
connect_v4_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect4: kernel_connect deny (dgram)",
connect_v4_deny_prog_load,
connect_v4_deny_prog_destroy,
BPF_CGROUP_INET4_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect (stream)",
connect_v6_prog_load,
connect_v6_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect deny (stream)",
connect_v6_deny_prog_load,
connect_v6_deny_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect (dgram)",
connect_v6_prog_load,
connect_v6_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect6: kernel_connect deny (dgram)",
connect_v6_deny_prog_load,
connect_v6_deny_prog_destroy,
BPF_CGROUP_INET6_CONNECT,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: kernel_connect (dgram)",
connect_unix_prog_load,
connect_unix_prog_destroy,
BPF_CGROUP_UNIX_CONNECT,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_CONNECT,
"connect_unix: kernel_connect deny (dgram)",
connect_unix_deny_prog_load,
connect_unix_deny_prog_destroy,
BPF_CGROUP_UNIX_CONNECT,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SYSCALL_EPERM,
},
/* sendmsg - system calls */
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: sendmsg deny (dgram)",
sendmsg_v4_deny_prog_load,
sendmsg_v4_deny_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: load prog with wrong expected attach type",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: attach prog with wrong attach type",
sendmsg_v4_prog_load_raw,
sendmsg_v4_prog_destroy_raw,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg [::] (BSD'ism) (dgram)",
sendmsg_v6_preserve_dst_prog_load,
sendmsg_v6_preserve_dst_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
WILDCARD6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_PORT,
SRC6_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg deny (dgram)",
sendmsg_v6_deny_prog_load,
sendmsg_v6_deny_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)",
sendmsg_v6_v4mapped_prog_load,
sendmsg_v6_v4mapped_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_ENOTSUPP,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)",
sendmsg_v6_wildcard_prog_load,
sendmsg_v6_wildcard_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: load prog with wrong expected attach type",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
NULL,
0,
NULL,
0,
NULL,
LOAD_REJECT,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: attach prog with wrong attach type",
sendmsg_v6_prog_load_raw,
sendmsg_v6_prog_destroy_raw,
BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
NULL,
0,
NULL,
0,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sendmsg deny (dgram)",
sendmsg_unix_deny_prog_load,
sendmsg_unix_deny_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: attach prog with wrong attach type",
sendmsg_unix_prog_load_raw,
sendmsg_unix_prog_destroy_raw,
BPF_CGROUP_UDP4_SENDMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
ATTACH_REJECT,
},
/* sendmsg - kernel calls (sock_sendmsg) */
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: sock_sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: sock_sendmsg deny (dgram)",
sendmsg_v4_deny_prog_load,
sendmsg_v4_deny_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sock_sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)",
sendmsg_v6_preserve_dst_prog_load,
sendmsg_v6_preserve_dst_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
WILDCARD6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_PORT,
SRC6_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: sock_sendmsg deny (dgram)",
sendmsg_v6_deny_prog_load,
sendmsg_v6_deny_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_sock_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sock_sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sock_sendmsg deny (dgram)",
sendmsg_unix_deny_prog_load,
sendmsg_unix_deny_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_sock_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SYSCALL_EPERM,
},
/* sendmsg - kernel calls (kernel_sendmsg) */
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: kernel_sendmsg (dgram)",
sendmsg_v4_prog_load,
sendmsg_v4_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg4: kernel_sendmsg deny (dgram)",
sendmsg_v4_deny_prog_load,
sendmsg_v4_deny_prog_destroy,
BPF_CGROUP_UDP4_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_IP,
SERV4_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SRC4_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: kernel_sendmsg (dgram)",
sendmsg_v6_prog_load,
sendmsg_v6_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)",
sendmsg_v6_preserve_dst_prog_load,
sendmsg_v6_preserve_dst_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
WILDCARD6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_PORT,
SRC6_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg6: kernel_sendmsg deny (dgram)",
sendmsg_v6_deny_prog_load,
sendmsg_v6_deny_prog_destroy,
BPF_CGROUP_UDP6_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_IP,
SERV6_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SRC6_REWRITE_IP,
SYSCALL_EPERM,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: sock_sendmsg (dgram)",
sendmsg_unix_prog_load,
sendmsg_unix_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_SENDMSG,
"sendmsg_unix: kernel_sendmsg deny (dgram)",
sendmsg_unix_deny_prog_load,
sendmsg_unix_deny_prog_destroy,
BPF_CGROUP_UNIX_SENDMSG,
&kern_ops_kernel_sendmsg,
AF_UNIX,
SOCK_DGRAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SYSCALL_EPERM,
},
/* recvmsg - system calls */
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg4: recvfrom (dgram)",
recvmsg4_prog_load,
recvmsg4_prog_destroy,
BPF_CGROUP_UDP4_RECVMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg4: attach prog with wrong attach type",
recvmsg4_prog_load_raw,
recvmsg4_prog_destroy_raw,
BPF_CGROUP_UDP6_RECVMSG,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg6: recvfrom (dgram)",
recvmsg6_prog_load,
recvmsg6_prog_destroy,
BPF_CGROUP_UDP6_RECVMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg6: attach prog with wrong attach type",
recvmsg6_prog_load_raw,
recvmsg6_prog_destroy_raw,
BPF_CGROUP_UDP4_RECVMSG,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg_unix: recvfrom (dgram)",
recvmsg_unix_prog_load,
recvmsg_unix_prog_destroy,
BPF_CGROUP_UNIX_RECVMSG,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_ADDRESS,
SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg_unix: recvfrom (stream)",
recvmsg_unix_prog_load,
recvmsg_unix_prog_destroy,
BPF_CGROUP_UNIX_RECVMSG,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_ADDRESS,
SUCCESS,
},
{
SOCK_ADDR_TEST_RECVMSG,
"recvmsg_unix: attach prog with wrong attach type",
recvmsg_unix_prog_load_raw,
recvmsg_unix_prog_destroy_raw,
BPF_CGROUP_UDP4_RECVMSG,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
SERVUN_ADDRESS,
ATTACH_REJECT,
},
/* getsockname - system calls */
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname4: getsockname (stream)",
getsockname_v4_prog_load,
getsockname_v4_prog_destroy,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname4: getsockname (dgram)",
getsockname_v4_prog_load,
getsockname_v4_prog_destroy,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname4: attach prog with wrong attach type",
getsockname_v4_prog_load_raw,
getsockname_v4_prog_destroy_raw,
BPF_CGROUP_INET6_GETSOCKNAME,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname6: getsockname (stream)",
getsockname_v6_prog_load,
getsockname_v6_prog_destroy,
BPF_CGROUP_INET6_GETSOCKNAME,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname6: getsockname (dgram)",
getsockname_v6_prog_load,
getsockname_v6_prog_destroy,
BPF_CGROUP_INET6_GETSOCKNAME,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname6: attach prog with wrong attach type",
getsockname_v6_prog_load_raw,
getsockname_v6_prog_destroy_raw,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname_unix: getsockname",
getsockname_unix_prog_load,
getsockname_unix_prog_destroy,
BPF_CGROUP_UNIX_GETSOCKNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname_unix: attach prog with wrong attach type",
getsockname_unix_prog_load_raw,
getsockname_unix_prog_destroy_raw,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
ATTACH_REJECT,
},
/* getsockname - kernel calls */
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname4: kernel_getsockname (stream)",
getsockname_v4_prog_load,
getsockname_v4_prog_destroy,
BPF_CGROUP_INET4_GETSOCKNAME,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname4: kernel_getsockname (dgram)",
getsockname_v4_prog_load,
getsockname_v4_prog_destroy,
BPF_CGROUP_INET4_GETSOCKNAME,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname6: kernel_getsockname (stream)",
getsockname_v6_prog_load,
getsockname_v6_prog_destroy,
BPF_CGROUP_INET6_GETSOCKNAME,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname6: kernel_getsockname (dgram)",
getsockname_v6_prog_load,
getsockname_v6_prog_destroy,
BPF_CGROUP_INET6_GETSOCKNAME,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETSOCKNAME,
"getsockname_unix: kernel_getsockname",
getsockname_unix_prog_load,
getsockname_unix_prog_destroy,
BPF_CGROUP_UNIX_GETSOCKNAME,
&kern_ops_kernel_sendmsg,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
/* getpeername - system calls */
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername4: getpeername (stream)",
getpeername_v4_prog_load,
getpeername_v4_prog_destroy,
BPF_CGROUP_INET4_GETPEERNAME,
&user_ops,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername4: getpeername (dgram)",
getpeername_v4_prog_load,
getpeername_v4_prog_destroy,
BPF_CGROUP_INET4_GETPEERNAME,
&user_ops,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername4: attach prog with wrong attach type",
getpeername_v4_prog_load_raw,
getpeername_v4_prog_destroy_raw,
BPF_CGROUP_INET6_GETSOCKNAME,
&user_ops,
AF_UNIX,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername6: getpeername (stream)",
getpeername_v6_prog_load,
getpeername_v6_prog_destroy,
BPF_CGROUP_INET6_GETPEERNAME,
&user_ops,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername6: getpeername (dgram)",
getpeername_v6_prog_load,
getpeername_v6_prog_destroy,
BPF_CGROUP_INET6_GETPEERNAME,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername6: attach prog with wrong attach type",
getpeername_v6_prog_load_raw,
getpeername_v6_prog_destroy_raw,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
ATTACH_REJECT,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername_unix: getpeername",
getpeername_unix_prog_load,
getpeername_unix_prog_destroy,
BPF_CGROUP_UNIX_GETPEERNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername_unix: attach prog with wrong attach type",
getpeername_unix_prog_load_raw,
getpeername_unix_prog_destroy_raw,
BPF_CGROUP_INET4_GETSOCKNAME,
&user_ops,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
ATTACH_REJECT,
},
/* getpeername - kernel calls */
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername4: kernel_getpeername (stream)",
getpeername_v4_prog_load,
getpeername_v4_prog_destroy,
BPF_CGROUP_INET4_GETPEERNAME,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_STREAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername4: kernel_getpeername (dgram)",
getpeername_v4_prog_load,
getpeername_v4_prog_destroy,
BPF_CGROUP_INET4_GETPEERNAME,
&kern_ops_kernel_sendmsg,
AF_INET,
SOCK_DGRAM,
SERV4_REWRITE_IP,
SERV4_REWRITE_PORT,
SERV4_IP,
SERV4_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername6: kernel_getpeername (stream)",
getpeername_v6_prog_load,
getpeername_v6_prog_destroy,
BPF_CGROUP_INET6_GETPEERNAME,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_STREAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername6: kernel_getpeername (dgram)",
getpeername_v6_prog_load,
getpeername_v6_prog_destroy,
BPF_CGROUP_INET6_GETPEERNAME,
&kern_ops_kernel_sendmsg,
AF_INET6,
SOCK_DGRAM,
SERV6_REWRITE_IP,
SERV6_REWRITE_PORT,
SERV6_IP,
SERV6_PORT,
NULL,
SUCCESS,
},
{
SOCK_ADDR_TEST_GETPEERNAME,
"getpeername_unix: kernel_getpeername",
getpeername_unix_prog_load,
getpeername_unix_prog_destroy,
BPF_CGROUP_UNIX_GETPEERNAME,
&kern_ops_kernel_sendmsg,
AF_UNIX,
SOCK_STREAM,
SERVUN_ADDRESS,
0,
SERVUN_REWRITE_ADDRESS,
0,
NULL,
SUCCESS,
},
};
typedef int (*info_fn)(int, struct sockaddr *, socklen_t *);
static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
const struct sockaddr_storage *addr2, socklen_t addr2_len,
bool cmp_port)
{
const struct sockaddr_in *four1, *four2;
const struct sockaddr_in6 *six1, *six2;
const struct sockaddr_un *un1, *un2;
if (addr1->ss_family != addr2->ss_family)
return -1;
if (addr1_len != addr2_len)
return -1;
if (addr1->ss_family == AF_INET) {
four1 = (const struct sockaddr_in *)addr1;
four2 = (const struct sockaddr_in *)addr2;
return !((four1->sin_port == four2->sin_port || !cmp_port) &&
four1->sin_addr.s_addr == four2->sin_addr.s_addr);
} else if (addr1->ss_family == AF_INET6) {
six1 = (const struct sockaddr_in6 *)addr1;
six2 = (const struct sockaddr_in6 *)addr2;
return !((six1->sin6_port == six2->sin6_port || !cmp_port) &&
!memcmp(&six1->sin6_addr, &six2->sin6_addr,
sizeof(struct in6_addr)));
} else if (addr1->ss_family == AF_UNIX) {
un1 = (const struct sockaddr_un *)addr1;
un2 = (const struct sockaddr_un *)addr2;
return memcmp(un1, un2, addr1_len);
}
return -1;
}
static int cmp_sock_addr(info_fn fn, int sock1,
const struct sockaddr_storage *addr2,
socklen_t addr2_len, bool cmp_port)
{
struct sockaddr_storage addr1;
socklen_t len1 = sizeof(addr1);
memset(&addr1, 0, len1);
if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0)
return -1;
return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port);
}
static int load_sock_addr_kern(void)
{
int err;
skel = sock_addr_kern__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel"))
goto err;
err = 0;
goto out;
err:
err = -1;
out:
return err;
}
static void unload_sock_addr_kern(void)
{
sock_addr_kern__destroy(skel);
}
static int test_bind(struct sock_addr_test *test)
{
struct sockaddr_storage expected_addr;
socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
int serv = -1, client = -1, err;
serv = test->ops->start_server(test->socket_family, test->socket_type,
test->requested_addr,
test->requested_port, 0);
if (serv < 0) {
err = errno;
goto err;
}
err = make_sockaddr(test->socket_family,
test->expected_addr, test->expected_port,
&expected_addr, &expected_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr,
expected_addr_len, true);
if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
goto cleanup;
/* Try to connect to server just in case */
client = connect_to_addr(test->socket_type, &expected_addr, expected_addr_len, NULL);
if (!ASSERT_GE(client, 0, "connect_to_addr"))
goto cleanup;
cleanup:
err = 0;
err:
if (client != -1)
close(client);
if (serv != -1)
test->ops->close(serv);
return err;
}
static int test_connect(struct sock_addr_test *test)
{
struct sockaddr_storage addr, expected_addr, expected_src_addr;
socklen_t addr_len = sizeof(struct sockaddr_storage),
expected_addr_len = sizeof(struct sockaddr_storage),
expected_src_addr_len = sizeof(struct sockaddr_storage);
int serv = -1, client = -1, err;
serv = start_server(test->socket_family, test->socket_type,
test->expected_addr, test->expected_port, 0);
if (!ASSERT_GE(serv, 0, "start_server"))
goto cleanup;
err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
&addr, &addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
NULL);
if (client < 0) {
err = errno;
goto err;
}
err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
&expected_addr, &expected_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
if (test->expected_src_addr) {
err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
&expected_src_addr, &expected_src_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
}
err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
expected_addr_len, true);
if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
goto cleanup;
if (test->expected_src_addr) {
err = cmp_sock_addr(test->ops->getsockname, client,
&expected_src_addr, expected_src_addr_len,
false);
if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
goto cleanup;
}
cleanup:
err = 0;
err:
if (client != -1)
test->ops->close(client);
if (serv != -1)
close(serv);
return err;
}
static int test_xmsg(struct sock_addr_test *test)
{
struct sockaddr_storage addr, src_addr;
socklen_t addr_len = sizeof(struct sockaddr_storage),
src_addr_len = sizeof(struct sockaddr_storage);
char data = 'a';
int serv = -1, client = -1, err;
/* Unlike the other tests, here we test that we can rewrite the src addr
* with a recvmsg() hook.
*/
serv = start_server(test->socket_family, test->socket_type,
test->expected_addr, test->expected_port, 0);
if (!ASSERT_GE(serv, 0, "start_server"))
goto cleanup;
client = test->ops->socket(test->socket_family, test->socket_type, 0);
if (!ASSERT_GE(client, 0, "socket"))
goto cleanup;
/* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */
if (test->socket_family == AF_UNIX) {
err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
err = test->ops->bind(client, (struct sockaddr *)&src_addr,
src_addr_len);
if (!ASSERT_OK(err, "bind"))
goto cleanup;
}
err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
&addr, &addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
if (test->socket_type == SOCK_DGRAM) {
err = test->ops->sendmsg(client, (struct sockaddr *)&addr,
addr_len, &data, sizeof(data));
if (err < 0) {
err = errno;
goto err;
}
if (!ASSERT_EQ(err, sizeof(data), "sendmsg"))
goto cleanup;
} else {
/* Testing with connection-oriented sockets is only valid for
* recvmsg() tests.
*/
if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg"))
goto cleanup;
err = connect(client, (const struct sockaddr *)&addr, addr_len);
if (!ASSERT_OK(err, "connect"))
goto cleanup;
err = send(client, &data, sizeof(data), 0);
if (!ASSERT_EQ(err, sizeof(data), "send"))
goto cleanup;
err = listen(serv, 0);
if (!ASSERT_OK(err, "listen"))
goto cleanup;
err = accept(serv, NULL, NULL);
if (!ASSERT_GE(err, 0, "accept"))
goto cleanup;
close(serv);
serv = err;
}
addr_len = src_addr_len = sizeof(struct sockaddr_storage);
err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len);
if (!ASSERT_EQ(err, sizeof(data), "recvfrom"))
goto cleanup;
ASSERT_EQ(data, 'a', "data mismatch");
if (test->expected_src_addr) {
err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
&addr, &addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false);
if (!ASSERT_EQ(err, 0, "cmp_addr"))
goto cleanup;
}
cleanup:
err = 0;
err:
if (client != -1)
test->ops->close(client);
if (serv != -1)
close(serv);
return err;
}
static int test_getsockname(struct sock_addr_test *test)
{
struct sockaddr_storage expected_addr;
socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
int serv = -1, err;
serv = test->ops->start_server(test->socket_family, test->socket_type,
test->requested_addr, test->requested_port, 0);
if (!ASSERT_GE(serv, 0, "start_server"))
goto cleanup;
err = make_sockaddr(test->socket_family,
test->expected_addr, test->expected_port,
&expected_addr, &expected_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true);
if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
goto cleanup;
cleanup:
if (serv != -1)
test->ops->close(serv);
return 0;
}
static int test_getpeername(struct sock_addr_test *test)
{
struct sockaddr_storage addr, expected_addr;
socklen_t addr_len = sizeof(struct sockaddr_storage),
expected_addr_len = sizeof(struct sockaddr_storage);
int serv = -1, client = -1, err;
serv = start_server(test->socket_family, test->socket_type,
test->requested_addr, test->requested_port, 0);
if (!ASSERT_GE(serv, 0, "start_server"))
goto cleanup;
err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
&addr, &addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
NULL);
if (!ASSERT_GE(client, 0, "connect_to_addr"))
goto cleanup;
err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
&expected_addr, &expected_addr_len);
if (!ASSERT_EQ(err, 0, "make_sockaddr"))
goto cleanup;
err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
expected_addr_len, true);
if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
goto cleanup;
cleanup:
if (client != -1)
test->ops->close(client);
if (serv != -1)
close(serv);
return 0;
}
static int setup_test_env(struct nstoken **tok)
{
int err;
SYS_NOFAIL("ip netns delete %s", TEST_NS);
SYS(fail, "ip netns add %s", TEST_NS);
*tok = open_netns(TEST_NS);
if (!ASSERT_OK_PTR(*tok, "netns token"))
goto fail;
SYS(fail, "ip link add dev %s1 type veth peer name %s2", TEST_IF_PREFIX,
TEST_IF_PREFIX);
SYS(fail, "ip link set lo up");
SYS(fail, "ip link set %s1 up", TEST_IF_PREFIX);
SYS(fail, "ip link set %s2 up", TEST_IF_PREFIX);
SYS(fail, "ip -4 addr add %s/8 dev %s1", TEST_IPV4, TEST_IF_PREFIX);
SYS(fail, "ip -6 addr add %s/128 nodad dev %s1", TEST_IPV6, TEST_IF_PREFIX);
err = 0;
goto out;
fail:
err = -1;
close_netns(*tok);
*tok = NULL;
SYS_NOFAIL("ip netns delete %s", TEST_NS);
out:
return err;
}
static void cleanup_test_env(struct nstoken *tok)
{
close_netns(tok);
SYS_NOFAIL("ip netns delete %s", TEST_NS);
}
void test_sock_addr(void)
{
struct nstoken *tok = NULL;
int cgroup_fd = -1;
void *skel;
cgroup_fd = test__join_cgroup("/sock_addr");
if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup"))
goto cleanup;
if (!ASSERT_OK(setup_test_env(&tok), "setup_test_env"))
goto cleanup;
if (!ASSERT_OK(load_sock_addr_kern(), "load_sock_addr_kern"))
goto cleanup;
for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) {
struct sock_addr_test *test = &tests[i];
int err;
if (!test__start_subtest(test->name))
continue;
skel = test->loadfn(cgroup_fd, test->attach_type,
test->expected_result == LOAD_REJECT ||
test->expected_result == ATTACH_REJECT);
if (!skel)
continue;
switch (test->type) {
/* Not exercised yet but we leave this code here for when the
* INET and INET6 sockaddr tests are migrated to this file in
* the future.
*/
case SOCK_ADDR_TEST_BIND:
err = test_bind(test);
break;
case SOCK_ADDR_TEST_CONNECT:
err = test_connect(test);
break;
case SOCK_ADDR_TEST_SENDMSG:
case SOCK_ADDR_TEST_RECVMSG:
err = test_xmsg(test);
break;
case SOCK_ADDR_TEST_GETSOCKNAME:
err = test_getsockname(test);
break;
case SOCK_ADDR_TEST_GETPEERNAME:
err = test_getpeername(test);
break;
default:
ASSERT_TRUE(false, "Unknown sock addr test type");
err = -EINVAL;
break;
}
if (test->expected_result == SYSCALL_EPERM)
ASSERT_EQ(err, EPERM, "socket operation returns EPERM");
else if (test->expected_result == SYSCALL_ENOTSUPP)
ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP");
else if (test->expected_result == SUCCESS)
ASSERT_OK(err, "socket operation succeeds");
test->destroyfn(skel);
}
cleanup:
unload_sock_addr_kern();
cleanup_test_env(tok);
if (cgroup_fd >= 0)
close(cgroup_fd);
}