Loading...
1// SPDX-License-Identifier: GPL-2.0
2#include <sys/un.h>
3
4#include "test_progs.h"
5
6#include "sock_addr_kern.skel.h"
7#include "bind4_prog.skel.h"
8#include "bind6_prog.skel.h"
9#include "connect_unix_prog.skel.h"
10#include "connect4_prog.skel.h"
11#include "connect6_prog.skel.h"
12#include "sendmsg4_prog.skel.h"
13#include "sendmsg6_prog.skel.h"
14#include "recvmsg4_prog.skel.h"
15#include "recvmsg6_prog.skel.h"
16#include "sendmsg_unix_prog.skel.h"
17#include "recvmsg_unix_prog.skel.h"
18#include "getsockname4_prog.skel.h"
19#include "getsockname6_prog.skel.h"
20#include "getsockname_unix_prog.skel.h"
21#include "getpeername4_prog.skel.h"
22#include "getpeername6_prog.skel.h"
23#include "getpeername_unix_prog.skel.h"
24#include "network_helpers.h"
25
26#define TEST_NS "sock_addr"
27#define TEST_IF_PREFIX "test_sock_addr"
28#define TEST_IPV4 "127.0.0.4"
29#define TEST_IPV6 "::6"
30
31#define SERV4_IP "192.168.1.254"
32#define SERV4_REWRITE_IP "127.0.0.1"
33#define SRC4_IP "172.16.0.1"
34#define SRC4_REWRITE_IP TEST_IPV4
35#define SERV4_PORT 4040
36#define SERV4_REWRITE_PORT 4444
37
38#define SERV6_IP "face:b00c:1234:5678::abcd"
39#define SERV6_REWRITE_IP "::1"
40#define SERV6_V4MAPPED_IP "::ffff:192.168.0.4"
41#define SRC6_IP "::1"
42#define SRC6_REWRITE_IP TEST_IPV6
43#define WILDCARD6_IP "::"
44#define SERV6_PORT 6060
45#define SERV6_REWRITE_PORT 6666
46
47#define SERVUN_ADDRESS "bpf_cgroup_unix_test"
48#define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite"
49#define SRCUN_ADDRESS "bpf_cgroup_unix_test_src"
50
51#define save_errno_do(op) ({ int __save = errno; op; errno = __save; })
52
53enum sock_addr_test_type {
54 SOCK_ADDR_TEST_BIND,
55 SOCK_ADDR_TEST_CONNECT,
56 SOCK_ADDR_TEST_SENDMSG,
57 SOCK_ADDR_TEST_RECVMSG,
58 SOCK_ADDR_TEST_GETSOCKNAME,
59 SOCK_ADDR_TEST_GETPEERNAME,
60};
61
62typedef void *(*load_fn)(int cgroup_fd,
63 enum bpf_attach_type attach_type,
64 bool expect_reject);
65typedef void (*destroy_fn)(void *skel);
66
67static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
68 const struct sockaddr_storage *addr2, socklen_t addr2_len,
69 bool cmp_port);
70
71struct init_sock_args {
72 int af;
73 int type;
74};
75
76struct addr_args {
77 char addr[sizeof(struct sockaddr_storage)];
78 int addrlen;
79};
80
81struct sendmsg_args {
82 struct addr_args addr;
83 char msg[10];
84 int msglen;
85};
86
87static struct sock_addr_kern *skel;
88
89static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size)
90{
91 LIBBPF_OPTS(bpf_test_run_opts, topts);
92 struct bpf_program *prog;
93 int prog_fd, err;
94
95 topts.ctx_in = ctx;
96 topts.ctx_size_in = ctx_size;
97
98 prog = bpf_object__find_program_by_name(skel->obj, prog_name);
99 if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
100 goto err;
101
102 prog_fd = bpf_program__fd(prog);
103 err = bpf_prog_test_run_opts(prog_fd, &topts);
104 if (!ASSERT_OK(err, prog_name))
105 goto err;
106
107 err = topts.retval;
108 errno = -topts.retval;
109 goto out;
110err:
111 err = -1;
112out:
113 return err;
114}
115
116static int kernel_init_sock(int af, int type, int protocol)
117{
118 struct init_sock_args args = {
119 .af = af,
120 .type = type,
121 };
122
123 return run_bpf_prog("init_sock", &args, sizeof(args));
124}
125
126static int kernel_close_sock(int fd)
127{
128 return run_bpf_prog("close_sock", NULL, 0);
129}
130
131static int sock_addr_op(const char *name, struct sockaddr *addr,
132 socklen_t *addrlen, bool expect_change)
133{
134 struct addr_args args;
135 int err;
136
137 if (addrlen)
138 args.addrlen = *addrlen;
139
140 if (addr)
141 memcpy(&args.addr, addr, *addrlen);
142
143 err = run_bpf_prog(name, &args, sizeof(args));
144
145 if (!expect_change && addr)
146 if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
147 *addrlen,
148 (struct sockaddr_storage *)&args.addr,
149 args.addrlen, 1),
150 0, "address_param_modified"))
151 return -1;
152
153 if (addrlen)
154 *addrlen = args.addrlen;
155
156 if (addr)
157 memcpy(addr, &args.addr, *addrlen);
158
159 return err;
160}
161
162static int send_msg_op(const char *name, struct sockaddr *addr,
163 socklen_t addrlen, const char *msg, int msglen)
164{
165 struct sendmsg_args args;
166 int err;
167
168 memset(&args, 0, sizeof(args));
169 memcpy(&args.addr.addr, addr, addrlen);
170 args.addr.addrlen = addrlen;
171 memcpy(args.msg, msg, msglen);
172 args.msglen = msglen;
173
174 err = run_bpf_prog(name, &args, sizeof(args));
175
176 if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
177 addrlen,
178 (struct sockaddr_storage *)&args.addr.addr,
179 args.addr.addrlen, 1),
180 0, "address_param_modified"))
181 return -1;
182
183 return err;
184}
185
186static int kernel_connect(struct sockaddr *addr, socklen_t addrlen)
187{
188 return sock_addr_op("kernel_connect", addr, &addrlen, false);
189}
190
191static int kernel_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
192{
193 return sock_addr_op("kernel_bind", addr, &addrlen, false);
194}
195
196static int kernel_listen(void)
197{
198 return sock_addr_op("kernel_listen", NULL, NULL, false);
199}
200
201static int kernel_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
202 char *msg, int msglen)
203{
204 return send_msg_op("kernel_sendmsg", addr, addrlen, msg, msglen);
205}
206
207static int sock_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
208 char *msg, int msglen)
209{
210 return send_msg_op("sock_sendmsg", addr, addrlen, msg, msglen);
211}
212
213static int kernel_getsockname(int fd, struct sockaddr *addr, socklen_t *addrlen)
214{
215 return sock_addr_op("kernel_getsockname", addr, addrlen, true);
216}
217
218static int kernel_getpeername(int fd, struct sockaddr *addr, socklen_t *addrlen)
219{
220 return sock_addr_op("kernel_getpeername", addr, addrlen, true);
221}
222
223int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, socklen_t addrlen,
224 const struct network_helper_opts *opts)
225{
226 int err;
227
228 if (!ASSERT_OK(kernel_init_sock(addr->ss_family, type, 0),
229 "kernel_init_sock"))
230 goto err;
231
232 if (kernel_connect((struct sockaddr *)addr, addrlen) < 0)
233 goto err;
234
235 /* Test code expects a "file descriptor" on success. */
236 err = 1;
237 goto out;
238err:
239 err = -1;
240 save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
241out:
242 return err;
243}
244
245int kernel_start_server(int family, int type, const char *addr_str, __u16 port,
246 int timeout_ms)
247{
248 struct sockaddr_storage addr;
249 socklen_t addrlen;
250 int err;
251
252 if (!ASSERT_OK(kernel_init_sock(family, type, 0), "kernel_init_sock"))
253 goto err;
254
255 if (make_sockaddr(family, addr_str, port, &addr, &addrlen))
256 goto err;
257
258 if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0)
259 goto err;
260
261 if (type == SOCK_STREAM) {
262 if (!ASSERT_OK(kernel_listen(), "kernel_listen"))
263 goto err;
264 }
265
266 /* Test code expects a "file descriptor" on success. */
267 err = 1;
268 goto out;
269err:
270 err = -1;
271 save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
272out:
273 return err;
274}
275
276struct sock_ops {
277 int (*connect_to_addr)(int type, const struct sockaddr_storage *addr,
278 socklen_t addrlen,
279 const struct network_helper_opts *opts);
280 int (*start_server)(int family, int type, const char *addr_str,
281 __u16 port, int timeout_ms);
282 int (*socket)(int famil, int type, int protocol);
283 int (*bind)(int fd, struct sockaddr *addr, socklen_t addrlen);
284 int (*getsockname)(int fd, struct sockaddr *addr, socklen_t *addrlen);
285 int (*getpeername)(int fd, struct sockaddr *addr, socklen_t *addrlen);
286 int (*sendmsg)(int fd, struct sockaddr *addr, socklen_t addrlen,
287 char *msg, int msglen);
288 int (*close)(int fd);
289};
290
291static int user_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
292 char *msg, int msglen)
293{
294 struct msghdr hdr;
295 struct iovec iov;
296
297 memset(&iov, 0, sizeof(iov));
298 iov.iov_base = msg;
299 iov.iov_len = msglen;
300
301 memset(&hdr, 0, sizeof(hdr));
302 hdr.msg_name = (void *)addr;
303 hdr.msg_namelen = addrlen;
304 hdr.msg_iov = &iov;
305 hdr.msg_iovlen = 1;
306
307 return sendmsg(fd, &hdr, 0);
308}
309
310static int user_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
311{
312 return bind(fd, (const struct sockaddr *)addr, addrlen);
313}
314
315struct sock_ops user_ops = {
316 .connect_to_addr = connect_to_addr,
317 .start_server = start_server,
318 .socket = socket,
319 .bind = user_bind,
320 .getsockname = getsockname,
321 .getpeername = getpeername,
322 .sendmsg = user_sendmsg,
323 .close = close,
324};
325
326struct sock_ops kern_ops_sock_sendmsg = {
327 .connect_to_addr = kernel_connect_to_addr,
328 .start_server = kernel_start_server,
329 .socket = kernel_init_sock,
330 .bind = kernel_bind,
331 .getsockname = kernel_getsockname,
332 .getpeername = kernel_getpeername,
333 .sendmsg = sock_sendmsg,
334 .close = kernel_close_sock,
335};
336
337struct sock_ops kern_ops_kernel_sendmsg = {
338 .connect_to_addr = kernel_connect_to_addr,
339 .start_server = kernel_start_server,
340 .socket = kernel_init_sock,
341 .bind = kernel_bind,
342 .getsockname = kernel_getsockname,
343 .getpeername = kernel_getpeername,
344 .sendmsg = kernel_sendmsg,
345 .close = kernel_close_sock,
346};
347
348struct sock_addr_test {
349 enum sock_addr_test_type type;
350 const char *name;
351 /* BPF prog properties */
352 load_fn loadfn;
353 destroy_fn destroyfn;
354 enum bpf_attach_type attach_type;
355 /* Socket operations */
356 struct sock_ops *ops;
357 /* Socket properties */
358 int socket_family;
359 int socket_type;
360 /* IP:port pairs for BPF prog to override */
361 const char *requested_addr;
362 unsigned short requested_port;
363 const char *expected_addr;
364 unsigned short expected_port;
365 const char *expected_src_addr;
366 /* Expected test result */
367 enum {
368 LOAD_REJECT,
369 ATTACH_REJECT,
370 SYSCALL_EPERM,
371 SYSCALL_ENOTSUPP,
372 SUCCESS,
373 } expected_result;
374};
375
376#define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \
377static void *prog_name##_load_raw(int cgroup_fd, \
378 enum bpf_attach_type attach_type, \
379 bool expect_reject) \
380{ \
381 struct skel_name *skel = skel_name##__open(); \
382 int prog_fd = -1; \
383 if (!ASSERT_OK_PTR(skel, "skel_open")) \
384 goto cleanup; \
385 if (!ASSERT_OK(skel_name##__load(skel), "load")) \
386 goto cleanup; \
387 prog_fd = bpf_program__fd(skel->progs.prog_name); \
388 if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \
389 goto cleanup; \
390 if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \
391 BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \
392 ASSERT_TRUE(expect_reject, "unexpected rejection"); \
393 goto cleanup; \
394 } \
395 if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
396 goto cleanup; \
397cleanup: \
398 if (prog_fd > 0) \
399 bpf_prog_detach(cgroup_fd, attach_type); \
400 skel_name##__destroy(skel); \
401 return NULL; \
402} \
403static void prog_name##_destroy_raw(void *progfd) \
404{ \
405 /* No-op. *_load_raw does all cleanup. */ \
406} \
407
408#define BPF_SKEL_FUNCS(skel_name, prog_name) \
409static void *prog_name##_load(int cgroup_fd, \
410 enum bpf_attach_type attach_type, \
411 bool expect_reject) \
412{ \
413 struct skel_name *skel = skel_name##__open(); \
414 if (!ASSERT_OK_PTR(skel, "skel_open")) \
415 goto cleanup; \
416 if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \
417 attach_type), \
418 "set_expected_attach_type")) \
419 goto cleanup; \
420 if (skel_name##__load(skel)) { \
421 ASSERT_TRUE(expect_reject, "unexpected rejection"); \
422 goto cleanup; \
423 } \
424 if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
425 goto cleanup; \
426 skel->links.prog_name = bpf_program__attach_cgroup( \
427 skel->progs.prog_name, cgroup_fd); \
428 if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \
429 goto cleanup; \
430 return skel; \
431cleanup: \
432 skel_name##__destroy(skel); \
433 return NULL; \
434} \
435static void prog_name##_destroy(void *skel) \
436{ \
437 skel_name##__destroy(skel); \
438}
439
440BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog);
441BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog);
442BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog);
443BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog);
444BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog);
445BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog);
446BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog);
447BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog);
448BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog);
449BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog);
450BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog);
451BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog);
452BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog);
453BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog);
454BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog);
455BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog);
456BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog);
457BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog);
458BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog);
459BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog);
460BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog);
461BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog);
462BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog);
463BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog);
464BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog);
465BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog);
466BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog);
467BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog);
468BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog);
469BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog);
470BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog);
471BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog);
472BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog);
473BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog);
474BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog);
475BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog);
476BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog);
477BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog);
478BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog);
479BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog);
480BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog);
481BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog);
482BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog);
483BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog);
484BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog);
485
486static struct sock_addr_test tests[] = {
487 /* bind - system calls */
488 {
489 SOCK_ADDR_TEST_BIND,
490 "bind4: bind (stream)",
491 bind_v4_prog_load,
492 bind_v4_prog_destroy,
493 BPF_CGROUP_INET4_BIND,
494 &user_ops,
495 AF_INET,
496 SOCK_STREAM,
497 SERV4_IP,
498 SERV4_PORT,
499 SERV4_REWRITE_IP,
500 SERV4_REWRITE_PORT,
501 NULL,
502 SUCCESS,
503 },
504 {
505 SOCK_ADDR_TEST_BIND,
506 "bind4: bind deny (stream)",
507 bind_v4_deny_prog_load,
508 bind_v4_deny_prog_destroy,
509 BPF_CGROUP_INET4_BIND,
510 &user_ops,
511 AF_INET,
512 SOCK_STREAM,
513 SERV4_IP,
514 SERV4_PORT,
515 SERV4_REWRITE_IP,
516 SERV4_REWRITE_PORT,
517 NULL,
518 SYSCALL_EPERM,
519 },
520 {
521 SOCK_ADDR_TEST_BIND,
522 "bind4: bind (dgram)",
523 bind_v4_prog_load,
524 bind_v4_prog_destroy,
525 BPF_CGROUP_INET4_BIND,
526 &user_ops,
527 AF_INET,
528 SOCK_DGRAM,
529 SERV4_IP,
530 SERV4_PORT,
531 SERV4_REWRITE_IP,
532 SERV4_REWRITE_PORT,
533 NULL,
534 SUCCESS,
535 },
536 {
537 SOCK_ADDR_TEST_BIND,
538 "bind4: bind deny (dgram)",
539 bind_v4_deny_prog_load,
540 bind_v4_deny_prog_destroy,
541 BPF_CGROUP_INET4_BIND,
542 &user_ops,
543 AF_INET,
544 SOCK_DGRAM,
545 SERV4_IP,
546 SERV4_PORT,
547 SERV4_REWRITE_IP,
548 SERV4_REWRITE_PORT,
549 NULL,
550 SYSCALL_EPERM,
551 },
552 {
553 SOCK_ADDR_TEST_BIND,
554 "bind4: load prog with wrong expected attach type",
555 bind_v4_prog_load,
556 bind_v4_prog_destroy,
557 BPF_CGROUP_INET6_BIND,
558 &user_ops,
559 AF_INET,
560 SOCK_STREAM,
561 NULL,
562 0,
563 NULL,
564 0,
565 NULL,
566 LOAD_REJECT,
567 },
568 {
569 SOCK_ADDR_TEST_BIND,
570 "bind4: attach prog with wrong attach type",
571 bind_v4_prog_load_raw,
572 bind_v4_prog_destroy_raw,
573 BPF_CGROUP_INET6_BIND,
574 &user_ops,
575 AF_INET,
576 SOCK_STREAM,
577 NULL,
578 0,
579 NULL,
580 0,
581 NULL,
582 ATTACH_REJECT,
583 },
584 {
585 SOCK_ADDR_TEST_BIND,
586 "bind6: bind (stream)",
587 bind_v6_prog_load,
588 bind_v6_prog_destroy,
589 BPF_CGROUP_INET6_BIND,
590 &user_ops,
591 AF_INET6,
592 SOCK_STREAM,
593 SERV6_IP,
594 SERV6_PORT,
595 SERV6_REWRITE_IP,
596 SERV6_REWRITE_PORT,
597 NULL,
598 SUCCESS,
599 },
600 {
601 SOCK_ADDR_TEST_BIND,
602 "bind6: bind deny (stream)",
603 bind_v6_deny_prog_load,
604 bind_v6_deny_prog_destroy,
605 BPF_CGROUP_INET6_BIND,
606 &user_ops,
607 AF_INET6,
608 SOCK_STREAM,
609 SERV6_IP,
610 SERV6_PORT,
611 SERV6_REWRITE_IP,
612 SERV6_REWRITE_PORT,
613 NULL,
614 SYSCALL_EPERM,
615 },
616 {
617 SOCK_ADDR_TEST_BIND,
618 "bind6: bind (dgram)",
619 bind_v6_prog_load,
620 bind_v6_prog_destroy,
621 BPF_CGROUP_INET6_BIND,
622 &user_ops,
623 AF_INET6,
624 SOCK_DGRAM,
625 SERV6_IP,
626 SERV6_PORT,
627 SERV6_REWRITE_IP,
628 SERV6_REWRITE_PORT,
629 NULL,
630 SUCCESS,
631 },
632 {
633 SOCK_ADDR_TEST_BIND,
634 "bind6: bind deny (dgram)",
635 bind_v6_deny_prog_load,
636 bind_v6_deny_prog_destroy,
637 BPF_CGROUP_INET6_BIND,
638 &user_ops,
639 AF_INET6,
640 SOCK_DGRAM,
641 SERV6_IP,
642 SERV6_PORT,
643 SERV6_REWRITE_IP,
644 SERV6_REWRITE_PORT,
645 NULL,
646 SYSCALL_EPERM,
647 },
648 {
649 SOCK_ADDR_TEST_BIND,
650 "bind6: load prog with wrong expected attach type",
651 bind_v6_prog_load,
652 bind_v6_prog_destroy,
653 BPF_CGROUP_INET4_BIND,
654 &user_ops,
655 AF_INET6,
656 SOCK_STREAM,
657 NULL,
658 0,
659 NULL,
660 0,
661 NULL,
662 LOAD_REJECT,
663 },
664 {
665 SOCK_ADDR_TEST_BIND,
666 "bind6: attach prog with wrong attach type",
667 bind_v6_prog_load_raw,
668 bind_v6_prog_destroy_raw,
669 BPF_CGROUP_INET4_BIND,
670 &user_ops,
671 AF_INET,
672 SOCK_STREAM,
673 NULL,
674 0,
675 NULL,
676 0,
677 NULL,
678 ATTACH_REJECT,
679 },
680
681 /* bind - kernel calls */
682 {
683 SOCK_ADDR_TEST_BIND,
684 "bind4: kernel_bind (stream)",
685 bind_v4_prog_load,
686 bind_v4_prog_destroy,
687 BPF_CGROUP_INET4_BIND,
688 &kern_ops_sock_sendmsg,
689 AF_INET,
690 SOCK_STREAM,
691 SERV4_IP,
692 SERV4_PORT,
693 SERV4_REWRITE_IP,
694 SERV4_REWRITE_PORT,
695 NULL,
696 SUCCESS,
697 },
698 {
699 SOCK_ADDR_TEST_BIND,
700 "bind4: kernel_bind deny (stream)",
701 bind_v4_deny_prog_load,
702 bind_v4_deny_prog_destroy,
703 BPF_CGROUP_INET4_BIND,
704 &kern_ops_sock_sendmsg,
705 AF_INET,
706 SOCK_STREAM,
707 SERV4_IP,
708 SERV4_PORT,
709 SERV4_REWRITE_IP,
710 SERV4_REWRITE_PORT,
711 NULL,
712 SYSCALL_EPERM,
713 },
714 {
715 SOCK_ADDR_TEST_BIND,
716 "bind4: kernel_bind (dgram)",
717 bind_v4_prog_load,
718 bind_v4_prog_destroy,
719 BPF_CGROUP_INET4_BIND,
720 &kern_ops_sock_sendmsg,
721 AF_INET,
722 SOCK_DGRAM,
723 SERV4_IP,
724 SERV4_PORT,
725 SERV4_REWRITE_IP,
726 SERV4_REWRITE_PORT,
727 NULL,
728 SUCCESS,
729 },
730 {
731 SOCK_ADDR_TEST_BIND,
732 "bind4: kernel_bind deny (dgram)",
733 bind_v4_deny_prog_load,
734 bind_v4_deny_prog_destroy,
735 BPF_CGROUP_INET4_BIND,
736 &kern_ops_sock_sendmsg,
737 AF_INET,
738 SOCK_DGRAM,
739 SERV4_IP,
740 SERV4_PORT,
741 SERV4_REWRITE_IP,
742 SERV4_REWRITE_PORT,
743 NULL,
744 SYSCALL_EPERM,
745 },
746 {
747 SOCK_ADDR_TEST_BIND,
748 "bind6: kernel_bind (stream)",
749 bind_v6_prog_load,
750 bind_v6_prog_destroy,
751 BPF_CGROUP_INET6_BIND,
752 &kern_ops_sock_sendmsg,
753 AF_INET6,
754 SOCK_STREAM,
755 SERV6_IP,
756 SERV6_PORT,
757 SERV6_REWRITE_IP,
758 SERV6_REWRITE_PORT,
759 NULL,
760 SUCCESS,
761 },
762 {
763 SOCK_ADDR_TEST_BIND,
764 "bind6: kernel_bind deny (stream)",
765 bind_v6_deny_prog_load,
766 bind_v6_deny_prog_destroy,
767 BPF_CGROUP_INET6_BIND,
768 &kern_ops_sock_sendmsg,
769 AF_INET6,
770 SOCK_STREAM,
771 SERV6_IP,
772 SERV6_PORT,
773 SERV6_REWRITE_IP,
774 SERV6_REWRITE_PORT,
775 NULL,
776 SYSCALL_EPERM,
777 },
778 {
779 SOCK_ADDR_TEST_BIND,
780 "bind6: kernel_bind (dgram)",
781 bind_v6_prog_load,
782 bind_v6_prog_destroy,
783 BPF_CGROUP_INET6_BIND,
784 &kern_ops_sock_sendmsg,
785 AF_INET6,
786 SOCK_DGRAM,
787 SERV6_IP,
788 SERV6_PORT,
789 SERV6_REWRITE_IP,
790 SERV6_REWRITE_PORT,
791 NULL,
792 SUCCESS,
793 },
794 {
795 SOCK_ADDR_TEST_BIND,
796 "bind6: kernel_bind deny (dgram)",
797 bind_v6_deny_prog_load,
798 bind_v6_deny_prog_destroy,
799 BPF_CGROUP_INET6_BIND,
800 &kern_ops_sock_sendmsg,
801 AF_INET6,
802 SOCK_DGRAM,
803 SERV6_IP,
804 SERV6_PORT,
805 SERV6_REWRITE_IP,
806 SERV6_REWRITE_PORT,
807 NULL,
808 SYSCALL_EPERM,
809 },
810
811 /* connect - system calls */
812 {
813 SOCK_ADDR_TEST_CONNECT,
814 "connect4: connect (stream)",
815 connect_v4_prog_load,
816 connect_v4_prog_destroy,
817 BPF_CGROUP_INET4_CONNECT,
818 &user_ops,
819 AF_INET,
820 SOCK_STREAM,
821 SERV4_IP,
822 SERV4_PORT,
823 SERV4_REWRITE_IP,
824 SERV4_REWRITE_PORT,
825 SRC4_REWRITE_IP,
826 SUCCESS,
827 },
828 {
829 SOCK_ADDR_TEST_CONNECT,
830 "connect4: connect deny (stream)",
831 connect_v4_deny_prog_load,
832 connect_v4_deny_prog_destroy,
833 BPF_CGROUP_INET4_CONNECT,
834 &user_ops,
835 AF_INET,
836 SOCK_STREAM,
837 SERV4_IP,
838 SERV4_PORT,
839 SERV4_REWRITE_IP,
840 SERV4_REWRITE_PORT,
841 SRC4_REWRITE_IP,
842 SYSCALL_EPERM,
843 },
844 {
845 SOCK_ADDR_TEST_CONNECT,
846 "connect4: connect (dgram)",
847 connect_v4_prog_load,
848 connect_v4_prog_destroy,
849 BPF_CGROUP_INET4_CONNECT,
850 &user_ops,
851 AF_INET,
852 SOCK_DGRAM,
853 SERV4_IP,
854 SERV4_PORT,
855 SERV4_REWRITE_IP,
856 SERV4_REWRITE_PORT,
857 SRC4_REWRITE_IP,
858 SUCCESS,
859 },
860 {
861 SOCK_ADDR_TEST_CONNECT,
862 "connect4: connect deny (dgram)",
863 connect_v4_deny_prog_load,
864 connect_v4_deny_prog_destroy,
865 BPF_CGROUP_INET4_CONNECT,
866 &user_ops,
867 AF_INET,
868 SOCK_DGRAM,
869 SERV4_IP,
870 SERV4_PORT,
871 SERV4_REWRITE_IP,
872 SERV4_REWRITE_PORT,
873 SRC4_REWRITE_IP,
874 SYSCALL_EPERM,
875 },
876 {
877 SOCK_ADDR_TEST_CONNECT,
878 "connect4: load prog with wrong expected attach type",
879 connect_v4_prog_load,
880 connect_v4_prog_destroy,
881 BPF_CGROUP_INET6_CONNECT,
882 &user_ops,
883 AF_INET,
884 SOCK_STREAM,
885 NULL,
886 0,
887 NULL,
888 0,
889 NULL,
890 LOAD_REJECT,
891 },
892 {
893 SOCK_ADDR_TEST_CONNECT,
894 "connect4: attach prog with wrong attach type",
895 connect_v4_prog_load_raw,
896 connect_v4_prog_destroy_raw,
897 BPF_CGROUP_INET6_CONNECT,
898 &user_ops,
899 AF_INET,
900 SOCK_STREAM,
901 NULL,
902 0,
903 NULL,
904 0,
905 NULL,
906 ATTACH_REJECT,
907 },
908 {
909 SOCK_ADDR_TEST_CONNECT,
910 "connect6: connect (stream)",
911 connect_v6_prog_load,
912 connect_v6_prog_destroy,
913 BPF_CGROUP_INET6_CONNECT,
914 &user_ops,
915 AF_INET6,
916 SOCK_STREAM,
917 SERV6_IP,
918 SERV6_PORT,
919 SERV6_REWRITE_IP,
920 SERV6_REWRITE_PORT,
921 SRC6_REWRITE_IP,
922 SUCCESS,
923 },
924 {
925 SOCK_ADDR_TEST_CONNECT,
926 "connect6: connect deny (stream)",
927 connect_v6_deny_prog_load,
928 connect_v6_deny_prog_destroy,
929 BPF_CGROUP_INET6_CONNECT,
930 &user_ops,
931 AF_INET6,
932 SOCK_STREAM,
933 SERV6_IP,
934 SERV6_PORT,
935 SERV6_REWRITE_IP,
936 SERV6_REWRITE_PORT,
937 SRC6_REWRITE_IP,
938 SYSCALL_EPERM,
939 },
940 {
941 SOCK_ADDR_TEST_CONNECT,
942 "connect6: connect (dgram)",
943 connect_v6_prog_load,
944 connect_v6_prog_destroy,
945 BPF_CGROUP_INET6_CONNECT,
946 &user_ops,
947 AF_INET6,
948 SOCK_DGRAM,
949 SERV6_IP,
950 SERV6_PORT,
951 SERV6_REWRITE_IP,
952 SERV6_REWRITE_PORT,
953 SRC6_REWRITE_IP,
954 SUCCESS,
955 },
956 {
957 SOCK_ADDR_TEST_CONNECT,
958 "connect6: connect deny (dgram)",
959 connect_v6_deny_prog_load,
960 connect_v6_deny_prog_destroy,
961 BPF_CGROUP_INET6_CONNECT,
962 &user_ops,
963 AF_INET6,
964 SOCK_DGRAM,
965 SERV6_IP,
966 SERV6_PORT,
967 SERV6_REWRITE_IP,
968 SERV6_REWRITE_PORT,
969 SRC6_REWRITE_IP,
970 SYSCALL_EPERM,
971 },
972 {
973 SOCK_ADDR_TEST_CONNECT,
974 "connect6: load prog with wrong expected attach type",
975 connect_v6_prog_load,
976 connect_v6_prog_destroy,
977 BPF_CGROUP_INET4_CONNECT,
978 &user_ops,
979 AF_INET6,
980 SOCK_STREAM,
981 NULL,
982 0,
983 NULL,
984 0,
985 NULL,
986 LOAD_REJECT,
987 },
988 {
989 SOCK_ADDR_TEST_CONNECT,
990 "connect6: attach prog with wrong attach type",
991 connect_v6_prog_load_raw,
992 connect_v6_prog_destroy_raw,
993 BPF_CGROUP_INET4_CONNECT,
994 &user_ops,
995 AF_INET,
996 SOCK_STREAM,
997 NULL,
998 0,
999 NULL,
1000 0,
1001 NULL,
1002 ATTACH_REJECT,
1003 },
1004 {
1005 SOCK_ADDR_TEST_CONNECT,
1006 "connect_unix: connect (stream)",
1007 connect_unix_prog_load,
1008 connect_unix_prog_destroy,
1009 BPF_CGROUP_UNIX_CONNECT,
1010 &user_ops,
1011 AF_UNIX,
1012 SOCK_STREAM,
1013 SERVUN_ADDRESS,
1014 0,
1015 SERVUN_REWRITE_ADDRESS,
1016 0,
1017 NULL,
1018 SUCCESS,
1019 },
1020 {
1021 SOCK_ADDR_TEST_CONNECT,
1022 "connect_unix: connect deny (stream)",
1023 connect_unix_deny_prog_load,
1024 connect_unix_deny_prog_destroy,
1025 BPF_CGROUP_UNIX_CONNECT,
1026 &user_ops,
1027 AF_UNIX,
1028 SOCK_STREAM,
1029 SERVUN_ADDRESS,
1030 0,
1031 SERVUN_REWRITE_ADDRESS,
1032 0,
1033 NULL,
1034 SYSCALL_EPERM,
1035 },
1036 {
1037 SOCK_ADDR_TEST_CONNECT,
1038 "connect_unix: attach prog with wrong attach type",
1039 connect_unix_prog_load_raw,
1040 connect_unix_prog_destroy_raw,
1041 BPF_CGROUP_INET4_CONNECT,
1042 &user_ops,
1043 AF_UNIX,
1044 SOCK_STREAM,
1045 SERVUN_ADDRESS,
1046 0,
1047 SERVUN_REWRITE_ADDRESS,
1048 0,
1049 NULL,
1050 ATTACH_REJECT,
1051 },
1052
1053 /* connect - kernel calls */
1054 {
1055 SOCK_ADDR_TEST_CONNECT,
1056 "connect4: kernel_connect (stream)",
1057 connect_v4_prog_load,
1058 connect_v4_prog_destroy,
1059 BPF_CGROUP_INET4_CONNECT,
1060 &kern_ops_sock_sendmsg,
1061 AF_INET,
1062 SOCK_STREAM,
1063 SERV4_IP,
1064 SERV4_PORT,
1065 SERV4_REWRITE_IP,
1066 SERV4_REWRITE_PORT,
1067 SRC4_REWRITE_IP,
1068 SUCCESS,
1069 },
1070 {
1071 SOCK_ADDR_TEST_CONNECT,
1072 "connect4: kernel_connect deny (stream)",
1073 connect_v4_deny_prog_load,
1074 connect_v4_deny_prog_destroy,
1075 BPF_CGROUP_INET4_CONNECT,
1076 &kern_ops_sock_sendmsg,
1077 AF_INET,
1078 SOCK_STREAM,
1079 SERV4_IP,
1080 SERV4_PORT,
1081 SERV4_REWRITE_IP,
1082 SERV4_REWRITE_PORT,
1083 SRC4_REWRITE_IP,
1084 SYSCALL_EPERM,
1085 },
1086 {
1087 SOCK_ADDR_TEST_CONNECT,
1088 "connect4: kernel_connect (dgram)",
1089 connect_v4_prog_load,
1090 connect_v4_prog_destroy,
1091 BPF_CGROUP_INET4_CONNECT,
1092 &kern_ops_sock_sendmsg,
1093 AF_INET,
1094 SOCK_DGRAM,
1095 SERV4_IP,
1096 SERV4_PORT,
1097 SERV4_REWRITE_IP,
1098 SERV4_REWRITE_PORT,
1099 SRC4_REWRITE_IP,
1100 SUCCESS,
1101 },
1102 {
1103 SOCK_ADDR_TEST_CONNECT,
1104 "connect4: kernel_connect deny (dgram)",
1105 connect_v4_deny_prog_load,
1106 connect_v4_deny_prog_destroy,
1107 BPF_CGROUP_INET4_CONNECT,
1108 &kern_ops_sock_sendmsg,
1109 AF_INET,
1110 SOCK_DGRAM,
1111 SERV4_IP,
1112 SERV4_PORT,
1113 SERV4_REWRITE_IP,
1114 SERV4_REWRITE_PORT,
1115 SRC4_REWRITE_IP,
1116 SYSCALL_EPERM,
1117 },
1118 {
1119 SOCK_ADDR_TEST_CONNECT,
1120 "connect6: kernel_connect (stream)",
1121 connect_v6_prog_load,
1122 connect_v6_prog_destroy,
1123 BPF_CGROUP_INET6_CONNECT,
1124 &kern_ops_sock_sendmsg,
1125 AF_INET6,
1126 SOCK_STREAM,
1127 SERV6_IP,
1128 SERV6_PORT,
1129 SERV6_REWRITE_IP,
1130 SERV6_REWRITE_PORT,
1131 SRC6_REWRITE_IP,
1132 SUCCESS,
1133 },
1134 {
1135 SOCK_ADDR_TEST_CONNECT,
1136 "connect6: kernel_connect deny (stream)",
1137 connect_v6_deny_prog_load,
1138 connect_v6_deny_prog_destroy,
1139 BPF_CGROUP_INET6_CONNECT,
1140 &kern_ops_sock_sendmsg,
1141 AF_INET6,
1142 SOCK_STREAM,
1143 SERV6_IP,
1144 SERV6_PORT,
1145 SERV6_REWRITE_IP,
1146 SERV6_REWRITE_PORT,
1147 SRC6_REWRITE_IP,
1148 SYSCALL_EPERM,
1149 },
1150 {
1151 SOCK_ADDR_TEST_CONNECT,
1152 "connect6: kernel_connect (dgram)",
1153 connect_v6_prog_load,
1154 connect_v6_prog_destroy,
1155 BPF_CGROUP_INET6_CONNECT,
1156 &kern_ops_sock_sendmsg,
1157 AF_INET6,
1158 SOCK_DGRAM,
1159 SERV6_IP,
1160 SERV6_PORT,
1161 SERV6_REWRITE_IP,
1162 SERV6_REWRITE_PORT,
1163 SRC6_REWRITE_IP,
1164 SUCCESS,
1165 },
1166 {
1167 SOCK_ADDR_TEST_CONNECT,
1168 "connect6: kernel_connect deny (dgram)",
1169 connect_v6_deny_prog_load,
1170 connect_v6_deny_prog_destroy,
1171 BPF_CGROUP_INET6_CONNECT,
1172 &kern_ops_sock_sendmsg,
1173 AF_INET6,
1174 SOCK_DGRAM,
1175 SERV6_IP,
1176 SERV6_PORT,
1177 SERV6_REWRITE_IP,
1178 SERV6_REWRITE_PORT,
1179 SRC6_REWRITE_IP,
1180 SYSCALL_EPERM,
1181 },
1182 {
1183 SOCK_ADDR_TEST_CONNECT,
1184 "connect_unix: kernel_connect (dgram)",
1185 connect_unix_prog_load,
1186 connect_unix_prog_destroy,
1187 BPF_CGROUP_UNIX_CONNECT,
1188 &kern_ops_sock_sendmsg,
1189 AF_UNIX,
1190 SOCK_STREAM,
1191 SERVUN_ADDRESS,
1192 0,
1193 SERVUN_REWRITE_ADDRESS,
1194 0,
1195 NULL,
1196 SUCCESS,
1197 },
1198 {
1199 SOCK_ADDR_TEST_CONNECT,
1200 "connect_unix: kernel_connect deny (dgram)",
1201 connect_unix_deny_prog_load,
1202 connect_unix_deny_prog_destroy,
1203 BPF_CGROUP_UNIX_CONNECT,
1204 &kern_ops_sock_sendmsg,
1205 AF_UNIX,
1206 SOCK_STREAM,
1207 SERVUN_ADDRESS,
1208 0,
1209 SERVUN_REWRITE_ADDRESS,
1210 0,
1211 NULL,
1212 SYSCALL_EPERM,
1213 },
1214
1215 /* sendmsg - system calls */
1216 {
1217 SOCK_ADDR_TEST_SENDMSG,
1218 "sendmsg4: sendmsg (dgram)",
1219 sendmsg_v4_prog_load,
1220 sendmsg_v4_prog_destroy,
1221 BPF_CGROUP_UDP4_SENDMSG,
1222 &user_ops,
1223 AF_INET,
1224 SOCK_DGRAM,
1225 SERV4_IP,
1226 SERV4_PORT,
1227 SERV4_REWRITE_IP,
1228 SERV4_REWRITE_PORT,
1229 SRC4_REWRITE_IP,
1230 SUCCESS,
1231 },
1232 {
1233 SOCK_ADDR_TEST_SENDMSG,
1234 "sendmsg4: sendmsg deny (dgram)",
1235 sendmsg_v4_deny_prog_load,
1236 sendmsg_v4_deny_prog_destroy,
1237 BPF_CGROUP_UDP4_SENDMSG,
1238 &user_ops,
1239 AF_INET,
1240 SOCK_DGRAM,
1241 SERV4_IP,
1242 SERV4_PORT,
1243 SERV4_REWRITE_IP,
1244 SERV4_REWRITE_PORT,
1245 SRC4_REWRITE_IP,
1246 SYSCALL_EPERM,
1247 },
1248 {
1249 SOCK_ADDR_TEST_SENDMSG,
1250 "sendmsg4: load prog with wrong expected attach type",
1251 sendmsg_v4_prog_load,
1252 sendmsg_v4_prog_destroy,
1253 BPF_CGROUP_UDP6_SENDMSG,
1254 &user_ops,
1255 AF_INET,
1256 SOCK_DGRAM,
1257 NULL,
1258 0,
1259 NULL,
1260 0,
1261 NULL,
1262 LOAD_REJECT,
1263 },
1264 {
1265 SOCK_ADDR_TEST_SENDMSG,
1266 "sendmsg4: attach prog with wrong attach type",
1267 sendmsg_v4_prog_load_raw,
1268 sendmsg_v4_prog_destroy_raw,
1269 BPF_CGROUP_UDP6_SENDMSG,
1270 &user_ops,
1271 AF_INET,
1272 SOCK_DGRAM,
1273 NULL,
1274 0,
1275 NULL,
1276 0,
1277 NULL,
1278 ATTACH_REJECT,
1279 },
1280 {
1281 SOCK_ADDR_TEST_SENDMSG,
1282 "sendmsg6: sendmsg (dgram)",
1283 sendmsg_v6_prog_load,
1284 sendmsg_v6_prog_destroy,
1285 BPF_CGROUP_UDP6_SENDMSG,
1286 &user_ops,
1287 AF_INET6,
1288 SOCK_DGRAM,
1289 SERV6_IP,
1290 SERV6_PORT,
1291 SERV6_REWRITE_IP,
1292 SERV6_REWRITE_PORT,
1293 SRC6_REWRITE_IP,
1294 SUCCESS,
1295 },
1296 {
1297 SOCK_ADDR_TEST_SENDMSG,
1298 "sendmsg6: sendmsg [::] (BSD'ism) (dgram)",
1299 sendmsg_v6_preserve_dst_prog_load,
1300 sendmsg_v6_preserve_dst_prog_destroy,
1301 BPF_CGROUP_UDP6_SENDMSG,
1302 &user_ops,
1303 AF_INET6,
1304 SOCK_DGRAM,
1305 WILDCARD6_IP,
1306 SERV6_PORT,
1307 SERV6_REWRITE_IP,
1308 SERV6_PORT,
1309 SRC6_IP,
1310 SUCCESS,
1311 },
1312 {
1313 SOCK_ADDR_TEST_SENDMSG,
1314 "sendmsg6: sendmsg deny (dgram)",
1315 sendmsg_v6_deny_prog_load,
1316 sendmsg_v6_deny_prog_destroy,
1317 BPF_CGROUP_UDP6_SENDMSG,
1318 &user_ops,
1319 AF_INET6,
1320 SOCK_DGRAM,
1321 SERV6_IP,
1322 SERV6_PORT,
1323 SERV6_REWRITE_IP,
1324 SERV6_REWRITE_PORT,
1325 SRC6_REWRITE_IP,
1326 SYSCALL_EPERM,
1327 },
1328 {
1329 SOCK_ADDR_TEST_SENDMSG,
1330 "sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)",
1331 sendmsg_v6_v4mapped_prog_load,
1332 sendmsg_v6_v4mapped_prog_destroy,
1333 BPF_CGROUP_UDP6_SENDMSG,
1334 &user_ops,
1335 AF_INET6,
1336 SOCK_DGRAM,
1337 SERV6_IP,
1338 SERV6_PORT,
1339 SERV6_REWRITE_IP,
1340 SERV6_REWRITE_PORT,
1341 SRC6_REWRITE_IP,
1342 SYSCALL_ENOTSUPP,
1343 },
1344 {
1345 SOCK_ADDR_TEST_SENDMSG,
1346 "sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)",
1347 sendmsg_v6_wildcard_prog_load,
1348 sendmsg_v6_wildcard_prog_destroy,
1349 BPF_CGROUP_UDP6_SENDMSG,
1350 &user_ops,
1351 AF_INET6,
1352 SOCK_DGRAM,
1353 SERV6_IP,
1354 SERV6_PORT,
1355 SERV6_REWRITE_IP,
1356 SERV6_REWRITE_PORT,
1357 SRC6_REWRITE_IP,
1358 SUCCESS,
1359 },
1360 {
1361 SOCK_ADDR_TEST_SENDMSG,
1362 "sendmsg6: load prog with wrong expected attach type",
1363 sendmsg_v6_prog_load,
1364 sendmsg_v6_prog_destroy,
1365 BPF_CGROUP_UDP4_SENDMSG,
1366 &user_ops,
1367 AF_INET6,
1368 SOCK_DGRAM,
1369 NULL,
1370 0,
1371 NULL,
1372 0,
1373 NULL,
1374 LOAD_REJECT,
1375 },
1376 {
1377 SOCK_ADDR_TEST_SENDMSG,
1378 "sendmsg6: attach prog with wrong attach type",
1379 sendmsg_v6_prog_load_raw,
1380 sendmsg_v6_prog_destroy_raw,
1381 BPF_CGROUP_UDP4_SENDMSG,
1382 &user_ops,
1383 AF_INET6,
1384 SOCK_DGRAM,
1385 NULL,
1386 0,
1387 NULL,
1388 0,
1389 NULL,
1390 ATTACH_REJECT,
1391 },
1392 {
1393 SOCK_ADDR_TEST_SENDMSG,
1394 "sendmsg_unix: sendmsg (dgram)",
1395 sendmsg_unix_prog_load,
1396 sendmsg_unix_prog_destroy,
1397 BPF_CGROUP_UNIX_SENDMSG,
1398 &user_ops,
1399 AF_UNIX,
1400 SOCK_DGRAM,
1401 SERVUN_ADDRESS,
1402 0,
1403 SERVUN_REWRITE_ADDRESS,
1404 0,
1405 NULL,
1406 SUCCESS,
1407 },
1408 {
1409 SOCK_ADDR_TEST_SENDMSG,
1410 "sendmsg_unix: sendmsg deny (dgram)",
1411 sendmsg_unix_deny_prog_load,
1412 sendmsg_unix_deny_prog_destroy,
1413 BPF_CGROUP_UNIX_SENDMSG,
1414 &user_ops,
1415 AF_UNIX,
1416 SOCK_DGRAM,
1417 SERVUN_ADDRESS,
1418 0,
1419 SERVUN_REWRITE_ADDRESS,
1420 0,
1421 NULL,
1422 SYSCALL_EPERM,
1423 },
1424 {
1425 SOCK_ADDR_TEST_SENDMSG,
1426 "sendmsg_unix: attach prog with wrong attach type",
1427 sendmsg_unix_prog_load_raw,
1428 sendmsg_unix_prog_destroy_raw,
1429 BPF_CGROUP_UDP4_SENDMSG,
1430 &user_ops,
1431 AF_UNIX,
1432 SOCK_DGRAM,
1433 SERVUN_ADDRESS,
1434 0,
1435 SERVUN_REWRITE_ADDRESS,
1436 0,
1437 NULL,
1438 ATTACH_REJECT,
1439 },
1440
1441 /* sendmsg - kernel calls (sock_sendmsg) */
1442 {
1443 SOCK_ADDR_TEST_SENDMSG,
1444 "sendmsg4: sock_sendmsg (dgram)",
1445 sendmsg_v4_prog_load,
1446 sendmsg_v4_prog_destroy,
1447 BPF_CGROUP_UDP4_SENDMSG,
1448 &kern_ops_sock_sendmsg,
1449 AF_INET,
1450 SOCK_DGRAM,
1451 SERV4_IP,
1452 SERV4_PORT,
1453 SERV4_REWRITE_IP,
1454 SERV4_REWRITE_PORT,
1455 SRC4_REWRITE_IP,
1456 SUCCESS,
1457 },
1458 {
1459 SOCK_ADDR_TEST_SENDMSG,
1460 "sendmsg4: sock_sendmsg deny (dgram)",
1461 sendmsg_v4_deny_prog_load,
1462 sendmsg_v4_deny_prog_destroy,
1463 BPF_CGROUP_UDP4_SENDMSG,
1464 &kern_ops_sock_sendmsg,
1465 AF_INET,
1466 SOCK_DGRAM,
1467 SERV4_IP,
1468 SERV4_PORT,
1469 SERV4_REWRITE_IP,
1470 SERV4_REWRITE_PORT,
1471 SRC4_REWRITE_IP,
1472 SYSCALL_EPERM,
1473 },
1474 {
1475 SOCK_ADDR_TEST_SENDMSG,
1476 "sendmsg6: sock_sendmsg (dgram)",
1477 sendmsg_v6_prog_load,
1478 sendmsg_v6_prog_destroy,
1479 BPF_CGROUP_UDP6_SENDMSG,
1480 &kern_ops_sock_sendmsg,
1481 AF_INET6,
1482 SOCK_DGRAM,
1483 SERV6_IP,
1484 SERV6_PORT,
1485 SERV6_REWRITE_IP,
1486 SERV6_REWRITE_PORT,
1487 SRC6_REWRITE_IP,
1488 SUCCESS,
1489 },
1490 {
1491 SOCK_ADDR_TEST_SENDMSG,
1492 "sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)",
1493 sendmsg_v6_preserve_dst_prog_load,
1494 sendmsg_v6_preserve_dst_prog_destroy,
1495 BPF_CGROUP_UDP6_SENDMSG,
1496 &kern_ops_sock_sendmsg,
1497 AF_INET6,
1498 SOCK_DGRAM,
1499 WILDCARD6_IP,
1500 SERV6_PORT,
1501 SERV6_REWRITE_IP,
1502 SERV6_PORT,
1503 SRC6_IP,
1504 SUCCESS,
1505 },
1506 {
1507 SOCK_ADDR_TEST_SENDMSG,
1508 "sendmsg6: sock_sendmsg deny (dgram)",
1509 sendmsg_v6_deny_prog_load,
1510 sendmsg_v6_deny_prog_destroy,
1511 BPF_CGROUP_UDP6_SENDMSG,
1512 &kern_ops_sock_sendmsg,
1513 AF_INET6,
1514 SOCK_DGRAM,
1515 SERV6_IP,
1516 SERV6_PORT,
1517 SERV6_REWRITE_IP,
1518 SERV6_REWRITE_PORT,
1519 SRC6_REWRITE_IP,
1520 SYSCALL_EPERM,
1521 },
1522 {
1523 SOCK_ADDR_TEST_SENDMSG,
1524 "sendmsg_unix: sock_sendmsg (dgram)",
1525 sendmsg_unix_prog_load,
1526 sendmsg_unix_prog_destroy,
1527 BPF_CGROUP_UNIX_SENDMSG,
1528 &kern_ops_sock_sendmsg,
1529 AF_UNIX,
1530 SOCK_DGRAM,
1531 SERVUN_ADDRESS,
1532 0,
1533 SERVUN_REWRITE_ADDRESS,
1534 0,
1535 NULL,
1536 SUCCESS,
1537 },
1538 {
1539 SOCK_ADDR_TEST_SENDMSG,
1540 "sendmsg_unix: sock_sendmsg deny (dgram)",
1541 sendmsg_unix_deny_prog_load,
1542 sendmsg_unix_deny_prog_destroy,
1543 BPF_CGROUP_UNIX_SENDMSG,
1544 &kern_ops_sock_sendmsg,
1545 AF_UNIX,
1546 SOCK_DGRAM,
1547 SERVUN_ADDRESS,
1548 0,
1549 SERVUN_REWRITE_ADDRESS,
1550 0,
1551 NULL,
1552 SYSCALL_EPERM,
1553 },
1554
1555 /* sendmsg - kernel calls (kernel_sendmsg) */
1556 {
1557 SOCK_ADDR_TEST_SENDMSG,
1558 "sendmsg4: kernel_sendmsg (dgram)",
1559 sendmsg_v4_prog_load,
1560 sendmsg_v4_prog_destroy,
1561 BPF_CGROUP_UDP4_SENDMSG,
1562 &kern_ops_kernel_sendmsg,
1563 AF_INET,
1564 SOCK_DGRAM,
1565 SERV4_IP,
1566 SERV4_PORT,
1567 SERV4_REWRITE_IP,
1568 SERV4_REWRITE_PORT,
1569 SRC4_REWRITE_IP,
1570 SUCCESS,
1571 },
1572 {
1573 SOCK_ADDR_TEST_SENDMSG,
1574 "sendmsg4: kernel_sendmsg deny (dgram)",
1575 sendmsg_v4_deny_prog_load,
1576 sendmsg_v4_deny_prog_destroy,
1577 BPF_CGROUP_UDP4_SENDMSG,
1578 &kern_ops_kernel_sendmsg,
1579 AF_INET,
1580 SOCK_DGRAM,
1581 SERV4_IP,
1582 SERV4_PORT,
1583 SERV4_REWRITE_IP,
1584 SERV4_REWRITE_PORT,
1585 SRC4_REWRITE_IP,
1586 SYSCALL_EPERM,
1587 },
1588 {
1589 SOCK_ADDR_TEST_SENDMSG,
1590 "sendmsg6: kernel_sendmsg (dgram)",
1591 sendmsg_v6_prog_load,
1592 sendmsg_v6_prog_destroy,
1593 BPF_CGROUP_UDP6_SENDMSG,
1594 &kern_ops_kernel_sendmsg,
1595 AF_INET6,
1596 SOCK_DGRAM,
1597 SERV6_IP,
1598 SERV6_PORT,
1599 SERV6_REWRITE_IP,
1600 SERV6_REWRITE_PORT,
1601 SRC6_REWRITE_IP,
1602 SUCCESS,
1603 },
1604 {
1605 SOCK_ADDR_TEST_SENDMSG,
1606 "sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)",
1607 sendmsg_v6_preserve_dst_prog_load,
1608 sendmsg_v6_preserve_dst_prog_destroy,
1609 BPF_CGROUP_UDP6_SENDMSG,
1610 &kern_ops_kernel_sendmsg,
1611 AF_INET6,
1612 SOCK_DGRAM,
1613 WILDCARD6_IP,
1614 SERV6_PORT,
1615 SERV6_REWRITE_IP,
1616 SERV6_PORT,
1617 SRC6_IP,
1618 SUCCESS,
1619 },
1620 {
1621 SOCK_ADDR_TEST_SENDMSG,
1622 "sendmsg6: kernel_sendmsg deny (dgram)",
1623 sendmsg_v6_deny_prog_load,
1624 sendmsg_v6_deny_prog_destroy,
1625 BPF_CGROUP_UDP6_SENDMSG,
1626 &kern_ops_kernel_sendmsg,
1627 AF_INET6,
1628 SOCK_DGRAM,
1629 SERV6_IP,
1630 SERV6_PORT,
1631 SERV6_REWRITE_IP,
1632 SERV6_REWRITE_PORT,
1633 SRC6_REWRITE_IP,
1634 SYSCALL_EPERM,
1635 },
1636 {
1637 SOCK_ADDR_TEST_SENDMSG,
1638 "sendmsg_unix: sock_sendmsg (dgram)",
1639 sendmsg_unix_prog_load,
1640 sendmsg_unix_prog_destroy,
1641 BPF_CGROUP_UNIX_SENDMSG,
1642 &kern_ops_kernel_sendmsg,
1643 AF_UNIX,
1644 SOCK_DGRAM,
1645 SERVUN_ADDRESS,
1646 0,
1647 SERVUN_REWRITE_ADDRESS,
1648 0,
1649 NULL,
1650 SUCCESS,
1651 },
1652 {
1653 SOCK_ADDR_TEST_SENDMSG,
1654 "sendmsg_unix: kernel_sendmsg deny (dgram)",
1655 sendmsg_unix_deny_prog_load,
1656 sendmsg_unix_deny_prog_destroy,
1657 BPF_CGROUP_UNIX_SENDMSG,
1658 &kern_ops_kernel_sendmsg,
1659 AF_UNIX,
1660 SOCK_DGRAM,
1661 SERVUN_ADDRESS,
1662 0,
1663 SERVUN_REWRITE_ADDRESS,
1664 0,
1665 NULL,
1666 SYSCALL_EPERM,
1667 },
1668
1669 /* recvmsg - system calls */
1670 {
1671 SOCK_ADDR_TEST_RECVMSG,
1672 "recvmsg4: recvfrom (dgram)",
1673 recvmsg4_prog_load,
1674 recvmsg4_prog_destroy,
1675 BPF_CGROUP_UDP4_RECVMSG,
1676 &user_ops,
1677 AF_INET,
1678 SOCK_DGRAM,
1679 SERV4_REWRITE_IP,
1680 SERV4_REWRITE_PORT,
1681 SERV4_REWRITE_IP,
1682 SERV4_REWRITE_PORT,
1683 SERV4_IP,
1684 SUCCESS,
1685 },
1686 {
1687 SOCK_ADDR_TEST_RECVMSG,
1688 "recvmsg4: attach prog with wrong attach type",
1689 recvmsg4_prog_load_raw,
1690 recvmsg4_prog_destroy_raw,
1691 BPF_CGROUP_UDP6_RECVMSG,
1692 &user_ops,
1693 AF_INET,
1694 SOCK_DGRAM,
1695 SERV4_REWRITE_IP,
1696 SERV4_REWRITE_PORT,
1697 SERV4_REWRITE_IP,
1698 SERV4_REWRITE_PORT,
1699 SERV4_IP,
1700 ATTACH_REJECT,
1701 },
1702 {
1703 SOCK_ADDR_TEST_RECVMSG,
1704 "recvmsg6: recvfrom (dgram)",
1705 recvmsg6_prog_load,
1706 recvmsg6_prog_destroy,
1707 BPF_CGROUP_UDP6_RECVMSG,
1708 &user_ops,
1709 AF_INET6,
1710 SOCK_DGRAM,
1711 SERV6_REWRITE_IP,
1712 SERV6_REWRITE_PORT,
1713 SERV6_REWRITE_IP,
1714 SERV6_REWRITE_PORT,
1715 SERV6_IP,
1716 SUCCESS,
1717 },
1718 {
1719 SOCK_ADDR_TEST_RECVMSG,
1720 "recvmsg6: attach prog with wrong attach type",
1721 recvmsg6_prog_load_raw,
1722 recvmsg6_prog_destroy_raw,
1723 BPF_CGROUP_UDP4_RECVMSG,
1724 &user_ops,
1725 AF_INET6,
1726 SOCK_DGRAM,
1727 SERV6_REWRITE_IP,
1728 SERV6_REWRITE_PORT,
1729 SERV6_REWRITE_IP,
1730 SERV6_REWRITE_PORT,
1731 SERV6_IP,
1732 ATTACH_REJECT,
1733 },
1734 {
1735 SOCK_ADDR_TEST_RECVMSG,
1736 "recvmsg_unix: recvfrom (dgram)",
1737 recvmsg_unix_prog_load,
1738 recvmsg_unix_prog_destroy,
1739 BPF_CGROUP_UNIX_RECVMSG,
1740 &user_ops,
1741 AF_UNIX,
1742 SOCK_DGRAM,
1743 SERVUN_REWRITE_ADDRESS,
1744 0,
1745 SERVUN_REWRITE_ADDRESS,
1746 0,
1747 SERVUN_ADDRESS,
1748 SUCCESS,
1749 },
1750 {
1751 SOCK_ADDR_TEST_RECVMSG,
1752 "recvmsg_unix: recvfrom (stream)",
1753 recvmsg_unix_prog_load,
1754 recvmsg_unix_prog_destroy,
1755 BPF_CGROUP_UNIX_RECVMSG,
1756 &user_ops,
1757 AF_UNIX,
1758 SOCK_STREAM,
1759 SERVUN_REWRITE_ADDRESS,
1760 0,
1761 SERVUN_REWRITE_ADDRESS,
1762 0,
1763 SERVUN_ADDRESS,
1764 SUCCESS,
1765 },
1766 {
1767 SOCK_ADDR_TEST_RECVMSG,
1768 "recvmsg_unix: attach prog with wrong attach type",
1769 recvmsg_unix_prog_load_raw,
1770 recvmsg_unix_prog_destroy_raw,
1771 BPF_CGROUP_UDP4_RECVMSG,
1772 &user_ops,
1773 AF_INET6,
1774 SOCK_STREAM,
1775 SERVUN_REWRITE_ADDRESS,
1776 0,
1777 SERVUN_REWRITE_ADDRESS,
1778 0,
1779 SERVUN_ADDRESS,
1780 ATTACH_REJECT,
1781 },
1782
1783 /* getsockname - system calls */
1784 {
1785 SOCK_ADDR_TEST_GETSOCKNAME,
1786 "getsockname4: getsockname (stream)",
1787 getsockname_v4_prog_load,
1788 getsockname_v4_prog_destroy,
1789 BPF_CGROUP_INET4_GETSOCKNAME,
1790 &user_ops,
1791 AF_INET,
1792 SOCK_STREAM,
1793 SERV4_REWRITE_IP,
1794 SERV4_REWRITE_PORT,
1795 SERV4_IP,
1796 SERV4_PORT,
1797 NULL,
1798 SUCCESS,
1799 },
1800 {
1801 SOCK_ADDR_TEST_GETSOCKNAME,
1802 "getsockname4: getsockname (dgram)",
1803 getsockname_v4_prog_load,
1804 getsockname_v4_prog_destroy,
1805 BPF_CGROUP_INET4_GETSOCKNAME,
1806 &user_ops,
1807 AF_INET,
1808 SOCK_DGRAM,
1809 SERV4_REWRITE_IP,
1810 SERV4_REWRITE_PORT,
1811 SERV4_IP,
1812 SERV4_PORT,
1813 NULL,
1814 SUCCESS,
1815 },
1816 {
1817 SOCK_ADDR_TEST_GETSOCKNAME,
1818 "getsockname4: attach prog with wrong attach type",
1819 getsockname_v4_prog_load_raw,
1820 getsockname_v4_prog_destroy_raw,
1821 BPF_CGROUP_INET6_GETSOCKNAME,
1822 &user_ops,
1823 AF_INET,
1824 SOCK_DGRAM,
1825 SERV4_REWRITE_IP,
1826 SERV4_REWRITE_PORT,
1827 SERV4_IP,
1828 SERV4_PORT,
1829 NULL,
1830 ATTACH_REJECT,
1831 },
1832 {
1833 SOCK_ADDR_TEST_GETSOCKNAME,
1834 "getsockname6: getsockname (stream)",
1835 getsockname_v6_prog_load,
1836 getsockname_v6_prog_destroy,
1837 BPF_CGROUP_INET6_GETSOCKNAME,
1838 &user_ops,
1839 AF_INET6,
1840 SOCK_STREAM,
1841 SERV6_REWRITE_IP,
1842 SERV6_REWRITE_PORT,
1843 SERV6_IP,
1844 SERV6_PORT,
1845 NULL,
1846 SUCCESS,
1847 },
1848 {
1849 SOCK_ADDR_TEST_GETSOCKNAME,
1850 "getsockname6: getsockname (dgram)",
1851 getsockname_v6_prog_load,
1852 getsockname_v6_prog_destroy,
1853 BPF_CGROUP_INET6_GETSOCKNAME,
1854 &user_ops,
1855 AF_INET6,
1856 SOCK_DGRAM,
1857 SERV6_REWRITE_IP,
1858 SERV6_REWRITE_PORT,
1859 SERV6_IP,
1860 SERV6_PORT,
1861 NULL,
1862 SUCCESS,
1863 },
1864 {
1865 SOCK_ADDR_TEST_GETSOCKNAME,
1866 "getsockname6: attach prog with wrong attach type",
1867 getsockname_v6_prog_load_raw,
1868 getsockname_v6_prog_destroy_raw,
1869 BPF_CGROUP_INET4_GETSOCKNAME,
1870 &user_ops,
1871 AF_INET6,
1872 SOCK_DGRAM,
1873 SERV6_REWRITE_IP,
1874 SERV6_REWRITE_PORT,
1875 SERV6_IP,
1876 SERV6_PORT,
1877 NULL,
1878 ATTACH_REJECT,
1879 },
1880 {
1881 SOCK_ADDR_TEST_GETSOCKNAME,
1882 "getsockname_unix: getsockname",
1883 getsockname_unix_prog_load,
1884 getsockname_unix_prog_destroy,
1885 BPF_CGROUP_UNIX_GETSOCKNAME,
1886 &user_ops,
1887 AF_UNIX,
1888 SOCK_STREAM,
1889 SERVUN_ADDRESS,
1890 0,
1891 SERVUN_REWRITE_ADDRESS,
1892 0,
1893 NULL,
1894 SUCCESS,
1895 },
1896 {
1897 SOCK_ADDR_TEST_GETSOCKNAME,
1898 "getsockname_unix: attach prog with wrong attach type",
1899 getsockname_unix_prog_load_raw,
1900 getsockname_unix_prog_destroy_raw,
1901 BPF_CGROUP_INET4_GETSOCKNAME,
1902 &user_ops,
1903 AF_UNIX,
1904 SOCK_STREAM,
1905 SERVUN_ADDRESS,
1906 0,
1907 SERVUN_REWRITE_ADDRESS,
1908 0,
1909 NULL,
1910 ATTACH_REJECT,
1911 },
1912
1913 /* getsockname - kernel calls */
1914 {
1915 SOCK_ADDR_TEST_GETSOCKNAME,
1916 "getsockname4: kernel_getsockname (stream)",
1917 getsockname_v4_prog_load,
1918 getsockname_v4_prog_destroy,
1919 BPF_CGROUP_INET4_GETSOCKNAME,
1920 &kern_ops_kernel_sendmsg,
1921 AF_INET,
1922 SOCK_STREAM,
1923 SERV4_REWRITE_IP,
1924 SERV4_REWRITE_PORT,
1925 SERV4_IP,
1926 SERV4_PORT,
1927 NULL,
1928 SUCCESS,
1929 },
1930 {
1931 SOCK_ADDR_TEST_GETSOCKNAME,
1932 "getsockname4: kernel_getsockname (dgram)",
1933 getsockname_v4_prog_load,
1934 getsockname_v4_prog_destroy,
1935 BPF_CGROUP_INET4_GETSOCKNAME,
1936 &kern_ops_kernel_sendmsg,
1937 AF_INET,
1938 SOCK_DGRAM,
1939 SERV4_REWRITE_IP,
1940 SERV4_REWRITE_PORT,
1941 SERV4_IP,
1942 SERV4_PORT,
1943 NULL,
1944 SUCCESS,
1945 },
1946 {
1947 SOCK_ADDR_TEST_GETSOCKNAME,
1948 "getsockname6: kernel_getsockname (stream)",
1949 getsockname_v6_prog_load,
1950 getsockname_v6_prog_destroy,
1951 BPF_CGROUP_INET6_GETSOCKNAME,
1952 &kern_ops_kernel_sendmsg,
1953 AF_INET6,
1954 SOCK_STREAM,
1955 SERV6_REWRITE_IP,
1956 SERV6_REWRITE_PORT,
1957 SERV6_IP,
1958 SERV6_PORT,
1959 NULL,
1960 SUCCESS,
1961 },
1962 {
1963 SOCK_ADDR_TEST_GETSOCKNAME,
1964 "getsockname6: kernel_getsockname (dgram)",
1965 getsockname_v6_prog_load,
1966 getsockname_v6_prog_destroy,
1967 BPF_CGROUP_INET6_GETSOCKNAME,
1968 &kern_ops_kernel_sendmsg,
1969 AF_INET6,
1970 SOCK_DGRAM,
1971 SERV6_REWRITE_IP,
1972 SERV6_REWRITE_PORT,
1973 SERV6_IP,
1974 SERV6_PORT,
1975 NULL,
1976 SUCCESS,
1977 },
1978 {
1979 SOCK_ADDR_TEST_GETSOCKNAME,
1980 "getsockname_unix: kernel_getsockname",
1981 getsockname_unix_prog_load,
1982 getsockname_unix_prog_destroy,
1983 BPF_CGROUP_UNIX_GETSOCKNAME,
1984 &kern_ops_kernel_sendmsg,
1985 AF_UNIX,
1986 SOCK_STREAM,
1987 SERVUN_ADDRESS,
1988 0,
1989 SERVUN_REWRITE_ADDRESS,
1990 0,
1991 NULL,
1992 SUCCESS,
1993 },
1994
1995 /* getpeername - system calls */
1996 {
1997 SOCK_ADDR_TEST_GETPEERNAME,
1998 "getpeername4: getpeername (stream)",
1999 getpeername_v4_prog_load,
2000 getpeername_v4_prog_destroy,
2001 BPF_CGROUP_INET4_GETPEERNAME,
2002 &user_ops,
2003 AF_INET,
2004 SOCK_STREAM,
2005 SERV4_REWRITE_IP,
2006 SERV4_REWRITE_PORT,
2007 SERV4_IP,
2008 SERV4_PORT,
2009 NULL,
2010 SUCCESS,
2011 },
2012 {
2013 SOCK_ADDR_TEST_GETPEERNAME,
2014 "getpeername4: getpeername (dgram)",
2015 getpeername_v4_prog_load,
2016 getpeername_v4_prog_destroy,
2017 BPF_CGROUP_INET4_GETPEERNAME,
2018 &user_ops,
2019 AF_INET,
2020 SOCK_DGRAM,
2021 SERV4_REWRITE_IP,
2022 SERV4_REWRITE_PORT,
2023 SERV4_IP,
2024 SERV4_PORT,
2025 NULL,
2026 SUCCESS,
2027 },
2028 {
2029 SOCK_ADDR_TEST_GETPEERNAME,
2030 "getpeername4: attach prog with wrong attach type",
2031 getpeername_v4_prog_load_raw,
2032 getpeername_v4_prog_destroy_raw,
2033 BPF_CGROUP_INET6_GETSOCKNAME,
2034 &user_ops,
2035 AF_UNIX,
2036 SOCK_DGRAM,
2037 SERV4_REWRITE_IP,
2038 SERV4_REWRITE_PORT,
2039 SERV4_IP,
2040 SERV4_PORT,
2041 NULL,
2042 ATTACH_REJECT,
2043 },
2044 {
2045 SOCK_ADDR_TEST_GETPEERNAME,
2046 "getpeername6: getpeername (stream)",
2047 getpeername_v6_prog_load,
2048 getpeername_v6_prog_destroy,
2049 BPF_CGROUP_INET6_GETPEERNAME,
2050 &user_ops,
2051 AF_INET6,
2052 SOCK_STREAM,
2053 SERV6_REWRITE_IP,
2054 SERV6_REWRITE_PORT,
2055 SERV6_IP,
2056 SERV6_PORT,
2057 NULL,
2058 SUCCESS,
2059 },
2060 {
2061 SOCK_ADDR_TEST_GETPEERNAME,
2062 "getpeername6: getpeername (dgram)",
2063 getpeername_v6_prog_load,
2064 getpeername_v6_prog_destroy,
2065 BPF_CGROUP_INET6_GETPEERNAME,
2066 &user_ops,
2067 AF_INET6,
2068 SOCK_DGRAM,
2069 SERV6_REWRITE_IP,
2070 SERV6_REWRITE_PORT,
2071 SERV6_IP,
2072 SERV6_PORT,
2073 NULL,
2074 SUCCESS,
2075 },
2076 {
2077 SOCK_ADDR_TEST_GETPEERNAME,
2078 "getpeername6: attach prog with wrong attach type",
2079 getpeername_v6_prog_load_raw,
2080 getpeername_v6_prog_destroy_raw,
2081 BPF_CGROUP_INET4_GETSOCKNAME,
2082 &user_ops,
2083 AF_INET6,
2084 SOCK_DGRAM,
2085 SERV6_REWRITE_IP,
2086 SERV6_REWRITE_PORT,
2087 SERV6_IP,
2088 SERV6_PORT,
2089 NULL,
2090 ATTACH_REJECT,
2091 },
2092 {
2093 SOCK_ADDR_TEST_GETPEERNAME,
2094 "getpeername_unix: getpeername",
2095 getpeername_unix_prog_load,
2096 getpeername_unix_prog_destroy,
2097 BPF_CGROUP_UNIX_GETPEERNAME,
2098 &user_ops,
2099 AF_UNIX,
2100 SOCK_STREAM,
2101 SERVUN_ADDRESS,
2102 0,
2103 SERVUN_REWRITE_ADDRESS,
2104 0,
2105 NULL,
2106 SUCCESS,
2107 },
2108 {
2109 SOCK_ADDR_TEST_GETPEERNAME,
2110 "getpeername_unix: attach prog with wrong attach type",
2111 getpeername_unix_prog_load_raw,
2112 getpeername_unix_prog_destroy_raw,
2113 BPF_CGROUP_INET4_GETSOCKNAME,
2114 &user_ops,
2115 AF_UNIX,
2116 SOCK_STREAM,
2117 SERVUN_ADDRESS,
2118 0,
2119 SERVUN_REWRITE_ADDRESS,
2120 0,
2121 NULL,
2122 ATTACH_REJECT,
2123 },
2124
2125 /* getpeername - kernel calls */
2126 {
2127 SOCK_ADDR_TEST_GETPEERNAME,
2128 "getpeername4: kernel_getpeername (stream)",
2129 getpeername_v4_prog_load,
2130 getpeername_v4_prog_destroy,
2131 BPF_CGROUP_INET4_GETPEERNAME,
2132 &kern_ops_kernel_sendmsg,
2133 AF_INET,
2134 SOCK_STREAM,
2135 SERV4_REWRITE_IP,
2136 SERV4_REWRITE_PORT,
2137 SERV4_IP,
2138 SERV4_PORT,
2139 NULL,
2140 SUCCESS,
2141 },
2142 {
2143 SOCK_ADDR_TEST_GETPEERNAME,
2144 "getpeername4: kernel_getpeername (dgram)",
2145 getpeername_v4_prog_load,
2146 getpeername_v4_prog_destroy,
2147 BPF_CGROUP_INET4_GETPEERNAME,
2148 &kern_ops_kernel_sendmsg,
2149 AF_INET,
2150 SOCK_DGRAM,
2151 SERV4_REWRITE_IP,
2152 SERV4_REWRITE_PORT,
2153 SERV4_IP,
2154 SERV4_PORT,
2155 NULL,
2156 SUCCESS,
2157 },
2158 {
2159 SOCK_ADDR_TEST_GETPEERNAME,
2160 "getpeername6: kernel_getpeername (stream)",
2161 getpeername_v6_prog_load,
2162 getpeername_v6_prog_destroy,
2163 BPF_CGROUP_INET6_GETPEERNAME,
2164 &kern_ops_kernel_sendmsg,
2165 AF_INET6,
2166 SOCK_STREAM,
2167 SERV6_REWRITE_IP,
2168 SERV6_REWRITE_PORT,
2169 SERV6_IP,
2170 SERV6_PORT,
2171 NULL,
2172 SUCCESS,
2173 },
2174 {
2175 SOCK_ADDR_TEST_GETPEERNAME,
2176 "getpeername6: kernel_getpeername (dgram)",
2177 getpeername_v6_prog_load,
2178 getpeername_v6_prog_destroy,
2179 BPF_CGROUP_INET6_GETPEERNAME,
2180 &kern_ops_kernel_sendmsg,
2181 AF_INET6,
2182 SOCK_DGRAM,
2183 SERV6_REWRITE_IP,
2184 SERV6_REWRITE_PORT,
2185 SERV6_IP,
2186 SERV6_PORT,
2187 NULL,
2188 SUCCESS,
2189 },
2190 {
2191 SOCK_ADDR_TEST_GETPEERNAME,
2192 "getpeername_unix: kernel_getpeername",
2193 getpeername_unix_prog_load,
2194 getpeername_unix_prog_destroy,
2195 BPF_CGROUP_UNIX_GETPEERNAME,
2196 &kern_ops_kernel_sendmsg,
2197 AF_UNIX,
2198 SOCK_STREAM,
2199 SERVUN_ADDRESS,
2200 0,
2201 SERVUN_REWRITE_ADDRESS,
2202 0,
2203 NULL,
2204 SUCCESS,
2205 },
2206};
2207
2208typedef int (*info_fn)(int, struct sockaddr *, socklen_t *);
2209
2210static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
2211 const struct sockaddr_storage *addr2, socklen_t addr2_len,
2212 bool cmp_port)
2213{
2214 const struct sockaddr_in *four1, *four2;
2215 const struct sockaddr_in6 *six1, *six2;
2216 const struct sockaddr_un *un1, *un2;
2217
2218 if (addr1->ss_family != addr2->ss_family)
2219 return -1;
2220
2221 if (addr1_len != addr2_len)
2222 return -1;
2223
2224 if (addr1->ss_family == AF_INET) {
2225 four1 = (const struct sockaddr_in *)addr1;
2226 four2 = (const struct sockaddr_in *)addr2;
2227 return !((four1->sin_port == four2->sin_port || !cmp_port) &&
2228 four1->sin_addr.s_addr == four2->sin_addr.s_addr);
2229 } else if (addr1->ss_family == AF_INET6) {
2230 six1 = (const struct sockaddr_in6 *)addr1;
2231 six2 = (const struct sockaddr_in6 *)addr2;
2232 return !((six1->sin6_port == six2->sin6_port || !cmp_port) &&
2233 !memcmp(&six1->sin6_addr, &six2->sin6_addr,
2234 sizeof(struct in6_addr)));
2235 } else if (addr1->ss_family == AF_UNIX) {
2236 un1 = (const struct sockaddr_un *)addr1;
2237 un2 = (const struct sockaddr_un *)addr2;
2238 return memcmp(un1, un2, addr1_len);
2239 }
2240
2241 return -1;
2242}
2243
2244static int cmp_sock_addr(info_fn fn, int sock1,
2245 const struct sockaddr_storage *addr2,
2246 socklen_t addr2_len, bool cmp_port)
2247{
2248 struct sockaddr_storage addr1;
2249 socklen_t len1 = sizeof(addr1);
2250
2251 memset(&addr1, 0, len1);
2252 if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0)
2253 return -1;
2254
2255 return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port);
2256}
2257
2258static int load_sock_addr_kern(void)
2259{
2260 int err;
2261
2262 skel = sock_addr_kern__open_and_load();
2263 if (!ASSERT_OK_PTR(skel, "skel"))
2264 goto err;
2265
2266 err = 0;
2267 goto out;
2268err:
2269 err = -1;
2270out:
2271 return err;
2272}
2273
2274static void unload_sock_addr_kern(void)
2275{
2276 sock_addr_kern__destroy(skel);
2277}
2278
2279static int test_bind(struct sock_addr_test *test)
2280{
2281 struct sockaddr_storage expected_addr;
2282 socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
2283 int serv = -1, client = -1, err;
2284
2285 serv = test->ops->start_server(test->socket_family, test->socket_type,
2286 test->requested_addr,
2287 test->requested_port, 0);
2288 if (serv < 0) {
2289 err = errno;
2290 goto err;
2291 }
2292
2293 err = make_sockaddr(test->socket_family,
2294 test->expected_addr, test->expected_port,
2295 &expected_addr, &expected_addr_len);
2296 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2297 goto cleanup;
2298
2299 err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr,
2300 expected_addr_len, true);
2301 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2302 goto cleanup;
2303
2304 /* Try to connect to server just in case */
2305 client = connect_to_addr(test->socket_type, &expected_addr, expected_addr_len, NULL);
2306 if (!ASSERT_GE(client, 0, "connect_to_addr"))
2307 goto cleanup;
2308
2309cleanup:
2310 err = 0;
2311err:
2312 if (client != -1)
2313 close(client);
2314 if (serv != -1)
2315 test->ops->close(serv);
2316
2317 return err;
2318}
2319
2320static int test_connect(struct sock_addr_test *test)
2321{
2322 struct sockaddr_storage addr, expected_addr, expected_src_addr;
2323 socklen_t addr_len = sizeof(struct sockaddr_storage),
2324 expected_addr_len = sizeof(struct sockaddr_storage),
2325 expected_src_addr_len = sizeof(struct sockaddr_storage);
2326 int serv = -1, client = -1, err;
2327
2328 serv = start_server(test->socket_family, test->socket_type,
2329 test->expected_addr, test->expected_port, 0);
2330 if (!ASSERT_GE(serv, 0, "start_server"))
2331 goto cleanup;
2332
2333 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2334 &addr, &addr_len);
2335 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2336 goto cleanup;
2337
2338 client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
2339 NULL);
2340 if (client < 0) {
2341 err = errno;
2342 goto err;
2343 }
2344
2345 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
2346 &expected_addr, &expected_addr_len);
2347 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2348 goto cleanup;
2349
2350 if (test->expected_src_addr) {
2351 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
2352 &expected_src_addr, &expected_src_addr_len);
2353 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2354 goto cleanup;
2355 }
2356
2357 err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
2358 expected_addr_len, true);
2359 if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
2360 goto cleanup;
2361
2362 if (test->expected_src_addr) {
2363 err = cmp_sock_addr(test->ops->getsockname, client,
2364 &expected_src_addr, expected_src_addr_len,
2365 false);
2366 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2367 goto cleanup;
2368 }
2369cleanup:
2370 err = 0;
2371err:
2372 if (client != -1)
2373 test->ops->close(client);
2374 if (serv != -1)
2375 close(serv);
2376
2377 return err;
2378}
2379
2380static int test_xmsg(struct sock_addr_test *test)
2381{
2382 struct sockaddr_storage addr, src_addr;
2383 socklen_t addr_len = sizeof(struct sockaddr_storage),
2384 src_addr_len = sizeof(struct sockaddr_storage);
2385 char data = 'a';
2386 int serv = -1, client = -1, err;
2387
2388 /* Unlike the other tests, here we test that we can rewrite the src addr
2389 * with a recvmsg() hook.
2390 */
2391
2392 serv = start_server(test->socket_family, test->socket_type,
2393 test->expected_addr, test->expected_port, 0);
2394 if (!ASSERT_GE(serv, 0, "start_server"))
2395 goto cleanup;
2396
2397 client = test->ops->socket(test->socket_family, test->socket_type, 0);
2398 if (!ASSERT_GE(client, 0, "socket"))
2399 goto cleanup;
2400
2401 /* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */
2402 if (test->socket_family == AF_UNIX) {
2403 err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len);
2404 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2405 goto cleanup;
2406
2407 err = test->ops->bind(client, (struct sockaddr *)&src_addr,
2408 src_addr_len);
2409 if (!ASSERT_OK(err, "bind"))
2410 goto cleanup;
2411 }
2412
2413 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2414 &addr, &addr_len);
2415 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2416 goto cleanup;
2417
2418 if (test->socket_type == SOCK_DGRAM) {
2419 err = test->ops->sendmsg(client, (struct sockaddr *)&addr,
2420 addr_len, &data, sizeof(data));
2421 if (err < 0) {
2422 err = errno;
2423 goto err;
2424 }
2425
2426 if (!ASSERT_EQ(err, sizeof(data), "sendmsg"))
2427 goto cleanup;
2428 } else {
2429 /* Testing with connection-oriented sockets is only valid for
2430 * recvmsg() tests.
2431 */
2432 if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg"))
2433 goto cleanup;
2434
2435 err = connect(client, (const struct sockaddr *)&addr, addr_len);
2436 if (!ASSERT_OK(err, "connect"))
2437 goto cleanup;
2438
2439 err = send(client, &data, sizeof(data), 0);
2440 if (!ASSERT_EQ(err, sizeof(data), "send"))
2441 goto cleanup;
2442
2443 err = listen(serv, 0);
2444 if (!ASSERT_OK(err, "listen"))
2445 goto cleanup;
2446
2447 err = accept(serv, NULL, NULL);
2448 if (!ASSERT_GE(err, 0, "accept"))
2449 goto cleanup;
2450
2451 close(serv);
2452 serv = err;
2453 }
2454
2455 addr_len = src_addr_len = sizeof(struct sockaddr_storage);
2456
2457 err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len);
2458 if (!ASSERT_EQ(err, sizeof(data), "recvfrom"))
2459 goto cleanup;
2460
2461 ASSERT_EQ(data, 'a', "data mismatch");
2462
2463 if (test->expected_src_addr) {
2464 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
2465 &addr, &addr_len);
2466 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2467 goto cleanup;
2468
2469 err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false);
2470 if (!ASSERT_EQ(err, 0, "cmp_addr"))
2471 goto cleanup;
2472 }
2473
2474cleanup:
2475 err = 0;
2476err:
2477 if (client != -1)
2478 test->ops->close(client);
2479 if (serv != -1)
2480 close(serv);
2481
2482 return err;
2483}
2484
2485static int test_getsockname(struct sock_addr_test *test)
2486{
2487 struct sockaddr_storage expected_addr;
2488 socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
2489 int serv = -1, err;
2490
2491 serv = test->ops->start_server(test->socket_family, test->socket_type,
2492 test->requested_addr, test->requested_port, 0);
2493 if (!ASSERT_GE(serv, 0, "start_server"))
2494 goto cleanup;
2495
2496 err = make_sockaddr(test->socket_family,
2497 test->expected_addr, test->expected_port,
2498 &expected_addr, &expected_addr_len);
2499 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2500 goto cleanup;
2501
2502 err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true);
2503 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2504 goto cleanup;
2505
2506cleanup:
2507 if (serv != -1)
2508 test->ops->close(serv);
2509
2510 return 0;
2511}
2512
2513static int test_getpeername(struct sock_addr_test *test)
2514{
2515 struct sockaddr_storage addr, expected_addr;
2516 socklen_t addr_len = sizeof(struct sockaddr_storage),
2517 expected_addr_len = sizeof(struct sockaddr_storage);
2518 int serv = -1, client = -1, err;
2519
2520 serv = start_server(test->socket_family, test->socket_type,
2521 test->requested_addr, test->requested_port, 0);
2522 if (!ASSERT_GE(serv, 0, "start_server"))
2523 goto cleanup;
2524
2525 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2526 &addr, &addr_len);
2527 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2528 goto cleanup;
2529
2530 client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
2531 NULL);
2532 if (!ASSERT_GE(client, 0, "connect_to_addr"))
2533 goto cleanup;
2534
2535 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
2536 &expected_addr, &expected_addr_len);
2537 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2538 goto cleanup;
2539
2540 err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
2541 expected_addr_len, true);
2542 if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
2543 goto cleanup;
2544
2545cleanup:
2546 if (client != -1)
2547 test->ops->close(client);
2548 if (serv != -1)
2549 close(serv);
2550
2551 return 0;
2552}
2553
2554static int setup_test_env(struct nstoken **tok)
2555{
2556 int err;
2557
2558 SYS_NOFAIL("ip netns delete %s", TEST_NS);
2559 SYS(fail, "ip netns add %s", TEST_NS);
2560 *tok = open_netns(TEST_NS);
2561 if (!ASSERT_OK_PTR(*tok, "netns token"))
2562 goto fail;
2563
2564 SYS(fail, "ip link add dev %s1 type veth peer name %s2", TEST_IF_PREFIX,
2565 TEST_IF_PREFIX);
2566 SYS(fail, "ip link set lo up");
2567 SYS(fail, "ip link set %s1 up", TEST_IF_PREFIX);
2568 SYS(fail, "ip link set %s2 up", TEST_IF_PREFIX);
2569 SYS(fail, "ip -4 addr add %s/8 dev %s1", TEST_IPV4, TEST_IF_PREFIX);
2570 SYS(fail, "ip -6 addr add %s/128 nodad dev %s1", TEST_IPV6, TEST_IF_PREFIX);
2571
2572 err = 0;
2573 goto out;
2574fail:
2575 err = -1;
2576 close_netns(*tok);
2577 *tok = NULL;
2578 SYS_NOFAIL("ip netns delete %s", TEST_NS);
2579out:
2580 return err;
2581}
2582
2583static void cleanup_test_env(struct nstoken *tok)
2584{
2585 close_netns(tok);
2586 SYS_NOFAIL("ip netns delete %s", TEST_NS);
2587}
2588
2589void test_sock_addr(void)
2590{
2591 struct nstoken *tok = NULL;
2592 int cgroup_fd = -1;
2593 void *skel;
2594
2595 cgroup_fd = test__join_cgroup("/sock_addr");
2596 if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup"))
2597 goto cleanup;
2598
2599 if (!ASSERT_OK(setup_test_env(&tok), "setup_test_env"))
2600 goto cleanup;
2601
2602 if (!ASSERT_OK(load_sock_addr_kern(), "load_sock_addr_kern"))
2603 goto cleanup;
2604
2605 for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) {
2606 struct sock_addr_test *test = &tests[i];
2607 int err;
2608
2609 if (!test__start_subtest(test->name))
2610 continue;
2611
2612 skel = test->loadfn(cgroup_fd, test->attach_type,
2613 test->expected_result == LOAD_REJECT ||
2614 test->expected_result == ATTACH_REJECT);
2615 if (!skel)
2616 continue;
2617
2618 switch (test->type) {
2619 /* Not exercised yet but we leave this code here for when the
2620 * INET and INET6 sockaddr tests are migrated to this file in
2621 * the future.
2622 */
2623 case SOCK_ADDR_TEST_BIND:
2624 err = test_bind(test);
2625 break;
2626 case SOCK_ADDR_TEST_CONNECT:
2627 err = test_connect(test);
2628 break;
2629 case SOCK_ADDR_TEST_SENDMSG:
2630 case SOCK_ADDR_TEST_RECVMSG:
2631 err = test_xmsg(test);
2632 break;
2633 case SOCK_ADDR_TEST_GETSOCKNAME:
2634 err = test_getsockname(test);
2635 break;
2636 case SOCK_ADDR_TEST_GETPEERNAME:
2637 err = test_getpeername(test);
2638 break;
2639 default:
2640 ASSERT_TRUE(false, "Unknown sock addr test type");
2641 err = -EINVAL;
2642 break;
2643 }
2644
2645 if (test->expected_result == SYSCALL_EPERM)
2646 ASSERT_EQ(err, EPERM, "socket operation returns EPERM");
2647 else if (test->expected_result == SYSCALL_ENOTSUPP)
2648 ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP");
2649 else if (test->expected_result == SUCCESS)
2650 ASSERT_OK(err, "socket operation succeeds");
2651
2652 test->destroyfn(skel);
2653 }
2654
2655cleanup:
2656 unload_sock_addr_kern();
2657 cleanup_test_env(tok);
2658 if (cgroup_fd >= 0)
2659 close(cgroup_fd);
2660}
1// SPDX-License-Identifier: GPL-2.0
2#include <sys/un.h>
3
4#include "test_progs.h"
5
6#include "connect_unix_prog.skel.h"
7#include "sendmsg_unix_prog.skel.h"
8#include "recvmsg_unix_prog.skel.h"
9#include "getsockname_unix_prog.skel.h"
10#include "getpeername_unix_prog.skel.h"
11#include "network_helpers.h"
12
13#define SERVUN_ADDRESS "bpf_cgroup_unix_test"
14#define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite"
15#define SRCUN_ADDRESS "bpf_cgroup_unix_test_src"
16
17enum sock_addr_test_type {
18 SOCK_ADDR_TEST_BIND,
19 SOCK_ADDR_TEST_CONNECT,
20 SOCK_ADDR_TEST_SENDMSG,
21 SOCK_ADDR_TEST_RECVMSG,
22 SOCK_ADDR_TEST_GETSOCKNAME,
23 SOCK_ADDR_TEST_GETPEERNAME,
24};
25
26typedef void *(*load_fn)(int cgroup_fd);
27typedef void (*destroy_fn)(void *skel);
28
29struct sock_addr_test {
30 enum sock_addr_test_type type;
31 const char *name;
32 /* BPF prog properties */
33 load_fn loadfn;
34 destroy_fn destroyfn;
35 /* Socket properties */
36 int socket_family;
37 int socket_type;
38 /* IP:port pairs for BPF prog to override */
39 const char *requested_addr;
40 unsigned short requested_port;
41 const char *expected_addr;
42 unsigned short expected_port;
43 const char *expected_src_addr;
44};
45
46static void *connect_unix_prog_load(int cgroup_fd)
47{
48 struct connect_unix_prog *skel;
49
50 skel = connect_unix_prog__open_and_load();
51 if (!ASSERT_OK_PTR(skel, "skel_open"))
52 goto cleanup;
53
54 skel->links.connect_unix_prog = bpf_program__attach_cgroup(
55 skel->progs.connect_unix_prog, cgroup_fd);
56 if (!ASSERT_OK_PTR(skel->links.connect_unix_prog, "prog_attach"))
57 goto cleanup;
58
59 return skel;
60cleanup:
61 connect_unix_prog__destroy(skel);
62 return NULL;
63}
64
65static void connect_unix_prog_destroy(void *skel)
66{
67 connect_unix_prog__destroy(skel);
68}
69
70static void *sendmsg_unix_prog_load(int cgroup_fd)
71{
72 struct sendmsg_unix_prog *skel;
73
74 skel = sendmsg_unix_prog__open_and_load();
75 if (!ASSERT_OK_PTR(skel, "skel_open"))
76 goto cleanup;
77
78 skel->links.sendmsg_unix_prog = bpf_program__attach_cgroup(
79 skel->progs.sendmsg_unix_prog, cgroup_fd);
80 if (!ASSERT_OK_PTR(skel->links.sendmsg_unix_prog, "prog_attach"))
81 goto cleanup;
82
83 return skel;
84cleanup:
85 sendmsg_unix_prog__destroy(skel);
86 return NULL;
87}
88
89static void sendmsg_unix_prog_destroy(void *skel)
90{
91 sendmsg_unix_prog__destroy(skel);
92}
93
94static void *recvmsg_unix_prog_load(int cgroup_fd)
95{
96 struct recvmsg_unix_prog *skel;
97
98 skel = recvmsg_unix_prog__open_and_load();
99 if (!ASSERT_OK_PTR(skel, "skel_open"))
100 goto cleanup;
101
102 skel->links.recvmsg_unix_prog = bpf_program__attach_cgroup(
103 skel->progs.recvmsg_unix_prog, cgroup_fd);
104 if (!ASSERT_OK_PTR(skel->links.recvmsg_unix_prog, "prog_attach"))
105 goto cleanup;
106
107 return skel;
108cleanup:
109 recvmsg_unix_prog__destroy(skel);
110 return NULL;
111}
112
113static void recvmsg_unix_prog_destroy(void *skel)
114{
115 recvmsg_unix_prog__destroy(skel);
116}
117
118static void *getsockname_unix_prog_load(int cgroup_fd)
119{
120 struct getsockname_unix_prog *skel;
121
122 skel = getsockname_unix_prog__open_and_load();
123 if (!ASSERT_OK_PTR(skel, "skel_open"))
124 goto cleanup;
125
126 skel->links.getsockname_unix_prog = bpf_program__attach_cgroup(
127 skel->progs.getsockname_unix_prog, cgroup_fd);
128 if (!ASSERT_OK_PTR(skel->links.getsockname_unix_prog, "prog_attach"))
129 goto cleanup;
130
131 return skel;
132cleanup:
133 getsockname_unix_prog__destroy(skel);
134 return NULL;
135}
136
137static void getsockname_unix_prog_destroy(void *skel)
138{
139 getsockname_unix_prog__destroy(skel);
140}
141
142static void *getpeername_unix_prog_load(int cgroup_fd)
143{
144 struct getpeername_unix_prog *skel;
145
146 skel = getpeername_unix_prog__open_and_load();
147 if (!ASSERT_OK_PTR(skel, "skel_open"))
148 goto cleanup;
149
150 skel->links.getpeername_unix_prog = bpf_program__attach_cgroup(
151 skel->progs.getpeername_unix_prog, cgroup_fd);
152 if (!ASSERT_OK_PTR(skel->links.getpeername_unix_prog, "prog_attach"))
153 goto cleanup;
154
155 return skel;
156cleanup:
157 getpeername_unix_prog__destroy(skel);
158 return NULL;
159}
160
161static void getpeername_unix_prog_destroy(void *skel)
162{
163 getpeername_unix_prog__destroy(skel);
164}
165
166static struct sock_addr_test tests[] = {
167 {
168 SOCK_ADDR_TEST_CONNECT,
169 "connect_unix",
170 connect_unix_prog_load,
171 connect_unix_prog_destroy,
172 AF_UNIX,
173 SOCK_STREAM,
174 SERVUN_ADDRESS,
175 0,
176 SERVUN_REWRITE_ADDRESS,
177 0,
178 NULL,
179 },
180 {
181 SOCK_ADDR_TEST_SENDMSG,
182 "sendmsg_unix",
183 sendmsg_unix_prog_load,
184 sendmsg_unix_prog_destroy,
185 AF_UNIX,
186 SOCK_DGRAM,
187 SERVUN_ADDRESS,
188 0,
189 SERVUN_REWRITE_ADDRESS,
190 0,
191 NULL,
192 },
193 {
194 SOCK_ADDR_TEST_RECVMSG,
195 "recvmsg_unix-dgram",
196 recvmsg_unix_prog_load,
197 recvmsg_unix_prog_destroy,
198 AF_UNIX,
199 SOCK_DGRAM,
200 SERVUN_REWRITE_ADDRESS,
201 0,
202 SERVUN_REWRITE_ADDRESS,
203 0,
204 SERVUN_ADDRESS,
205 },
206 {
207 SOCK_ADDR_TEST_RECVMSG,
208 "recvmsg_unix-stream",
209 recvmsg_unix_prog_load,
210 recvmsg_unix_prog_destroy,
211 AF_UNIX,
212 SOCK_STREAM,
213 SERVUN_REWRITE_ADDRESS,
214 0,
215 SERVUN_REWRITE_ADDRESS,
216 0,
217 SERVUN_ADDRESS,
218 },
219 {
220 SOCK_ADDR_TEST_GETSOCKNAME,
221 "getsockname_unix",
222 getsockname_unix_prog_load,
223 getsockname_unix_prog_destroy,
224 AF_UNIX,
225 SOCK_STREAM,
226 SERVUN_ADDRESS,
227 0,
228 SERVUN_REWRITE_ADDRESS,
229 0,
230 NULL,
231 },
232 {
233 SOCK_ADDR_TEST_GETPEERNAME,
234 "getpeername_unix",
235 getpeername_unix_prog_load,
236 getpeername_unix_prog_destroy,
237 AF_UNIX,
238 SOCK_STREAM,
239 SERVUN_ADDRESS,
240 0,
241 SERVUN_REWRITE_ADDRESS,
242 0,
243 NULL,
244 },
245};
246
247typedef int (*info_fn)(int, struct sockaddr *, socklen_t *);
248
249static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
250 const struct sockaddr_storage *addr2, socklen_t addr2_len,
251 bool cmp_port)
252{
253 const struct sockaddr_in *four1, *four2;
254 const struct sockaddr_in6 *six1, *six2;
255 const struct sockaddr_un *un1, *un2;
256
257 if (addr1->ss_family != addr2->ss_family)
258 return -1;
259
260 if (addr1_len != addr2_len)
261 return -1;
262
263 if (addr1->ss_family == AF_INET) {
264 four1 = (const struct sockaddr_in *)addr1;
265 four2 = (const struct sockaddr_in *)addr2;
266 return !((four1->sin_port == four2->sin_port || !cmp_port) &&
267 four1->sin_addr.s_addr == four2->sin_addr.s_addr);
268 } else if (addr1->ss_family == AF_INET6) {
269 six1 = (const struct sockaddr_in6 *)addr1;
270 six2 = (const struct sockaddr_in6 *)addr2;
271 return !((six1->sin6_port == six2->sin6_port || !cmp_port) &&
272 !memcmp(&six1->sin6_addr, &six2->sin6_addr,
273 sizeof(struct in6_addr)));
274 } else if (addr1->ss_family == AF_UNIX) {
275 un1 = (const struct sockaddr_un *)addr1;
276 un2 = (const struct sockaddr_un *)addr2;
277 return memcmp(un1, un2, addr1_len);
278 }
279
280 return -1;
281}
282
283static int cmp_sock_addr(info_fn fn, int sock1,
284 const struct sockaddr_storage *addr2,
285 socklen_t addr2_len, bool cmp_port)
286{
287 struct sockaddr_storage addr1;
288 socklen_t len1 = sizeof(addr1);
289
290 memset(&addr1, 0, len1);
291 if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0)
292 return -1;
293
294 return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port);
295}
296
297static int cmp_local_addr(int sock1, const struct sockaddr_storage *addr2,
298 socklen_t addr2_len, bool cmp_port)
299{
300 return cmp_sock_addr(getsockname, sock1, addr2, addr2_len, cmp_port);
301}
302
303static int cmp_peer_addr(int sock1, const struct sockaddr_storage *addr2,
304 socklen_t addr2_len, bool cmp_port)
305{
306 return cmp_sock_addr(getpeername, sock1, addr2, addr2_len, cmp_port);
307}
308
309static void test_bind(struct sock_addr_test *test)
310{
311 struct sockaddr_storage expected_addr;
312 socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
313 int serv = -1, client = -1, err;
314
315 serv = start_server(test->socket_family, test->socket_type,
316 test->requested_addr, test->requested_port, 0);
317 if (!ASSERT_GE(serv, 0, "start_server"))
318 goto cleanup;
319
320 err = make_sockaddr(test->socket_family,
321 test->expected_addr, test->expected_port,
322 &expected_addr, &expected_addr_len);
323 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
324 goto cleanup;
325
326 err = cmp_local_addr(serv, &expected_addr, expected_addr_len, true);
327 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
328 goto cleanup;
329
330 /* Try to connect to server just in case */
331 client = connect_to_addr(&expected_addr, expected_addr_len, test->socket_type);
332 if (!ASSERT_GE(client, 0, "connect_to_addr"))
333 goto cleanup;
334
335cleanup:
336 if (client != -1)
337 close(client);
338 if (serv != -1)
339 close(serv);
340}
341
342static void test_connect(struct sock_addr_test *test)
343{
344 struct sockaddr_storage addr, expected_addr, expected_src_addr;
345 socklen_t addr_len = sizeof(struct sockaddr_storage),
346 expected_addr_len = sizeof(struct sockaddr_storage),
347 expected_src_addr_len = sizeof(struct sockaddr_storage);
348 int serv = -1, client = -1, err;
349
350 serv = start_server(test->socket_family, test->socket_type,
351 test->expected_addr, test->expected_port, 0);
352 if (!ASSERT_GE(serv, 0, "start_server"))
353 goto cleanup;
354
355 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
356 &addr, &addr_len);
357 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
358 goto cleanup;
359
360 client = connect_to_addr(&addr, addr_len, test->socket_type);
361 if (!ASSERT_GE(client, 0, "connect_to_addr"))
362 goto cleanup;
363
364 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
365 &expected_addr, &expected_addr_len);
366 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
367 goto cleanup;
368
369 if (test->expected_src_addr) {
370 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
371 &expected_src_addr, &expected_src_addr_len);
372 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
373 goto cleanup;
374 }
375
376 err = cmp_peer_addr(client, &expected_addr, expected_addr_len, true);
377 if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
378 goto cleanup;
379
380 if (test->expected_src_addr) {
381 err = cmp_local_addr(client, &expected_src_addr, expected_src_addr_len, false);
382 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
383 goto cleanup;
384 }
385cleanup:
386 if (client != -1)
387 close(client);
388 if (serv != -1)
389 close(serv);
390}
391
392static void test_xmsg(struct sock_addr_test *test)
393{
394 struct sockaddr_storage addr, src_addr;
395 socklen_t addr_len = sizeof(struct sockaddr_storage),
396 src_addr_len = sizeof(struct sockaddr_storage);
397 struct msghdr hdr;
398 struct iovec iov;
399 char data = 'a';
400 int serv = -1, client = -1, err;
401
402 /* Unlike the other tests, here we test that we can rewrite the src addr
403 * with a recvmsg() hook.
404 */
405
406 serv = start_server(test->socket_family, test->socket_type,
407 test->expected_addr, test->expected_port, 0);
408 if (!ASSERT_GE(serv, 0, "start_server"))
409 goto cleanup;
410
411 client = socket(test->socket_family, test->socket_type, 0);
412 if (!ASSERT_GE(client, 0, "socket"))
413 goto cleanup;
414
415 /* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */
416 if (test->socket_family == AF_UNIX) {
417 err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len);
418 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
419 goto cleanup;
420
421 err = bind(client, (const struct sockaddr *) &src_addr, src_addr_len);
422 if (!ASSERT_OK(err, "bind"))
423 goto cleanup;
424 }
425
426 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
427 &addr, &addr_len);
428 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
429 goto cleanup;
430
431 if (test->socket_type == SOCK_DGRAM) {
432 memset(&iov, 0, sizeof(iov));
433 iov.iov_base = &data;
434 iov.iov_len = sizeof(data);
435
436 memset(&hdr, 0, sizeof(hdr));
437 hdr.msg_name = (void *)&addr;
438 hdr.msg_namelen = addr_len;
439 hdr.msg_iov = &iov;
440 hdr.msg_iovlen = 1;
441
442 err = sendmsg(client, &hdr, 0);
443 if (!ASSERT_EQ(err, sizeof(data), "sendmsg"))
444 goto cleanup;
445 } else {
446 /* Testing with connection-oriented sockets is only valid for
447 * recvmsg() tests.
448 */
449 if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg"))
450 goto cleanup;
451
452 err = connect(client, (const struct sockaddr *)&addr, addr_len);
453 if (!ASSERT_OK(err, "connect"))
454 goto cleanup;
455
456 err = send(client, &data, sizeof(data), 0);
457 if (!ASSERT_EQ(err, sizeof(data), "send"))
458 goto cleanup;
459
460 err = listen(serv, 0);
461 if (!ASSERT_OK(err, "listen"))
462 goto cleanup;
463
464 err = accept(serv, NULL, NULL);
465 if (!ASSERT_GE(err, 0, "accept"))
466 goto cleanup;
467
468 close(serv);
469 serv = err;
470 }
471
472 addr_len = src_addr_len = sizeof(struct sockaddr_storage);
473
474 err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len);
475 if (!ASSERT_EQ(err, sizeof(data), "recvfrom"))
476 goto cleanup;
477
478 ASSERT_EQ(data, 'a', "data mismatch");
479
480 if (test->expected_src_addr) {
481 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
482 &addr, &addr_len);
483 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
484 goto cleanup;
485
486 err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false);
487 if (!ASSERT_EQ(err, 0, "cmp_addr"))
488 goto cleanup;
489 }
490
491cleanup:
492 if (client != -1)
493 close(client);
494 if (serv != -1)
495 close(serv);
496}
497
498static void test_getsockname(struct sock_addr_test *test)
499{
500 struct sockaddr_storage expected_addr;
501 socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
502 int serv = -1, err;
503
504 serv = start_server(test->socket_family, test->socket_type,
505 test->requested_addr, test->requested_port, 0);
506 if (!ASSERT_GE(serv, 0, "start_server"))
507 goto cleanup;
508
509 err = make_sockaddr(test->socket_family,
510 test->expected_addr, test->expected_port,
511 &expected_addr, &expected_addr_len);
512 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
513 goto cleanup;
514
515 err = cmp_local_addr(serv, &expected_addr, expected_addr_len, true);
516 if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
517 goto cleanup;
518
519cleanup:
520 if (serv != -1)
521 close(serv);
522}
523
524static void test_getpeername(struct sock_addr_test *test)
525{
526 struct sockaddr_storage addr, expected_addr;
527 socklen_t addr_len = sizeof(struct sockaddr_storage),
528 expected_addr_len = sizeof(struct sockaddr_storage);
529 int serv = -1, client = -1, err;
530
531 serv = start_server(test->socket_family, test->socket_type,
532 test->requested_addr, test->requested_port, 0);
533 if (!ASSERT_GE(serv, 0, "start_server"))
534 goto cleanup;
535
536 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
537 &addr, &addr_len);
538 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
539 goto cleanup;
540
541 client = connect_to_addr(&addr, addr_len, test->socket_type);
542 if (!ASSERT_GE(client, 0, "connect_to_addr"))
543 goto cleanup;
544
545 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
546 &expected_addr, &expected_addr_len);
547 if (!ASSERT_EQ(err, 0, "make_sockaddr"))
548 goto cleanup;
549
550 err = cmp_peer_addr(client, &expected_addr, expected_addr_len, true);
551 if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
552 goto cleanup;
553
554cleanup:
555 if (client != -1)
556 close(client);
557 if (serv != -1)
558 close(serv);
559}
560
561void test_sock_addr(void)
562{
563 int cgroup_fd = -1;
564 void *skel;
565
566 cgroup_fd = test__join_cgroup("/sock_addr");
567 if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup"))
568 goto cleanup;
569
570 for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) {
571 struct sock_addr_test *test = &tests[i];
572
573 if (!test__start_subtest(test->name))
574 continue;
575
576 skel = test->loadfn(cgroup_fd);
577 if (!skel)
578 continue;
579
580 switch (test->type) {
581 /* Not exercised yet but we leave this code here for when the
582 * INET and INET6 sockaddr tests are migrated to this file in
583 * the future.
584 */
585 case SOCK_ADDR_TEST_BIND:
586 test_bind(test);
587 break;
588 case SOCK_ADDR_TEST_CONNECT:
589 test_connect(test);
590 break;
591 case SOCK_ADDR_TEST_SENDMSG:
592 case SOCK_ADDR_TEST_RECVMSG:
593 test_xmsg(test);
594 break;
595 case SOCK_ADDR_TEST_GETSOCKNAME:
596 test_getsockname(test);
597 break;
598 case SOCK_ADDR_TEST_GETPEERNAME:
599 test_getpeername(test);
600 break;
601 default:
602 ASSERT_TRUE(false, "Unknown sock addr test type");
603 break;
604 }
605
606 test->destroyfn(skel);
607 }
608
609cleanup:
610 if (cgroup_fd >= 0)
611 close(cgroup_fd);
612}