Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Isovalent */
3#include <uapi/linux/if_link.h>
4#include <net/if.h>
5#include <test_progs.h>
6
7#define netkit_peer "nk0"
8#define netkit_name "nk1"
9
10#define ping_addr_neigh 0x0a000002 /* 10.0.0.2 */
11#define ping_addr_noneigh 0x0a000003 /* 10.0.0.3 */
12
13#include "test_tc_link.skel.h"
14#include "netlink_helpers.h"
15#include "tc_helpers.h"
16
17#define MARK 42
18#define PRIO 0xeb9f
19#define ICMP_ECHO 8
20
21struct icmphdr {
22 __u8 type;
23 __u8 code;
24 __sum16 checksum;
25 struct {
26 __be16 id;
27 __be16 sequence;
28 } echo;
29};
30
31struct iplink_req {
32 struct nlmsghdr n;
33 struct ifinfomsg i;
34 char buf[1024];
35};
36
37static int create_netkit(int mode, int policy, int peer_policy, int *ifindex,
38 bool same_netns, int scrub, int peer_scrub)
39{
40 struct rtnl_handle rth = { .fd = -1 };
41 struct iplink_req req = {};
42 struct rtattr *linkinfo, *data;
43 const char *type = "netkit";
44 int err;
45
46 err = rtnl_open(&rth, 0);
47 if (!ASSERT_OK(err, "open_rtnetlink"))
48 return err;
49
50 memset(&req, 0, sizeof(req));
51 req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
52 req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
53 req.n.nlmsg_type = RTM_NEWLINK;
54 req.i.ifi_family = AF_UNSPEC;
55
56 addattr_l(&req.n, sizeof(req), IFLA_IFNAME, netkit_name,
57 strlen(netkit_name));
58 linkinfo = addattr_nest(&req.n, sizeof(req), IFLA_LINKINFO);
59 addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, type, strlen(type));
60 data = addattr_nest(&req.n, sizeof(req), IFLA_INFO_DATA);
61 addattr32(&req.n, sizeof(req), IFLA_NETKIT_POLICY, policy);
62 addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_POLICY, peer_policy);
63 addattr32(&req.n, sizeof(req), IFLA_NETKIT_SCRUB, scrub);
64 addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_SCRUB, peer_scrub);
65 addattr32(&req.n, sizeof(req), IFLA_NETKIT_MODE, mode);
66 addattr_nest_end(&req.n, data);
67 addattr_nest_end(&req.n, linkinfo);
68
69 err = rtnl_talk(&rth, &req.n, NULL);
70 ASSERT_OK(err, "talk_rtnetlink");
71 rtnl_close(&rth);
72 *ifindex = if_nametoindex(netkit_name);
73
74 ASSERT_GT(*ifindex, 0, "retrieve_ifindex");
75 ASSERT_OK(system("ip netns add foo"), "create netns");
76 ASSERT_OK(system("ip link set dev " netkit_name " up"),
77 "up primary");
78 ASSERT_OK(system("ip addr add dev " netkit_name " 10.0.0.1/24"),
79 "addr primary");
80
81 if (mode == NETKIT_L3) {
82 ASSERT_EQ(system("ip link set dev " netkit_name
83 " addr ee:ff:bb:cc:aa:dd 2> /dev/null"), 512,
84 "set hwaddress");
85 } else {
86 ASSERT_OK(system("ip link set dev " netkit_name
87 " addr ee:ff:bb:cc:aa:dd"),
88 "set hwaddress");
89 }
90 if (same_netns) {
91 ASSERT_OK(system("ip link set dev " netkit_peer " up"),
92 "up peer");
93 ASSERT_OK(system("ip addr add dev " netkit_peer " 10.0.0.2/24"),
94 "addr peer");
95 } else {
96 ASSERT_OK(system("ip link set " netkit_peer " netns foo"),
97 "move peer");
98 ASSERT_OK(system("ip netns exec foo ip link set dev "
99 netkit_peer " up"), "up peer");
100 ASSERT_OK(system("ip netns exec foo ip addr add dev "
101 netkit_peer " 10.0.0.2/24"), "addr peer");
102 }
103 return err;
104}
105
106static void move_netkit(void)
107{
108 ASSERT_OK(system("ip link set " netkit_peer " netns foo"),
109 "move peer");
110 ASSERT_OK(system("ip netns exec foo ip link set dev "
111 netkit_peer " up"), "up peer");
112 ASSERT_OK(system("ip netns exec foo ip addr add dev "
113 netkit_peer " 10.0.0.2/24"), "addr peer");
114}
115
116static void destroy_netkit(void)
117{
118 ASSERT_OK(system("ip link del dev " netkit_name), "del primary");
119 ASSERT_OK(system("ip netns del foo"), "delete netns");
120 ASSERT_EQ(if_nametoindex(netkit_name), 0, netkit_name "_ifindex");
121}
122
123static int __send_icmp(__u32 dest)
124{
125 int sock, ret, mark = MARK, prio = PRIO;
126 struct sockaddr_in addr;
127 struct icmphdr icmp;
128
129 ret = write_sysctl("/proc/sys/net/ipv4/ping_group_range", "0 0");
130 if (!ASSERT_OK(ret, "write_sysctl(net.ipv4.ping_group_range)"))
131 return ret;
132
133 sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
134 if (!ASSERT_GE(sock, 0, "icmp_socket"))
135 return -errno;
136
137 ret = setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
138 netkit_name, strlen(netkit_name) + 1);
139 if (!ASSERT_OK(ret, "setsockopt(SO_BINDTODEVICE)"))
140 goto out;
141
142 ret = setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));
143 if (!ASSERT_OK(ret, "setsockopt(SO_MARK)"))
144 goto out;
145
146 ret = setsockopt(sock, SOL_SOCKET, SO_PRIORITY,
147 &prio, sizeof(prio));
148 if (!ASSERT_OK(ret, "setsockopt(SO_PRIORITY)"))
149 goto out;
150
151 memset(&addr, 0, sizeof(addr));
152 addr.sin_family = AF_INET;
153 addr.sin_addr.s_addr = htonl(dest);
154
155 memset(&icmp, 0, sizeof(icmp));
156 icmp.type = ICMP_ECHO;
157 icmp.echo.id = 1234;
158 icmp.echo.sequence = 1;
159
160 ret = sendto(sock, &icmp, sizeof(icmp), 0,
161 (struct sockaddr *)&addr, sizeof(addr));
162 if (!ASSERT_GE(ret, 0, "icmp_sendto"))
163 ret = -errno;
164 else
165 ret = 0;
166out:
167 close(sock);
168 return ret;
169}
170
171static int send_icmp(void)
172{
173 return __send_icmp(ping_addr_neigh);
174}
175
176void serial_test_tc_netkit_basic(void)
177{
178 LIBBPF_OPTS(bpf_prog_query_opts, optq);
179 LIBBPF_OPTS(bpf_netkit_opts, optl);
180 __u32 prog_ids[2], link_ids[2];
181 __u32 pid1, pid2, lid1, lid2;
182 struct test_tc_link *skel;
183 struct bpf_link *link;
184 int err, ifindex;
185
186 err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS,
187 &ifindex, false, NETKIT_SCRUB_DEFAULT,
188 NETKIT_SCRUB_DEFAULT);
189 if (err)
190 return;
191
192 skel = test_tc_link__open();
193 if (!ASSERT_OK_PTR(skel, "skel_open"))
194 goto cleanup;
195
196 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
197 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
198 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
199 BPF_NETKIT_PEER), 0, "tc2_attach_type");
200
201 err = test_tc_link__load(skel);
202 if (!ASSERT_OK(err, "skel_load"))
203 goto cleanup;
204
205 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
206 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
207
208 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
209
210 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
211 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
212
213 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
214 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
215
216 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
217 if (!ASSERT_OK_PTR(link, "link_attach"))
218 goto cleanup;
219
220 skel->links.tc1 = link;
221
222 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
223
224 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
225 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
226
227 optq.prog_ids = prog_ids;
228 optq.link_ids = link_ids;
229
230 memset(prog_ids, 0, sizeof(prog_ids));
231 memset(link_ids, 0, sizeof(link_ids));
232 optq.count = ARRAY_SIZE(prog_ids);
233
234 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PRIMARY, &optq);
235 if (!ASSERT_OK(err, "prog_query"))
236 goto cleanup;
237
238 ASSERT_EQ(optq.count, 1, "count");
239 ASSERT_EQ(optq.revision, 2, "revision");
240 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
241 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
242 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
243 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
244
245 tc_skel_reset_all_seen(skel);
246 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
247
248 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
249 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
250
251 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex, &optl);
252 if (!ASSERT_OK_PTR(link, "link_attach"))
253 goto cleanup;
254
255 skel->links.tc2 = link;
256
257 lid2 = id_from_link_fd(bpf_link__fd(skel->links.tc2));
258 ASSERT_NEQ(lid1, lid2, "link_ids_1_2");
259
260 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
261 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 1);
262
263 memset(prog_ids, 0, sizeof(prog_ids));
264 memset(link_ids, 0, sizeof(link_ids));
265 optq.count = ARRAY_SIZE(prog_ids);
266
267 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PEER, &optq);
268 if (!ASSERT_OK(err, "prog_query"))
269 goto cleanup;
270
271 ASSERT_EQ(optq.count, 1, "count");
272 ASSERT_EQ(optq.revision, 2, "revision");
273 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
274 ASSERT_EQ(optq.link_ids[0], lid2, "link_ids[0]");
275 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
276 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
277
278 tc_skel_reset_all_seen(skel);
279 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
280
281 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
282 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
283cleanup:
284 test_tc_link__destroy(skel);
285
286 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
287 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
288 destroy_netkit();
289}
290
291static void serial_test_tc_netkit_multi_links_target(int mode, int target)
292{
293 LIBBPF_OPTS(bpf_prog_query_opts, optq);
294 LIBBPF_OPTS(bpf_netkit_opts, optl);
295 __u32 prog_ids[3], link_ids[3];
296 __u32 pid1, pid2, lid1, lid2;
297 struct test_tc_link *skel;
298 struct bpf_link *link;
299 int err, ifindex;
300
301 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
302 &ifindex, false, NETKIT_SCRUB_DEFAULT,
303 NETKIT_SCRUB_DEFAULT);
304 if (err)
305 return;
306
307 skel = test_tc_link__open();
308 if (!ASSERT_OK_PTR(skel, "skel_open"))
309 goto cleanup;
310
311 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
312 target), 0, "tc1_attach_type");
313 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
314 target), 0, "tc2_attach_type");
315
316 err = test_tc_link__load(skel);
317 if (!ASSERT_OK(err, "skel_load"))
318 goto cleanup;
319
320 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
321 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
322
323 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
324
325 assert_mprog_count_ifindex(ifindex, target, 0);
326
327 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
328 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
329 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
330
331 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
332 if (!ASSERT_OK_PTR(link, "link_attach"))
333 goto cleanup;
334
335 skel->links.tc1 = link;
336
337 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
338
339 assert_mprog_count_ifindex(ifindex, target, 1);
340
341 optq.prog_ids = prog_ids;
342 optq.link_ids = link_ids;
343
344 memset(prog_ids, 0, sizeof(prog_ids));
345 memset(link_ids, 0, sizeof(link_ids));
346 optq.count = ARRAY_SIZE(prog_ids);
347
348 err = bpf_prog_query_opts(ifindex, target, &optq);
349 if (!ASSERT_OK(err, "prog_query"))
350 goto cleanup;
351
352 ASSERT_EQ(optq.count, 1, "count");
353 ASSERT_EQ(optq.revision, 2, "revision");
354 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
355 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
356 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
357 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
358
359 tc_skel_reset_all_seen(skel);
360 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
361
362 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
363 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
364 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
365
366 LIBBPF_OPTS_RESET(optl,
367 .flags = BPF_F_BEFORE,
368 .relative_fd = bpf_program__fd(skel->progs.tc1),
369 );
370
371 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex, &optl);
372 if (!ASSERT_OK_PTR(link, "link_attach"))
373 goto cleanup;
374
375 skel->links.tc2 = link;
376
377 lid2 = id_from_link_fd(bpf_link__fd(skel->links.tc2));
378 ASSERT_NEQ(lid1, lid2, "link_ids_1_2");
379
380 assert_mprog_count_ifindex(ifindex, target, 2);
381
382 memset(prog_ids, 0, sizeof(prog_ids));
383 memset(link_ids, 0, sizeof(link_ids));
384 optq.count = ARRAY_SIZE(prog_ids);
385
386 err = bpf_prog_query_opts(ifindex, target, &optq);
387 if (!ASSERT_OK(err, "prog_query"))
388 goto cleanup;
389
390 ASSERT_EQ(optq.count, 2, "count");
391 ASSERT_EQ(optq.revision, 3, "revision");
392 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
393 ASSERT_EQ(optq.link_ids[0], lid2, "link_ids[0]");
394 ASSERT_EQ(optq.prog_ids[1], pid1, "prog_ids[1]");
395 ASSERT_EQ(optq.link_ids[1], lid1, "link_ids[1]");
396 ASSERT_EQ(optq.prog_ids[2], 0, "prog_ids[2]");
397 ASSERT_EQ(optq.link_ids[2], 0, "link_ids[2]");
398
399 tc_skel_reset_all_seen(skel);
400 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
401
402 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
403 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
404 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
405cleanup:
406 test_tc_link__destroy(skel);
407
408 assert_mprog_count_ifindex(ifindex, target, 0);
409 destroy_netkit();
410}
411
412void serial_test_tc_netkit_multi_links(void)
413{
414 serial_test_tc_netkit_multi_links_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
415 serial_test_tc_netkit_multi_links_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
416 serial_test_tc_netkit_multi_links_target(NETKIT_L2, BPF_NETKIT_PEER);
417 serial_test_tc_netkit_multi_links_target(NETKIT_L3, BPF_NETKIT_PEER);
418}
419
420static void serial_test_tc_netkit_multi_opts_target(int mode, int target)
421{
422 LIBBPF_OPTS(bpf_prog_attach_opts, opta);
423 LIBBPF_OPTS(bpf_prog_detach_opts, optd);
424 LIBBPF_OPTS(bpf_prog_query_opts, optq);
425 __u32 pid1, pid2, fd1, fd2;
426 __u32 prog_ids[3];
427 struct test_tc_link *skel;
428 int err, ifindex;
429
430 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
431 &ifindex, false, NETKIT_SCRUB_DEFAULT,
432 NETKIT_SCRUB_DEFAULT);
433 if (err)
434 return;
435
436 skel = test_tc_link__open_and_load();
437 if (!ASSERT_OK_PTR(skel, "skel_load"))
438 goto cleanup;
439
440 fd1 = bpf_program__fd(skel->progs.tc1);
441 fd2 = bpf_program__fd(skel->progs.tc2);
442
443 pid1 = id_from_prog_fd(fd1);
444 pid2 = id_from_prog_fd(fd2);
445
446 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
447
448 assert_mprog_count_ifindex(ifindex, target, 0);
449
450 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
451 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
452 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
453
454 err = bpf_prog_attach_opts(fd1, ifindex, target, &opta);
455 if (!ASSERT_EQ(err, 0, "prog_attach"))
456 goto cleanup;
457
458 assert_mprog_count_ifindex(ifindex, target, 1);
459
460 optq.prog_ids = prog_ids;
461
462 memset(prog_ids, 0, sizeof(prog_ids));
463 optq.count = ARRAY_SIZE(prog_ids);
464
465 err = bpf_prog_query_opts(ifindex, target, &optq);
466 if (!ASSERT_OK(err, "prog_query"))
467 goto cleanup_fd1;
468
469 ASSERT_EQ(optq.count, 1, "count");
470 ASSERT_EQ(optq.revision, 2, "revision");
471 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
472 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
473
474 tc_skel_reset_all_seen(skel);
475 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
476
477 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
478 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
479 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
480
481 LIBBPF_OPTS_RESET(opta,
482 .flags = BPF_F_BEFORE,
483 .relative_fd = fd1,
484 );
485
486 err = bpf_prog_attach_opts(fd2, ifindex, target, &opta);
487 if (!ASSERT_EQ(err, 0, "prog_attach"))
488 goto cleanup_fd1;
489
490 assert_mprog_count_ifindex(ifindex, target, 2);
491
492 memset(prog_ids, 0, sizeof(prog_ids));
493 optq.count = ARRAY_SIZE(prog_ids);
494
495 err = bpf_prog_query_opts(ifindex, target, &optq);
496 if (!ASSERT_OK(err, "prog_query"))
497 goto cleanup_fd2;
498
499 ASSERT_EQ(optq.count, 2, "count");
500 ASSERT_EQ(optq.revision, 3, "revision");
501 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
502 ASSERT_EQ(optq.prog_ids[1], pid1, "prog_ids[1]");
503 ASSERT_EQ(optq.prog_ids[2], 0, "prog_ids[2]");
504
505 tc_skel_reset_all_seen(skel);
506 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
507
508 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
509 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
510 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
511
512cleanup_fd2:
513 err = bpf_prog_detach_opts(fd2, ifindex, target, &optd);
514 ASSERT_OK(err, "prog_detach");
515 assert_mprog_count_ifindex(ifindex, target, 1);
516cleanup_fd1:
517 err = bpf_prog_detach_opts(fd1, ifindex, target, &optd);
518 ASSERT_OK(err, "prog_detach");
519 assert_mprog_count_ifindex(ifindex, target, 0);
520cleanup:
521 test_tc_link__destroy(skel);
522
523 assert_mprog_count_ifindex(ifindex, target, 0);
524 destroy_netkit();
525}
526
527void serial_test_tc_netkit_multi_opts(void)
528{
529 serial_test_tc_netkit_multi_opts_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
530 serial_test_tc_netkit_multi_opts_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
531 serial_test_tc_netkit_multi_opts_target(NETKIT_L2, BPF_NETKIT_PEER);
532 serial_test_tc_netkit_multi_opts_target(NETKIT_L3, BPF_NETKIT_PEER);
533}
534
535void serial_test_tc_netkit_device(void)
536{
537 LIBBPF_OPTS(bpf_prog_query_opts, optq);
538 LIBBPF_OPTS(bpf_netkit_opts, optl);
539 __u32 prog_ids[2], link_ids[2];
540 __u32 pid1, pid2, lid1;
541 struct test_tc_link *skel;
542 struct bpf_link *link;
543 int err, ifindex, ifindex2;
544
545 err = create_netkit(NETKIT_L3, NETKIT_PASS, NETKIT_PASS,
546 &ifindex, true, NETKIT_SCRUB_DEFAULT,
547 NETKIT_SCRUB_DEFAULT);
548 if (err)
549 return;
550
551 ifindex2 = if_nametoindex(netkit_peer);
552 ASSERT_NEQ(ifindex, ifindex2, "ifindex_1_2");
553
554 skel = test_tc_link__open();
555 if (!ASSERT_OK_PTR(skel, "skel_open"))
556 goto cleanup;
557
558 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
559 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
560 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
561 BPF_NETKIT_PEER), 0, "tc2_attach_type");
562 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc3,
563 BPF_NETKIT_PRIMARY), 0, "tc3_attach_type");
564
565 err = test_tc_link__load(skel);
566 if (!ASSERT_OK(err, "skel_load"))
567 goto cleanup;
568
569 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
570 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
571
572 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
573
574 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
575 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
576
577 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
578 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
579
580 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
581 if (!ASSERT_OK_PTR(link, "link_attach"))
582 goto cleanup;
583
584 skel->links.tc1 = link;
585
586 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
587
588 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
589 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
590
591 optq.prog_ids = prog_ids;
592 optq.link_ids = link_ids;
593
594 memset(prog_ids, 0, sizeof(prog_ids));
595 memset(link_ids, 0, sizeof(link_ids));
596 optq.count = ARRAY_SIZE(prog_ids);
597
598 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PRIMARY, &optq);
599 if (!ASSERT_OK(err, "prog_query"))
600 goto cleanup;
601
602 ASSERT_EQ(optq.count, 1, "count");
603 ASSERT_EQ(optq.revision, 2, "revision");
604 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
605 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
606 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
607 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
608
609 tc_skel_reset_all_seen(skel);
610 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
611
612 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
613 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
614
615 memset(prog_ids, 0, sizeof(prog_ids));
616 memset(link_ids, 0, sizeof(link_ids));
617 optq.count = ARRAY_SIZE(prog_ids);
618
619 err = bpf_prog_query_opts(ifindex2, BPF_NETKIT_PRIMARY, &optq);
620 ASSERT_EQ(err, -EACCES, "prog_query_should_fail");
621
622 err = bpf_prog_query_opts(ifindex2, BPF_NETKIT_PEER, &optq);
623 ASSERT_EQ(err, -EACCES, "prog_query_should_fail");
624
625 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex2, &optl);
626 if (!ASSERT_ERR_PTR(link, "link_attach_should_fail")) {
627 bpf_link__destroy(link);
628 goto cleanup;
629 }
630
631 link = bpf_program__attach_netkit(skel->progs.tc3, ifindex2, &optl);
632 if (!ASSERT_ERR_PTR(link, "link_attach_should_fail")) {
633 bpf_link__destroy(link);
634 goto cleanup;
635 }
636
637 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
638 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
639cleanup:
640 test_tc_link__destroy(skel);
641
642 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
643 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
644 destroy_netkit();
645}
646
647static void serial_test_tc_netkit_neigh_links_target(int mode, int target)
648{
649 LIBBPF_OPTS(bpf_prog_query_opts, optq);
650 LIBBPF_OPTS(bpf_netkit_opts, optl);
651 __u32 prog_ids[2], link_ids[2];
652 __u32 pid1, lid1;
653 struct test_tc_link *skel;
654 struct bpf_link *link;
655 int err, ifindex;
656
657 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
658 &ifindex, false, NETKIT_SCRUB_DEFAULT,
659 NETKIT_SCRUB_DEFAULT);
660 if (err)
661 return;
662
663 skel = test_tc_link__open();
664 if (!ASSERT_OK_PTR(skel, "skel_open"))
665 goto cleanup;
666
667 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
668 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
669
670 err = test_tc_link__load(skel);
671 if (!ASSERT_OK(err, "skel_load"))
672 goto cleanup;
673
674 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
675
676 assert_mprog_count_ifindex(ifindex, target, 0);
677
678 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
679 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
680
681 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
682 if (!ASSERT_OK_PTR(link, "link_attach"))
683 goto cleanup;
684
685 skel->links.tc1 = link;
686
687 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
688
689 assert_mprog_count_ifindex(ifindex, target, 1);
690
691 optq.prog_ids = prog_ids;
692 optq.link_ids = link_ids;
693
694 memset(prog_ids, 0, sizeof(prog_ids));
695 memset(link_ids, 0, sizeof(link_ids));
696 optq.count = ARRAY_SIZE(prog_ids);
697
698 err = bpf_prog_query_opts(ifindex, target, &optq);
699 if (!ASSERT_OK(err, "prog_query"))
700 goto cleanup;
701
702 ASSERT_EQ(optq.count, 1, "count");
703 ASSERT_EQ(optq.revision, 2, "revision");
704 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
705 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
706 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
707 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
708
709 tc_skel_reset_all_seen(skel);
710 ASSERT_EQ(__send_icmp(ping_addr_noneigh), 0, "icmp_pkt");
711
712 ASSERT_EQ(skel->bss->seen_tc1, true /* L2: ARP */, "seen_tc1");
713 ASSERT_EQ(skel->bss->seen_eth, mode == NETKIT_L3, "seen_eth");
714cleanup:
715 test_tc_link__destroy(skel);
716
717 assert_mprog_count_ifindex(ifindex, target, 0);
718 destroy_netkit();
719}
720
721void serial_test_tc_netkit_neigh_links(void)
722{
723 serial_test_tc_netkit_neigh_links_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
724 serial_test_tc_netkit_neigh_links_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
725}
726
727static void serial_test_tc_netkit_pkt_type_mode(int mode)
728{
729 LIBBPF_OPTS(bpf_netkit_opts, optl_nk);
730 LIBBPF_OPTS(bpf_tcx_opts, optl_tcx);
731 int err, ifindex, ifindex2;
732 struct test_tc_link *skel;
733 struct bpf_link *link;
734
735 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
736 &ifindex, true, NETKIT_SCRUB_DEFAULT,
737 NETKIT_SCRUB_DEFAULT);
738 if (err)
739 return;
740
741 ifindex2 = if_nametoindex(netkit_peer);
742 ASSERT_NEQ(ifindex, ifindex2, "ifindex_1_2");
743
744 skel = test_tc_link__open();
745 if (!ASSERT_OK_PTR(skel, "skel_open"))
746 goto cleanup;
747
748 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
749 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
750 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc7,
751 BPF_TCX_INGRESS), 0, "tc7_attach_type");
752
753 err = test_tc_link__load(skel);
754 if (!ASSERT_OK(err, "skel_load"))
755 goto cleanup;
756
757 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
758 assert_mprog_count_ifindex(ifindex2, BPF_TCX_INGRESS, 0);
759
760 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl_nk);
761 if (!ASSERT_OK_PTR(link, "link_attach"))
762 goto cleanup;
763
764 skel->links.tc1 = link;
765
766 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
767 assert_mprog_count_ifindex(ifindex2, BPF_TCX_INGRESS, 0);
768
769 link = bpf_program__attach_tcx(skel->progs.tc7, ifindex2, &optl_tcx);
770 if (!ASSERT_OK_PTR(link, "link_attach"))
771 goto cleanup;
772
773 skel->links.tc7 = link;
774
775 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
776 assert_mprog_count_ifindex(ifindex2, BPF_TCX_INGRESS, 1);
777
778 move_netkit();
779
780 tc_skel_reset_all_seen(skel);
781 skel->bss->set_type = true;
782 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
783
784 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
785 ASSERT_EQ(skel->bss->seen_tc7, true, "seen_tc7");
786
787 ASSERT_EQ(skel->bss->seen_host, true, "seen_host");
788 ASSERT_EQ(skel->bss->seen_mcast, true, "seen_mcast");
789cleanup:
790 test_tc_link__destroy(skel);
791
792 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
793 destroy_netkit();
794}
795
796void serial_test_tc_netkit_pkt_type(void)
797{
798 serial_test_tc_netkit_pkt_type_mode(NETKIT_L2);
799 serial_test_tc_netkit_pkt_type_mode(NETKIT_L3);
800}
801
802static void serial_test_tc_netkit_scrub_type(int scrub)
803{
804 LIBBPF_OPTS(bpf_netkit_opts, optl);
805 struct test_tc_link *skel;
806 struct bpf_link *link;
807 int err, ifindex;
808
809 err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS,
810 &ifindex, false, scrub, scrub);
811 if (err)
812 return;
813
814 skel = test_tc_link__open();
815 if (!ASSERT_OK_PTR(skel, "skel_open"))
816 goto cleanup;
817
818 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc8,
819 BPF_NETKIT_PRIMARY), 0, "tc8_attach_type");
820
821 err = test_tc_link__load(skel);
822 if (!ASSERT_OK(err, "skel_load"))
823 goto cleanup;
824
825 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
826 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
827
828 ASSERT_EQ(skel->bss->seen_tc8, false, "seen_tc8");
829
830 link = bpf_program__attach_netkit(skel->progs.tc8, ifindex, &optl);
831 if (!ASSERT_OK_PTR(link, "link_attach"))
832 goto cleanup;
833
834 skel->links.tc8 = link;
835
836 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
837 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
838
839 tc_skel_reset_all_seen(skel);
840 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
841
842 ASSERT_EQ(skel->bss->seen_tc8, true, "seen_tc8");
843 ASSERT_EQ(skel->bss->mark, scrub == NETKIT_SCRUB_NONE ? MARK : 0, "mark");
844 ASSERT_EQ(skel->bss->prio, scrub == NETKIT_SCRUB_NONE ? PRIO : 0, "prio");
845cleanup:
846 test_tc_link__destroy(skel);
847
848 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
849 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
850 destroy_netkit();
851}
852
853void serial_test_tc_netkit_scrub(void)
854{
855 serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_DEFAULT);
856 serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_NONE);
857}
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Isovalent */
3#include <uapi/linux/if_link.h>
4#include <net/if.h>
5#include <test_progs.h>
6
7#define netkit_peer "nk0"
8#define netkit_name "nk1"
9
10#define ping_addr_neigh 0x0a000002 /* 10.0.0.2 */
11#define ping_addr_noneigh 0x0a000003 /* 10.0.0.3 */
12
13#include "test_tc_link.skel.h"
14#include "netlink_helpers.h"
15#include "tc_helpers.h"
16
17#define ICMP_ECHO 8
18
19struct icmphdr {
20 __u8 type;
21 __u8 code;
22 __sum16 checksum;
23 struct {
24 __be16 id;
25 __be16 sequence;
26 } echo;
27};
28
29struct iplink_req {
30 struct nlmsghdr n;
31 struct ifinfomsg i;
32 char buf[1024];
33};
34
35static int create_netkit(int mode, int policy, int peer_policy, int *ifindex,
36 bool same_netns)
37{
38 struct rtnl_handle rth = { .fd = -1 };
39 struct iplink_req req = {};
40 struct rtattr *linkinfo, *data;
41 const char *type = "netkit";
42 int err;
43
44 err = rtnl_open(&rth, 0);
45 if (!ASSERT_OK(err, "open_rtnetlink"))
46 return err;
47
48 memset(&req, 0, sizeof(req));
49 req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
50 req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
51 req.n.nlmsg_type = RTM_NEWLINK;
52 req.i.ifi_family = AF_UNSPEC;
53
54 addattr_l(&req.n, sizeof(req), IFLA_IFNAME, netkit_name,
55 strlen(netkit_name));
56 linkinfo = addattr_nest(&req.n, sizeof(req), IFLA_LINKINFO);
57 addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, type, strlen(type));
58 data = addattr_nest(&req.n, sizeof(req), IFLA_INFO_DATA);
59 addattr32(&req.n, sizeof(req), IFLA_NETKIT_POLICY, policy);
60 addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_POLICY, peer_policy);
61 addattr32(&req.n, sizeof(req), IFLA_NETKIT_MODE, mode);
62 addattr_nest_end(&req.n, data);
63 addattr_nest_end(&req.n, linkinfo);
64
65 err = rtnl_talk(&rth, &req.n, NULL);
66 ASSERT_OK(err, "talk_rtnetlink");
67 rtnl_close(&rth);
68 *ifindex = if_nametoindex(netkit_name);
69
70 ASSERT_GT(*ifindex, 0, "retrieve_ifindex");
71 ASSERT_OK(system("ip netns add foo"), "create netns");
72 ASSERT_OK(system("ip link set dev " netkit_name " up"),
73 "up primary");
74 ASSERT_OK(system("ip addr add dev " netkit_name " 10.0.0.1/24"),
75 "addr primary");
76 if (same_netns) {
77 ASSERT_OK(system("ip link set dev " netkit_peer " up"),
78 "up peer");
79 ASSERT_OK(system("ip addr add dev " netkit_peer " 10.0.0.2/24"),
80 "addr peer");
81 } else {
82 ASSERT_OK(system("ip link set " netkit_peer " netns foo"),
83 "move peer");
84 ASSERT_OK(system("ip netns exec foo ip link set dev "
85 netkit_peer " up"), "up peer");
86 ASSERT_OK(system("ip netns exec foo ip addr add dev "
87 netkit_peer " 10.0.0.2/24"), "addr peer");
88 }
89 return err;
90}
91
92static void destroy_netkit(void)
93{
94 ASSERT_OK(system("ip link del dev " netkit_name), "del primary");
95 ASSERT_OK(system("ip netns del foo"), "delete netns");
96 ASSERT_EQ(if_nametoindex(netkit_name), 0, netkit_name "_ifindex");
97}
98
99static int __send_icmp(__u32 dest)
100{
101 struct sockaddr_in addr;
102 struct icmphdr icmp;
103 int sock, ret;
104
105 ret = write_sysctl("/proc/sys/net/ipv4/ping_group_range", "0 0");
106 if (!ASSERT_OK(ret, "write_sysctl(net.ipv4.ping_group_range)"))
107 return ret;
108
109 sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
110 if (!ASSERT_GE(sock, 0, "icmp_socket"))
111 return -errno;
112
113 ret = setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE,
114 netkit_name, strlen(netkit_name) + 1);
115 if (!ASSERT_OK(ret, "setsockopt(SO_BINDTODEVICE)"))
116 goto out;
117
118 memset(&addr, 0, sizeof(addr));
119 addr.sin_family = AF_INET;
120 addr.sin_addr.s_addr = htonl(dest);
121
122 memset(&icmp, 0, sizeof(icmp));
123 icmp.type = ICMP_ECHO;
124 icmp.echo.id = 1234;
125 icmp.echo.sequence = 1;
126
127 ret = sendto(sock, &icmp, sizeof(icmp), 0,
128 (struct sockaddr *)&addr, sizeof(addr));
129 if (!ASSERT_GE(ret, 0, "icmp_sendto"))
130 ret = -errno;
131 else
132 ret = 0;
133out:
134 close(sock);
135 return ret;
136}
137
138static int send_icmp(void)
139{
140 return __send_icmp(ping_addr_neigh);
141}
142
143void serial_test_tc_netkit_basic(void)
144{
145 LIBBPF_OPTS(bpf_prog_query_opts, optq);
146 LIBBPF_OPTS(bpf_netkit_opts, optl);
147 __u32 prog_ids[2], link_ids[2];
148 __u32 pid1, pid2, lid1, lid2;
149 struct test_tc_link *skel;
150 struct bpf_link *link;
151 int err, ifindex;
152
153 err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS,
154 &ifindex, false);
155 if (err)
156 return;
157
158 skel = test_tc_link__open();
159 if (!ASSERT_OK_PTR(skel, "skel_open"))
160 goto cleanup;
161
162 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
163 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
164 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
165 BPF_NETKIT_PEER), 0, "tc2_attach_type");
166
167 err = test_tc_link__load(skel);
168 if (!ASSERT_OK(err, "skel_load"))
169 goto cleanup;
170
171 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
172 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
173
174 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
175
176 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
177 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
178
179 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
180 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
181
182 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
183 if (!ASSERT_OK_PTR(link, "link_attach"))
184 goto cleanup;
185
186 skel->links.tc1 = link;
187
188 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
189
190 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
191 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
192
193 optq.prog_ids = prog_ids;
194 optq.link_ids = link_ids;
195
196 memset(prog_ids, 0, sizeof(prog_ids));
197 memset(link_ids, 0, sizeof(link_ids));
198 optq.count = ARRAY_SIZE(prog_ids);
199
200 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PRIMARY, &optq);
201 if (!ASSERT_OK(err, "prog_query"))
202 goto cleanup;
203
204 ASSERT_EQ(optq.count, 1, "count");
205 ASSERT_EQ(optq.revision, 2, "revision");
206 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
207 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
208 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
209 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
210
211 tc_skel_reset_all_seen(skel);
212 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
213
214 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
215 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
216
217 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex, &optl);
218 if (!ASSERT_OK_PTR(link, "link_attach"))
219 goto cleanup;
220
221 skel->links.tc2 = link;
222
223 lid2 = id_from_link_fd(bpf_link__fd(skel->links.tc2));
224 ASSERT_NEQ(lid1, lid2, "link_ids_1_2");
225
226 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
227 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 1);
228
229 memset(prog_ids, 0, sizeof(prog_ids));
230 memset(link_ids, 0, sizeof(link_ids));
231 optq.count = ARRAY_SIZE(prog_ids);
232
233 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PEER, &optq);
234 if (!ASSERT_OK(err, "prog_query"))
235 goto cleanup;
236
237 ASSERT_EQ(optq.count, 1, "count");
238 ASSERT_EQ(optq.revision, 2, "revision");
239 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
240 ASSERT_EQ(optq.link_ids[0], lid2, "link_ids[0]");
241 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
242 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
243
244 tc_skel_reset_all_seen(skel);
245 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
246
247 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
248 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
249cleanup:
250 test_tc_link__destroy(skel);
251
252 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
253 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
254 destroy_netkit();
255}
256
257static void serial_test_tc_netkit_multi_links_target(int mode, int target)
258{
259 LIBBPF_OPTS(bpf_prog_query_opts, optq);
260 LIBBPF_OPTS(bpf_netkit_opts, optl);
261 __u32 prog_ids[3], link_ids[3];
262 __u32 pid1, pid2, lid1, lid2;
263 struct test_tc_link *skel;
264 struct bpf_link *link;
265 int err, ifindex;
266
267 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
268 &ifindex, false);
269 if (err)
270 return;
271
272 skel = test_tc_link__open();
273 if (!ASSERT_OK_PTR(skel, "skel_open"))
274 goto cleanup;
275
276 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
277 target), 0, "tc1_attach_type");
278 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
279 target), 0, "tc2_attach_type");
280
281 err = test_tc_link__load(skel);
282 if (!ASSERT_OK(err, "skel_load"))
283 goto cleanup;
284
285 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
286 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
287
288 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
289
290 assert_mprog_count_ifindex(ifindex, target, 0);
291
292 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
293 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
294 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
295
296 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
297 if (!ASSERT_OK_PTR(link, "link_attach"))
298 goto cleanup;
299
300 skel->links.tc1 = link;
301
302 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
303
304 assert_mprog_count_ifindex(ifindex, target, 1);
305
306 optq.prog_ids = prog_ids;
307 optq.link_ids = link_ids;
308
309 memset(prog_ids, 0, sizeof(prog_ids));
310 memset(link_ids, 0, sizeof(link_ids));
311 optq.count = ARRAY_SIZE(prog_ids);
312
313 err = bpf_prog_query_opts(ifindex, target, &optq);
314 if (!ASSERT_OK(err, "prog_query"))
315 goto cleanup;
316
317 ASSERT_EQ(optq.count, 1, "count");
318 ASSERT_EQ(optq.revision, 2, "revision");
319 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
320 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
321 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
322 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
323
324 tc_skel_reset_all_seen(skel);
325 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
326
327 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
328 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
329 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
330
331 LIBBPF_OPTS_RESET(optl,
332 .flags = BPF_F_BEFORE,
333 .relative_fd = bpf_program__fd(skel->progs.tc1),
334 );
335
336 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex, &optl);
337 if (!ASSERT_OK_PTR(link, "link_attach"))
338 goto cleanup;
339
340 skel->links.tc2 = link;
341
342 lid2 = id_from_link_fd(bpf_link__fd(skel->links.tc2));
343 ASSERT_NEQ(lid1, lid2, "link_ids_1_2");
344
345 assert_mprog_count_ifindex(ifindex, target, 2);
346
347 memset(prog_ids, 0, sizeof(prog_ids));
348 memset(link_ids, 0, sizeof(link_ids));
349 optq.count = ARRAY_SIZE(prog_ids);
350
351 err = bpf_prog_query_opts(ifindex, target, &optq);
352 if (!ASSERT_OK(err, "prog_query"))
353 goto cleanup;
354
355 ASSERT_EQ(optq.count, 2, "count");
356 ASSERT_EQ(optq.revision, 3, "revision");
357 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
358 ASSERT_EQ(optq.link_ids[0], lid2, "link_ids[0]");
359 ASSERT_EQ(optq.prog_ids[1], pid1, "prog_ids[1]");
360 ASSERT_EQ(optq.link_ids[1], lid1, "link_ids[1]");
361 ASSERT_EQ(optq.prog_ids[2], 0, "prog_ids[2]");
362 ASSERT_EQ(optq.link_ids[2], 0, "link_ids[2]");
363
364 tc_skel_reset_all_seen(skel);
365 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
366
367 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
368 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
369 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
370cleanup:
371 test_tc_link__destroy(skel);
372
373 assert_mprog_count_ifindex(ifindex, target, 0);
374 destroy_netkit();
375}
376
377void serial_test_tc_netkit_multi_links(void)
378{
379 serial_test_tc_netkit_multi_links_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
380 serial_test_tc_netkit_multi_links_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
381 serial_test_tc_netkit_multi_links_target(NETKIT_L2, BPF_NETKIT_PEER);
382 serial_test_tc_netkit_multi_links_target(NETKIT_L3, BPF_NETKIT_PEER);
383}
384
385static void serial_test_tc_netkit_multi_opts_target(int mode, int target)
386{
387 LIBBPF_OPTS(bpf_prog_attach_opts, opta);
388 LIBBPF_OPTS(bpf_prog_detach_opts, optd);
389 LIBBPF_OPTS(bpf_prog_query_opts, optq);
390 __u32 pid1, pid2, fd1, fd2;
391 __u32 prog_ids[3];
392 struct test_tc_link *skel;
393 int err, ifindex;
394
395 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
396 &ifindex, false);
397 if (err)
398 return;
399
400 skel = test_tc_link__open_and_load();
401 if (!ASSERT_OK_PTR(skel, "skel_load"))
402 goto cleanup;
403
404 fd1 = bpf_program__fd(skel->progs.tc1);
405 fd2 = bpf_program__fd(skel->progs.tc2);
406
407 pid1 = id_from_prog_fd(fd1);
408 pid2 = id_from_prog_fd(fd2);
409
410 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
411
412 assert_mprog_count_ifindex(ifindex, target, 0);
413
414 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
415 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
416 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
417
418 err = bpf_prog_attach_opts(fd1, ifindex, target, &opta);
419 if (!ASSERT_EQ(err, 0, "prog_attach"))
420 goto cleanup;
421
422 assert_mprog_count_ifindex(ifindex, target, 1);
423
424 optq.prog_ids = prog_ids;
425
426 memset(prog_ids, 0, sizeof(prog_ids));
427 optq.count = ARRAY_SIZE(prog_ids);
428
429 err = bpf_prog_query_opts(ifindex, target, &optq);
430 if (!ASSERT_OK(err, "prog_query"))
431 goto cleanup_fd1;
432
433 ASSERT_EQ(optq.count, 1, "count");
434 ASSERT_EQ(optq.revision, 2, "revision");
435 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
436 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
437
438 tc_skel_reset_all_seen(skel);
439 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
440
441 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
442 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
443 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
444
445 LIBBPF_OPTS_RESET(opta,
446 .flags = BPF_F_BEFORE,
447 .relative_fd = fd1,
448 );
449
450 err = bpf_prog_attach_opts(fd2, ifindex, target, &opta);
451 if (!ASSERT_EQ(err, 0, "prog_attach"))
452 goto cleanup_fd1;
453
454 assert_mprog_count_ifindex(ifindex, target, 2);
455
456 memset(prog_ids, 0, sizeof(prog_ids));
457 optq.count = ARRAY_SIZE(prog_ids);
458
459 err = bpf_prog_query_opts(ifindex, target, &optq);
460 if (!ASSERT_OK(err, "prog_query"))
461 goto cleanup_fd2;
462
463 ASSERT_EQ(optq.count, 2, "count");
464 ASSERT_EQ(optq.revision, 3, "revision");
465 ASSERT_EQ(optq.prog_ids[0], pid2, "prog_ids[0]");
466 ASSERT_EQ(optq.prog_ids[1], pid1, "prog_ids[1]");
467 ASSERT_EQ(optq.prog_ids[2], 0, "prog_ids[2]");
468
469 tc_skel_reset_all_seen(skel);
470 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
471
472 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
473 ASSERT_EQ(skel->bss->seen_eth, true, "seen_eth");
474 ASSERT_EQ(skel->bss->seen_tc2, true, "seen_tc2");
475
476cleanup_fd2:
477 err = bpf_prog_detach_opts(fd2, ifindex, target, &optd);
478 ASSERT_OK(err, "prog_detach");
479 assert_mprog_count_ifindex(ifindex, target, 1);
480cleanup_fd1:
481 err = bpf_prog_detach_opts(fd1, ifindex, target, &optd);
482 ASSERT_OK(err, "prog_detach");
483 assert_mprog_count_ifindex(ifindex, target, 0);
484cleanup:
485 test_tc_link__destroy(skel);
486
487 assert_mprog_count_ifindex(ifindex, target, 0);
488 destroy_netkit();
489}
490
491void serial_test_tc_netkit_multi_opts(void)
492{
493 serial_test_tc_netkit_multi_opts_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
494 serial_test_tc_netkit_multi_opts_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
495 serial_test_tc_netkit_multi_opts_target(NETKIT_L2, BPF_NETKIT_PEER);
496 serial_test_tc_netkit_multi_opts_target(NETKIT_L3, BPF_NETKIT_PEER);
497}
498
499void serial_test_tc_netkit_device(void)
500{
501 LIBBPF_OPTS(bpf_prog_query_opts, optq);
502 LIBBPF_OPTS(bpf_netkit_opts, optl);
503 __u32 prog_ids[2], link_ids[2];
504 __u32 pid1, pid2, lid1;
505 struct test_tc_link *skel;
506 struct bpf_link *link;
507 int err, ifindex, ifindex2;
508
509 err = create_netkit(NETKIT_L3, NETKIT_PASS, NETKIT_PASS,
510 &ifindex, true);
511 if (err)
512 return;
513
514 ifindex2 = if_nametoindex(netkit_peer);
515 ASSERT_NEQ(ifindex, ifindex2, "ifindex_1_2");
516
517 skel = test_tc_link__open();
518 if (!ASSERT_OK_PTR(skel, "skel_open"))
519 goto cleanup;
520
521 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
522 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
523 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc2,
524 BPF_NETKIT_PEER), 0, "tc2_attach_type");
525 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc3,
526 BPF_NETKIT_PRIMARY), 0, "tc3_attach_type");
527
528 err = test_tc_link__load(skel);
529 if (!ASSERT_OK(err, "skel_load"))
530 goto cleanup;
531
532 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
533 pid2 = id_from_prog_fd(bpf_program__fd(skel->progs.tc2));
534
535 ASSERT_NEQ(pid1, pid2, "prog_ids_1_2");
536
537 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
538 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
539
540 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
541 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
542
543 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
544 if (!ASSERT_OK_PTR(link, "link_attach"))
545 goto cleanup;
546
547 skel->links.tc1 = link;
548
549 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
550
551 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
552 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
553
554 optq.prog_ids = prog_ids;
555 optq.link_ids = link_ids;
556
557 memset(prog_ids, 0, sizeof(prog_ids));
558 memset(link_ids, 0, sizeof(link_ids));
559 optq.count = ARRAY_SIZE(prog_ids);
560
561 err = bpf_prog_query_opts(ifindex, BPF_NETKIT_PRIMARY, &optq);
562 if (!ASSERT_OK(err, "prog_query"))
563 goto cleanup;
564
565 ASSERT_EQ(optq.count, 1, "count");
566 ASSERT_EQ(optq.revision, 2, "revision");
567 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
568 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
569 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
570 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
571
572 tc_skel_reset_all_seen(skel);
573 ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
574
575 ASSERT_EQ(skel->bss->seen_tc1, true, "seen_tc1");
576 ASSERT_EQ(skel->bss->seen_tc2, false, "seen_tc2");
577
578 memset(prog_ids, 0, sizeof(prog_ids));
579 memset(link_ids, 0, sizeof(link_ids));
580 optq.count = ARRAY_SIZE(prog_ids);
581
582 err = bpf_prog_query_opts(ifindex2, BPF_NETKIT_PRIMARY, &optq);
583 ASSERT_EQ(err, -EACCES, "prog_query_should_fail");
584
585 err = bpf_prog_query_opts(ifindex2, BPF_NETKIT_PEER, &optq);
586 ASSERT_EQ(err, -EACCES, "prog_query_should_fail");
587
588 link = bpf_program__attach_netkit(skel->progs.tc2, ifindex2, &optl);
589 if (!ASSERT_ERR_PTR(link, "link_attach_should_fail")) {
590 bpf_link__destroy(link);
591 goto cleanup;
592 }
593
594 link = bpf_program__attach_netkit(skel->progs.tc3, ifindex2, &optl);
595 if (!ASSERT_ERR_PTR(link, "link_attach_should_fail")) {
596 bpf_link__destroy(link);
597 goto cleanup;
598 }
599
600 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
601 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
602cleanup:
603 test_tc_link__destroy(skel);
604
605 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
606 assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
607 destroy_netkit();
608}
609
610static void serial_test_tc_netkit_neigh_links_target(int mode, int target)
611{
612 LIBBPF_OPTS(bpf_prog_query_opts, optq);
613 LIBBPF_OPTS(bpf_netkit_opts, optl);
614 __u32 prog_ids[2], link_ids[2];
615 __u32 pid1, lid1;
616 struct test_tc_link *skel;
617 struct bpf_link *link;
618 int err, ifindex;
619
620 err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
621 &ifindex, false);
622 if (err)
623 return;
624
625 skel = test_tc_link__open();
626 if (!ASSERT_OK_PTR(skel, "skel_open"))
627 goto cleanup;
628
629 ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc1,
630 BPF_NETKIT_PRIMARY), 0, "tc1_attach_type");
631
632 err = test_tc_link__load(skel);
633 if (!ASSERT_OK(err, "skel_load"))
634 goto cleanup;
635
636 pid1 = id_from_prog_fd(bpf_program__fd(skel->progs.tc1));
637
638 assert_mprog_count_ifindex(ifindex, target, 0);
639
640 ASSERT_EQ(skel->bss->seen_tc1, false, "seen_tc1");
641 ASSERT_EQ(skel->bss->seen_eth, false, "seen_eth");
642
643 link = bpf_program__attach_netkit(skel->progs.tc1, ifindex, &optl);
644 if (!ASSERT_OK_PTR(link, "link_attach"))
645 goto cleanup;
646
647 skel->links.tc1 = link;
648
649 lid1 = id_from_link_fd(bpf_link__fd(skel->links.tc1));
650
651 assert_mprog_count_ifindex(ifindex, target, 1);
652
653 optq.prog_ids = prog_ids;
654 optq.link_ids = link_ids;
655
656 memset(prog_ids, 0, sizeof(prog_ids));
657 memset(link_ids, 0, sizeof(link_ids));
658 optq.count = ARRAY_SIZE(prog_ids);
659
660 err = bpf_prog_query_opts(ifindex, target, &optq);
661 if (!ASSERT_OK(err, "prog_query"))
662 goto cleanup;
663
664 ASSERT_EQ(optq.count, 1, "count");
665 ASSERT_EQ(optq.revision, 2, "revision");
666 ASSERT_EQ(optq.prog_ids[0], pid1, "prog_ids[0]");
667 ASSERT_EQ(optq.link_ids[0], lid1, "link_ids[0]");
668 ASSERT_EQ(optq.prog_ids[1], 0, "prog_ids[1]");
669 ASSERT_EQ(optq.link_ids[1], 0, "link_ids[1]");
670
671 tc_skel_reset_all_seen(skel);
672 ASSERT_EQ(__send_icmp(ping_addr_noneigh), 0, "icmp_pkt");
673
674 ASSERT_EQ(skel->bss->seen_tc1, true /* L2: ARP */, "seen_tc1");
675 ASSERT_EQ(skel->bss->seen_eth, mode == NETKIT_L3, "seen_eth");
676cleanup:
677 test_tc_link__destroy(skel);
678
679 assert_mprog_count_ifindex(ifindex, target, 0);
680 destroy_netkit();
681}
682
683void serial_test_tc_netkit_neigh_links(void)
684{
685 serial_test_tc_netkit_neigh_links_target(NETKIT_L2, BPF_NETKIT_PRIMARY);
686 serial_test_tc_netkit_neigh_links_target(NETKIT_L3, BPF_NETKIT_PRIMARY);
687}