Author | Tokens | Token Proportion | Commits | Commit Proportion |
---|---|---|---|---|
Jordan Rife | 4550 | 57.20% | 16 | 48.48% |
Daan De Meyer | 2459 | 30.91% | 1 | 3.03% |
Andrey Ignatov | 794 | 9.98% | 5 | 15.15% |
Jussi Mäki | 72 | 0.91% | 1 | 3.03% |
Daniel Borkmann | 26 | 0.33% | 1 | 3.03% |
Geliang Tang | 15 | 0.19% | 1 | 3.03% |
Stanislav Fomichev | 14 | 0.18% | 2 | 6.06% |
Andrii Nakryiko | 10 | 0.13% | 2 | 6.06% |
Martin KaFai Lau | 10 | 0.13% | 2 | 6.06% |
Toke Höiland-Jörgensen | 4 | 0.05% | 1 | 3.03% |
Nicolas Rybowski | 1 | 0.01% | 1 | 3.03% |
Total | 7955 | 33 |
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664
// SPDX-License-Identifier: GPL-2.0 #include <sys/un.h> #include "test_progs.h" #include "sock_addr_kern.skel.h" #include "bind4_prog.skel.h" #include "bind6_prog.skel.h" #include "connect_unix_prog.skel.h" #include "connect4_prog.skel.h" #include "connect6_prog.skel.h" #include "sendmsg4_prog.skel.h" #include "sendmsg6_prog.skel.h" #include "recvmsg4_prog.skel.h" #include "recvmsg6_prog.skel.h" #include "sendmsg_unix_prog.skel.h" #include "recvmsg_unix_prog.skel.h" #include "getsockname4_prog.skel.h" #include "getsockname6_prog.skel.h" #include "getsockname_unix_prog.skel.h" #include "getpeername4_prog.skel.h" #include "getpeername6_prog.skel.h" #include "getpeername_unix_prog.skel.h" #include "network_helpers.h" #ifndef ENOTSUPP # define ENOTSUPP 524 #endif #define TEST_NS "sock_addr" #define TEST_IF_PREFIX "test_sock_addr" #define TEST_IPV4 "127.0.0.4" #define TEST_IPV6 "::6" #define SERV4_IP "192.168.1.254" #define SERV4_REWRITE_IP "127.0.0.1" #define SRC4_IP "172.16.0.1" #define SRC4_REWRITE_IP TEST_IPV4 #define SERV4_PORT 4040 #define SERV4_REWRITE_PORT 4444 #define SERV6_IP "face:b00c:1234:5678::abcd" #define SERV6_REWRITE_IP "::1" #define SERV6_V4MAPPED_IP "::ffff:192.168.0.4" #define SRC6_IP "::1" #define SRC6_REWRITE_IP TEST_IPV6 #define WILDCARD6_IP "::" #define SERV6_PORT 6060 #define SERV6_REWRITE_PORT 6666 #define SERVUN_ADDRESS "bpf_cgroup_unix_test" #define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite" #define SRCUN_ADDRESS "bpf_cgroup_unix_test_src" #define save_errno_do(op) ({ int __save = errno; op; errno = __save; }) enum sock_addr_test_type { SOCK_ADDR_TEST_BIND, SOCK_ADDR_TEST_CONNECT, SOCK_ADDR_TEST_SENDMSG, SOCK_ADDR_TEST_RECVMSG, SOCK_ADDR_TEST_GETSOCKNAME, SOCK_ADDR_TEST_GETPEERNAME, }; typedef void *(*load_fn)(int cgroup_fd, enum bpf_attach_type attach_type, bool expect_reject); typedef void (*destroy_fn)(void *skel); static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len, const struct sockaddr_storage *addr2, socklen_t addr2_len, bool cmp_port); struct init_sock_args { int af; int type; }; struct addr_args { char addr[sizeof(struct sockaddr_storage)]; int addrlen; }; struct sendmsg_args { struct addr_args addr; char msg[10]; int msglen; }; static struct sock_addr_kern *skel; static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size) { LIBBPF_OPTS(bpf_test_run_opts, topts); struct bpf_program *prog; int prog_fd, err; topts.ctx_in = ctx; topts.ctx_size_in = ctx_size; prog = bpf_object__find_program_by_name(skel->obj, prog_name); if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name")) goto err; prog_fd = bpf_program__fd(prog); err = bpf_prog_test_run_opts(prog_fd, &topts); if (!ASSERT_OK(err, prog_name)) goto err; err = topts.retval; errno = -topts.retval; goto out; err: err = -1; out: return err; } static int kernel_init_sock(int af, int type, int protocol) { struct init_sock_args args = { .af = af, .type = type, }; return run_bpf_prog("init_sock", &args, sizeof(args)); } static int kernel_close_sock(int fd) { return run_bpf_prog("close_sock", NULL, 0); } static int sock_addr_op(const char *name, struct sockaddr *addr, socklen_t *addrlen, bool expect_change) { struct addr_args args; int err; if (addrlen) args.addrlen = *addrlen; if (addr) memcpy(&args.addr, addr, *addrlen); err = run_bpf_prog(name, &args, sizeof(args)); if (!expect_change && addr) if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr, *addrlen, (struct sockaddr_storage *)&args.addr, args.addrlen, 1), 0, "address_param_modified")) return -1; if (addrlen) *addrlen = args.addrlen; if (addr) memcpy(addr, &args.addr, *addrlen); return err; } static int send_msg_op(const char *name, struct sockaddr *addr, socklen_t addrlen, const char *msg, int msglen) { struct sendmsg_args args; int err; memset(&args, 0, sizeof(args)); memcpy(&args.addr.addr, addr, addrlen); args.addr.addrlen = addrlen; memcpy(args.msg, msg, msglen); args.msglen = msglen; err = run_bpf_prog(name, &args, sizeof(args)); if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr, addrlen, (struct sockaddr_storage *)&args.addr.addr, args.addr.addrlen, 1), 0, "address_param_modified")) return -1; return err; } static int kernel_connect(struct sockaddr *addr, socklen_t addrlen) { return sock_addr_op("kernel_connect", addr, &addrlen, false); } static int kernel_bind(int fd, struct sockaddr *addr, socklen_t addrlen) { return sock_addr_op("kernel_bind", addr, &addrlen, false); } static int kernel_listen(void) { return sock_addr_op("kernel_listen", NULL, NULL, false); } static int kernel_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, char *msg, int msglen) { return send_msg_op("kernel_sendmsg", addr, addrlen, msg, msglen); } static int sock_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, char *msg, int msglen) { return send_msg_op("sock_sendmsg", addr, addrlen, msg, msglen); } static int kernel_getsockname(int fd, struct sockaddr *addr, socklen_t *addrlen) { return sock_addr_op("kernel_getsockname", addr, addrlen, true); } static int kernel_getpeername(int fd, struct sockaddr *addr, socklen_t *addrlen) { return sock_addr_op("kernel_getpeername", addr, addrlen, true); } int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, socklen_t addrlen, const struct network_helper_opts *opts) { int err; if (!ASSERT_OK(kernel_init_sock(addr->ss_family, type, 0), "kernel_init_sock")) goto err; if (kernel_connect((struct sockaddr *)addr, addrlen) < 0) goto err; /* Test code expects a "file descriptor" on success. */ err = 1; goto out; err: err = -1; save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); out: return err; } int kernel_start_server(int family, int type, const char *addr_str, __u16 port, int timeout_ms) { struct sockaddr_storage addr; socklen_t addrlen; int err; if (!ASSERT_OK(kernel_init_sock(family, type, 0), "kernel_init_sock")) goto err; if (make_sockaddr(family, addr_str, port, &addr, &addrlen)) goto err; if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0) goto err; if (type == SOCK_STREAM) { if (!ASSERT_OK(kernel_listen(), "kernel_listen")) goto err; } /* Test code expects a "file descriptor" on success. */ err = 1; goto out; err: err = -1; save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); out: return err; } struct sock_ops { int (*connect_to_addr)(int type, const struct sockaddr_storage *addr, socklen_t addrlen, const struct network_helper_opts *opts); int (*start_server)(int family, int type, const char *addr_str, __u16 port, int timeout_ms); int (*socket)(int famil, int type, int protocol); int (*bind)(int fd, struct sockaddr *addr, socklen_t addrlen); int (*getsockname)(int fd, struct sockaddr *addr, socklen_t *addrlen); int (*getpeername)(int fd, struct sockaddr *addr, socklen_t *addrlen); int (*sendmsg)(int fd, struct sockaddr *addr, socklen_t addrlen, char *msg, int msglen); int (*close)(int fd); }; static int user_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, char *msg, int msglen) { struct msghdr hdr; struct iovec iov; memset(&iov, 0, sizeof(iov)); iov.iov_base = msg; iov.iov_len = msglen; memset(&hdr, 0, sizeof(hdr)); hdr.msg_name = (void *)addr; hdr.msg_namelen = addrlen; hdr.msg_iov = &iov; hdr.msg_iovlen = 1; return sendmsg(fd, &hdr, 0); } static int user_bind(int fd, struct sockaddr *addr, socklen_t addrlen) { return bind(fd, (const struct sockaddr *)addr, addrlen); } struct sock_ops user_ops = { .connect_to_addr = connect_to_addr, .start_server = start_server, .socket = socket, .bind = user_bind, .getsockname = getsockname, .getpeername = getpeername, .sendmsg = user_sendmsg, .close = close, }; struct sock_ops kern_ops_sock_sendmsg = { .connect_to_addr = kernel_connect_to_addr, .start_server = kernel_start_server, .socket = kernel_init_sock, .bind = kernel_bind, .getsockname = kernel_getsockname, .getpeername = kernel_getpeername, .sendmsg = sock_sendmsg, .close = kernel_close_sock, }; struct sock_ops kern_ops_kernel_sendmsg = { .connect_to_addr = kernel_connect_to_addr, .start_server = kernel_start_server, .socket = kernel_init_sock, .bind = kernel_bind, .getsockname = kernel_getsockname, .getpeername = kernel_getpeername, .sendmsg = kernel_sendmsg, .close = kernel_close_sock, }; struct sock_addr_test { enum sock_addr_test_type type; const char *name; /* BPF prog properties */ load_fn loadfn; destroy_fn destroyfn; enum bpf_attach_type attach_type; /* Socket operations */ struct sock_ops *ops; /* Socket properties */ int socket_family; int socket_type; /* IP:port pairs for BPF prog to override */ const char *requested_addr; unsigned short requested_port; const char *expected_addr; unsigned short expected_port; const char *expected_src_addr; /* Expected test result */ enum { LOAD_REJECT, ATTACH_REJECT, SYSCALL_EPERM, SYSCALL_ENOTSUPP, SUCCESS, } expected_result; }; #define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \ static void *prog_name##_load_raw(int cgroup_fd, \ enum bpf_attach_type attach_type, \ bool expect_reject) \ { \ struct skel_name *skel = skel_name##__open(); \ int prog_fd = -1; \ if (!ASSERT_OK_PTR(skel, "skel_open")) \ goto cleanup; \ if (!ASSERT_OK(skel_name##__load(skel), "load")) \ goto cleanup; \ prog_fd = bpf_program__fd(skel->progs.prog_name); \ if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \ goto cleanup; \ if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \ BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \ ASSERT_TRUE(expect_reject, "unexpected rejection"); \ goto cleanup; \ } \ if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ goto cleanup; \ cleanup: \ if (prog_fd > 0) \ bpf_prog_detach(cgroup_fd, attach_type); \ skel_name##__destroy(skel); \ return NULL; \ } \ static void prog_name##_destroy_raw(void *progfd) \ { \ /* No-op. *_load_raw does all cleanup. */ \ } \ #define BPF_SKEL_FUNCS(skel_name, prog_name) \ static void *prog_name##_load(int cgroup_fd, \ enum bpf_attach_type attach_type, \ bool expect_reject) \ { \ struct skel_name *skel = skel_name##__open(); \ if (!ASSERT_OK_PTR(skel, "skel_open")) \ goto cleanup; \ if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \ attach_type), \ "set_expected_attach_type")) \ goto cleanup; \ if (skel_name##__load(skel)) { \ ASSERT_TRUE(expect_reject, "unexpected rejection"); \ goto cleanup; \ } \ if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ goto cleanup; \ skel->links.prog_name = bpf_program__attach_cgroup( \ skel->progs.prog_name, cgroup_fd); \ if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \ goto cleanup; \ return skel; \ cleanup: \ skel_name##__destroy(skel); \ return NULL; \ } \ static void prog_name##_destroy(void *skel) \ { \ skel_name##__destroy(skel); \ } BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog); BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog); BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog); BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog); BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog); BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog); BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog); BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog); BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog); BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog); BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog); BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog); BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog); BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog); BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog); BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog); BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog); BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog); BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog); BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog); BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog); BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog); BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog); BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog); BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog); BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog); BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog); BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog); BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog); static struct sock_addr_test tests[] = { /* bind - system calls */ { SOCK_ADDR_TEST_BIND, "bind4: bind (stream)", bind_v4_prog_load, bind_v4_prog_destroy, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: bind deny (stream)", bind_v4_deny_prog_load, bind_v4_deny_prog_destroy, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind4: bind (dgram)", bind_v4_prog_load, bind_v4_prog_destroy, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: bind deny (dgram)", bind_v4_deny_prog_load, bind_v4_deny_prog_destroy, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind4: load prog with wrong expected attach type", bind_v4_prog_load, bind_v4_prog_destroy, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_BIND, "bind4: attach prog with wrong attach type", bind_v4_prog_load_raw, bind_v4_prog_destroy_raw, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (stream)", bind_v6_prog_load, bind_v6_prog_destroy, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: bind deny (stream)", bind_v6_deny_prog_load, bind_v6_deny_prog_destroy, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind6: bind (dgram)", bind_v6_prog_load, bind_v6_prog_destroy, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: bind deny (dgram)", bind_v6_deny_prog_load, bind_v6_deny_prog_destroy, BPF_CGROUP_INET6_BIND, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind6: load prog with wrong expected attach type", bind_v6_prog_load, bind_v6_prog_destroy, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET6, SOCK_STREAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_BIND, "bind6: attach prog with wrong attach type", bind_v6_prog_load_raw, bind_v6_prog_destroy_raw, BPF_CGROUP_INET4_BIND, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, /* bind - kernel calls */ { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (stream)", bind_v4_prog_load, bind_v4_prog_destroy, BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind deny (stream)", bind_v4_deny_prog_load, bind_v4_deny_prog_destroy, BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind (dgram)", bind_v4_prog_load, bind_v4_prog_destroy, BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind4: kernel_bind deny (dgram)", bind_v4_deny_prog_load, bind_v4_deny_prog_destroy, BPF_CGROUP_INET4_BIND, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (stream)", bind_v6_prog_load, bind_v6_prog_destroy, BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind deny (stream)", bind_v6_deny_prog_load, bind_v6_deny_prog_destroy, BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind (dgram)", bind_v6_prog_load, bind_v6_prog_destroy, BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_BIND, "bind6: kernel_bind deny (dgram)", bind_v6_deny_prog_load, bind_v6_deny_prog_destroy, BPF_CGROUP_INET6_BIND, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, NULL, SYSCALL_EPERM, }, /* connect - system calls */ { SOCK_ADDR_TEST_CONNECT, "connect4: connect (stream)", connect_v4_prog_load, connect_v4_prog_destroy, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: connect deny (stream)", connect_v4_deny_prog_load, connect_v4_deny_prog_destroy, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect4: connect (dgram)", connect_v4_prog_load, connect_v4_prog_destroy, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: connect deny (dgram)", connect_v4_deny_prog_load, connect_v4_deny_prog_destroy, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect4: load prog with wrong expected attach type", connect_v4_prog_load, connect_v4_prog_destroy, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_CONNECT, "connect4: attach prog with wrong attach type", connect_v4_prog_load_raw, connect_v4_prog_destroy_raw, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (stream)", connect_v6_prog_load, connect_v6_prog_destroy, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect deny (stream)", connect_v6_deny_prog_load, connect_v6_deny_prog_destroy, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect (dgram)", connect_v6_prog_load, connect_v6_prog_destroy, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: connect deny (dgram)", connect_v6_deny_prog_load, connect_v6_deny_prog_destroy, BPF_CGROUP_INET6_CONNECT, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect6: load prog with wrong expected attach type", connect_v6_prog_load, connect_v6_prog_destroy, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET6, SOCK_STREAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_CONNECT, "connect6: attach prog with wrong attach type", connect_v6_prog_load_raw, connect_v6_prog_destroy_raw, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_INET, SOCK_STREAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: connect (stream)", connect_unix_prog_load, connect_unix_prog_destroy, BPF_CGROUP_UNIX_CONNECT, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: connect deny (stream)", connect_unix_deny_prog_load, connect_unix_deny_prog_destroy, BPF_CGROUP_UNIX_CONNECT, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: attach prog with wrong attach type", connect_unix_prog_load_raw, connect_unix_prog_destroy_raw, BPF_CGROUP_INET4_CONNECT, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, ATTACH_REJECT, }, /* connect - kernel calls */ { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (stream)", connect_v4_prog_load, connect_v4_prog_destroy, BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect deny (stream)", connect_v4_deny_prog_load, connect_v4_deny_prog_destroy, BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_STREAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect (dgram)", connect_v4_prog_load, connect_v4_prog_destroy, BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect4: kernel_connect deny (dgram)", connect_v4_deny_prog_load, connect_v4_deny_prog_destroy, BPF_CGROUP_INET4_CONNECT, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (stream)", connect_v6_prog_load, connect_v6_prog_destroy, BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect deny (stream)", connect_v6_deny_prog_load, connect_v6_deny_prog_destroy, BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_STREAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect (dgram)", connect_v6_prog_load, connect_v6_prog_destroy, BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect6: kernel_connect deny (dgram)", connect_v6_deny_prog_load, connect_v6_deny_prog_destroy, BPF_CGROUP_INET6_CONNECT, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: kernel_connect (dgram)", connect_unix_prog_load, connect_unix_prog_destroy, BPF_CGROUP_UNIX_CONNECT, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_CONNECT, "connect_unix: kernel_connect deny (dgram)", connect_unix_deny_prog_load, connect_unix_deny_prog_destroy, BPF_CGROUP_UNIX_CONNECT, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SYSCALL_EPERM, }, /* sendmsg - system calls */ { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sendmsg deny (dgram)", sendmsg_v4_deny_prog_load, sendmsg_v4_deny_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: load prog with wrong expected attach type", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET, SOCK_DGRAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: attach prog with wrong attach type", sendmsg_v4_prog_load_raw, sendmsg_v4_prog_destroy_raw, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET, SOCK_DGRAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg [::] (BSD'ism) (dgram)", sendmsg_v6_preserve_dst_prog_load, sendmsg_v6_preserve_dst_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, WILDCARD6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_PORT, SRC6_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg deny (dgram)", sendmsg_v6_deny_prog_load, sendmsg_v6_deny_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)", sendmsg_v6_v4mapped_prog_load, sendmsg_v6_v4mapped_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_ENOTSUPP, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)", sendmsg_v6_wildcard_prog_load, sendmsg_v6_wildcard_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: load prog with wrong expected attach type", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, NULL, 0, NULL, 0, NULL, LOAD_REJECT, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: attach prog with wrong attach type", sendmsg_v6_prog_load_raw, sendmsg_v6_prog_destroy_raw, BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_INET6, SOCK_DGRAM, NULL, 0, NULL, 0, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &user_ops, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sendmsg deny (dgram)", sendmsg_unix_deny_prog_load, sendmsg_unix_deny_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &user_ops, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: attach prog with wrong attach type", sendmsg_unix_prog_load_raw, sendmsg_unix_prog_destroy_raw, BPF_CGROUP_UDP4_SENDMSG, &user_ops, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, ATTACH_REJECT, }, /* sendmsg - kernel calls (sock_sendmsg) */ { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sock_sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: sock_sendmsg deny (dgram)", sendmsg_v4_deny_prog_load, sendmsg_v4_deny_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &kern_ops_sock_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)", sendmsg_v6_preserve_dst_prog_load, sendmsg_v6_preserve_dst_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, WILDCARD6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_PORT, SRC6_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: sock_sendmsg deny (dgram)", sendmsg_v6_deny_prog_load, sendmsg_v6_deny_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_sock_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg deny (dgram)", sendmsg_unix_deny_prog_load, sendmsg_unix_deny_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &kern_ops_sock_sendmsg, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SYSCALL_EPERM, }, /* sendmsg - kernel calls (kernel_sendmsg) */ { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: kernel_sendmsg (dgram)", sendmsg_v4_prog_load, sendmsg_v4_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg4: kernel_sendmsg deny (dgram)", sendmsg_v4_deny_prog_load, sendmsg_v4_deny_prog_destroy, BPF_CGROUP_UDP4_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, SERV4_IP, SERV4_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SRC4_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg (dgram)", sendmsg_v6_prog_load, sendmsg_v6_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)", sendmsg_v6_preserve_dst_prog_load, sendmsg_v6_preserve_dst_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, WILDCARD6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_PORT, SRC6_IP, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg6: kernel_sendmsg deny (dgram)", sendmsg_v6_deny_prog_load, sendmsg_v6_deny_prog_destroy, BPF_CGROUP_UDP6_SENDMSG, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_IP, SERV6_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SRC6_REWRITE_IP, SYSCALL_EPERM, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: sock_sendmsg (dgram)", sendmsg_unix_prog_load, sendmsg_unix_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &kern_ops_kernel_sendmsg, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_SENDMSG, "sendmsg_unix: kernel_sendmsg deny (dgram)", sendmsg_unix_deny_prog_load, sendmsg_unix_deny_prog_destroy, BPF_CGROUP_UNIX_SENDMSG, &kern_ops_kernel_sendmsg, AF_UNIX, SOCK_DGRAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SYSCALL_EPERM, }, /* recvmsg - system calls */ { SOCK_ADDR_TEST_RECVMSG, "recvmsg4: recvfrom (dgram)", recvmsg4_prog_load, recvmsg4_prog_destroy, BPF_CGROUP_UDP4_RECVMSG, &user_ops, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg4: attach prog with wrong attach type", recvmsg4_prog_load_raw, recvmsg4_prog_destroy_raw, BPF_CGROUP_UDP6_RECVMSG, &user_ops, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, ATTACH_REJECT, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg6: recvfrom (dgram)", recvmsg6_prog_load, recvmsg6_prog_destroy, BPF_CGROUP_UDP6_RECVMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg6: attach prog with wrong attach type", recvmsg6_prog_load_raw, recvmsg6_prog_destroy_raw, BPF_CGROUP_UDP4_RECVMSG, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, ATTACH_REJECT, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: recvfrom (dgram)", recvmsg_unix_prog_load, recvmsg_unix_prog_destroy, BPF_CGROUP_UNIX_RECVMSG, &user_ops, AF_UNIX, SOCK_DGRAM, SERVUN_REWRITE_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, SERVUN_ADDRESS, SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: recvfrom (stream)", recvmsg_unix_prog_load, recvmsg_unix_prog_destroy, BPF_CGROUP_UNIX_RECVMSG, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_REWRITE_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, SERVUN_ADDRESS, SUCCESS, }, { SOCK_ADDR_TEST_RECVMSG, "recvmsg_unix: attach prog with wrong attach type", recvmsg_unix_prog_load_raw, recvmsg_unix_prog_destroy_raw, BPF_CGROUP_UDP4_RECVMSG, &user_ops, AF_INET6, SOCK_STREAM, SERVUN_REWRITE_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, SERVUN_ADDRESS, ATTACH_REJECT, }, /* getsockname - system calls */ { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname4: getsockname (stream)", getsockname_v4_prog_load, getsockname_v4_prog_destroy, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_INET, SOCK_STREAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname4: getsockname (dgram)", getsockname_v4_prog_load, getsockname_v4_prog_destroy, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname4: attach prog with wrong attach type", getsockname_v4_prog_load_raw, getsockname_v4_prog_destroy_raw, BPF_CGROUP_INET6_GETSOCKNAME, &user_ops, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: getsockname (stream)", getsockname_v6_prog_load, getsockname_v6_prog_destroy, BPF_CGROUP_INET6_GETSOCKNAME, &user_ops, AF_INET6, SOCK_STREAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: getsockname (dgram)", getsockname_v6_prog_load, getsockname_v6_prog_destroy, BPF_CGROUP_INET6_GETSOCKNAME, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: attach prog with wrong attach type", getsockname_v6_prog_load_raw, getsockname_v6_prog_destroy_raw, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname_unix: getsockname", getsockname_unix_prog_load, getsockname_unix_prog_destroy, BPF_CGROUP_UNIX_GETSOCKNAME, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname_unix: attach prog with wrong attach type", getsockname_unix_prog_load_raw, getsockname_unix_prog_destroy_raw, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, ATTACH_REJECT, }, /* getsockname - kernel calls */ { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname4: kernel_getsockname (stream)", getsockname_v4_prog_load, getsockname_v4_prog_destroy, BPF_CGROUP_INET4_GETSOCKNAME, &kern_ops_kernel_sendmsg, AF_INET, SOCK_STREAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname4: kernel_getsockname (dgram)", getsockname_v4_prog_load, getsockname_v4_prog_destroy, BPF_CGROUP_INET4_GETSOCKNAME, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: kernel_getsockname (stream)", getsockname_v6_prog_load, getsockname_v6_prog_destroy, BPF_CGROUP_INET6_GETSOCKNAME, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_STREAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname6: kernel_getsockname (dgram)", getsockname_v6_prog_load, getsockname_v6_prog_destroy, BPF_CGROUP_INET6_GETSOCKNAME, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETSOCKNAME, "getsockname_unix: kernel_getsockname", getsockname_unix_prog_load, getsockname_unix_prog_destroy, BPF_CGROUP_UNIX_GETSOCKNAME, &kern_ops_kernel_sendmsg, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, /* getpeername - system calls */ { SOCK_ADDR_TEST_GETPEERNAME, "getpeername4: getpeername (stream)", getpeername_v4_prog_load, getpeername_v4_prog_destroy, BPF_CGROUP_INET4_GETPEERNAME, &user_ops, AF_INET, SOCK_STREAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername4: getpeername (dgram)", getpeername_v4_prog_load, getpeername_v4_prog_destroy, BPF_CGROUP_INET4_GETPEERNAME, &user_ops, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername4: attach prog with wrong attach type", getpeername_v4_prog_load_raw, getpeername_v4_prog_destroy_raw, BPF_CGROUP_INET6_GETSOCKNAME, &user_ops, AF_UNIX, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: getpeername (stream)", getpeername_v6_prog_load, getpeername_v6_prog_destroy, BPF_CGROUP_INET6_GETPEERNAME, &user_ops, AF_INET6, SOCK_STREAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: getpeername (dgram)", getpeername_v6_prog_load, getpeername_v6_prog_destroy, BPF_CGROUP_INET6_GETPEERNAME, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: attach prog with wrong attach type", getpeername_v6_prog_load_raw, getpeername_v6_prog_destroy_raw, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, ATTACH_REJECT, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername_unix: getpeername", getpeername_unix_prog_load, getpeername_unix_prog_destroy, BPF_CGROUP_UNIX_GETPEERNAME, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername_unix: attach prog with wrong attach type", getpeername_unix_prog_load_raw, getpeername_unix_prog_destroy_raw, BPF_CGROUP_INET4_GETSOCKNAME, &user_ops, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, ATTACH_REJECT, }, /* getpeername - kernel calls */ { SOCK_ADDR_TEST_GETPEERNAME, "getpeername4: kernel_getpeername (stream)", getpeername_v4_prog_load, getpeername_v4_prog_destroy, BPF_CGROUP_INET4_GETPEERNAME, &kern_ops_kernel_sendmsg, AF_INET, SOCK_STREAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername4: kernel_getpeername (dgram)", getpeername_v4_prog_load, getpeername_v4_prog_destroy, BPF_CGROUP_INET4_GETPEERNAME, &kern_ops_kernel_sendmsg, AF_INET, SOCK_DGRAM, SERV4_REWRITE_IP, SERV4_REWRITE_PORT, SERV4_IP, SERV4_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: kernel_getpeername (stream)", getpeername_v6_prog_load, getpeername_v6_prog_destroy, BPF_CGROUP_INET6_GETPEERNAME, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_STREAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername6: kernel_getpeername (dgram)", getpeername_v6_prog_load, getpeername_v6_prog_destroy, BPF_CGROUP_INET6_GETPEERNAME, &kern_ops_kernel_sendmsg, AF_INET6, SOCK_DGRAM, SERV6_REWRITE_IP, SERV6_REWRITE_PORT, SERV6_IP, SERV6_PORT, NULL, SUCCESS, }, { SOCK_ADDR_TEST_GETPEERNAME, "getpeername_unix: kernel_getpeername", getpeername_unix_prog_load, getpeername_unix_prog_destroy, BPF_CGROUP_UNIX_GETPEERNAME, &kern_ops_kernel_sendmsg, AF_UNIX, SOCK_STREAM, SERVUN_ADDRESS, 0, SERVUN_REWRITE_ADDRESS, 0, NULL, SUCCESS, }, }; typedef int (*info_fn)(int, struct sockaddr *, socklen_t *); static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len, const struct sockaddr_storage *addr2, socklen_t addr2_len, bool cmp_port) { const struct sockaddr_in *four1, *four2; const struct sockaddr_in6 *six1, *six2; const struct sockaddr_un *un1, *un2; if (addr1->ss_family != addr2->ss_family) return -1; if (addr1_len != addr2_len) return -1; if (addr1->ss_family == AF_INET) { four1 = (const struct sockaddr_in *)addr1; four2 = (const struct sockaddr_in *)addr2; return !((four1->sin_port == four2->sin_port || !cmp_port) && four1->sin_addr.s_addr == four2->sin_addr.s_addr); } else if (addr1->ss_family == AF_INET6) { six1 = (const struct sockaddr_in6 *)addr1; six2 = (const struct sockaddr_in6 *)addr2; return !((six1->sin6_port == six2->sin6_port || !cmp_port) && !memcmp(&six1->sin6_addr, &six2->sin6_addr, sizeof(struct in6_addr))); } else if (addr1->ss_family == AF_UNIX) { un1 = (const struct sockaddr_un *)addr1; un2 = (const struct sockaddr_un *)addr2; return memcmp(un1, un2, addr1_len); } return -1; } static int cmp_sock_addr(info_fn fn, int sock1, const struct sockaddr_storage *addr2, socklen_t addr2_len, bool cmp_port) { struct sockaddr_storage addr1; socklen_t len1 = sizeof(addr1); memset(&addr1, 0, len1); if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0) return -1; return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port); } static int load_sock_addr_kern(void) { int err; skel = sock_addr_kern__open_and_load(); if (!ASSERT_OK_PTR(skel, "skel")) goto err; err = 0; goto out; err: err = -1; out: return err; } static void unload_sock_addr_kern(void) { sock_addr_kern__destroy(skel); } static int test_bind(struct sock_addr_test *test) { struct sockaddr_storage expected_addr; socklen_t expected_addr_len = sizeof(struct sockaddr_storage); int serv = -1, client = -1, err; serv = test->ops->start_server(test->socket_family, test->socket_type, test->requested_addr, test->requested_port, 0); if (serv < 0) { err = errno; goto err; } err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, &expected_addr, &expected_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true); if (!ASSERT_EQ(err, 0, "cmp_local_addr")) goto cleanup; /* Try to connect to server just in case */ client = connect_to_addr(test->socket_type, &expected_addr, expected_addr_len, NULL); if (!ASSERT_GE(client, 0, "connect_to_addr")) goto cleanup; cleanup: err = 0; err: if (client != -1) close(client); if (serv != -1) test->ops->close(serv); return err; } static int test_connect(struct sock_addr_test *test) { struct sockaddr_storage addr, expected_addr, expected_src_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), expected_addr_len = sizeof(struct sockaddr_storage), expected_src_addr_len = sizeof(struct sockaddr_storage); int serv = -1, client = -1, err; serv = start_server(test->socket_family, test->socket_type, test->expected_addr, test->expected_port, 0); if (!ASSERT_GE(serv, 0, "start_server")) goto cleanup; err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, &addr, &addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len, NULL); if (client < 0) { err = errno; goto err; } err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, &expected_addr, &expected_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; if (test->expected_src_addr) { err = make_sockaddr(test->socket_family, test->expected_src_addr, 0, &expected_src_addr, &expected_src_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; } err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr, expected_addr_len, true); if (!ASSERT_EQ(err, 0, "cmp_peer_addr")) goto cleanup; if (test->expected_src_addr) { err = cmp_sock_addr(test->ops->getsockname, client, &expected_src_addr, expected_src_addr_len, false); if (!ASSERT_EQ(err, 0, "cmp_local_addr")) goto cleanup; } cleanup: err = 0; err: if (client != -1) test->ops->close(client); if (serv != -1) close(serv); return err; } static int test_xmsg(struct sock_addr_test *test) { struct sockaddr_storage addr, src_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), src_addr_len = sizeof(struct sockaddr_storage); char data = 'a'; int serv = -1, client = -1, err; /* Unlike the other tests, here we test that we can rewrite the src addr * with a recvmsg() hook. */ serv = start_server(test->socket_family, test->socket_type, test->expected_addr, test->expected_port, 0); if (!ASSERT_GE(serv, 0, "start_server")) goto cleanup; client = test->ops->socket(test->socket_family, test->socket_type, 0); if (!ASSERT_GE(client, 0, "socket")) goto cleanup; /* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */ if (test->socket_family == AF_UNIX) { err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; err = test->ops->bind(client, (struct sockaddr *)&src_addr, src_addr_len); if (!ASSERT_OK(err, "bind")) goto cleanup; } err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, &addr, &addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; if (test->socket_type == SOCK_DGRAM) { err = test->ops->sendmsg(client, (struct sockaddr *)&addr, addr_len, &data, sizeof(data)); if (err < 0) { err = errno; goto err; } if (!ASSERT_EQ(err, sizeof(data), "sendmsg")) goto cleanup; } else { /* Testing with connection-oriented sockets is only valid for * recvmsg() tests. */ if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg")) goto cleanup; err = connect(client, (const struct sockaddr *)&addr, addr_len); if (!ASSERT_OK(err, "connect")) goto cleanup; err = send(client, &data, sizeof(data), 0); if (!ASSERT_EQ(err, sizeof(data), "send")) goto cleanup; err = listen(serv, 0); if (!ASSERT_OK(err, "listen")) goto cleanup; err = accept(serv, NULL, NULL); if (!ASSERT_GE(err, 0, "accept")) goto cleanup; close(serv); serv = err; } addr_len = src_addr_len = sizeof(struct sockaddr_storage); err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len); if (!ASSERT_EQ(err, sizeof(data), "recvfrom")) goto cleanup; ASSERT_EQ(data, 'a', "data mismatch"); if (test->expected_src_addr) { err = make_sockaddr(test->socket_family, test->expected_src_addr, 0, &addr, &addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false); if (!ASSERT_EQ(err, 0, "cmp_addr")) goto cleanup; } cleanup: err = 0; err: if (client != -1) test->ops->close(client); if (serv != -1) close(serv); return err; } static int test_getsockname(struct sock_addr_test *test) { struct sockaddr_storage expected_addr; socklen_t expected_addr_len = sizeof(struct sockaddr_storage); int serv = -1, err; serv = test->ops->start_server(test->socket_family, test->socket_type, test->requested_addr, test->requested_port, 0); if (!ASSERT_GE(serv, 0, "start_server")) goto cleanup; err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, &expected_addr, &expected_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true); if (!ASSERT_EQ(err, 0, "cmp_local_addr")) goto cleanup; cleanup: if (serv != -1) test->ops->close(serv); return 0; } static int test_getpeername(struct sock_addr_test *test) { struct sockaddr_storage addr, expected_addr; socklen_t addr_len = sizeof(struct sockaddr_storage), expected_addr_len = sizeof(struct sockaddr_storage); int serv = -1, client = -1, err; serv = start_server(test->socket_family, test->socket_type, test->requested_addr, test->requested_port, 0); if (!ASSERT_GE(serv, 0, "start_server")) goto cleanup; err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, &addr, &addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len, NULL); if (!ASSERT_GE(client, 0, "connect_to_addr")) goto cleanup; err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, &expected_addr, &expected_addr_len); if (!ASSERT_EQ(err, 0, "make_sockaddr")) goto cleanup; err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr, expected_addr_len, true); if (!ASSERT_EQ(err, 0, "cmp_peer_addr")) goto cleanup; cleanup: if (client != -1) test->ops->close(client); if (serv != -1) close(serv); return 0; } static int setup_test_env(struct nstoken **tok) { int err; SYS_NOFAIL("ip netns delete %s", TEST_NS); SYS(fail, "ip netns add %s", TEST_NS); *tok = open_netns(TEST_NS); if (!ASSERT_OK_PTR(*tok, "netns token")) goto fail; SYS(fail, "ip link add dev %s1 type veth peer name %s2", TEST_IF_PREFIX, TEST_IF_PREFIX); SYS(fail, "ip link set lo up"); SYS(fail, "ip link set %s1 up", TEST_IF_PREFIX); SYS(fail, "ip link set %s2 up", TEST_IF_PREFIX); SYS(fail, "ip -4 addr add %s/8 dev %s1", TEST_IPV4, TEST_IF_PREFIX); SYS(fail, "ip -6 addr add %s/128 nodad dev %s1", TEST_IPV6, TEST_IF_PREFIX); err = 0; goto out; fail: err = -1; close_netns(*tok); *tok = NULL; SYS_NOFAIL("ip netns delete %s", TEST_NS); out: return err; } static void cleanup_test_env(struct nstoken *tok) { close_netns(tok); SYS_NOFAIL("ip netns delete %s", TEST_NS); } void test_sock_addr(void) { struct nstoken *tok = NULL; int cgroup_fd = -1; void *skel; cgroup_fd = test__join_cgroup("/sock_addr"); if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup")) goto cleanup; if (!ASSERT_OK(setup_test_env(&tok), "setup_test_env")) goto cleanup; if (!ASSERT_OK(load_sock_addr_kern(), "load_sock_addr_kern")) goto cleanup; for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) { struct sock_addr_test *test = &tests[i]; int err; if (!test__start_subtest(test->name)) continue; skel = test->loadfn(cgroup_fd, test->attach_type, test->expected_result == LOAD_REJECT || test->expected_result == ATTACH_REJECT); if (!skel) continue; switch (test->type) { /* Not exercised yet but we leave this code here for when the * INET and INET6 sockaddr tests are migrated to this file in * the future. */ case SOCK_ADDR_TEST_BIND: err = test_bind(test); break; case SOCK_ADDR_TEST_CONNECT: err = test_connect(test); break; case SOCK_ADDR_TEST_SENDMSG: case SOCK_ADDR_TEST_RECVMSG: err = test_xmsg(test); break; case SOCK_ADDR_TEST_GETSOCKNAME: err = test_getsockname(test); break; case SOCK_ADDR_TEST_GETPEERNAME: err = test_getpeername(test); break; default: ASSERT_TRUE(false, "Unknown sock addr test type"); err = -EINVAL; break; } if (test->expected_result == SYSCALL_EPERM) ASSERT_EQ(err, EPERM, "socket operation returns EPERM"); else if (test->expected_result == SYSCALL_ENOTSUPP) ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP"); else if (test->expected_result == SUCCESS) ASSERT_OK(err, "socket operation succeeds"); test->destroyfn(skel); } cleanup: unload_sock_addr_kern(); cleanup_test_env(tok); if (cgroup_fd >= 0) close(cgroup_fd); }
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.
Created with Cregit http://github.com/cregit/cregit
Version 2.0-RC1