bpf/prog_tests/cgroup_v1v2.c

0001 // SPDX-License-Identifier: GPL-2.0
0002
0003 #include <test_progs.h>
0004
0005 #include "connect4_dropper.skel.h"
0006
0007 #include "cgroup_helpers.h"
0008 #include "network_helpers.h"
0009
0010 static int run_test(int cgroup_fd, int server_fd, bool classid)
0011 {
0012     struct network_helper_opts opts = {
0013         .must_fail = true,
0014     };
0015     struct connect4_dropper *skel;
0016     int fd, err = 0;
0017
0018     skel = connect4_dropper__open_and_load();
0019     if (!ASSERT_OK_PTR(skel, "skel_open"))
0020         return -1;
0021
0022     skel->links.connect_v4_dropper =
0023         bpf_program__attach_cgroup(skel->progs.connect_v4_dropper,
0024                        cgroup_fd);
0025     if (!ASSERT_OK_PTR(skel->links.connect_v4_dropper, "prog_attach")) {
0026         err = -1;
0027         goto out;
0028     }
0029
0030     if (classid && !ASSERT_OK(join_classid(), "join_classid")) {
0031         err = -1;
0032         goto out;
0033     }
0034
0035     fd = connect_to_fd_opts(server_fd, &opts);
0036     if (fd < 0)
0037         err = -1;
0038     else
0039         close(fd);
0040 out:
0041     connect4_dropper__destroy(skel);
0042     return err;
0043 }
0044
0045 void test_cgroup_v1v2(void)
0046 {
0047     struct network_helper_opts opts = {};
0048     int server_fd, client_fd, cgroup_fd;
0049     static const int port = 60120;
0050
0051     /* Step 1: Check base connectivity works without any BPF. */
0052     server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
0053     if (!ASSERT_GE(server_fd, 0, "server_fd"))
0054         return;
0055     client_fd = connect_to_fd_opts(server_fd, &opts);
0056     if (!ASSERT_GE(client_fd, 0, "client_fd")) {
0057         close(server_fd);
0058         return;
0059     }
0060     close(client_fd);
0061     close(server_fd);
0062
0063     /* Step 2: Check BPF policy prog attached to cgroups drops connectivity. */
0064     cgroup_fd = test__join_cgroup("/connect_dropper");
0065     if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd"))
0066         return;
0067     server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
0068     if (!ASSERT_GE(server_fd, 0, "server_fd")) {
0069         close(cgroup_fd);
0070         return;
0071     }
0072     ASSERT_OK(run_test(cgroup_fd, server_fd, false), "cgroup-v2-only");
0073     setup_classid_environment();
0074     set_classid(42);
0075     ASSERT_OK(run_test(cgroup_fd, server_fd, true), "cgroup-v1v2");
0076     cleanup_classid_environment();
0077     close(server_fd);
0078     close(cgroup_fd);
0079 }