diff options
| author | Andrey Ignatov <rdna@fb.com> | 2018-03-30 18:08:03 -0400 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2018-03-30 20:15:30 -0400 |
| commit | e50b0a6f089308bec6b2d0198abed231dee4d277 (patch) | |
| tree | 66724709a340804aa54832903b69650130ff2983 /tools/lib | |
| parent | 4fbac77d2d092b475dda9eea66da674369665427 (diff) | |
selftests/bpf: Selftest for sys_bind hooks
Add selftest to work with bpf_sock_addr context from
`BPF_PROG_TYPE_CGROUP_SOCK_ADDR` programs.
Try to bind(2) on IP:port and apply:
* loads to make sure context can be read correctly, including narrow
loads (byte, half) for IP and full-size loads (word) for all fields;
* stores to those fields allowed by verifier.
All combination from IPv4/IPv6 and TCP/UDP are tested.
Both scenarios are tested:
* valid programs can be loaded and attached;
* invalid programs can be neither loaded nor attached.
Test passes when expected data can be read from context in the
BPF-program, and after the call to bind(2) socket is bound to IP:port
pair that was written by BPF-program to the context.
Example:
# ./test_sock_addr
Attached bind4 program.
Test case #1 (IPv4/TCP):
Requested: bind(192.168.1.254, 4040) ..
Actual: bind(127.0.0.1, 4444)
Test case #2 (IPv4/UDP):
Requested: bind(192.168.1.254, 4040) ..
Actual: bind(127.0.0.1, 4444)
Attached bind6 program.
Test case #3 (IPv6/TCP):
Requested: bind(face:b00c:1234:5678::abcd, 6060) ..
Actual: bind(::1, 6666)
Test case #4 (IPv6/UDP):
Requested: bind(face:b00c:1234:5678::abcd, 6060) ..
Actual: bind(::1, 6666)
### SUCCESS
Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'tools/lib')
| -rw-r--r-- | tools/lib/bpf/libbpf.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 48e3e743ebf7..d7ce8818982c 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c | |||
| @@ -1859,6 +1859,9 @@ static void bpf_program__set_expected_attach_type(struct bpf_program *prog, | |||
| 1859 | 1859 | ||
| 1860 | #define BPF_PROG_SEC(string, ptype) BPF_PROG_SEC_FULL(string, ptype, 0) | 1860 | #define BPF_PROG_SEC(string, ptype) BPF_PROG_SEC_FULL(string, ptype, 0) |
| 1861 | 1861 | ||
| 1862 | #define BPF_SA_PROG_SEC(string, ptype) \ | ||
| 1863 | BPF_PROG_SEC_FULL(string, BPF_PROG_TYPE_CGROUP_SOCK_ADDR, ptype) | ||
| 1864 | |||
| 1862 | static const struct { | 1865 | static const struct { |
| 1863 | const char *sec; | 1866 | const char *sec; |
| 1864 | size_t len; | 1867 | size_t len; |
| @@ -1882,10 +1885,13 @@ static const struct { | |||
| 1882 | BPF_PROG_SEC("sockops", BPF_PROG_TYPE_SOCK_OPS), | 1885 | BPF_PROG_SEC("sockops", BPF_PROG_TYPE_SOCK_OPS), |
| 1883 | BPF_PROG_SEC("sk_skb", BPF_PROG_TYPE_SK_SKB), | 1886 | BPF_PROG_SEC("sk_skb", BPF_PROG_TYPE_SK_SKB), |
| 1884 | BPF_PROG_SEC("sk_msg", BPF_PROG_TYPE_SK_MSG), | 1887 | BPF_PROG_SEC("sk_msg", BPF_PROG_TYPE_SK_MSG), |
| 1888 | BPF_SA_PROG_SEC("cgroup/bind4", BPF_CGROUP_INET4_BIND), | ||
| 1889 | BPF_SA_PROG_SEC("cgroup/bind6", BPF_CGROUP_INET6_BIND), | ||
| 1885 | }; | 1890 | }; |
| 1886 | 1891 | ||
| 1887 | #undef BPF_PROG_SEC | 1892 | #undef BPF_PROG_SEC |
| 1888 | #undef BPF_PROG_SEC_FULL | 1893 | #undef BPF_PROG_SEC_FULL |
| 1894 | #undef BPF_SA_PROG_SEC | ||
| 1889 | 1895 | ||
| 1890 | static int bpf_program__identify_section(struct bpf_program *prog) | 1896 | static int bpf_program__identify_section(struct bpf_program *prog) |
| 1891 | { | 1897 | { |