void test_netns_cookie(void)
{
- int server_fd = 0, client_fd = 0, cgroup_fd = 0, err = 0, val = 0;
+ int server_fd = -1, client_fd = -1, cgroup_fd = -1;
+ int err, val, ret, map, verdict;
struct netns_cookie_prog *skel;
uint64_t cookie_expected_value;
socklen_t vallen = sizeof(cookie_expected_value);
+ static const char send_msg[] = "message";
skel = netns_cookie_prog__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel_open"))
cgroup_fd = test__join_cgroup("/netns_cookie");
if (CHECK(cgroup_fd < 0, "join_cgroup", "cgroup creation failed\n"))
- goto out;
+ goto done;
skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup(
skel->progs.get_netns_cookie_sockops, cgroup_fd);
if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach"))
- goto close_cgroup_fd;
+ goto done;
+
+ verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg);
+ map = bpf_map__fd(skel->maps.sock_map);
+ err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
+ if (!ASSERT_OK(err, "prog_attach"))
+ goto done;
server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0);
if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno))
- goto close_cgroup_fd;
+ goto done;
client_fd = connect_to_fd(server_fd, 0);
if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno))
- goto close_server_fd;
+ goto done;
+
+ ret = send(client_fd, send_msg, sizeof(send_msg), 0);
+ if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret))
+ goto done;
- err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.netns_cookies),
- &client_fd, &val);
- if (!ASSERT_OK(err, "map_lookup(socket_cookies)"))
- goto close_client_fd;
+ err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies),
+ &client_fd, &val);
+ if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)"))
+ goto done;
err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE,
- &cookie_expected_value, &vallen);
- if (!ASSERT_OK(err, "getsockopt)"))
- goto close_client_fd;
+ &cookie_expected_value, &vallen);
+ if (!ASSERT_OK(err, "getsockopt"))
+ goto done;
+
+ ASSERT_EQ(val, cookie_expected_value, "cookie_value");
+
+ err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies),
+ &client_fd, &val);
+ if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)"))
+ goto done;
ASSERT_EQ(val, cookie_expected_value, "cookie_value");
-close_client_fd:
- close(client_fd);
-close_server_fd:
- close(server_fd);
-close_cgroup_fd:
- close(cgroup_fd);
-out:
+done:
+ if (server_fd != -1)
+ close(server_fd);
+ if (client_fd != -1)
+ close(client_fd);
+ if (cgroup_fd != -1)
+ close(cgroup_fd);
netns_cookie_prog__destroy(skel);
}
__uint(map_flags, BPF_F_NO_PREALLOC);
__type(key, int);
__type(value, int);
-} netns_cookies SEC(".maps");
+} sockops_netns_cookies SEC(".maps");
+
+struct {
+ __uint(type, BPF_MAP_TYPE_SK_STORAGE);
+ __uint(map_flags, BPF_F_NO_PREALLOC);
+ __type(key, int);
+ __type(value, int);
+} sk_msg_netns_cookies SEC(".maps");
+
+struct {
+ __uint(type, BPF_MAP_TYPE_SOCKMAP);
+ __uint(max_entries, 2);
+ __type(key, __u32);
+ __type(value, __u64);
+} sock_map SEC(".maps");
SEC("sockops")
int get_netns_cookie_sockops(struct bpf_sock_ops *ctx)
{
struct bpf_sock *sk = ctx->sk;
int *cookie;
+ __u32 key = 0;
if (ctx->family != AF_INET6)
return 1;
- if (ctx->op != BPF_SOCK_OPS_TCP_CONNECT_CB)
+ if (!sk)
+ return 1;
+
+ switch (ctx->op) {
+ case BPF_SOCK_OPS_TCP_CONNECT_CB:
+ cookie = bpf_sk_storage_get(&sockops_netns_cookies, sk, 0,
+ BPF_SK_STORAGE_GET_F_CREATE);
+ if (!cookie)
+ return 1;
+
+ *cookie = bpf_get_netns_cookie(ctx);
+ break;
+ case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
+ bpf_sock_map_update(ctx, &sock_map, &key, BPF_NOEXIST);
+ break;
+ default:
+ break;
+ }
+
+ return 1;
+}
+
+SEC("sk_msg")
+int get_netns_cookie_sk_msg(struct sk_msg_md *msg)
+{
+ struct bpf_sock *sk = msg->sk;
+ int *cookie;
+
+ if (msg->family != AF_INET6)
return 1;
if (!sk)
return 1;
- cookie = bpf_sk_storage_get(&netns_cookies, sk, 0,
- BPF_SK_STORAGE_GET_F_CREATE);
+ cookie = bpf_sk_storage_get(&sk_msg_netns_cookies, sk, 0,
+ BPF_SK_STORAGE_GET_F_CREATE);
if (!cookie)
return 1;
- *cookie = bpf_get_netns_cookie(ctx);
+ *cookie = bpf_get_netns_cookie(msg);
return 1;
}
+
+char _license[] SEC("license") = "GPL";
projects / linux-2.6-microblaze.git / commitdiff