selftests/bpf: Add tests for {set|get} socket option from setsockopt BPF

Adding selftests for the newly added functionality to call bpf_setsockopt()
and bpf_getsockopt() from setsockopt BPF programs.

Test Details:

1. BPF Program

   Checks for changes in IPV6_TCLASS(SOL_IPV6) via setsockopt
   If the cca for the socket is not cubic do nothing
   If the newly set value for IPV6_TCLASS is 45 (0x2d) (as per our use-case)
   then change the cc from cubic to reno

2. User Space Program

   Creates an AF_INET6 socket and set the cca for that to be "cubic"
   Attach the program and set the IPV6_TCLASS to 0x2d using setsockopt
   Verify the cca for the socket changed to reno

Signed-off-by: Prankur Gupta <prankgup@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20210817224221.3257826-3-prankgup@fb.com
This commit is contained in:
Prankur Gupta 2021-08-17 15:42:21 -07:00 коммит произвёл Daniel Borkmann
Родитель 2c531639de
Коммит f2a6ee924d
3 изменённых файлов: 127 добавлений и 0 удалений

Просмотреть файл

@ -12,6 +12,10 @@
SEC("struct_ops/"#name) \
BPF_PROG(name, args)
#ifndef SOL_TCP
#define SOL_TCP 6
#endif
#define tcp_jiffies32 ((__u32)bpf_jiffies64())
struct sock_common {
@ -203,6 +207,20 @@ static __always_inline bool tcp_is_cwnd_limited(const struct sock *sk)
return !!BPF_CORE_READ_BITFIELD(tp, is_cwnd_limited);
}
static __always_inline bool tcp_cc_eq(const char *a, const char *b)
{
int i;
for (i = 0; i < TCP_CA_NAME_MAX; i++) {
if (a[i] != b[i])
return false;
if (!a[i])
break;
}
return true;
}
extern __u32 tcp_slow_start(struct tcp_sock *tp, __u32 acked) __ksym;
extern void tcp_cong_avoid_ai(struct tcp_sock *tp, __u32 w, __u32 acked) __ksym;

Просмотреть файл

@ -0,0 +1,70 @@
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <test_progs.h>
#include <netinet/tcp.h>
#include "sockopt_qos_to_cc.skel.h"
static void run_setsockopt_test(int cg_fd, int sock_fd)
{
socklen_t optlen;
char cc[16]; /* TCP_CA_NAME_MAX */
int buf;
int err = -1;
buf = 0x2D;
err = setsockopt(sock_fd, SOL_IPV6, IPV6_TCLASS, &buf, sizeof(buf));
if (!ASSERT_OK(err, "setsockopt(sock_fd, IPV6_TCLASS)"))
return;
/* Verify the setsockopt cc change */
optlen = sizeof(cc);
err = getsockopt(sock_fd, SOL_TCP, TCP_CONGESTION, cc, &optlen);
if (!ASSERT_OK(err, "getsockopt(sock_fd, TCP_CONGESTION)"))
return;
if (!ASSERT_STREQ(cc, "reno", "getsockopt(sock_fd, TCP_CONGESTION)"))
return;
}
void test_sockopt_qos_to_cc(void)
{
struct sockopt_qos_to_cc *skel;
char cc_cubic[16] = "cubic"; /* TCP_CA_NAME_MAX */
int cg_fd = -1;
int sock_fd = -1;
int err;
cg_fd = test__join_cgroup("/sockopt_qos_to_cc");
if (!ASSERT_GE(cg_fd, 0, "cg-join(sockopt_qos_to_cc)"))
return;
skel = sockopt_qos_to_cc__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel"))
goto done;
sock_fd = socket(AF_INET6, SOCK_STREAM, 0);
if (!ASSERT_GE(sock_fd, 0, "v6 socket open"))
goto done;
err = setsockopt(sock_fd, SOL_TCP, TCP_CONGESTION, &cc_cubic,
sizeof(cc_cubic));
if (!ASSERT_OK(err, "setsockopt(sock_fd, TCP_CONGESTION)"))
goto done;
skel->links.sockopt_qos_to_cc =
bpf_program__attach_cgroup(skel->progs.sockopt_qos_to_cc,
cg_fd);
if (!ASSERT_OK_PTR(skel->links.sockopt_qos_to_cc,
"prog_attach(sockopt_qos_to_cc)"))
goto done;
run_setsockopt_test(cg_fd, sock_fd);
done:
if (sock_fd != -1)
close(sock_fd);
if (cg_fd != -1)
close(cg_fd);
/* destroy can take null and error pointer */
sockopt_qos_to_cc__destroy(skel);
}

Просмотреть файл

@ -0,0 +1,39 @@
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <string.h>
#include <linux/tcp.h>
#include <netinet/in.h>
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_tcp_helpers.h"
char _license[] SEC("license") = "GPL";
SEC("cgroup/setsockopt")
int sockopt_qos_to_cc(struct bpf_sockopt *ctx)
{
void *optval_end = ctx->optval_end;
int *optval = ctx->optval;
char buf[TCP_CA_NAME_MAX];
char cc_reno[TCP_CA_NAME_MAX] = "reno";
char cc_cubic[TCP_CA_NAME_MAX] = "cubic";
if (ctx->level != SOL_IPV6 || ctx->optname != IPV6_TCLASS)
return 1;
if (optval + 1 > optval_end)
return 0; /* EPERM, bounds check */
if (bpf_getsockopt(ctx->sk, SOL_TCP, TCP_CONGESTION, &buf, sizeof(buf)))
return 0;
if (!tcp_cc_eq(buf, cc_cubic))
return 0;
if (*optval == 0x2d) {
if (bpf_setsockopt(ctx->sk, SOL_TCP, TCP_CONGESTION, &cc_reno,
sizeof(cc_reno)))
return 0;
}
return 1;
}