// SPDX-License-Identifier: GPL-2.0
#include <test_progs.h>
#include <linux/pkt_cls.h>
#include "cap_helpers.h"
#include "test_tc_bpf.skel.h"
#define LO_IFINDEX 1
#define TEST_DECLARE_OPTS(__fd) \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_h, .handle = 1); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_p, .priority = 1); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_f, .prog_fd = __fd); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hp, .handle = 1, .priority = 1); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hf, .handle = 1, .prog_fd = __fd); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_pf, .priority = 1, .prog_fd = __fd); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hpf, .handle = 1, .priority = 1, .prog_fd = __fd); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hpi, .handle = 1, .priority = 1, .prog_id = 42); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hpr, .handle = 1, .priority = 1, \
.flags = BPF_TC_F_REPLACE); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_hpfi, .handle = 1, .priority = 1, .prog_fd = __fd, \
.prog_id = 42); \
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts_prio_max, .handle = 1, .priority = UINT16_MAX + 1);
static int test_tc_bpf_basic(const struct bpf_tc_hook *hook, int fd)
{
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts, .handle = 1, .priority = 1, .prog_fd = fd);
struct bpf_prog_info info = {};
__u32 info_len = sizeof(info);
int ret;
ret = bpf_prog_get_info_by_fd(fd, &info, &info_len);
if (!ASSERT_OK(ret, "bpf_prog_get_info_by_fd"))
return ret;
ret = bpf_tc_attach(hook, &opts);
if (!ASSERT_OK(ret, "bpf_tc_attach"))
return ret;
if (!ASSERT_EQ(opts.handle, 1, "handle set") ||
!ASSERT_EQ(opts.priority, 1, "priority set") ||
!ASSERT_EQ(opts.prog_id, info.id, "prog_id set"))
goto end;
opts.prog_id = 0;
opts.flags = BPF_TC_F_REPLACE;
ret = bpf_tc_attach(hook, &opts);
if (!ASSERT_OK(ret, "bpf_tc_attach replace mode"))
goto end;
opts.flags = opts.prog_fd = opts.prog_id = 0;
ret = bpf_tc_query(hook, &opts);
if (!ASSERT_OK(ret, "bpf_tc_query"))
goto end;
if (!ASSERT_EQ(opts.handle, 1, "handle set") ||
!ASSERT_EQ(opts.priority, 1, "priority set") ||
!ASSERT_EQ(opts.prog_id, info.id, "prog_id set"))
goto end;
end:
opts.flags = opts.prog_fd = opts.prog_id = 0;
ret = bpf_tc_detach(hook, &opts);
ASSERT_OK(ret, "bpf_tc_detach");
return ret;
}
static int test_tc_bpf_api(struct bpf_tc_hook *hook, int fd)
{
DECLARE_LIBBPF_OPTS(bpf_tc_opts, attach_opts, .handle = 1, .priority = 1, .prog_fd = fd);
DECLARE_LIBBPF_OPTS(bpf_tc_hook, inv_hook, .attach_point = BPF_TC_INGRESS);
DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts, .handle = 1, .priority = 1);
int ret;
ret = bpf_tc_hook_create(NULL);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_create invalid hook = NULL"))
return -EINVAL;
/* hook ifindex = 0 */
ret = bpf_tc_hook_create(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_create invalid hook ifindex == 0"))
return -EINVAL;
ret = bpf_tc_hook_destroy(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_destroy invalid hook ifindex == 0"))
return -EINVAL;
ret = bpf_tc_attach(&inv_hook, &attach_opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook ifindex == 0"))
return -EINVAL;
attach_opts.prog_id = 0;
ret = bpf_tc_detach(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook ifindex == 0"))
return -EINVAL;
ret = bpf_tc_query(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook ifindex == 0"))
return -EINVAL;
/* hook ifindex < 0 */
inv_hook.ifindex = -1;
ret = bpf_tc_hook_create(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_create invalid hook ifindex < 0"))
return -EINVAL;
ret = bpf_tc_hook_destroy(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_destroy invalid hook ifindex < 0"))
return -EINVAL;
ret = bpf_tc_attach(&inv_hook, &attach_opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook ifindex < 0"))
return -EINVAL;
attach_opts.prog_id = 0;
ret = bpf_tc_detach(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook ifindex < 0"))
return -EINVAL;
ret = bpf_tc_query(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook ifindex < 0"))
return -EINVAL;
inv_hook.ifindex = LO_IFINDEX;
/* hook.attach_point invalid */
inv_hook.attach_point = 0xabcd;
ret = bpf_tc_hook_create(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_create invalid hook.attach_point"))
return -EINVAL;
ret = bpf_tc_hook_destroy(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_destroy invalid hook.attach_point"))
return -EINVAL;
ret = bpf_tc_attach(&inv_hook, &attach_opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook.attach_point"))
return -EINVAL;
ret = bpf_tc_detach(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook.attach_point"))
return -EINVAL;
ret = bpf_tc_query(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook.attach_point"))
return -EINVAL;
inv_hook.attach_point = BPF_TC_INGRESS;
/* hook.attach_point valid, but parent invalid */
inv_hook.parent = TC_H_MAKE(1UL << 16, 10);
ret = bpf_tc_hook_create(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_create invalid hook parent"))
return -EINVAL;
ret = bpf_tc_hook_destroy(&inv_hook);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_hook_destroy invalid hook parent"))
return -EINVAL;
ret = bpf_tc_attach(&inv_hook, &attach_opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook parent"))
return -EINVAL;
ret = bpf_tc_detach(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook parent"))
return -EINVAL;
ret = bpf_tc_query(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook parent"))
return -EINVAL;
inv_hook.attach_point = BPF_TC_CUSTOM;
inv_hook.parent = 0;
/* These return EOPNOTSUPP instead of EINVAL as parent is checked after
* attach_point of the hook.
*/
ret = bpf_tc_hook_create(&inv_hook);
if (!ASSERT_EQ(ret, -EOPNOTSUPP, "bpf_tc_hook_create invalid hook parent"))
return -EINVAL;
ret = bpf_tc_hook_destroy(&inv_hook);
if (!ASSERT_EQ(ret, -EOPNOTSUPP, "bpf_tc_hook_destroy invalid hook parent"))
return -EINVAL;
ret = bpf_tc_attach(&inv_hook, &attach_opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook parent"))
return -EINVAL;
ret = bpf_tc_detach(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook parent"))
return -EINVAL;
ret = bpf_tc_query(&inv_hook, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook parent"))
return -EINVAL;
inv_hook.attach_point = BPF_TC_INGRESS;
/* detach */
{
TEST_DECLARE_OPTS(fd);
ret = bpf_tc_detach(NULL, &opts_hp);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid hook = NULL"))
return -EINVAL;
ret = bpf_tc_detach(hook, NULL);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid opts = NULL"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_hpr);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid flags set"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_hpf);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid prog_fd set"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_hpi);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid prog_id set"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_p);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid handle unset"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_h);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid priority unset"))
return -EINVAL;
ret = bpf_tc_detach(hook, &opts_prio_max);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_detach invalid priority > UINT16_MAX"))
return -EINVAL;
}
/* query */
{
TEST_DECLARE_OPTS(fd);
ret = bpf_tc_query(NULL, &opts);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid hook = NULL"))
return -EINVAL;
ret = bpf_tc_query(hook, NULL);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid opts = NULL"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_hpr);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid flags set"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_hpf);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid prog_fd set"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_hpi);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid prog_id set"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_p);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid handle unset"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_h);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid priority unset"))
return -EINVAL;
ret = bpf_tc_query(hook, &opts_prio_max);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query invalid priority > UINT16_MAX"))
return -EINVAL;
/* when chain is not present, kernel returns -EINVAL */
ret = bpf_tc_query(hook, &opts_hp);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_query valid handle, priority set"))
return -EINVAL;
}
/* attach */
{
TEST_DECLARE_OPTS(fd);
ret = bpf_tc_attach(NULL, &opts_hp);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid hook = NULL"))
return -EINVAL;
ret = bpf_tc_attach(hook, NULL);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid opts = NULL"))
return -EINVAL;
opts_hp.flags = 42;
ret = bpf_tc_attach(hook, &opts_hp);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid flags"))
return -EINVAL;
ret = bpf_tc_attach(hook, NULL);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid prog_fd unset"))
return -EINVAL;
ret = bpf_tc_attach(hook, &opts_hpi);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid prog_id set"))
return -EINVAL;
ret = bpf_tc_attach(hook, &opts_pf);
if (!ASSERT_OK(ret, "bpf_tc_attach valid handle unset"))
return -EINVAL;
opts_pf.prog_fd = opts_pf.prog_id = 0;
ASSERT_OK(bpf_tc_detach(hook, &opts_pf), "bpf_tc_detach");
ret = bpf_tc_attach(hook, &opts_hf);
if (!ASSERT_OK(ret, "bpf_tc_attach valid priority unset"))
return -EINVAL;
opts_hf.prog_fd = opts_hf.prog_id = 0;
ASSERT_OK(bpf_tc_detach(hook, &opts_hf), "bpf_tc_detach");
ret = bpf_tc_attach(hook, &opts_prio_max);
if (!ASSERT_EQ(ret, -EINVAL, "bpf_tc_attach invalid priority > UINT16_MAX"))
return -EINVAL;
ret = bpf_tc_attach(hook, &opts_f);
if (!ASSERT_OK(ret, "bpf_tc_attach valid both handle and priority unset"))
return -EINVAL;
opts_f.prog_fd = opts_f.prog_id = 0;
ASSERT_OK(bpf_tc_detach(hook, &opts_f), "bpf_tc_detach");
}
return 0;
}
void tc_bpf_root(void)
{
DECLARE_LIBBPF_OPTS(bpf_tc_hook, hook, .ifindex = LO_IFINDEX,
.attach_point = BPF_TC_INGRESS);
struct test_tc_bpf *skel = NULL;
bool hook_created = false;
int cls_fd, ret;
skel = test_tc_bpf__open_and_load();
if (!ASSERT_OK_PTR(skel, "test_tc_bpf__open_and_load"))
return;
cls_fd = bpf_program__fd(skel->progs.cls);
ret = bpf_tc_hook_create(&hook);
if (ret == 0)
hook_created = true;
ret = ret == -EEXIST ? 0 : ret;
if (!ASSERT_OK(ret, "bpf_tc_hook_create(BPF_TC_INGRESS)"))
goto end;
hook.attach_point = BPF_TC_CUSTOM;
hook.parent = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS);
ret = bpf_tc_hook_create(&hook);
if (!ASSERT_EQ(ret, -EOPNOTSUPP, "bpf_tc_hook_create invalid hook.attach_point"))
goto end;
ret = test_tc_bpf_basic(&hook, cls_fd);
if (!ASSERT_OK(ret, "test_tc_internal ingress"))
goto end;
ret = bpf_tc_hook_destroy(&hook);
if (!ASSERT_EQ(ret, -EOPNOTSUPP, "bpf_tc_hook_destroy invalid hook.attach_point"))
goto end;
hook.attach_point = BPF_TC_INGRESS;
hook.parent = 0;
bpf_tc_hook_destroy(&hook);
ret = test_tc_bpf_basic(&hook, cls_fd);
if (!ASSERT_OK(ret, "test_tc_internal ingress"))
goto end;
bpf_tc_hook_destroy(&hook);
hook.attach_point = BPF_TC_EGRESS;
ret = test_tc_bpf_basic(&hook, cls_fd);
if (!ASSERT_OK(ret, "test_tc_internal egress"))
goto end;
bpf_tc_hook_destroy(&hook);
ret = test_tc_bpf_api(&hook, cls_fd);
if (!ASSERT_OK(ret, "test_tc_bpf_api"))
goto end;
bpf_tc_hook_destroy(&hook);
end:
if (hook_created) {
hook.attach_point = BPF_TC_INGRESS | BPF_TC_EGRESS;
bpf_tc_hook_destroy(&hook);
}
test_tc_bpf__destroy(skel);
}
void tc_bpf_non_root(void)
{
struct test_tc_bpf *skel = NULL;
__u64 caps = 0;
int ret;
/* In case CAP_BPF and CAP_PERFMON is not set */
ret = cap_enable_effective(1ULL << CAP_BPF | 1ULL << CAP_NET_ADMIN, &caps);
if (!ASSERT_OK(ret, "set_cap_bpf_cap_net_admin"))
return;
ret = cap_disable_effective(1ULL << CAP_SYS_ADMIN | 1ULL << CAP_PERFMON, NULL);
if (!ASSERT_OK(ret, "disable_cap_sys_admin"))
goto restore_cap;
skel = test_tc_bpf__open_and_load();
if (!ASSERT_OK_PTR(skel, "test_tc_bpf__open_and_load"))
goto restore_cap;
test_tc_bpf__destroy(skel);
restore_cap:
if (caps)
cap_enable_effective(caps, NULL);
}
void test_tc_bpf(void)
{
if (test__start_subtest("tc_bpf_root"))
tc_bpf_root();
if (test__start_subtest("tc_bpf_non_root"))
tc_bpf_non_root();
}