1 // SPDX-License-Identifier: GPL-2.0 2 #include <sys/un.h> 3 4 #include "test_progs.h" 5 6 #include "sock_addr_kern.skel.h" 7 #include "bind4_prog.skel.h" 8 #include "bind6_prog.skel.h" 9 #include "connect_unix_prog.skel.h" 10 #include "connect4_prog.skel.h" 11 #include "connect6_prog.skel.h" 12 #include "sendmsg4_prog.skel.h" 13 #include "sendmsg6_prog.skel.h" 14 #include "recvmsg4_prog.skel.h" 15 #include "recvmsg6_prog.skel.h" 16 #include "sendmsg_unix_prog.skel.h" 17 #include "recvmsg_unix_prog.skel.h" 18 #include "getsockname4_prog.skel.h" 19 #include "getsockname6_prog.skel.h" 20 #include "getsockname_unix_prog.skel.h" 21 #include "getpeername4_prog.skel.h" 22 #include "getpeername6_prog.skel.h" 23 #include "getpeername_unix_prog.skel.h" 24 #include "network_helpers.h" 25 26 #define TEST_NS "sock_addr" 27 #define TEST_IF_PREFIX "test_sock_addr" 28 #define TEST_IPV4 "127.0.0.4" 29 #define TEST_IPV6 "::6" 30 31 #define SERV4_IP "192.168.1.254" 32 #define SERV4_REWRITE_IP "127.0.0.1" 33 #define SRC4_IP "172.16.0.1" 34 #define SRC4_REWRITE_IP TEST_IPV4 35 #define SERV4_PORT 4040 36 #define SERV4_REWRITE_PORT 4444 37 38 #define SERV6_IP "face:b00c:1234:5678::abcd" 39 #define SERV6_REWRITE_IP "::1" 40 #define SERV6_V4MAPPED_IP "::ffff:192.168.0.4" 41 #define SRC6_IP "::1" 42 #define SRC6_REWRITE_IP TEST_IPV6 43 #define WILDCARD6_IP "::" 44 #define SERV6_PORT 6060 45 #define SERV6_REWRITE_PORT 6666 46 47 #define SERVUN_ADDRESS "bpf_cgroup_unix_test" 48 #define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite" 49 #define SRCUN_ADDRESS "bpf_cgroup_unix_test_src" 50 51 #define save_errno_do(op) ({ int __save = errno; op; errno = __save; }) 52 53 enum sock_addr_test_type { 54 SOCK_ADDR_TEST_BIND, 55 SOCK_ADDR_TEST_CONNECT, 56 SOCK_ADDR_TEST_SENDMSG, 57 SOCK_ADDR_TEST_RECVMSG, 58 SOCK_ADDR_TEST_GETSOCKNAME, 59 SOCK_ADDR_TEST_GETPEERNAME, 60 }; 61 62 typedef void *(*load_fn)(int cgroup_fd, 63 enum bpf_attach_type attach_type, 64 bool expect_reject); 65 typedef void (*destroy_fn)(void *skel); 66 67 static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len, 68 const struct sockaddr_storage *addr2, socklen_t addr2_len, 69 bool cmp_port); 70 71 struct init_sock_args { 72 int af; 73 int type; 74 }; 75 76 struct addr_args { 77 char addr[sizeof(struct sockaddr_storage)]; 78 int addrlen; 79 }; 80 81 struct sendmsg_args { 82 struct addr_args addr; 83 char msg[10]; 84 int msglen; 85 }; 86 87 static struct sock_addr_kern *skel; 88 89 static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size) 90 { 91 LIBBPF_OPTS(bpf_test_run_opts, topts); 92 struct bpf_program *prog; 93 int prog_fd, err; 94 95 topts.ctx_in = ctx; 96 topts.ctx_size_in = ctx_size; 97 98 prog = bpf_object__find_program_by_name(skel->obj, prog_name); 99 if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name")) 100 goto err; 101 102 prog_fd = bpf_program__fd(prog); 103 err = bpf_prog_test_run_opts(prog_fd, &topts); 104 if (!ASSERT_OK(err, prog_name)) 105 goto err; 106 107 err = topts.retval; 108 errno = -topts.retval; 109 goto out; 110 err: 111 err = -1; 112 out: 113 return err; 114 } 115 116 static int kernel_init_sock(int af, int type, int protocol) 117 { 118 struct init_sock_args args = { 119 .af = af, 120 .type = type, 121 }; 122 123 return run_bpf_prog("init_sock", &args, sizeof(args)); 124 } 125 126 static int kernel_close_sock(int fd) 127 { 128 return run_bpf_prog("close_sock", NULL, 0); 129 } 130 131 static int sock_addr_op(const char *name, struct sockaddr *addr, 132 socklen_t *addrlen, bool expect_change) 133 { 134 struct addr_args args; 135 int err; 136 137 if (addrlen) 138 args.addrlen = *addrlen; 139 140 if (addr) 141 memcpy(&args.addr, addr, *addrlen); 142 143 err = run_bpf_prog(name, &args, sizeof(args)); 144 145 if (!expect_change && addr) 146 if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr, 147 *addrlen, 148 (struct sockaddr_storage *)&args.addr, 149 args.addrlen, 1), 150 0, "address_param_modified")) 151 return -1; 152 153 if (addrlen) 154 *addrlen = args.addrlen; 155 156 if (addr) 157 memcpy(addr, &args.addr, *addrlen); 158 159 return err; 160 } 161 162 static int send_msg_op(const char *name, struct sockaddr *addr, 163 socklen_t addrlen, const char *msg, int msglen) 164 { 165 struct sendmsg_args args; 166 int err; 167 168 memset(&args, 0, sizeof(args)); 169 memcpy(&args.addr.addr, addr, addrlen); 170 args.addr.addrlen = addrlen; 171 memcpy(args.msg, msg, msglen); 172 args.msglen = msglen; 173 174 err = run_bpf_prog(name, &args, sizeof(args)); 175 176 if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr, 177 addrlen, 178 (struct sockaddr_storage *)&args.addr.addr, 179 args.addr.addrlen, 1), 180 0, "address_param_modified")) 181 return -1; 182 183 return err; 184 } 185 186 static int kernel_connect(struct sockaddr *addr, socklen_t addrlen) 187 { 188 return sock_addr_op("kernel_connect", addr, &addrlen, false); 189 } 190 191 static int kernel_bind(int fd, struct sockaddr *addr, socklen_t addrlen) 192 { 193 return sock_addr_op("kernel_bind", addr, &addrlen, false); 194 } 195 196 static int kernel_listen(void) 197 { 198 return sock_addr_op("kernel_listen", NULL, NULL, false); 199 } 200 201 static int kernel_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, 202 char *msg, int msglen) 203 { 204 return send_msg_op("kernel_sendmsg", addr, addrlen, msg, msglen); 205 } 206 207 static int sock_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, 208 char *msg, int msglen) 209 { 210 return send_msg_op("sock_sendmsg", addr, addrlen, msg, msglen); 211 } 212 213 static int kernel_getsockname(int fd, struct sockaddr *addr, socklen_t *addrlen) 214 { 215 return sock_addr_op("kernel_getsockname", addr, addrlen, true); 216 } 217 218 static int kernel_getpeername(int fd, struct sockaddr *addr, socklen_t *addrlen) 219 { 220 return sock_addr_op("kernel_getpeername", addr, addrlen, true); 221 } 222 223 int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, socklen_t addrlen, 224 const struct network_helper_opts *opts) 225 { 226 int err; 227 228 if (!ASSERT_OK(kernel_init_sock(addr->ss_family, type, 0), 229 "kernel_init_sock")) 230 goto err; 231 232 if (kernel_connect((struct sockaddr *)addr, addrlen) < 0) 233 goto err; 234 235 /* Test code expects a "file descriptor" on success. */ 236 err = 1; 237 goto out; 238 err: 239 err = -1; 240 save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); 241 out: 242 return err; 243 } 244 245 int kernel_start_server(int family, int type, const char *addr_str, __u16 port, 246 int timeout_ms) 247 { 248 struct sockaddr_storage addr; 249 socklen_t addrlen; 250 int err; 251 252 if (!ASSERT_OK(kernel_init_sock(family, type, 0), "kernel_init_sock")) 253 goto err; 254 255 if (make_sockaddr(family, addr_str, port, &addr, &addrlen)) 256 goto err; 257 258 if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0) 259 goto err; 260 261 if (type == SOCK_STREAM) { 262 if (!ASSERT_OK(kernel_listen(), "kernel_listen")) 263 goto err; 264 } 265 266 /* Test code expects a "file descriptor" on success. */ 267 err = 1; 268 goto out; 269 err: 270 err = -1; 271 save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock")); 272 out: 273 return err; 274 } 275 276 struct sock_ops { 277 int (*connect_to_addr)(int type, const struct sockaddr_storage *addr, 278 socklen_t addrlen, 279 const struct network_helper_opts *opts); 280 int (*start_server)(int family, int type, const char *addr_str, 281 __u16 port, int timeout_ms); 282 int (*socket)(int famil, int type, int protocol); 283 int (*bind)(int fd, struct sockaddr *addr, socklen_t addrlen); 284 int (*getsockname)(int fd, struct sockaddr *addr, socklen_t *addrlen); 285 int (*getpeername)(int fd, struct sockaddr *addr, socklen_t *addrlen); 286 int (*sendmsg)(int fd, struct sockaddr *addr, socklen_t addrlen, 287 char *msg, int msglen); 288 int (*close)(int fd); 289 }; 290 291 static int user_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen, 292 char *msg, int msglen) 293 { 294 struct msghdr hdr; 295 struct iovec iov; 296 297 memset(&iov, 0, sizeof(iov)); 298 iov.iov_base = msg; 299 iov.iov_len = msglen; 300 301 memset(&hdr, 0, sizeof(hdr)); 302 hdr.msg_name = (void *)addr; 303 hdr.msg_namelen = addrlen; 304 hdr.msg_iov = &iov; 305 hdr.msg_iovlen = 1; 306 307 return sendmsg(fd, &hdr, 0); 308 } 309 310 static int user_bind(int fd, struct sockaddr *addr, socklen_t addrlen) 311 { 312 return bind(fd, (const struct sockaddr *)addr, addrlen); 313 } 314 315 struct sock_ops user_ops = { 316 .connect_to_addr = connect_to_addr, 317 .start_server = start_server, 318 .socket = socket, 319 .bind = user_bind, 320 .getsockname = getsockname, 321 .getpeername = getpeername, 322 .sendmsg = user_sendmsg, 323 .close = close, 324 }; 325 326 struct sock_ops kern_ops_sock_sendmsg = { 327 .connect_to_addr = kernel_connect_to_addr, 328 .start_server = kernel_start_server, 329 .socket = kernel_init_sock, 330 .bind = kernel_bind, 331 .getsockname = kernel_getsockname, 332 .getpeername = kernel_getpeername, 333 .sendmsg = sock_sendmsg, 334 .close = kernel_close_sock, 335 }; 336 337 struct sock_ops kern_ops_kernel_sendmsg = { 338 .connect_to_addr = kernel_connect_to_addr, 339 .start_server = kernel_start_server, 340 .socket = kernel_init_sock, 341 .bind = kernel_bind, 342 .getsockname = kernel_getsockname, 343 .getpeername = kernel_getpeername, 344 .sendmsg = kernel_sendmsg, 345 .close = kernel_close_sock, 346 }; 347 348 struct sock_addr_test { 349 enum sock_addr_test_type type; 350 const char *name; 351 /* BPF prog properties */ 352 load_fn loadfn; 353 destroy_fn destroyfn; 354 enum bpf_attach_type attach_type; 355 /* Socket operations */ 356 struct sock_ops *ops; 357 /* Socket properties */ 358 int socket_family; 359 int socket_type; 360 /* IP:port pairs for BPF prog to override */ 361 const char *requested_addr; 362 unsigned short requested_port; 363 const char *expected_addr; 364 unsigned short expected_port; 365 const char *expected_src_addr; 366 /* Expected test result */ 367 enum { 368 LOAD_REJECT, 369 ATTACH_REJECT, 370 SYSCALL_EPERM, 371 SYSCALL_ENOTSUPP, 372 SUCCESS, 373 } expected_result; 374 }; 375 376 #define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \ 377 static void *prog_name##_load_raw(int cgroup_fd, \ 378 enum bpf_attach_type attach_type, \ 379 bool expect_reject) \ 380 { \ 381 struct skel_name *skel = skel_name##__open(); \ 382 int prog_fd = -1; \ 383 if (!ASSERT_OK_PTR(skel, "skel_open")) \ 384 goto cleanup; \ 385 if (!ASSERT_OK(skel_name##__load(skel), "load")) \ 386 goto cleanup; \ 387 prog_fd = bpf_program__fd(skel->progs.prog_name); \ 388 if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \ 389 goto cleanup; \ 390 if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \ 391 BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \ 392 ASSERT_TRUE(expect_reject, "unexpected rejection"); \ 393 goto cleanup; \ 394 } \ 395 if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ 396 goto cleanup; \ 397 cleanup: \ 398 if (prog_fd > 0) \ 399 bpf_prog_detach(cgroup_fd, attach_type); \ 400 skel_name##__destroy(skel); \ 401 return NULL; \ 402 } \ 403 static void prog_name##_destroy_raw(void *progfd) \ 404 { \ 405 /* No-op. *_load_raw does all cleanup. */ \ 406 } \ 407 408 #define BPF_SKEL_FUNCS(skel_name, prog_name) \ 409 static void *prog_name##_load(int cgroup_fd, \ 410 enum bpf_attach_type attach_type, \ 411 bool expect_reject) \ 412 { \ 413 struct skel_name *skel = skel_name##__open(); \ 414 if (!ASSERT_OK_PTR(skel, "skel_open")) \ 415 goto cleanup; \ 416 if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \ 417 attach_type), \ 418 "set_expected_attach_type")) \ 419 goto cleanup; \ 420 if (skel_name##__load(skel)) { \ 421 ASSERT_TRUE(expect_reject, "unexpected rejection"); \ 422 goto cleanup; \ 423 } \ 424 if (!ASSERT_FALSE(expect_reject, "expected rejection")) \ 425 goto cleanup; \ 426 skel->links.prog_name = bpf_program__attach_cgroup( \ 427 skel->progs.prog_name, cgroup_fd); \ 428 if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \ 429 goto cleanup; \ 430 return skel; \ 431 cleanup: \ 432 skel_name##__destroy(skel); \ 433 return NULL; \ 434 } \ 435 static void prog_name##_destroy(void *skel) \ 436 { \ 437 skel_name##__destroy(skel); \ 438 } 439 440 BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog); 441 BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog); 442 BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog); 443 BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog); 444 BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog); 445 BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog); 446 BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog); 447 BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog); 448 BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog); 449 BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog); 450 BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog); 451 BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog); 452 BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog); 453 BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog); 454 BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog); 455 BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog); 456 BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog); 457 BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog); 458 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog); 459 BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog); 460 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog); 461 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog); 462 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog); 463 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog); 464 BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog); 465 BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog); 466 BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog); 467 BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog); 468 BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog); 469 BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog); 470 BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog); 471 BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog); 472 BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog); 473 BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog); 474 BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog); 475 BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog); 476 BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog); 477 BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog); 478 BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog); 479 BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog); 480 BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog); 481 BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog); 482 BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog); 483 BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog); 484 BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog); 485 486 static struct sock_addr_test tests[] = { 487 /* bind - system calls */ 488 { 489 SOCK_ADDR_TEST_BIND, 490 "bind4: bind (stream)", 491 bind_v4_prog_load, 492 bind_v4_prog_destroy, 493 BPF_CGROUP_INET4_BIND, 494 &user_ops, 495 AF_INET, 496 SOCK_STREAM, 497 SERV4_IP, 498 SERV4_PORT, 499 SERV4_REWRITE_IP, 500 SERV4_REWRITE_PORT, 501 NULL, 502 SUCCESS, 503 }, 504 { 505 SOCK_ADDR_TEST_BIND, 506 "bind4: bind deny (stream)", 507 bind_v4_deny_prog_load, 508 bind_v4_deny_prog_destroy, 509 BPF_CGROUP_INET4_BIND, 510 &user_ops, 511 AF_INET, 512 SOCK_STREAM, 513 SERV4_IP, 514 SERV4_PORT, 515 SERV4_REWRITE_IP, 516 SERV4_REWRITE_PORT, 517 NULL, 518 SYSCALL_EPERM, 519 }, 520 { 521 SOCK_ADDR_TEST_BIND, 522 "bind4: bind (dgram)", 523 bind_v4_prog_load, 524 bind_v4_prog_destroy, 525 BPF_CGROUP_INET4_BIND, 526 &user_ops, 527 AF_INET, 528 SOCK_DGRAM, 529 SERV4_IP, 530 SERV4_PORT, 531 SERV4_REWRITE_IP, 532 SERV4_REWRITE_PORT, 533 NULL, 534 SUCCESS, 535 }, 536 { 537 SOCK_ADDR_TEST_BIND, 538 "bind4: bind deny (dgram)", 539 bind_v4_deny_prog_load, 540 bind_v4_deny_prog_destroy, 541 BPF_CGROUP_INET4_BIND, 542 &user_ops, 543 AF_INET, 544 SOCK_DGRAM, 545 SERV4_IP, 546 SERV4_PORT, 547 SERV4_REWRITE_IP, 548 SERV4_REWRITE_PORT, 549 NULL, 550 SYSCALL_EPERM, 551 }, 552 { 553 SOCK_ADDR_TEST_BIND, 554 "bind4: load prog with wrong expected attach type", 555 bind_v4_prog_load, 556 bind_v4_prog_destroy, 557 BPF_CGROUP_INET6_BIND, 558 &user_ops, 559 AF_INET, 560 SOCK_STREAM, 561 NULL, 562 0, 563 NULL, 564 0, 565 NULL, 566 LOAD_REJECT, 567 }, 568 { 569 SOCK_ADDR_TEST_BIND, 570 "bind4: attach prog with wrong attach type", 571 bind_v4_prog_load_raw, 572 bind_v4_prog_destroy_raw, 573 BPF_CGROUP_INET6_BIND, 574 &user_ops, 575 AF_INET, 576 SOCK_STREAM, 577 NULL, 578 0, 579 NULL, 580 0, 581 NULL, 582 ATTACH_REJECT, 583 }, 584 { 585 SOCK_ADDR_TEST_BIND, 586 "bind6: bind (stream)", 587 bind_v6_prog_load, 588 bind_v6_prog_destroy, 589 BPF_CGROUP_INET6_BIND, 590 &user_ops, 591 AF_INET6, 592 SOCK_STREAM, 593 SERV6_IP, 594 SERV6_PORT, 595 SERV6_REWRITE_IP, 596 SERV6_REWRITE_PORT, 597 NULL, 598 SUCCESS, 599 }, 600 { 601 SOCK_ADDR_TEST_BIND, 602 "bind6: bind deny (stream)", 603 bind_v6_deny_prog_load, 604 bind_v6_deny_prog_destroy, 605 BPF_CGROUP_INET6_BIND, 606 &user_ops, 607 AF_INET6, 608 SOCK_STREAM, 609 SERV6_IP, 610 SERV6_PORT, 611 SERV6_REWRITE_IP, 612 SERV6_REWRITE_PORT, 613 NULL, 614 SYSCALL_EPERM, 615 }, 616 { 617 SOCK_ADDR_TEST_BIND, 618 "bind6: bind (dgram)", 619 bind_v6_prog_load, 620 bind_v6_prog_destroy, 621 BPF_CGROUP_INET6_BIND, 622 &user_ops, 623 AF_INET6, 624 SOCK_DGRAM, 625 SERV6_IP, 626 SERV6_PORT, 627 SERV6_REWRITE_IP, 628 SERV6_REWRITE_PORT, 629 NULL, 630 SUCCESS, 631 }, 632 { 633 SOCK_ADDR_TEST_BIND, 634 "bind6: bind deny (dgram)", 635 bind_v6_deny_prog_load, 636 bind_v6_deny_prog_destroy, 637 BPF_CGROUP_INET6_BIND, 638 &user_ops, 639 AF_INET6, 640 SOCK_DGRAM, 641 SERV6_IP, 642 SERV6_PORT, 643 SERV6_REWRITE_IP, 644 SERV6_REWRITE_PORT, 645 NULL, 646 SYSCALL_EPERM, 647 }, 648 { 649 SOCK_ADDR_TEST_BIND, 650 "bind6: load prog with wrong expected attach type", 651 bind_v6_prog_load, 652 bind_v6_prog_destroy, 653 BPF_CGROUP_INET4_BIND, 654 &user_ops, 655 AF_INET6, 656 SOCK_STREAM, 657 NULL, 658 0, 659 NULL, 660 0, 661 NULL, 662 LOAD_REJECT, 663 }, 664 { 665 SOCK_ADDR_TEST_BIND, 666 "bind6: attach prog with wrong attach type", 667 bind_v6_prog_load_raw, 668 bind_v6_prog_destroy_raw, 669 BPF_CGROUP_INET4_BIND, 670 &user_ops, 671 AF_INET, 672 SOCK_STREAM, 673 NULL, 674 0, 675 NULL, 676 0, 677 NULL, 678 ATTACH_REJECT, 679 }, 680 681 /* bind - kernel calls */ 682 { 683 SOCK_ADDR_TEST_BIND, 684 "bind4: kernel_bind (stream)", 685 bind_v4_prog_load, 686 bind_v4_prog_destroy, 687 BPF_CGROUP_INET4_BIND, 688 &kern_ops_sock_sendmsg, 689 AF_INET, 690 SOCK_STREAM, 691 SERV4_IP, 692 SERV4_PORT, 693 SERV4_REWRITE_IP, 694 SERV4_REWRITE_PORT, 695 NULL, 696 SUCCESS, 697 }, 698 { 699 SOCK_ADDR_TEST_BIND, 700 "bind4: kernel_bind deny (stream)", 701 bind_v4_deny_prog_load, 702 bind_v4_deny_prog_destroy, 703 BPF_CGROUP_INET4_BIND, 704 &kern_ops_sock_sendmsg, 705 AF_INET, 706 SOCK_STREAM, 707 SERV4_IP, 708 SERV4_PORT, 709 SERV4_REWRITE_IP, 710 SERV4_REWRITE_PORT, 711 NULL, 712 SYSCALL_EPERM, 713 }, 714 { 715 SOCK_ADDR_TEST_BIND, 716 "bind4: kernel_bind (dgram)", 717 bind_v4_prog_load, 718 bind_v4_prog_destroy, 719 BPF_CGROUP_INET4_BIND, 720 &kern_ops_sock_sendmsg, 721 AF_INET, 722 SOCK_DGRAM, 723 SERV4_IP, 724 SERV4_PORT, 725 SERV4_REWRITE_IP, 726 SERV4_REWRITE_PORT, 727 NULL, 728 SUCCESS, 729 }, 730 { 731 SOCK_ADDR_TEST_BIND, 732 "bind4: kernel_bind deny (dgram)", 733 bind_v4_deny_prog_load, 734 bind_v4_deny_prog_destroy, 735 BPF_CGROUP_INET4_BIND, 736 &kern_ops_sock_sendmsg, 737 AF_INET, 738 SOCK_DGRAM, 739 SERV4_IP, 740 SERV4_PORT, 741 SERV4_REWRITE_IP, 742 SERV4_REWRITE_PORT, 743 NULL, 744 SYSCALL_EPERM, 745 }, 746 { 747 SOCK_ADDR_TEST_BIND, 748 "bind6: kernel_bind (stream)", 749 bind_v6_prog_load, 750 bind_v6_prog_destroy, 751 BPF_CGROUP_INET6_BIND, 752 &kern_ops_sock_sendmsg, 753 AF_INET6, 754 SOCK_STREAM, 755 SERV6_IP, 756 SERV6_PORT, 757 SERV6_REWRITE_IP, 758 SERV6_REWRITE_PORT, 759 NULL, 760 SUCCESS, 761 }, 762 { 763 SOCK_ADDR_TEST_BIND, 764 "bind6: kernel_bind deny (stream)", 765 bind_v6_deny_prog_load, 766 bind_v6_deny_prog_destroy, 767 BPF_CGROUP_INET6_BIND, 768 &kern_ops_sock_sendmsg, 769 AF_INET6, 770 SOCK_STREAM, 771 SERV6_IP, 772 SERV6_PORT, 773 SERV6_REWRITE_IP, 774 SERV6_REWRITE_PORT, 775 NULL, 776 SYSCALL_EPERM, 777 }, 778 { 779 SOCK_ADDR_TEST_BIND, 780 "bind6: kernel_bind (dgram)", 781 bind_v6_prog_load, 782 bind_v6_prog_destroy, 783 BPF_CGROUP_INET6_BIND, 784 &kern_ops_sock_sendmsg, 785 AF_INET6, 786 SOCK_DGRAM, 787 SERV6_IP, 788 SERV6_PORT, 789 SERV6_REWRITE_IP, 790 SERV6_REWRITE_PORT, 791 NULL, 792 SUCCESS, 793 }, 794 { 795 SOCK_ADDR_TEST_BIND, 796 "bind6: kernel_bind deny (dgram)", 797 bind_v6_deny_prog_load, 798 bind_v6_deny_prog_destroy, 799 BPF_CGROUP_INET6_BIND, 800 &kern_ops_sock_sendmsg, 801 AF_INET6, 802 SOCK_DGRAM, 803 SERV6_IP, 804 SERV6_PORT, 805 SERV6_REWRITE_IP, 806 SERV6_REWRITE_PORT, 807 NULL, 808 SYSCALL_EPERM, 809 }, 810 811 /* connect - system calls */ 812 { 813 SOCK_ADDR_TEST_CONNECT, 814 "connect4: connect (stream)", 815 connect_v4_prog_load, 816 connect_v4_prog_destroy, 817 BPF_CGROUP_INET4_CONNECT, 818 &user_ops, 819 AF_INET, 820 SOCK_STREAM, 821 SERV4_IP, 822 SERV4_PORT, 823 SERV4_REWRITE_IP, 824 SERV4_REWRITE_PORT, 825 SRC4_REWRITE_IP, 826 SUCCESS, 827 }, 828 { 829 SOCK_ADDR_TEST_CONNECT, 830 "connect4: connect deny (stream)", 831 connect_v4_deny_prog_load, 832 connect_v4_deny_prog_destroy, 833 BPF_CGROUP_INET4_CONNECT, 834 &user_ops, 835 AF_INET, 836 SOCK_STREAM, 837 SERV4_IP, 838 SERV4_PORT, 839 SERV4_REWRITE_IP, 840 SERV4_REWRITE_PORT, 841 SRC4_REWRITE_IP, 842 SYSCALL_EPERM, 843 }, 844 { 845 SOCK_ADDR_TEST_CONNECT, 846 "connect4: connect (dgram)", 847 connect_v4_prog_load, 848 connect_v4_prog_destroy, 849 BPF_CGROUP_INET4_CONNECT, 850 &user_ops, 851 AF_INET, 852 SOCK_DGRAM, 853 SERV4_IP, 854 SERV4_PORT, 855 SERV4_REWRITE_IP, 856 SERV4_REWRITE_PORT, 857 SRC4_REWRITE_IP, 858 SUCCESS, 859 }, 860 { 861 SOCK_ADDR_TEST_CONNECT, 862 "connect4: connect deny (dgram)", 863 connect_v4_deny_prog_load, 864 connect_v4_deny_prog_destroy, 865 BPF_CGROUP_INET4_CONNECT, 866 &user_ops, 867 AF_INET, 868 SOCK_DGRAM, 869 SERV4_IP, 870 SERV4_PORT, 871 SERV4_REWRITE_IP, 872 SERV4_REWRITE_PORT, 873 SRC4_REWRITE_IP, 874 SYSCALL_EPERM, 875 }, 876 { 877 SOCK_ADDR_TEST_CONNECT, 878 "connect4: load prog with wrong expected attach type", 879 connect_v4_prog_load, 880 connect_v4_prog_destroy, 881 BPF_CGROUP_INET6_CONNECT, 882 &user_ops, 883 AF_INET, 884 SOCK_STREAM, 885 NULL, 886 0, 887 NULL, 888 0, 889 NULL, 890 LOAD_REJECT, 891 }, 892 { 893 SOCK_ADDR_TEST_CONNECT, 894 "connect4: attach prog with wrong attach type", 895 connect_v4_prog_load_raw, 896 connect_v4_prog_destroy_raw, 897 BPF_CGROUP_INET6_CONNECT, 898 &user_ops, 899 AF_INET, 900 SOCK_STREAM, 901 NULL, 902 0, 903 NULL, 904 0, 905 NULL, 906 ATTACH_REJECT, 907 }, 908 { 909 SOCK_ADDR_TEST_CONNECT, 910 "connect6: connect (stream)", 911 connect_v6_prog_load, 912 connect_v6_prog_destroy, 913 BPF_CGROUP_INET6_CONNECT, 914 &user_ops, 915 AF_INET6, 916 SOCK_STREAM, 917 SERV6_IP, 918 SERV6_PORT, 919 SERV6_REWRITE_IP, 920 SERV6_REWRITE_PORT, 921 SRC6_REWRITE_IP, 922 SUCCESS, 923 }, 924 { 925 SOCK_ADDR_TEST_CONNECT, 926 "connect6: connect deny (stream)", 927 connect_v6_deny_prog_load, 928 connect_v6_deny_prog_destroy, 929 BPF_CGROUP_INET6_CONNECT, 930 &user_ops, 931 AF_INET6, 932 SOCK_STREAM, 933 SERV6_IP, 934 SERV6_PORT, 935 SERV6_REWRITE_IP, 936 SERV6_REWRITE_PORT, 937 SRC6_REWRITE_IP, 938 SYSCALL_EPERM, 939 }, 940 { 941 SOCK_ADDR_TEST_CONNECT, 942 "connect6: connect (dgram)", 943 connect_v6_prog_load, 944 connect_v6_prog_destroy, 945 BPF_CGROUP_INET6_CONNECT, 946 &user_ops, 947 AF_INET6, 948 SOCK_DGRAM, 949 SERV6_IP, 950 SERV6_PORT, 951 SERV6_REWRITE_IP, 952 SERV6_REWRITE_PORT, 953 SRC6_REWRITE_IP, 954 SUCCESS, 955 }, 956 { 957 SOCK_ADDR_TEST_CONNECT, 958 "connect6: connect deny (dgram)", 959 connect_v6_deny_prog_load, 960 connect_v6_deny_prog_destroy, 961 BPF_CGROUP_INET6_CONNECT, 962 &user_ops, 963 AF_INET6, 964 SOCK_DGRAM, 965 SERV6_IP, 966 SERV6_PORT, 967 SERV6_REWRITE_IP, 968 SERV6_REWRITE_PORT, 969 SRC6_REWRITE_IP, 970 SYSCALL_EPERM, 971 }, 972 { 973 SOCK_ADDR_TEST_CONNECT, 974 "connect6: load prog with wrong expected attach type", 975 connect_v6_prog_load, 976 connect_v6_prog_destroy, 977 BPF_CGROUP_INET4_CONNECT, 978 &user_ops, 979 AF_INET6, 980 SOCK_STREAM, 981 NULL, 982 0, 983 NULL, 984 0, 985 NULL, 986 LOAD_REJECT, 987 }, 988 { 989 SOCK_ADDR_TEST_CONNECT, 990 "connect6: attach prog with wrong attach type", 991 connect_v6_prog_load_raw, 992 connect_v6_prog_destroy_raw, 993 BPF_CGROUP_INET4_CONNECT, 994 &user_ops, 995 AF_INET, 996 SOCK_STREAM, 997 NULL, 998 0, 999 NULL, 1000 0, 1001 NULL, 1002 ATTACH_REJECT, 1003 }, 1004 { 1005 SOCK_ADDR_TEST_CONNECT, 1006 "connect_unix: connect (stream)", 1007 connect_unix_prog_load, 1008 connect_unix_prog_destroy, 1009 BPF_CGROUP_UNIX_CONNECT, 1010 &user_ops, 1011 AF_UNIX, 1012 SOCK_STREAM, 1013 SERVUN_ADDRESS, 1014 0, 1015 SERVUN_REWRITE_ADDRESS, 1016 0, 1017 NULL, 1018 SUCCESS, 1019 }, 1020 { 1021 SOCK_ADDR_TEST_CONNECT, 1022 "connect_unix: connect deny (stream)", 1023 connect_unix_deny_prog_load, 1024 connect_unix_deny_prog_destroy, 1025 BPF_CGROUP_UNIX_CONNECT, 1026 &user_ops, 1027 AF_UNIX, 1028 SOCK_STREAM, 1029 SERVUN_ADDRESS, 1030 0, 1031 SERVUN_REWRITE_ADDRESS, 1032 0, 1033 NULL, 1034 SYSCALL_EPERM, 1035 }, 1036 { 1037 SOCK_ADDR_TEST_CONNECT, 1038 "connect_unix: attach prog with wrong attach type", 1039 connect_unix_prog_load_raw, 1040 connect_unix_prog_destroy_raw, 1041 BPF_CGROUP_INET4_CONNECT, 1042 &user_ops, 1043 AF_UNIX, 1044 SOCK_STREAM, 1045 SERVUN_ADDRESS, 1046 0, 1047 SERVUN_REWRITE_ADDRESS, 1048 0, 1049 NULL, 1050 ATTACH_REJECT, 1051 }, 1052 1053 /* connect - kernel calls */ 1054 { 1055 SOCK_ADDR_TEST_CONNECT, 1056 "connect4: kernel_connect (stream)", 1057 connect_v4_prog_load, 1058 connect_v4_prog_destroy, 1059 BPF_CGROUP_INET4_CONNECT, 1060 &kern_ops_sock_sendmsg, 1061 AF_INET, 1062 SOCK_STREAM, 1063 SERV4_IP, 1064 SERV4_PORT, 1065 SERV4_REWRITE_IP, 1066 SERV4_REWRITE_PORT, 1067 SRC4_REWRITE_IP, 1068 SUCCESS, 1069 }, 1070 { 1071 SOCK_ADDR_TEST_CONNECT, 1072 "connect4: kernel_connect deny (stream)", 1073 connect_v4_deny_prog_load, 1074 connect_v4_deny_prog_destroy, 1075 BPF_CGROUP_INET4_CONNECT, 1076 &kern_ops_sock_sendmsg, 1077 AF_INET, 1078 SOCK_STREAM, 1079 SERV4_IP, 1080 SERV4_PORT, 1081 SERV4_REWRITE_IP, 1082 SERV4_REWRITE_PORT, 1083 SRC4_REWRITE_IP, 1084 SYSCALL_EPERM, 1085 }, 1086 { 1087 SOCK_ADDR_TEST_CONNECT, 1088 "connect4: kernel_connect (dgram)", 1089 connect_v4_prog_load, 1090 connect_v4_prog_destroy, 1091 BPF_CGROUP_INET4_CONNECT, 1092 &kern_ops_sock_sendmsg, 1093 AF_INET, 1094 SOCK_DGRAM, 1095 SERV4_IP, 1096 SERV4_PORT, 1097 SERV4_REWRITE_IP, 1098 SERV4_REWRITE_PORT, 1099 SRC4_REWRITE_IP, 1100 SUCCESS, 1101 }, 1102 { 1103 SOCK_ADDR_TEST_CONNECT, 1104 "connect4: kernel_connect deny (dgram)", 1105 connect_v4_deny_prog_load, 1106 connect_v4_deny_prog_destroy, 1107 BPF_CGROUP_INET4_CONNECT, 1108 &kern_ops_sock_sendmsg, 1109 AF_INET, 1110 SOCK_DGRAM, 1111 SERV4_IP, 1112 SERV4_PORT, 1113 SERV4_REWRITE_IP, 1114 SERV4_REWRITE_PORT, 1115 SRC4_REWRITE_IP, 1116 SYSCALL_EPERM, 1117 }, 1118 { 1119 SOCK_ADDR_TEST_CONNECT, 1120 "connect6: kernel_connect (stream)", 1121 connect_v6_prog_load, 1122 connect_v6_prog_destroy, 1123 BPF_CGROUP_INET6_CONNECT, 1124 &kern_ops_sock_sendmsg, 1125 AF_INET6, 1126 SOCK_STREAM, 1127 SERV6_IP, 1128 SERV6_PORT, 1129 SERV6_REWRITE_IP, 1130 SERV6_REWRITE_PORT, 1131 SRC6_REWRITE_IP, 1132 SUCCESS, 1133 }, 1134 { 1135 SOCK_ADDR_TEST_CONNECT, 1136 "connect6: kernel_connect deny (stream)", 1137 connect_v6_deny_prog_load, 1138 connect_v6_deny_prog_destroy, 1139 BPF_CGROUP_INET6_CONNECT, 1140 &kern_ops_sock_sendmsg, 1141 AF_INET6, 1142 SOCK_STREAM, 1143 SERV6_IP, 1144 SERV6_PORT, 1145 SERV6_REWRITE_IP, 1146 SERV6_REWRITE_PORT, 1147 SRC6_REWRITE_IP, 1148 SYSCALL_EPERM, 1149 }, 1150 { 1151 SOCK_ADDR_TEST_CONNECT, 1152 "connect6: kernel_connect (dgram)", 1153 connect_v6_prog_load, 1154 connect_v6_prog_destroy, 1155 BPF_CGROUP_INET6_CONNECT, 1156 &kern_ops_sock_sendmsg, 1157 AF_INET6, 1158 SOCK_DGRAM, 1159 SERV6_IP, 1160 SERV6_PORT, 1161 SERV6_REWRITE_IP, 1162 SERV6_REWRITE_PORT, 1163 SRC6_REWRITE_IP, 1164 SUCCESS, 1165 }, 1166 { 1167 SOCK_ADDR_TEST_CONNECT, 1168 "connect6: kernel_connect deny (dgram)", 1169 connect_v6_deny_prog_load, 1170 connect_v6_deny_prog_destroy, 1171 BPF_CGROUP_INET6_CONNECT, 1172 &kern_ops_sock_sendmsg, 1173 AF_INET6, 1174 SOCK_DGRAM, 1175 SERV6_IP, 1176 SERV6_PORT, 1177 SERV6_REWRITE_IP, 1178 SERV6_REWRITE_PORT, 1179 SRC6_REWRITE_IP, 1180 SYSCALL_EPERM, 1181 }, 1182 { 1183 SOCK_ADDR_TEST_CONNECT, 1184 "connect_unix: kernel_connect (dgram)", 1185 connect_unix_prog_load, 1186 connect_unix_prog_destroy, 1187 BPF_CGROUP_UNIX_CONNECT, 1188 &kern_ops_sock_sendmsg, 1189 AF_UNIX, 1190 SOCK_STREAM, 1191 SERVUN_ADDRESS, 1192 0, 1193 SERVUN_REWRITE_ADDRESS, 1194 0, 1195 NULL, 1196 SUCCESS, 1197 }, 1198 { 1199 SOCK_ADDR_TEST_CONNECT, 1200 "connect_unix: kernel_connect deny (dgram)", 1201 connect_unix_deny_prog_load, 1202 connect_unix_deny_prog_destroy, 1203 BPF_CGROUP_UNIX_CONNECT, 1204 &kern_ops_sock_sendmsg, 1205 AF_UNIX, 1206 SOCK_STREAM, 1207 SERVUN_ADDRESS, 1208 0, 1209 SERVUN_REWRITE_ADDRESS, 1210 0, 1211 NULL, 1212 SYSCALL_EPERM, 1213 }, 1214 1215 /* sendmsg - system calls */ 1216 { 1217 SOCK_ADDR_TEST_SENDMSG, 1218 "sendmsg4: sendmsg (dgram)", 1219 sendmsg_v4_prog_load, 1220 sendmsg_v4_prog_destroy, 1221 BPF_CGROUP_UDP4_SENDMSG, 1222 &user_ops, 1223 AF_INET, 1224 SOCK_DGRAM, 1225 SERV4_IP, 1226 SERV4_PORT, 1227 SERV4_REWRITE_IP, 1228 SERV4_REWRITE_PORT, 1229 SRC4_REWRITE_IP, 1230 SUCCESS, 1231 }, 1232 { 1233 SOCK_ADDR_TEST_SENDMSG, 1234 "sendmsg4: sendmsg deny (dgram)", 1235 sendmsg_v4_deny_prog_load, 1236 sendmsg_v4_deny_prog_destroy, 1237 BPF_CGROUP_UDP4_SENDMSG, 1238 &user_ops, 1239 AF_INET, 1240 SOCK_DGRAM, 1241 SERV4_IP, 1242 SERV4_PORT, 1243 SERV4_REWRITE_IP, 1244 SERV4_REWRITE_PORT, 1245 SRC4_REWRITE_IP, 1246 SYSCALL_EPERM, 1247 }, 1248 { 1249 SOCK_ADDR_TEST_SENDMSG, 1250 "sendmsg4: load prog with wrong expected attach type", 1251 sendmsg_v4_prog_load, 1252 sendmsg_v4_prog_destroy, 1253 BPF_CGROUP_UDP6_SENDMSG, 1254 &user_ops, 1255 AF_INET, 1256 SOCK_DGRAM, 1257 NULL, 1258 0, 1259 NULL, 1260 0, 1261 NULL, 1262 LOAD_REJECT, 1263 }, 1264 { 1265 SOCK_ADDR_TEST_SENDMSG, 1266 "sendmsg4: attach prog with wrong attach type", 1267 sendmsg_v4_prog_load_raw, 1268 sendmsg_v4_prog_destroy_raw, 1269 BPF_CGROUP_UDP6_SENDMSG, 1270 &user_ops, 1271 AF_INET, 1272 SOCK_DGRAM, 1273 NULL, 1274 0, 1275 NULL, 1276 0, 1277 NULL, 1278 ATTACH_REJECT, 1279 }, 1280 { 1281 SOCK_ADDR_TEST_SENDMSG, 1282 "sendmsg6: sendmsg (dgram)", 1283 sendmsg_v6_prog_load, 1284 sendmsg_v6_prog_destroy, 1285 BPF_CGROUP_UDP6_SENDMSG, 1286 &user_ops, 1287 AF_INET6, 1288 SOCK_DGRAM, 1289 SERV6_IP, 1290 SERV6_PORT, 1291 SERV6_REWRITE_IP, 1292 SERV6_REWRITE_PORT, 1293 SRC6_REWRITE_IP, 1294 SUCCESS, 1295 }, 1296 { 1297 SOCK_ADDR_TEST_SENDMSG, 1298 "sendmsg6: sendmsg [::] (BSD'ism) (dgram)", 1299 sendmsg_v6_preserve_dst_prog_load, 1300 sendmsg_v6_preserve_dst_prog_destroy, 1301 BPF_CGROUP_UDP6_SENDMSG, 1302 &user_ops, 1303 AF_INET6, 1304 SOCK_DGRAM, 1305 WILDCARD6_IP, 1306 SERV6_PORT, 1307 SERV6_REWRITE_IP, 1308 SERV6_PORT, 1309 SRC6_IP, 1310 SUCCESS, 1311 }, 1312 { 1313 SOCK_ADDR_TEST_SENDMSG, 1314 "sendmsg6: sendmsg deny (dgram)", 1315 sendmsg_v6_deny_prog_load, 1316 sendmsg_v6_deny_prog_destroy, 1317 BPF_CGROUP_UDP6_SENDMSG, 1318 &user_ops, 1319 AF_INET6, 1320 SOCK_DGRAM, 1321 SERV6_IP, 1322 SERV6_PORT, 1323 SERV6_REWRITE_IP, 1324 SERV6_REWRITE_PORT, 1325 SRC6_REWRITE_IP, 1326 SYSCALL_EPERM, 1327 }, 1328 { 1329 SOCK_ADDR_TEST_SENDMSG, 1330 "sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)", 1331 sendmsg_v6_v4mapped_prog_load, 1332 sendmsg_v6_v4mapped_prog_destroy, 1333 BPF_CGROUP_UDP6_SENDMSG, 1334 &user_ops, 1335 AF_INET6, 1336 SOCK_DGRAM, 1337 SERV6_IP, 1338 SERV6_PORT, 1339 SERV6_REWRITE_IP, 1340 SERV6_REWRITE_PORT, 1341 SRC6_REWRITE_IP, 1342 SYSCALL_ENOTSUPP, 1343 }, 1344 { 1345 SOCK_ADDR_TEST_SENDMSG, 1346 "sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)", 1347 sendmsg_v6_wildcard_prog_load, 1348 sendmsg_v6_wildcard_prog_destroy, 1349 BPF_CGROUP_UDP6_SENDMSG, 1350 &user_ops, 1351 AF_INET6, 1352 SOCK_DGRAM, 1353 SERV6_IP, 1354 SERV6_PORT, 1355 SERV6_REWRITE_IP, 1356 SERV6_REWRITE_PORT, 1357 SRC6_REWRITE_IP, 1358 SUCCESS, 1359 }, 1360 { 1361 SOCK_ADDR_TEST_SENDMSG, 1362 "sendmsg6: load prog with wrong expected attach type", 1363 sendmsg_v6_prog_load, 1364 sendmsg_v6_prog_destroy, 1365 BPF_CGROUP_UDP4_SENDMSG, 1366 &user_ops, 1367 AF_INET6, 1368 SOCK_DGRAM, 1369 NULL, 1370 0, 1371 NULL, 1372 0, 1373 NULL, 1374 LOAD_REJECT, 1375 }, 1376 { 1377 SOCK_ADDR_TEST_SENDMSG, 1378 "sendmsg6: attach prog with wrong attach type", 1379 sendmsg_v6_prog_load_raw, 1380 sendmsg_v6_prog_destroy_raw, 1381 BPF_CGROUP_UDP4_SENDMSG, 1382 &user_ops, 1383 AF_INET6, 1384 SOCK_DGRAM, 1385 NULL, 1386 0, 1387 NULL, 1388 0, 1389 NULL, 1390 ATTACH_REJECT, 1391 }, 1392 { 1393 SOCK_ADDR_TEST_SENDMSG, 1394 "sendmsg_unix: sendmsg (dgram)", 1395 sendmsg_unix_prog_load, 1396 sendmsg_unix_prog_destroy, 1397 BPF_CGROUP_UNIX_SENDMSG, 1398 &user_ops, 1399 AF_UNIX, 1400 SOCK_DGRAM, 1401 SERVUN_ADDRESS, 1402 0, 1403 SERVUN_REWRITE_ADDRESS, 1404 0, 1405 NULL, 1406 SUCCESS, 1407 }, 1408 { 1409 SOCK_ADDR_TEST_SENDMSG, 1410 "sendmsg_unix: sendmsg deny (dgram)", 1411 sendmsg_unix_deny_prog_load, 1412 sendmsg_unix_deny_prog_destroy, 1413 BPF_CGROUP_UNIX_SENDMSG, 1414 &user_ops, 1415 AF_UNIX, 1416 SOCK_DGRAM, 1417 SERVUN_ADDRESS, 1418 0, 1419 SERVUN_REWRITE_ADDRESS, 1420 0, 1421 NULL, 1422 SYSCALL_EPERM, 1423 }, 1424 { 1425 SOCK_ADDR_TEST_SENDMSG, 1426 "sendmsg_unix: attach prog with wrong attach type", 1427 sendmsg_unix_prog_load_raw, 1428 sendmsg_unix_prog_destroy_raw, 1429 BPF_CGROUP_UDP4_SENDMSG, 1430 &user_ops, 1431 AF_UNIX, 1432 SOCK_DGRAM, 1433 SERVUN_ADDRESS, 1434 0, 1435 SERVUN_REWRITE_ADDRESS, 1436 0, 1437 NULL, 1438 ATTACH_REJECT, 1439 }, 1440 1441 /* sendmsg - kernel calls (sock_sendmsg) */ 1442 { 1443 SOCK_ADDR_TEST_SENDMSG, 1444 "sendmsg4: sock_sendmsg (dgram)", 1445 sendmsg_v4_prog_load, 1446 sendmsg_v4_prog_destroy, 1447 BPF_CGROUP_UDP4_SENDMSG, 1448 &kern_ops_sock_sendmsg, 1449 AF_INET, 1450 SOCK_DGRAM, 1451 SERV4_IP, 1452 SERV4_PORT, 1453 SERV4_REWRITE_IP, 1454 SERV4_REWRITE_PORT, 1455 SRC4_REWRITE_IP, 1456 SUCCESS, 1457 }, 1458 { 1459 SOCK_ADDR_TEST_SENDMSG, 1460 "sendmsg4: sock_sendmsg deny (dgram)", 1461 sendmsg_v4_deny_prog_load, 1462 sendmsg_v4_deny_prog_destroy, 1463 BPF_CGROUP_UDP4_SENDMSG, 1464 &kern_ops_sock_sendmsg, 1465 AF_INET, 1466 SOCK_DGRAM, 1467 SERV4_IP, 1468 SERV4_PORT, 1469 SERV4_REWRITE_IP, 1470 SERV4_REWRITE_PORT, 1471 SRC4_REWRITE_IP, 1472 SYSCALL_EPERM, 1473 }, 1474 { 1475 SOCK_ADDR_TEST_SENDMSG, 1476 "sendmsg6: sock_sendmsg (dgram)", 1477 sendmsg_v6_prog_load, 1478 sendmsg_v6_prog_destroy, 1479 BPF_CGROUP_UDP6_SENDMSG, 1480 &kern_ops_sock_sendmsg, 1481 AF_INET6, 1482 SOCK_DGRAM, 1483 SERV6_IP, 1484 SERV6_PORT, 1485 SERV6_REWRITE_IP, 1486 SERV6_REWRITE_PORT, 1487 SRC6_REWRITE_IP, 1488 SUCCESS, 1489 }, 1490 { 1491 SOCK_ADDR_TEST_SENDMSG, 1492 "sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)", 1493 sendmsg_v6_preserve_dst_prog_load, 1494 sendmsg_v6_preserve_dst_prog_destroy, 1495 BPF_CGROUP_UDP6_SENDMSG, 1496 &kern_ops_sock_sendmsg, 1497 AF_INET6, 1498 SOCK_DGRAM, 1499 WILDCARD6_IP, 1500 SERV6_PORT, 1501 SERV6_REWRITE_IP, 1502 SERV6_PORT, 1503 SRC6_IP, 1504 SUCCESS, 1505 }, 1506 { 1507 SOCK_ADDR_TEST_SENDMSG, 1508 "sendmsg6: sock_sendmsg deny (dgram)", 1509 sendmsg_v6_deny_prog_load, 1510 sendmsg_v6_deny_prog_destroy, 1511 BPF_CGROUP_UDP6_SENDMSG, 1512 &kern_ops_sock_sendmsg, 1513 AF_INET6, 1514 SOCK_DGRAM, 1515 SERV6_IP, 1516 SERV6_PORT, 1517 SERV6_REWRITE_IP, 1518 SERV6_REWRITE_PORT, 1519 SRC6_REWRITE_IP, 1520 SYSCALL_EPERM, 1521 }, 1522 { 1523 SOCK_ADDR_TEST_SENDMSG, 1524 "sendmsg_unix: sock_sendmsg (dgram)", 1525 sendmsg_unix_prog_load, 1526 sendmsg_unix_prog_destroy, 1527 BPF_CGROUP_UNIX_SENDMSG, 1528 &kern_ops_sock_sendmsg, 1529 AF_UNIX, 1530 SOCK_DGRAM, 1531 SERVUN_ADDRESS, 1532 0, 1533 SERVUN_REWRITE_ADDRESS, 1534 0, 1535 NULL, 1536 SUCCESS, 1537 }, 1538 { 1539 SOCK_ADDR_TEST_SENDMSG, 1540 "sendmsg_unix: sock_sendmsg deny (dgram)", 1541 sendmsg_unix_deny_prog_load, 1542 sendmsg_unix_deny_prog_destroy, 1543 BPF_CGROUP_UNIX_SENDMSG, 1544 &kern_ops_sock_sendmsg, 1545 AF_UNIX, 1546 SOCK_DGRAM, 1547 SERVUN_ADDRESS, 1548 0, 1549 SERVUN_REWRITE_ADDRESS, 1550 0, 1551 NULL, 1552 SYSCALL_EPERM, 1553 }, 1554 1555 /* sendmsg - kernel calls (kernel_sendmsg) */ 1556 { 1557 SOCK_ADDR_TEST_SENDMSG, 1558 "sendmsg4: kernel_sendmsg (dgram)", 1559 sendmsg_v4_prog_load, 1560 sendmsg_v4_prog_destroy, 1561 BPF_CGROUP_UDP4_SENDMSG, 1562 &kern_ops_kernel_sendmsg, 1563 AF_INET, 1564 SOCK_DGRAM, 1565 SERV4_IP, 1566 SERV4_PORT, 1567 SERV4_REWRITE_IP, 1568 SERV4_REWRITE_PORT, 1569 SRC4_REWRITE_IP, 1570 SUCCESS, 1571 }, 1572 { 1573 SOCK_ADDR_TEST_SENDMSG, 1574 "sendmsg4: kernel_sendmsg deny (dgram)", 1575 sendmsg_v4_deny_prog_load, 1576 sendmsg_v4_deny_prog_destroy, 1577 BPF_CGROUP_UDP4_SENDMSG, 1578 &kern_ops_kernel_sendmsg, 1579 AF_INET, 1580 SOCK_DGRAM, 1581 SERV4_IP, 1582 SERV4_PORT, 1583 SERV4_REWRITE_IP, 1584 SERV4_REWRITE_PORT, 1585 SRC4_REWRITE_IP, 1586 SYSCALL_EPERM, 1587 }, 1588 { 1589 SOCK_ADDR_TEST_SENDMSG, 1590 "sendmsg6: kernel_sendmsg (dgram)", 1591 sendmsg_v6_prog_load, 1592 sendmsg_v6_prog_destroy, 1593 BPF_CGROUP_UDP6_SENDMSG, 1594 &kern_ops_kernel_sendmsg, 1595 AF_INET6, 1596 SOCK_DGRAM, 1597 SERV6_IP, 1598 SERV6_PORT, 1599 SERV6_REWRITE_IP, 1600 SERV6_REWRITE_PORT, 1601 SRC6_REWRITE_IP, 1602 SUCCESS, 1603 }, 1604 { 1605 SOCK_ADDR_TEST_SENDMSG, 1606 "sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)", 1607 sendmsg_v6_preserve_dst_prog_load, 1608 sendmsg_v6_preserve_dst_prog_destroy, 1609 BPF_CGROUP_UDP6_SENDMSG, 1610 &kern_ops_kernel_sendmsg, 1611 AF_INET6, 1612 SOCK_DGRAM, 1613 WILDCARD6_IP, 1614 SERV6_PORT, 1615 SERV6_REWRITE_IP, 1616 SERV6_PORT, 1617 SRC6_IP, 1618 SUCCESS, 1619 }, 1620 { 1621 SOCK_ADDR_TEST_SENDMSG, 1622 "sendmsg6: kernel_sendmsg deny (dgram)", 1623 sendmsg_v6_deny_prog_load, 1624 sendmsg_v6_deny_prog_destroy, 1625 BPF_CGROUP_UDP6_SENDMSG, 1626 &kern_ops_kernel_sendmsg, 1627 AF_INET6, 1628 SOCK_DGRAM, 1629 SERV6_IP, 1630 SERV6_PORT, 1631 SERV6_REWRITE_IP, 1632 SERV6_REWRITE_PORT, 1633 SRC6_REWRITE_IP, 1634 SYSCALL_EPERM, 1635 }, 1636 { 1637 SOCK_ADDR_TEST_SENDMSG, 1638 "sendmsg_unix: sock_sendmsg (dgram)", 1639 sendmsg_unix_prog_load, 1640 sendmsg_unix_prog_destroy, 1641 BPF_CGROUP_UNIX_SENDMSG, 1642 &kern_ops_kernel_sendmsg, 1643 AF_UNIX, 1644 SOCK_DGRAM, 1645 SERVUN_ADDRESS, 1646 0, 1647 SERVUN_REWRITE_ADDRESS, 1648 0, 1649 NULL, 1650 SUCCESS, 1651 }, 1652 { 1653 SOCK_ADDR_TEST_SENDMSG, 1654 "sendmsg_unix: kernel_sendmsg deny (dgram)", 1655 sendmsg_unix_deny_prog_load, 1656 sendmsg_unix_deny_prog_destroy, 1657 BPF_CGROUP_UNIX_SENDMSG, 1658 &kern_ops_kernel_sendmsg, 1659 AF_UNIX, 1660 SOCK_DGRAM, 1661 SERVUN_ADDRESS, 1662 0, 1663 SERVUN_REWRITE_ADDRESS, 1664 0, 1665 NULL, 1666 SYSCALL_EPERM, 1667 }, 1668 1669 /* recvmsg - system calls */ 1670 { 1671 SOCK_ADDR_TEST_RECVMSG, 1672 "recvmsg4: recvfrom (dgram)", 1673 recvmsg4_prog_load, 1674 recvmsg4_prog_destroy, 1675 BPF_CGROUP_UDP4_RECVMSG, 1676 &user_ops, 1677 AF_INET, 1678 SOCK_DGRAM, 1679 SERV4_REWRITE_IP, 1680 SERV4_REWRITE_PORT, 1681 SERV4_REWRITE_IP, 1682 SERV4_REWRITE_PORT, 1683 SERV4_IP, 1684 SUCCESS, 1685 }, 1686 { 1687 SOCK_ADDR_TEST_RECVMSG, 1688 "recvmsg4: attach prog with wrong attach type", 1689 recvmsg4_prog_load_raw, 1690 recvmsg4_prog_destroy_raw, 1691 BPF_CGROUP_UDP6_RECVMSG, 1692 &user_ops, 1693 AF_INET, 1694 SOCK_DGRAM, 1695 SERV4_REWRITE_IP, 1696 SERV4_REWRITE_PORT, 1697 SERV4_REWRITE_IP, 1698 SERV4_REWRITE_PORT, 1699 SERV4_IP, 1700 ATTACH_REJECT, 1701 }, 1702 { 1703 SOCK_ADDR_TEST_RECVMSG, 1704 "recvmsg6: recvfrom (dgram)", 1705 recvmsg6_prog_load, 1706 recvmsg6_prog_destroy, 1707 BPF_CGROUP_UDP6_RECVMSG, 1708 &user_ops, 1709 AF_INET6, 1710 SOCK_DGRAM, 1711 SERV6_REWRITE_IP, 1712 SERV6_REWRITE_PORT, 1713 SERV6_REWRITE_IP, 1714 SERV6_REWRITE_PORT, 1715 SERV6_IP, 1716 SUCCESS, 1717 }, 1718 { 1719 SOCK_ADDR_TEST_RECVMSG, 1720 "recvmsg6: attach prog with wrong attach type", 1721 recvmsg6_prog_load_raw, 1722 recvmsg6_prog_destroy_raw, 1723 BPF_CGROUP_UDP4_RECVMSG, 1724 &user_ops, 1725 AF_INET6, 1726 SOCK_DGRAM, 1727 SERV6_REWRITE_IP, 1728 SERV6_REWRITE_PORT, 1729 SERV6_REWRITE_IP, 1730 SERV6_REWRITE_PORT, 1731 SERV6_IP, 1732 ATTACH_REJECT, 1733 }, 1734 { 1735 SOCK_ADDR_TEST_RECVMSG, 1736 "recvmsg_unix: recvfrom (dgram)", 1737 recvmsg_unix_prog_load, 1738 recvmsg_unix_prog_destroy, 1739 BPF_CGROUP_UNIX_RECVMSG, 1740 &user_ops, 1741 AF_UNIX, 1742 SOCK_DGRAM, 1743 SERVUN_REWRITE_ADDRESS, 1744 0, 1745 SERVUN_REWRITE_ADDRESS, 1746 0, 1747 SERVUN_ADDRESS, 1748 SUCCESS, 1749 }, 1750 { 1751 SOCK_ADDR_TEST_RECVMSG, 1752 "recvmsg_unix: recvfrom (stream)", 1753 recvmsg_unix_prog_load, 1754 recvmsg_unix_prog_destroy, 1755 BPF_CGROUP_UNIX_RECVMSG, 1756 &user_ops, 1757 AF_UNIX, 1758 SOCK_STREAM, 1759 SERVUN_REWRITE_ADDRESS, 1760 0, 1761 SERVUN_REWRITE_ADDRESS, 1762 0, 1763 SERVUN_ADDRESS, 1764 SUCCESS, 1765 }, 1766 { 1767 SOCK_ADDR_TEST_RECVMSG, 1768 "recvmsg_unix: attach prog with wrong attach type", 1769 recvmsg_unix_prog_load_raw, 1770 recvmsg_unix_prog_destroy_raw, 1771 BPF_CGROUP_UDP4_RECVMSG, 1772 &user_ops, 1773 AF_INET6, 1774 SOCK_STREAM, 1775 SERVUN_REWRITE_ADDRESS, 1776 0, 1777 SERVUN_REWRITE_ADDRESS, 1778 0, 1779 SERVUN_ADDRESS, 1780 ATTACH_REJECT, 1781 }, 1782 1783 /* getsockname - system calls */ 1784 { 1785 SOCK_ADDR_TEST_GETSOCKNAME, 1786 "getsockname4: getsockname (stream)", 1787 getsockname_v4_prog_load, 1788 getsockname_v4_prog_destroy, 1789 BPF_CGROUP_INET4_GETSOCKNAME, 1790 &user_ops, 1791 AF_INET, 1792 SOCK_STREAM, 1793 SERV4_REWRITE_IP, 1794 SERV4_REWRITE_PORT, 1795 SERV4_IP, 1796 SERV4_PORT, 1797 NULL, 1798 SUCCESS, 1799 }, 1800 { 1801 SOCK_ADDR_TEST_GETSOCKNAME, 1802 "getsockname4: getsockname (dgram)", 1803 getsockname_v4_prog_load, 1804 getsockname_v4_prog_destroy, 1805 BPF_CGROUP_INET4_GETSOCKNAME, 1806 &user_ops, 1807 AF_INET, 1808 SOCK_DGRAM, 1809 SERV4_REWRITE_IP, 1810 SERV4_REWRITE_PORT, 1811 SERV4_IP, 1812 SERV4_PORT, 1813 NULL, 1814 SUCCESS, 1815 }, 1816 { 1817 SOCK_ADDR_TEST_GETSOCKNAME, 1818 "getsockname4: attach prog with wrong attach type", 1819 getsockname_v4_prog_load_raw, 1820 getsockname_v4_prog_destroy_raw, 1821 BPF_CGROUP_INET6_GETSOCKNAME, 1822 &user_ops, 1823 AF_INET, 1824 SOCK_DGRAM, 1825 SERV4_REWRITE_IP, 1826 SERV4_REWRITE_PORT, 1827 SERV4_IP, 1828 SERV4_PORT, 1829 NULL, 1830 ATTACH_REJECT, 1831 }, 1832 { 1833 SOCK_ADDR_TEST_GETSOCKNAME, 1834 "getsockname6: getsockname (stream)", 1835 getsockname_v6_prog_load, 1836 getsockname_v6_prog_destroy, 1837 BPF_CGROUP_INET6_GETSOCKNAME, 1838 &user_ops, 1839 AF_INET6, 1840 SOCK_STREAM, 1841 SERV6_REWRITE_IP, 1842 SERV6_REWRITE_PORT, 1843 SERV6_IP, 1844 SERV6_PORT, 1845 NULL, 1846 SUCCESS, 1847 }, 1848 { 1849 SOCK_ADDR_TEST_GETSOCKNAME, 1850 "getsockname6: getsockname (dgram)", 1851 getsockname_v6_prog_load, 1852 getsockname_v6_prog_destroy, 1853 BPF_CGROUP_INET6_GETSOCKNAME, 1854 &user_ops, 1855 AF_INET6, 1856 SOCK_DGRAM, 1857 SERV6_REWRITE_IP, 1858 SERV6_REWRITE_PORT, 1859 SERV6_IP, 1860 SERV6_PORT, 1861 NULL, 1862 SUCCESS, 1863 }, 1864 { 1865 SOCK_ADDR_TEST_GETSOCKNAME, 1866 "getsockname6: attach prog with wrong attach type", 1867 getsockname_v6_prog_load_raw, 1868 getsockname_v6_prog_destroy_raw, 1869 BPF_CGROUP_INET4_GETSOCKNAME, 1870 &user_ops, 1871 AF_INET6, 1872 SOCK_DGRAM, 1873 SERV6_REWRITE_IP, 1874 SERV6_REWRITE_PORT, 1875 SERV6_IP, 1876 SERV6_PORT, 1877 NULL, 1878 ATTACH_REJECT, 1879 }, 1880 { 1881 SOCK_ADDR_TEST_GETSOCKNAME, 1882 "getsockname_unix: getsockname", 1883 getsockname_unix_prog_load, 1884 getsockname_unix_prog_destroy, 1885 BPF_CGROUP_UNIX_GETSOCKNAME, 1886 &user_ops, 1887 AF_UNIX, 1888 SOCK_STREAM, 1889 SERVUN_ADDRESS, 1890 0, 1891 SERVUN_REWRITE_ADDRESS, 1892 0, 1893 NULL, 1894 SUCCESS, 1895 }, 1896 { 1897 SOCK_ADDR_TEST_GETSOCKNAME, 1898 "getsockname_unix: attach prog with wrong attach type", 1899 getsockname_unix_prog_load_raw, 1900 getsockname_unix_prog_destroy_raw, 1901 BPF_CGROUP_INET4_GETSOCKNAME, 1902 &user_ops, 1903 AF_UNIX, 1904 SOCK_STREAM, 1905 SERVUN_ADDRESS, 1906 0, 1907 SERVUN_REWRITE_ADDRESS, 1908 0, 1909 NULL, 1910 ATTACH_REJECT, 1911 }, 1912 1913 /* getsockname - kernel calls */ 1914 { 1915 SOCK_ADDR_TEST_GETSOCKNAME, 1916 "getsockname4: kernel_getsockname (stream)", 1917 getsockname_v4_prog_load, 1918 getsockname_v4_prog_destroy, 1919 BPF_CGROUP_INET4_GETSOCKNAME, 1920 &kern_ops_kernel_sendmsg, 1921 AF_INET, 1922 SOCK_STREAM, 1923 SERV4_REWRITE_IP, 1924 SERV4_REWRITE_PORT, 1925 SERV4_IP, 1926 SERV4_PORT, 1927 NULL, 1928 SUCCESS, 1929 }, 1930 { 1931 SOCK_ADDR_TEST_GETSOCKNAME, 1932 "getsockname4: kernel_getsockname (dgram)", 1933 getsockname_v4_prog_load, 1934 getsockname_v4_prog_destroy, 1935 BPF_CGROUP_INET4_GETSOCKNAME, 1936 &kern_ops_kernel_sendmsg, 1937 AF_INET, 1938 SOCK_DGRAM, 1939 SERV4_REWRITE_IP, 1940 SERV4_REWRITE_PORT, 1941 SERV4_IP, 1942 SERV4_PORT, 1943 NULL, 1944 SUCCESS, 1945 }, 1946 { 1947 SOCK_ADDR_TEST_GETSOCKNAME, 1948 "getsockname6: kernel_getsockname (stream)", 1949 getsockname_v6_prog_load, 1950 getsockname_v6_prog_destroy, 1951 BPF_CGROUP_INET6_GETSOCKNAME, 1952 &kern_ops_kernel_sendmsg, 1953 AF_INET6, 1954 SOCK_STREAM, 1955 SERV6_REWRITE_IP, 1956 SERV6_REWRITE_PORT, 1957 SERV6_IP, 1958 SERV6_PORT, 1959 NULL, 1960 SUCCESS, 1961 }, 1962 { 1963 SOCK_ADDR_TEST_GETSOCKNAME, 1964 "getsockname6: kernel_getsockname (dgram)", 1965 getsockname_v6_prog_load, 1966 getsockname_v6_prog_destroy, 1967 BPF_CGROUP_INET6_GETSOCKNAME, 1968 &kern_ops_kernel_sendmsg, 1969 AF_INET6, 1970 SOCK_DGRAM, 1971 SERV6_REWRITE_IP, 1972 SERV6_REWRITE_PORT, 1973 SERV6_IP, 1974 SERV6_PORT, 1975 NULL, 1976 SUCCESS, 1977 }, 1978 { 1979 SOCK_ADDR_TEST_GETSOCKNAME, 1980 "getsockname_unix: kernel_getsockname", 1981 getsockname_unix_prog_load, 1982 getsockname_unix_prog_destroy, 1983 BPF_CGROUP_UNIX_GETSOCKNAME, 1984 &kern_ops_kernel_sendmsg, 1985 AF_UNIX, 1986 SOCK_STREAM, 1987 SERVUN_ADDRESS, 1988 0, 1989 SERVUN_REWRITE_ADDRESS, 1990 0, 1991 NULL, 1992 SUCCESS, 1993 }, 1994 1995 /* getpeername - system calls */ 1996 { 1997 SOCK_ADDR_TEST_GETPEERNAME, 1998 "getpeername4: getpeername (stream)", 1999 getpeername_v4_prog_load, 2000 getpeername_v4_prog_destroy, 2001 BPF_CGROUP_INET4_GETPEERNAME, 2002 &user_ops, 2003 AF_INET, 2004 SOCK_STREAM, 2005 SERV4_REWRITE_IP, 2006 SERV4_REWRITE_PORT, 2007 SERV4_IP, 2008 SERV4_PORT, 2009 NULL, 2010 SUCCESS, 2011 }, 2012 { 2013 SOCK_ADDR_TEST_GETPEERNAME, 2014 "getpeername4: getpeername (dgram)", 2015 getpeername_v4_prog_load, 2016 getpeername_v4_prog_destroy, 2017 BPF_CGROUP_INET4_GETPEERNAME, 2018 &user_ops, 2019 AF_INET, 2020 SOCK_DGRAM, 2021 SERV4_REWRITE_IP, 2022 SERV4_REWRITE_PORT, 2023 SERV4_IP, 2024 SERV4_PORT, 2025 NULL, 2026 SUCCESS, 2027 }, 2028 { 2029 SOCK_ADDR_TEST_GETPEERNAME, 2030 "getpeername4: attach prog with wrong attach type", 2031 getpeername_v4_prog_load_raw, 2032 getpeername_v4_prog_destroy_raw, 2033 BPF_CGROUP_INET6_GETSOCKNAME, 2034 &user_ops, 2035 AF_UNIX, 2036 SOCK_DGRAM, 2037 SERV4_REWRITE_IP, 2038 SERV4_REWRITE_PORT, 2039 SERV4_IP, 2040 SERV4_PORT, 2041 NULL, 2042 ATTACH_REJECT, 2043 }, 2044 { 2045 SOCK_ADDR_TEST_GETPEERNAME, 2046 "getpeername6: getpeername (stream)", 2047 getpeername_v6_prog_load, 2048 getpeername_v6_prog_destroy, 2049 BPF_CGROUP_INET6_GETPEERNAME, 2050 &user_ops, 2051 AF_INET6, 2052 SOCK_STREAM, 2053 SERV6_REWRITE_IP, 2054 SERV6_REWRITE_PORT, 2055 SERV6_IP, 2056 SERV6_PORT, 2057 NULL, 2058 SUCCESS, 2059 }, 2060 { 2061 SOCK_ADDR_TEST_GETPEERNAME, 2062 "getpeername6: getpeername (dgram)", 2063 getpeername_v6_prog_load, 2064 getpeername_v6_prog_destroy, 2065 BPF_CGROUP_INET6_GETPEERNAME, 2066 &user_ops, 2067 AF_INET6, 2068 SOCK_DGRAM, 2069 SERV6_REWRITE_IP, 2070 SERV6_REWRITE_PORT, 2071 SERV6_IP, 2072 SERV6_PORT, 2073 NULL, 2074 SUCCESS, 2075 }, 2076 { 2077 SOCK_ADDR_TEST_GETPEERNAME, 2078 "getpeername6: attach prog with wrong attach type", 2079 getpeername_v6_prog_load_raw, 2080 getpeername_v6_prog_destroy_raw, 2081 BPF_CGROUP_INET4_GETSOCKNAME, 2082 &user_ops, 2083 AF_INET6, 2084 SOCK_DGRAM, 2085 SERV6_REWRITE_IP, 2086 SERV6_REWRITE_PORT, 2087 SERV6_IP, 2088 SERV6_PORT, 2089 NULL, 2090 ATTACH_REJECT, 2091 }, 2092 { 2093 SOCK_ADDR_TEST_GETPEERNAME, 2094 "getpeername_unix: getpeername", 2095 getpeername_unix_prog_load, 2096 getpeername_unix_prog_destroy, 2097 BPF_CGROUP_UNIX_GETPEERNAME, 2098 &user_ops, 2099 AF_UNIX, 2100 SOCK_STREAM, 2101 SERVUN_ADDRESS, 2102 0, 2103 SERVUN_REWRITE_ADDRESS, 2104 0, 2105 NULL, 2106 SUCCESS, 2107 }, 2108 { 2109 SOCK_ADDR_TEST_GETPEERNAME, 2110 "getpeername_unix: attach prog with wrong attach type", 2111 getpeername_unix_prog_load_raw, 2112 getpeername_unix_prog_destroy_raw, 2113 BPF_CGROUP_INET4_GETSOCKNAME, 2114 &user_ops, 2115 AF_UNIX, 2116 SOCK_STREAM, 2117 SERVUN_ADDRESS, 2118 0, 2119 SERVUN_REWRITE_ADDRESS, 2120 0, 2121 NULL, 2122 ATTACH_REJECT, 2123 }, 2124 2125 /* getpeername - kernel calls */ 2126 { 2127 SOCK_ADDR_TEST_GETPEERNAME, 2128 "getpeername4: kernel_getpeername (stream)", 2129 getpeername_v4_prog_load, 2130 getpeername_v4_prog_destroy, 2131 BPF_CGROUP_INET4_GETPEERNAME, 2132 &kern_ops_kernel_sendmsg, 2133 AF_INET, 2134 SOCK_STREAM, 2135 SERV4_REWRITE_IP, 2136 SERV4_REWRITE_PORT, 2137 SERV4_IP, 2138 SERV4_PORT, 2139 NULL, 2140 SUCCESS, 2141 }, 2142 { 2143 SOCK_ADDR_TEST_GETPEERNAME, 2144 "getpeername4: kernel_getpeername (dgram)", 2145 getpeername_v4_prog_load, 2146 getpeername_v4_prog_destroy, 2147 BPF_CGROUP_INET4_GETPEERNAME, 2148 &kern_ops_kernel_sendmsg, 2149 AF_INET, 2150 SOCK_DGRAM, 2151 SERV4_REWRITE_IP, 2152 SERV4_REWRITE_PORT, 2153 SERV4_IP, 2154 SERV4_PORT, 2155 NULL, 2156 SUCCESS, 2157 }, 2158 { 2159 SOCK_ADDR_TEST_GETPEERNAME, 2160 "getpeername6: kernel_getpeername (stream)", 2161 getpeername_v6_prog_load, 2162 getpeername_v6_prog_destroy, 2163 BPF_CGROUP_INET6_GETPEERNAME, 2164 &kern_ops_kernel_sendmsg, 2165 AF_INET6, 2166 SOCK_STREAM, 2167 SERV6_REWRITE_IP, 2168 SERV6_REWRITE_PORT, 2169 SERV6_IP, 2170 SERV6_PORT, 2171 NULL, 2172 SUCCESS, 2173 }, 2174 { 2175 SOCK_ADDR_TEST_GETPEERNAME, 2176 "getpeername6: kernel_getpeername (dgram)", 2177 getpeername_v6_prog_load, 2178 getpeername_v6_prog_destroy, 2179 BPF_CGROUP_INET6_GETPEERNAME, 2180 &kern_ops_kernel_sendmsg, 2181 AF_INET6, 2182 SOCK_DGRAM, 2183 SERV6_REWRITE_IP, 2184 SERV6_REWRITE_PORT, 2185 SERV6_IP, 2186 SERV6_PORT, 2187 NULL, 2188 SUCCESS, 2189 }, 2190 { 2191 SOCK_ADDR_TEST_GETPEERNAME, 2192 "getpeername_unix: kernel_getpeername", 2193 getpeername_unix_prog_load, 2194 getpeername_unix_prog_destroy, 2195 BPF_CGROUP_UNIX_GETPEERNAME, 2196 &kern_ops_kernel_sendmsg, 2197 AF_UNIX, 2198 SOCK_STREAM, 2199 SERVUN_ADDRESS, 2200 0, 2201 SERVUN_REWRITE_ADDRESS, 2202 0, 2203 NULL, 2204 SUCCESS, 2205 }, 2206 }; 2207 2208 typedef int (*info_fn)(int, struct sockaddr *, socklen_t *); 2209 2210 static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len, 2211 const struct sockaddr_storage *addr2, socklen_t addr2_len, 2212 bool cmp_port) 2213 { 2214 const struct sockaddr_in *four1, *four2; 2215 const struct sockaddr_in6 *six1, *six2; 2216 const struct sockaddr_un *un1, *un2; 2217 2218 if (addr1->ss_family != addr2->ss_family) 2219 return -1; 2220 2221 if (addr1_len != addr2_len) 2222 return -1; 2223 2224 if (addr1->ss_family == AF_INET) { 2225 four1 = (const struct sockaddr_in *)addr1; 2226 four2 = (const struct sockaddr_in *)addr2; 2227 return !((four1->sin_port == four2->sin_port || !cmp_port) && 2228 four1->sin_addr.s_addr == four2->sin_addr.s_addr); 2229 } else if (addr1->ss_family == AF_INET6) { 2230 six1 = (const struct sockaddr_in6 *)addr1; 2231 six2 = (const struct sockaddr_in6 *)addr2; 2232 return !((six1->sin6_port == six2->sin6_port || !cmp_port) && 2233 !memcmp(&six1->sin6_addr, &six2->sin6_addr, 2234 sizeof(struct in6_addr))); 2235 } else if (addr1->ss_family == AF_UNIX) { 2236 un1 = (const struct sockaddr_un *)addr1; 2237 un2 = (const struct sockaddr_un *)addr2; 2238 return memcmp(un1, un2, addr1_len); 2239 } 2240 2241 return -1; 2242 } 2243 2244 static int cmp_sock_addr(info_fn fn, int sock1, 2245 const struct sockaddr_storage *addr2, 2246 socklen_t addr2_len, bool cmp_port) 2247 { 2248 struct sockaddr_storage addr1; 2249 socklen_t len1 = sizeof(addr1); 2250 2251 memset(&addr1, 0, len1); 2252 if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0) 2253 return -1; 2254 2255 return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port); 2256 } 2257 2258 static int load_sock_addr_kern(void) 2259 { 2260 int err; 2261 2262 skel = sock_addr_kern__open_and_load(); 2263 if (!ASSERT_OK_PTR(skel, "skel")) 2264 goto err; 2265 2266 err = 0; 2267 goto out; 2268 err: 2269 err = -1; 2270 out: 2271 return err; 2272 } 2273 2274 static void unload_sock_addr_kern(void) 2275 { 2276 sock_addr_kern__destroy(skel); 2277 } 2278 2279 static int test_bind(struct sock_addr_test *test) 2280 { 2281 struct sockaddr_storage expected_addr; 2282 socklen_t expected_addr_len = sizeof(struct sockaddr_storage); 2283 int serv = -1, client = -1, err; 2284 2285 serv = test->ops->start_server(test->socket_family, test->socket_type, 2286 test->requested_addr, 2287 test->requested_port, 0); 2288 if (serv < 0) { 2289 err = errno; 2290 goto err; 2291 } 2292 2293 err = make_sockaddr(test->socket_family, 2294 test->expected_addr, test->expected_port, 2295 &expected_addr, &expected_addr_len); 2296 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2297 goto cleanup; 2298 2299 err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, 2300 expected_addr_len, true); 2301 if (!ASSERT_EQ(err, 0, "cmp_local_addr")) 2302 goto cleanup; 2303 2304 /* Try to connect to server just in case */ 2305 client = connect_to_addr(test->socket_type, &expected_addr, expected_addr_len, NULL); 2306 if (!ASSERT_GE(client, 0, "connect_to_addr")) 2307 goto cleanup; 2308 2309 cleanup: 2310 err = 0; 2311 err: 2312 if (client != -1) 2313 close(client); 2314 if (serv != -1) 2315 test->ops->close(serv); 2316 2317 return err; 2318 } 2319 2320 static int test_connect(struct sock_addr_test *test) 2321 { 2322 struct sockaddr_storage addr, expected_addr, expected_src_addr; 2323 socklen_t addr_len = sizeof(struct sockaddr_storage), 2324 expected_addr_len = sizeof(struct sockaddr_storage), 2325 expected_src_addr_len = sizeof(struct sockaddr_storage); 2326 int serv = -1, client = -1, err; 2327 2328 serv = start_server(test->socket_family, test->socket_type, 2329 test->expected_addr, test->expected_port, 0); 2330 if (!ASSERT_GE(serv, 0, "start_server")) 2331 goto cleanup; 2332 2333 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, 2334 &addr, &addr_len); 2335 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2336 goto cleanup; 2337 2338 client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len, 2339 NULL); 2340 if (client < 0) { 2341 err = errno; 2342 goto err; 2343 } 2344 2345 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, 2346 &expected_addr, &expected_addr_len); 2347 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2348 goto cleanup; 2349 2350 if (test->expected_src_addr) { 2351 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0, 2352 &expected_src_addr, &expected_src_addr_len); 2353 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2354 goto cleanup; 2355 } 2356 2357 err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr, 2358 expected_addr_len, true); 2359 if (!ASSERT_EQ(err, 0, "cmp_peer_addr")) 2360 goto cleanup; 2361 2362 if (test->expected_src_addr) { 2363 err = cmp_sock_addr(test->ops->getsockname, client, 2364 &expected_src_addr, expected_src_addr_len, 2365 false); 2366 if (!ASSERT_EQ(err, 0, "cmp_local_addr")) 2367 goto cleanup; 2368 } 2369 cleanup: 2370 err = 0; 2371 err: 2372 if (client != -1) 2373 test->ops->close(client); 2374 if (serv != -1) 2375 close(serv); 2376 2377 return err; 2378 } 2379 2380 static int test_xmsg(struct sock_addr_test *test) 2381 { 2382 struct sockaddr_storage addr, src_addr; 2383 socklen_t addr_len = sizeof(struct sockaddr_storage), 2384 src_addr_len = sizeof(struct sockaddr_storage); 2385 char data = 'a'; 2386 int serv = -1, client = -1, err; 2387 2388 /* Unlike the other tests, here we test that we can rewrite the src addr 2389 * with a recvmsg() hook. 2390 */ 2391 2392 serv = start_server(test->socket_family, test->socket_type, 2393 test->expected_addr, test->expected_port, 0); 2394 if (!ASSERT_GE(serv, 0, "start_server")) 2395 goto cleanup; 2396 2397 client = test->ops->socket(test->socket_family, test->socket_type, 0); 2398 if (!ASSERT_GE(client, 0, "socket")) 2399 goto cleanup; 2400 2401 /* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */ 2402 if (test->socket_family == AF_UNIX) { 2403 err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len); 2404 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2405 goto cleanup; 2406 2407 err = test->ops->bind(client, (struct sockaddr *)&src_addr, 2408 src_addr_len); 2409 if (!ASSERT_OK(err, "bind")) 2410 goto cleanup; 2411 } 2412 2413 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, 2414 &addr, &addr_len); 2415 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2416 goto cleanup; 2417 2418 if (test->socket_type == SOCK_DGRAM) { 2419 err = test->ops->sendmsg(client, (struct sockaddr *)&addr, 2420 addr_len, &data, sizeof(data)); 2421 if (err < 0) { 2422 err = errno; 2423 goto err; 2424 } 2425 2426 if (!ASSERT_EQ(err, sizeof(data), "sendmsg")) 2427 goto cleanup; 2428 } else { 2429 /* Testing with connection-oriented sockets is only valid for 2430 * recvmsg() tests. 2431 */ 2432 if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg")) 2433 goto cleanup; 2434 2435 err = connect(client, (const struct sockaddr *)&addr, addr_len); 2436 if (!ASSERT_OK(err, "connect")) 2437 goto cleanup; 2438 2439 err = send(client, &data, sizeof(data), 0); 2440 if (!ASSERT_EQ(err, sizeof(data), "send")) 2441 goto cleanup; 2442 2443 err = listen(serv, 0); 2444 if (!ASSERT_OK(err, "listen")) 2445 goto cleanup; 2446 2447 err = accept(serv, NULL, NULL); 2448 if (!ASSERT_GE(err, 0, "accept")) 2449 goto cleanup; 2450 2451 close(serv); 2452 serv = err; 2453 } 2454 2455 addr_len = src_addr_len = sizeof(struct sockaddr_storage); 2456 2457 err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len); 2458 if (!ASSERT_EQ(err, sizeof(data), "recvfrom")) 2459 goto cleanup; 2460 2461 ASSERT_EQ(data, 'a', "data mismatch"); 2462 2463 if (test->expected_src_addr) { 2464 err = make_sockaddr(test->socket_family, test->expected_src_addr, 0, 2465 &addr, &addr_len); 2466 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2467 goto cleanup; 2468 2469 err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false); 2470 if (!ASSERT_EQ(err, 0, "cmp_addr")) 2471 goto cleanup; 2472 } 2473 2474 cleanup: 2475 err = 0; 2476 err: 2477 if (client != -1) 2478 test->ops->close(client); 2479 if (serv != -1) 2480 close(serv); 2481 2482 return err; 2483 } 2484 2485 static int test_getsockname(struct sock_addr_test *test) 2486 { 2487 struct sockaddr_storage expected_addr; 2488 socklen_t expected_addr_len = sizeof(struct sockaddr_storage); 2489 int serv = -1, err; 2490 2491 serv = test->ops->start_server(test->socket_family, test->socket_type, 2492 test->requested_addr, test->requested_port, 0); 2493 if (!ASSERT_GE(serv, 0, "start_server")) 2494 goto cleanup; 2495 2496 err = make_sockaddr(test->socket_family, 2497 test->expected_addr, test->expected_port, 2498 &expected_addr, &expected_addr_len); 2499 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2500 goto cleanup; 2501 2502 err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true); 2503 if (!ASSERT_EQ(err, 0, "cmp_local_addr")) 2504 goto cleanup; 2505 2506 cleanup: 2507 if (serv != -1) 2508 test->ops->close(serv); 2509 2510 return 0; 2511 } 2512 2513 static int test_getpeername(struct sock_addr_test *test) 2514 { 2515 struct sockaddr_storage addr, expected_addr; 2516 socklen_t addr_len = sizeof(struct sockaddr_storage), 2517 expected_addr_len = sizeof(struct sockaddr_storage); 2518 int serv = -1, client = -1, err; 2519 2520 serv = start_server(test->socket_family, test->socket_type, 2521 test->requested_addr, test->requested_port, 0); 2522 if (!ASSERT_GE(serv, 0, "start_server")) 2523 goto cleanup; 2524 2525 err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port, 2526 &addr, &addr_len); 2527 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2528 goto cleanup; 2529 2530 client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len, 2531 NULL); 2532 if (!ASSERT_GE(client, 0, "connect_to_addr")) 2533 goto cleanup; 2534 2535 err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port, 2536 &expected_addr, &expected_addr_len); 2537 if (!ASSERT_EQ(err, 0, "make_sockaddr")) 2538 goto cleanup; 2539 2540 err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr, 2541 expected_addr_len, true); 2542 if (!ASSERT_EQ(err, 0, "cmp_peer_addr")) 2543 goto cleanup; 2544 2545 cleanup: 2546 if (client != -1) 2547 test->ops->close(client); 2548 if (serv != -1) 2549 close(serv); 2550 2551 return 0; 2552 } 2553 2554 static int setup_test_env(struct nstoken **tok) 2555 { 2556 int err; 2557 2558 SYS_NOFAIL("ip netns delete %s", TEST_NS); 2559 SYS(fail, "ip netns add %s", TEST_NS); 2560 *tok = open_netns(TEST_NS); 2561 if (!ASSERT_OK_PTR(*tok, "netns token")) 2562 goto fail; 2563 2564 SYS(fail, "ip link add dev %s1 type veth peer name %s2", TEST_IF_PREFIX, 2565 TEST_IF_PREFIX); 2566 SYS(fail, "ip link set lo up"); 2567 SYS(fail, "ip link set %s1 up", TEST_IF_PREFIX); 2568 SYS(fail, "ip link set %s2 up", TEST_IF_PREFIX); 2569 SYS(fail, "ip -4 addr add %s/8 dev %s1", TEST_IPV4, TEST_IF_PREFIX); 2570 SYS(fail, "ip -6 addr add %s/128 nodad dev %s1", TEST_IPV6, TEST_IF_PREFIX); 2571 2572 err = 0; 2573 goto out; 2574 fail: 2575 err = -1; 2576 close_netns(*tok); 2577 *tok = NULL; 2578 SYS_NOFAIL("ip netns delete %s", TEST_NS); 2579 out: 2580 return err; 2581 } 2582 2583 static void cleanup_test_env(struct nstoken *tok) 2584 { 2585 close_netns(tok); 2586 SYS_NOFAIL("ip netns delete %s", TEST_NS); 2587 } 2588 2589 void test_sock_addr(void) 2590 { 2591 struct nstoken *tok = NULL; 2592 int cgroup_fd = -1; 2593 void *skel; 2594 2595 cgroup_fd = test__join_cgroup("/sock_addr"); 2596 if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup")) 2597 goto cleanup; 2598 2599 if (!ASSERT_OK(setup_test_env(&tok), "setup_test_env")) 2600 goto cleanup; 2601 2602 if (!ASSERT_OK(load_sock_addr_kern(), "load_sock_addr_kern")) 2603 goto cleanup; 2604 2605 for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) { 2606 struct sock_addr_test *test = &tests[i]; 2607 int err; 2608 2609 if (!test__start_subtest(test->name)) 2610 continue; 2611 2612 skel = test->loadfn(cgroup_fd, test->attach_type, 2613 test->expected_result == LOAD_REJECT || 2614 test->expected_result == ATTACH_REJECT); 2615 if (!skel) 2616 continue; 2617 2618 switch (test->type) { 2619 /* Not exercised yet but we leave this code here for when the 2620 * INET and INET6 sockaddr tests are migrated to this file in 2621 * the future. 2622 */ 2623 case SOCK_ADDR_TEST_BIND: 2624 err = test_bind(test); 2625 break; 2626 case SOCK_ADDR_TEST_CONNECT: 2627 err = test_connect(test); 2628 break; 2629 case SOCK_ADDR_TEST_SENDMSG: 2630 case SOCK_ADDR_TEST_RECVMSG: 2631 err = test_xmsg(test); 2632 break; 2633 case SOCK_ADDR_TEST_GETSOCKNAME: 2634 err = test_getsockname(test); 2635 break; 2636 case SOCK_ADDR_TEST_GETPEERNAME: 2637 err = test_getpeername(test); 2638 break; 2639 default: 2640 ASSERT_TRUE(false, "Unknown sock addr test type"); 2641 err = -EINVAL; 2642 break; 2643 } 2644 2645 if (test->expected_result == SYSCALL_EPERM) 2646 ASSERT_EQ(err, EPERM, "socket operation returns EPERM"); 2647 else if (test->expected_result == SYSCALL_ENOTSUPP) 2648 ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP"); 2649 else if (test->expected_result == SUCCESS) 2650 ASSERT_OK(err, "socket operation succeeds"); 2651 2652 test->destroyfn(skel); 2653 } 2654 2655 cleanup: 2656 unload_sock_addr_kern(); 2657 cleanup_test_env(tok); 2658 if (cgroup_fd >= 0) 2659 close(cgroup_fd); 2660 } 2661