1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) Meta Platforms, Inc. and affiliates. */ 3 4 #include "vmlinux.h" 5 #include "bpf_tracing_net.h" 6 #include <bpf/bpf_core_read.h> 7 #include <bpf/bpf_helpers.h> 8 #include <bpf/bpf_tracing.h> 9 #include "bpf_misc.h" 10 11 extern unsigned long CONFIG_HZ __kconfig; 12 13 const volatile char veth[IFNAMSIZ]; 14 const volatile int veth_ifindex; 15 16 int nr_listen; 17 int nr_passive; 18 int nr_active; 19 int nr_connect; 20 int nr_binddev; 21 int nr_socket_post_create; 22 int nr_fin_wait1; 23 24 struct sockopt_test { 25 int opt; 26 int new; 27 int restore; 28 int expected; 29 int tcp_expected; 30 unsigned int flip:1; 31 }; 32 33 static const char not_exist_cc[] = "not_exist"; 34 static const char cubic_cc[] = "cubic"; 35 static const char reno_cc[] = "reno"; 36 37 static const struct sockopt_test sol_socket_tests[] = { 38 { .opt = SO_REUSEADDR, .flip = 1, }, 39 { .opt = SO_SNDBUF, .new = 8123, .expected = 8123 * 2, }, 40 { .opt = SO_RCVBUF, .new = 8123, .expected = 8123 * 2, }, 41 { .opt = SO_KEEPALIVE, .flip = 1, }, 42 { .opt = SO_PRIORITY, .new = 0xeb9f, .expected = 0xeb9f, }, 43 { .opt = SO_REUSEPORT, .flip = 1, }, 44 { .opt = SO_RCVLOWAT, .new = 8123, .expected = 8123, }, 45 { .opt = SO_MARK, .new = 0xeb9f, .expected = 0xeb9f, }, 46 { .opt = SO_MAX_PACING_RATE, .new = 0xeb9f, .expected = 0xeb9f, }, 47 { .opt = SO_TXREHASH, .flip = 1, }, 48 { .opt = 0, }, 49 }; 50 51 static const struct sockopt_test sol_tcp_tests[] = { 52 { .opt = TCP_NODELAY, .flip = 1, }, 53 { .opt = TCP_KEEPIDLE, .new = 123, .expected = 123, .restore = 321, }, 54 { .opt = TCP_KEEPINTVL, .new = 123, .expected = 123, .restore = 321, }, 55 { .opt = TCP_KEEPCNT, .new = 123, .expected = 123, .restore = 124, }, 56 { .opt = TCP_SYNCNT, .new = 123, .expected = 123, .restore = 124, }, 57 { .opt = TCP_WINDOW_CLAMP, .new = 8123, .expected = 8123, .restore = 8124, }, 58 { .opt = TCP_CONGESTION, }, 59 { .opt = TCP_THIN_LINEAR_TIMEOUTS, .flip = 1, }, 60 { .opt = TCP_USER_TIMEOUT, .new = 123400, .expected = 123400, }, 61 { .opt = TCP_NOTSENT_LOWAT, .new = 1314, .expected = 1314, }, 62 { .opt = 0, }, 63 }; 64 65 static const struct sockopt_test sol_ip_tests[] = { 66 { .opt = IP_TOS, .new = 0xe1, .expected = 0xe1, .tcp_expected = 0xe0, }, 67 { .opt = 0, }, 68 }; 69 70 static const struct sockopt_test sol_ipv6_tests[] = { 71 { .opt = IPV6_TCLASS, .new = 0xe1, .expected = 0xe1, .tcp_expected = 0xe0, }, 72 { .opt = IPV6_AUTOFLOWLABEL, .flip = 1, }, 73 { .opt = 0, }, 74 }; 75 76 struct loop_ctx { 77 void *ctx; 78 struct sock *sk; 79 }; 80 81 static int bpf_test_sockopt_flip(void *ctx, struct sock *sk, 82 const struct sockopt_test *t, 83 int level) 84 { 85 int old, tmp, new, opt = t->opt; 86 87 opt = t->opt; 88 89 if (bpf_getsockopt(ctx, level, opt, &old, sizeof(old))) 90 return 1; 91 /* kernel initialized txrehash to 255 */ 92 if (level == SOL_SOCKET && opt == SO_TXREHASH && old != 0 && old != 1) 93 old = 1; 94 95 new = !old; 96 if (bpf_setsockopt(ctx, level, opt, &new, sizeof(new))) 97 return 1; 98 if (bpf_getsockopt(ctx, level, opt, &tmp, sizeof(tmp)) || 99 tmp != new) 100 return 1; 101 102 if (bpf_setsockopt(ctx, level, opt, &old, sizeof(old))) 103 return 1; 104 105 return 0; 106 } 107 108 static int bpf_test_sockopt_int(void *ctx, struct sock *sk, 109 const struct sockopt_test *t, 110 int level) 111 { 112 int old, tmp, new, expected, opt; 113 114 opt = t->opt; 115 new = t->new; 116 if (sk->sk_type == SOCK_STREAM && t->tcp_expected) 117 expected = t->tcp_expected; 118 else 119 expected = t->expected; 120 121 if (bpf_getsockopt(ctx, level, opt, &old, sizeof(old)) || 122 old == new) 123 return 1; 124 125 if (bpf_setsockopt(ctx, level, opt, &new, sizeof(new))) 126 return 1; 127 if (bpf_getsockopt(ctx, level, opt, &tmp, sizeof(tmp)) || 128 tmp != expected) 129 return 1; 130 131 if (t->restore) 132 old = t->restore; 133 if (bpf_setsockopt(ctx, level, opt, &old, sizeof(old))) 134 return 1; 135 136 return 0; 137 } 138 139 static int bpf_test_socket_sockopt(__u32 i, struct loop_ctx *lc) 140 { 141 const struct sockopt_test *t; 142 143 if (i >= ARRAY_SIZE(sol_socket_tests)) 144 return 1; 145 146 t = &sol_socket_tests[i]; 147 if (!t->opt) 148 return 1; 149 150 if (t->flip) 151 return bpf_test_sockopt_flip(lc->ctx, lc->sk, t, SOL_SOCKET); 152 153 return bpf_test_sockopt_int(lc->ctx, lc->sk, t, SOL_SOCKET); 154 } 155 156 static int bpf_test_ip_sockopt(__u32 i, struct loop_ctx *lc) 157 { 158 const struct sockopt_test *t; 159 160 if (i >= ARRAY_SIZE(sol_ip_tests)) 161 return 1; 162 163 t = &sol_ip_tests[i]; 164 if (!t->opt) 165 return 1; 166 167 if (t->flip) 168 return bpf_test_sockopt_flip(lc->ctx, lc->sk, t, IPPROTO_IP); 169 170 return bpf_test_sockopt_int(lc->ctx, lc->sk, t, IPPROTO_IP); 171 } 172 173 static int bpf_test_ipv6_sockopt(__u32 i, struct loop_ctx *lc) 174 { 175 const struct sockopt_test *t; 176 177 if (i >= ARRAY_SIZE(sol_ipv6_tests)) 178 return 1; 179 180 t = &sol_ipv6_tests[i]; 181 if (!t->opt) 182 return 1; 183 184 if (t->flip) 185 return bpf_test_sockopt_flip(lc->ctx, lc->sk, t, IPPROTO_IPV6); 186 187 return bpf_test_sockopt_int(lc->ctx, lc->sk, t, IPPROTO_IPV6); 188 } 189 190 static int bpf_test_tcp_sockopt(__u32 i, struct loop_ctx *lc) 191 { 192 const struct sockopt_test *t; 193 struct sock *sk; 194 void *ctx; 195 196 if (i >= ARRAY_SIZE(sol_tcp_tests)) 197 return 1; 198 199 t = &sol_tcp_tests[i]; 200 if (!t->opt) 201 return 1; 202 203 ctx = lc->ctx; 204 sk = lc->sk; 205 206 if (t->opt == TCP_CONGESTION) { 207 char old_cc[16], tmp_cc[16]; 208 const char *new_cc; 209 int new_cc_len; 210 211 if (!bpf_setsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, 212 (void *)not_exist_cc, sizeof(not_exist_cc))) 213 return 1; 214 if (bpf_getsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, old_cc, sizeof(old_cc))) 215 return 1; 216 if (!bpf_strncmp(old_cc, sizeof(old_cc), cubic_cc)) { 217 new_cc = reno_cc; 218 new_cc_len = sizeof(reno_cc); 219 } else { 220 new_cc = cubic_cc; 221 new_cc_len = sizeof(cubic_cc); 222 } 223 if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, (void *)new_cc, 224 new_cc_len)) 225 return 1; 226 if (bpf_getsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, tmp_cc, sizeof(tmp_cc))) 227 return 1; 228 if (bpf_strncmp(tmp_cc, sizeof(tmp_cc), new_cc)) 229 return 1; 230 if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, old_cc, sizeof(old_cc))) 231 return 1; 232 return 0; 233 } 234 235 if (t->flip) 236 return bpf_test_sockopt_flip(ctx, sk, t, IPPROTO_TCP); 237 238 return bpf_test_sockopt_int(ctx, sk, t, IPPROTO_TCP); 239 } 240 241 static int bpf_test_sockopt(void *ctx, struct sock *sk) 242 { 243 struct loop_ctx lc = { .ctx = ctx, .sk = sk, }; 244 __u16 family, proto; 245 int n; 246 247 family = sk->sk_family; 248 proto = sk->sk_protocol; 249 250 n = bpf_loop(ARRAY_SIZE(sol_socket_tests), bpf_test_socket_sockopt, &lc, 0); 251 if (n != ARRAY_SIZE(sol_socket_tests)) 252 return -1; 253 254 if (proto == IPPROTO_TCP) { 255 n = bpf_loop(ARRAY_SIZE(sol_tcp_tests), bpf_test_tcp_sockopt, &lc, 0); 256 if (n != ARRAY_SIZE(sol_tcp_tests)) 257 return -1; 258 } 259 260 if (family == AF_INET) { 261 n = bpf_loop(ARRAY_SIZE(sol_ip_tests), bpf_test_ip_sockopt, &lc, 0); 262 if (n != ARRAY_SIZE(sol_ip_tests)) 263 return -1; 264 } else { 265 n = bpf_loop(ARRAY_SIZE(sol_ipv6_tests), bpf_test_ipv6_sockopt, &lc, 0); 266 if (n != ARRAY_SIZE(sol_ipv6_tests)) 267 return -1; 268 } 269 270 return 0; 271 } 272 273 static int binddev_test(void *ctx) 274 { 275 const char empty_ifname[] = ""; 276 int ifindex, zero = 0; 277 278 if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE, 279 (void *)veth, sizeof(veth))) 280 return -1; 281 if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 282 &ifindex, sizeof(int)) || 283 ifindex != veth_ifindex) 284 return -1; 285 286 if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE, 287 (void *)empty_ifname, sizeof(empty_ifname))) 288 return -1; 289 if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 290 &ifindex, sizeof(int)) || 291 ifindex != 0) 292 return -1; 293 294 if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 295 (void *)&veth_ifindex, sizeof(int))) 296 return -1; 297 if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 298 &ifindex, sizeof(int)) || 299 ifindex != veth_ifindex) 300 return -1; 301 302 if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 303 &zero, sizeof(int))) 304 return -1; 305 if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX, 306 &ifindex, sizeof(int)) || 307 ifindex != 0) 308 return -1; 309 310 return 0; 311 } 312 313 static int test_tcp_maxseg(void *ctx, struct sock *sk) 314 { 315 int val = 1314, tmp; 316 317 if (sk->sk_state != TCP_ESTABLISHED) 318 return bpf_setsockopt(ctx, IPPROTO_TCP, TCP_MAXSEG, 319 &val, sizeof(val)); 320 321 if (bpf_getsockopt(ctx, IPPROTO_TCP, TCP_MAXSEG, &tmp, sizeof(tmp)) || 322 tmp > val) 323 return -1; 324 325 return 0; 326 } 327 328 static int test_tcp_saved_syn(void *ctx, struct sock *sk) 329 { 330 __u8 saved_syn[20]; 331 int one = 1; 332 333 if (sk->sk_state == TCP_LISTEN) 334 return bpf_setsockopt(ctx, IPPROTO_TCP, TCP_SAVE_SYN, 335 &one, sizeof(one)); 336 337 return bpf_getsockopt(ctx, IPPROTO_TCP, TCP_SAVED_SYN, 338 saved_syn, sizeof(saved_syn)); 339 } 340 341 SEC("lsm_cgroup/socket_post_create") 342 int BPF_PROG(socket_post_create, struct socket *sock, int family, 343 int type, int protocol, int kern) 344 { 345 struct sock *sk = sock->sk; 346 347 if (!sk) 348 return 1; 349 350 nr_socket_post_create += !bpf_test_sockopt(sk, sk); 351 nr_binddev += !binddev_test(sk); 352 353 return 1; 354 } 355 356 SEC("sockops") 357 int skops_sockopt(struct bpf_sock_ops *skops) 358 { 359 struct bpf_sock *bpf_sk = skops->sk; 360 struct sock *sk; 361 362 if (!bpf_sk) 363 return 1; 364 365 sk = (struct sock *)bpf_skc_to_tcp_sock(bpf_sk); 366 if (!sk) 367 return 1; 368 369 switch (skops->op) { 370 case BPF_SOCK_OPS_TCP_LISTEN_CB: 371 nr_listen += !(bpf_test_sockopt(skops, sk) || 372 test_tcp_maxseg(skops, sk) || 373 test_tcp_saved_syn(skops, sk)); 374 break; 375 case BPF_SOCK_OPS_TCP_CONNECT_CB: 376 nr_connect += !(bpf_test_sockopt(skops, sk) || 377 test_tcp_maxseg(skops, sk)); 378 break; 379 case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB: 380 nr_active += !(bpf_test_sockopt(skops, sk) || 381 test_tcp_maxseg(skops, sk)); 382 break; 383 case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB: 384 nr_passive += !(bpf_test_sockopt(skops, sk) || 385 test_tcp_maxseg(skops, sk) || 386 test_tcp_saved_syn(skops, sk)); 387 bpf_sock_ops_cb_flags_set(skops, 388 skops->bpf_sock_ops_cb_flags | 389 BPF_SOCK_OPS_STATE_CB_FLAG); 390 break; 391 case BPF_SOCK_OPS_STATE_CB: 392 if (skops->args[1] == BPF_TCP_CLOSE_WAIT) 393 nr_fin_wait1 += !bpf_test_sockopt(skops, sk); 394 break; 395 } 396 397 return 1; 398 } 399 400 char _license[] SEC("license") = "GPL"; 401