This patch verifies the struct member token of struct mptcp_sock. Add a
new member token in struct mptcp_storage to store the token value of the
msk socket got by bpf_skc_to_mptcp_sock(). Trace the kernel function
mptcp_pm_new_connection() by using bpf fentry prog to obtain the msk token
and save it in a global bpf variable. Pass the variable to verify_msk() to
verify it with the token saved in socket_storage_map.
v4:
- use ASSERT_* instead of CHECK_FAIL (Andrii)
- skip the test if 'ip mptcp monitor' is not supported (Mat)
v5:
- Drop 'ip mptcp monitor', trace mptcp_pm_new_connection instead (Martin)
- Use ASSERT_EQ (Andrii)
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Link: https://lore.kernel.org/bpf/20220519233016.105670-6-mathew.j.martineau@linux.intel.com
struct mptcp_sock {
struct inet_connection_sock sk;
struct mptcp_sock {
struct inet_connection_sock sk;
} __attribute__((preserve_access_index));
#endif
} __attribute__((preserve_access_index));
#endif
struct mptcp_storage {
__u32 invoked;
__u32 is_mptcp;
struct mptcp_storage {
__u32 invoked;
__u32 is_mptcp;
};
static int verify_tsk(int map_fd, int client_fd)
};
static int verify_tsk(int map_fd, int client_fd)
-static int verify_msk(int map_fd, int client_fd)
+static int verify_msk(int map_fd, int client_fd, __u32 token)
{
int err, cfd = client_fd;
struct mptcp_storage val;
{
int err, cfd = client_fd;
struct mptcp_storage val;
+ if (!ASSERT_GT(token, 0, "invalid token"))
+ return -1;
+
err = bpf_map_lookup_elem(map_fd, &cfd, &val);
if (!ASSERT_OK(err, "bpf_map_lookup_elem"))
return err;
err = bpf_map_lookup_elem(map_fd, &cfd, &val);
if (!ASSERT_OK(err, "bpf_map_lookup_elem"))
return err;
if (!ASSERT_EQ(val.is_mptcp, 1, "unexpected is_mptcp"))
err++;
if (!ASSERT_EQ(val.is_mptcp, 1, "unexpected is_mptcp"))
err++;
+ if (!ASSERT_EQ(val.token, token, "unexpected token"))
+ err++;
+
if (!ASSERT_OK_PTR(sock_skel, "skel_open_load"))
return -EIO;
if (!ASSERT_OK_PTR(sock_skel, "skel_open_load"))
return -EIO;
+ err = mptcp_sock__attach(sock_skel);
+ if (!ASSERT_OK(err, "skel_attach"))
+ goto out;
+
prog_fd = bpf_program__fd(sock_skel->progs._sockops);
if (!ASSERT_GE(prog_fd, 0, "bpf_program__fd")) {
err = -EIO;
prog_fd = bpf_program__fd(sock_skel->progs._sockops);
if (!ASSERT_GE(prog_fd, 0, "bpf_program__fd")) {
err = -EIO;
- err += is_mptcp ? verify_msk(map_fd, client_fd) :
+ err += is_mptcp ? verify_msk(map_fd, client_fd, sock_skel->bss->token) :
verify_tsk(map_fd, client_fd);
close(client_fd);
verify_tsk(map_fd, client_fd);
close(client_fd);
#include "bpf_tcp_helpers.h"
char _license[] SEC("license") = "GPL";
#include "bpf_tcp_helpers.h"
char _license[] SEC("license") = "GPL";
struct mptcp_storage {
__u32 invoked;
__u32 is_mptcp;
struct mptcp_storage {
__u32 invoked;
__u32 is_mptcp;
BPF_SK_STORAGE_GET_F_CREATE);
if (!storage)
return 1;
BPF_SK_STORAGE_GET_F_CREATE);
if (!storage)
return 1;
} else {
msk = bpf_skc_to_mptcp_sock(sk);
if (!msk)
} else {
msk = bpf_skc_to_mptcp_sock(sk);
if (!msk)
BPF_SK_STORAGE_GET_F_CREATE);
if (!storage)
return 1;
BPF_SK_STORAGE_GET_F_CREATE);
if (!storage)
return 1;
+
+ storage->token = msk->token;
}
storage->invoked++;
storage->is_mptcp = is_mptcp;
return 1;
}
}
storage->invoked++;
storage->is_mptcp = is_mptcp;
return 1;
}
+
+SEC("fentry/mptcp_pm_new_connection")
+int BPF_PROG(trace_mptcp_pm_new_connection, struct mptcp_sock *msk,
+ const struct sock *ssk, int server_side)
+{
+ if (!server_side)
+ token = msk->token;
+
+ return 0;
+}