selftests/bpf: Add tests for {set|get} socket option from setsockopt BPF
authorPrankur Gupta <prankgup@fb.com>
Tue, 17 Aug 2021 22:42:21 +0000 (15:42 -0700)
committerDaniel Borkmann <daniel@iogearbox.net>
Thu, 19 Aug 2021 23:10:01 +0000 (01:10 +0200)
Adding selftests for the newly added functionality to call bpf_setsockopt()
and bpf_getsockopt() from setsockopt BPF programs.

Test Details:

1. BPF Program

   Checks for changes in IPV6_TCLASS(SOL_IPV6) via setsockopt
   If the cca for the socket is not cubic do nothing
   If the newly set value for IPV6_TCLASS is 45 (0x2d) (as per our use-case)
   then change the cc from cubic to reno

2. User Space Program

   Creates an AF_INET6 socket and set the cca for that to be "cubic"
   Attach the program and set the IPV6_TCLASS to 0x2d using setsockopt
   Verify the cca for the socket changed to reno

Signed-off-by: Prankur Gupta <prankgup@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20210817224221.3257826-3-prankgup@fb.com
tools/testing/selftests/bpf/bpf_tcp_helpers.h
tools/testing/selftests/bpf/prog_tests/sockopt_qos_to_cc.c [new file with mode: 0644]
tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c [new file with mode: 0644]

index 029589c008c9526a268938db2ad5c8569c2e59de..c9f9bdad60c7c906f8a0908294c1ab54a257086b 100644 (file)
 SEC("struct_ops/"#name) \
 BPF_PROG(name, args)
 
+#ifndef SOL_TCP
+#define SOL_TCP 6
+#endif
+
 #define tcp_jiffies32 ((__u32)bpf_jiffies64())
 
 struct sock_common {
@@ -203,6 +207,20 @@ static __always_inline bool tcp_is_cwnd_limited(const struct sock *sk)
        return !!BPF_CORE_READ_BITFIELD(tp, is_cwnd_limited);
 }
 
+static __always_inline bool tcp_cc_eq(const char *a, const char *b)
+{
+       int i;
+
+       for (i = 0; i < TCP_CA_NAME_MAX; i++) {
+               if (a[i] != b[i])
+                       return false;
+               if (!a[i])
+                       break;
+       }
+
+       return true;
+}
+
 extern __u32 tcp_slow_start(struct tcp_sock *tp, __u32 acked) __ksym;
 extern void tcp_cong_avoid_ai(struct tcp_sock *tp, __u32 w, __u32 acked) __ksym;
 
diff --git a/tools/testing/selftests/bpf/prog_tests/sockopt_qos_to_cc.c b/tools/testing/selftests/bpf/prog_tests/sockopt_qos_to_cc.c
new file mode 100644 (file)
index 0000000..6b53b3c
--- /dev/null
@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2021 Facebook */
+#include <test_progs.h>
+#include <netinet/tcp.h>
+#include "sockopt_qos_to_cc.skel.h"
+
+static void run_setsockopt_test(int cg_fd, int sock_fd)
+{
+       socklen_t optlen;
+       char cc[16]; /* TCP_CA_NAME_MAX */
+       int buf;
+       int err = -1;
+
+       buf = 0x2D;
+       err = setsockopt(sock_fd, SOL_IPV6, IPV6_TCLASS, &buf, sizeof(buf));
+       if (!ASSERT_OK(err, "setsockopt(sock_fd, IPV6_TCLASS)"))
+               return;
+
+       /* Verify the setsockopt cc change */
+       optlen = sizeof(cc);
+       err = getsockopt(sock_fd, SOL_TCP, TCP_CONGESTION, cc, &optlen);
+       if (!ASSERT_OK(err, "getsockopt(sock_fd, TCP_CONGESTION)"))
+               return;
+
+       if (!ASSERT_STREQ(cc, "reno", "getsockopt(sock_fd, TCP_CONGESTION)"))
+               return;
+}
+
+void test_sockopt_qos_to_cc(void)
+{
+       struct sockopt_qos_to_cc *skel;
+       char cc_cubic[16] = "cubic"; /* TCP_CA_NAME_MAX */
+       int cg_fd = -1;
+       int sock_fd = -1;
+       int err;
+
+       cg_fd = test__join_cgroup("/sockopt_qos_to_cc");
+       if (!ASSERT_GE(cg_fd, 0, "cg-join(sockopt_qos_to_cc)"))
+               return;
+
+       skel = sockopt_qos_to_cc__open_and_load();
+       if (!ASSERT_OK_PTR(skel, "skel"))
+               goto done;
+
+       sock_fd = socket(AF_INET6, SOCK_STREAM, 0);
+       if (!ASSERT_GE(sock_fd, 0, "v6 socket open"))
+               goto done;
+
+       err = setsockopt(sock_fd, SOL_TCP, TCP_CONGESTION, &cc_cubic,
+                        sizeof(cc_cubic));
+       if (!ASSERT_OK(err, "setsockopt(sock_fd, TCP_CONGESTION)"))
+               goto done;
+
+       skel->links.sockopt_qos_to_cc =
+               bpf_program__attach_cgroup(skel->progs.sockopt_qos_to_cc,
+                                          cg_fd);
+       if (!ASSERT_OK_PTR(skel->links.sockopt_qos_to_cc,
+                          "prog_attach(sockopt_qos_to_cc)"))
+               goto done;
+
+       run_setsockopt_test(cg_fd, sock_fd);
+
+done:
+       if (sock_fd != -1)
+               close(sock_fd);
+       if (cg_fd != -1)
+               close(cg_fd);
+       /* destroy can take null and error pointer */
+       sockopt_qos_to_cc__destroy(skel);
+}
diff --git a/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c b/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c
new file mode 100644 (file)
index 0000000..1bce83b
--- /dev/null
@@ -0,0 +1,39 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2021 Facebook */
+#include <string.h>
+#include <linux/tcp.h>
+#include <netinet/in.h>
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include "bpf_tcp_helpers.h"
+
+char _license[] SEC("license") = "GPL";
+
+SEC("cgroup/setsockopt")
+int sockopt_qos_to_cc(struct bpf_sockopt *ctx)
+{
+       void *optval_end = ctx->optval_end;
+       int *optval = ctx->optval;
+       char buf[TCP_CA_NAME_MAX];
+       char cc_reno[TCP_CA_NAME_MAX] = "reno";
+       char cc_cubic[TCP_CA_NAME_MAX] = "cubic";
+
+       if (ctx->level != SOL_IPV6 || ctx->optname != IPV6_TCLASS)
+               return 1;
+
+       if (optval + 1 > optval_end)
+               return 0; /* EPERM, bounds check */
+
+       if (bpf_getsockopt(ctx->sk, SOL_TCP, TCP_CONGESTION, &buf, sizeof(buf)))
+               return 0;
+
+       if (!tcp_cc_eq(buf, cc_cubic))
+               return 0;
+
+       if (*optval == 0x2d) {
+               if (bpf_setsockopt(ctx->sk, SOL_TCP, TCP_CONGESTION, &cc_reno,
+                               sizeof(cc_reno)))
+                       return 0;
+       }
+       return 1;
+}