Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / a26356ab9392e0c5f8ad87d76c42e7c58c036d24 / . / samples / bpf / test_cgrp2_attach2.c
blob: 3049b1f26267c40836c79423362aeeb125b5761b [file] [log] [blame]
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]1/* eBPF example program:
2 *
3 * - Creates arraymap in kernel with 4 bytes keys and 8 byte values
4 *
5 * - Loads eBPF program
6 *
7 * The eBPF program accesses the map passed in to store two pieces of
8 * information. The number of invocations of the program, which maps
9 * to the number of packets received, is stored to key 0. Key 1 is
10 * incremented on each iteration by the number of bytes stored in
11 * the skb.
12 *
13 * - Attaches the new program to a cgroup using BPF_PROG_ATTACH
14 *
15 * - Every second, reads map[0] and map[1] to see how many bytes and
16 * packets were seen on any socket of tasks in the given cgroup.
17 */
18
19#define _GNU_SOURCE
20
21#include <stdio.h>
22#include <stdlib.h>
23#include <assert.h>
24#include <unistd.h>
25
26#include <linux/bpf.h>
27
28#include "libbpf.h"
29#include "cgroup_helpers.h"
30
31#define FOO "/foo"
32#define BAR "/foo/bar/"
33#define PING_CMD "ping -c1 -w1 127.0.0.1"
34
Joe Stringerd40fc182016-12-14 14:43:38 -0800[diff] [blame]35char bpf_log_buf[BPF_LOG_BUF_SIZE];
36
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]37static int prog_load(int verdict)
38{
39 int ret;
40 struct bpf_insn prog[] = {
41 BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
42 BPF_EXIT_INSN(),
43 };
Joe Stringer43371c82016-12-14 14:43:39 -0800[diff] [blame]44 size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn);
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]45
Joe Stringerd40fc182016-12-14 14:43:38 -0800[diff] [blame]46 ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SKB,
Joe Stringer43371c82016-12-14 14:43:39 -0800[diff] [blame]47 prog, insns_cnt, "GPL", 0,
Joe Stringerd40fc182016-12-14 14:43:38 -0800[diff] [blame]48 bpf_log_buf, BPF_LOG_BUF_SIZE);
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]49
50 if (ret < 0) {
51 log_err("Loading program");
52 printf("Output from verifier:\n%s\n-------\n", bpf_log_buf);
53 return 0;
54 }
55 return ret;
56}
57
58
59int main(int argc, char **argv)
60{
61 int drop_prog, allow_prog, foo = 0, bar = 0, rc = 0;
62
63 allow_prog = prog_load(1);
64 if (!allow_prog)
65 goto err;
66
67 drop_prog = prog_load(0);
68 if (!drop_prog)
69 goto err;
70
71 if (setup_cgroup_environment())
72 goto err;
73
74 /* Create cgroup /foo, get fd, and join it */
75 foo = create_and_get_cgroup(FOO);
76 if (!foo)
77 goto err;
78
79 if (join_cgroup(FOO))
80 goto err;
81
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]82 if (bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS, 1)) {
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]83 log_err("Attaching prog to /foo");
84 goto err;
85 }
86
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]87 printf("Attached DROP prog. This ping in cgroup /foo should fail...\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]88 assert(system(PING_CMD) != 0);
89
90 /* Create cgroup /foo/bar, get fd, and join it */
91 bar = create_and_get_cgroup(BAR);
92 if (!bar)
93 goto err;
94
95 if (join_cgroup(BAR))
96 goto err;
97
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]98 printf("Attached DROP prog. This ping in cgroup /foo/bar should fail...\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]99 assert(system(PING_CMD) != 0);
100
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]101 if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 1)) {
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]102 log_err("Attaching prog to /foo/bar");
103 goto err;
104 }
105
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]106 printf("Attached PASS prog. This ping in cgroup /foo/bar should pass...\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]107 assert(system(PING_CMD) == 0);
108
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]109 if (bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS)) {
110 log_err("Detaching program from /foo/bar");
111 goto err;
112 }
113
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]114 printf("Detached PASS from /foo/bar while DROP is attached to /foo.\n"
115 "This ping in cgroup /foo/bar should fail...\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]116 assert(system(PING_CMD) != 0);
117
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]118 if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 1)) {
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]119 log_err("Attaching prog to /foo/bar");
120 goto err;
121 }
122
123 if (bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS)) {
124 log_err("Detaching program from /foo");
125 goto err;
126 }
127
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]128 printf("Attached PASS from /foo/bar and detached DROP from /foo.\n"
129 "This ping in cgroup /foo/bar should pass...\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]130 assert(system(PING_CMD) == 0);
131
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]132 if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 1)) {
133 log_err("Attaching prog to /foo/bar");
134 goto err;
135 }
136
137 if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0)) {
138 errno = 0;
139 log_err("Unexpected success attaching prog to /foo/bar");
140 goto err;
141 }
142
143 if (bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS)) {
144 log_err("Detaching program from /foo/bar");
145 goto err;
146 }
147
148 if (!bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS)) {
149 errno = 0;
150 log_err("Unexpected success in double detach from /foo");
151 goto err;
152 }
153
154 if (bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS, 0)) {
155 log_err("Attaching non-overridable prog to /foo");
156 goto err;
157 }
158
159 if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 0)) {
160 errno = 0;
161 log_err("Unexpected success attaching non-overridable prog to /foo/bar");
162 goto err;
163 }
164
165 if (!bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS, 1)) {
166 errno = 0;
167 log_err("Unexpected success attaching overridable prog to /foo/bar");
168 goto err;
169 }
170
171 if (!bpf_prog_attach(allow_prog, foo, BPF_CGROUP_INET_EGRESS, 1)) {
172 errno = 0;
173 log_err("Unexpected success attaching overridable prog to /foo");
174 goto err;
175 }
176
177 if (bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS, 0)) {
178 log_err("Attaching different non-overridable prog to /foo");
179 goto err;
180 }
181
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]182 goto out;
183
184err:
185 rc = 1;
186
187out:
188 close(foo);
189 close(bar);
190 cleanup_cgroup_environment();
Alexei Starovoitov7f677632017-02-10 20:28:24 -0800[diff] [blame]191 if (!rc)
192 printf("PASS\n");
193 else
194 printf("FAIL\n");
Sargun Dhillon9b474ec2016-12-02 02:42:32 -0800[diff] [blame]195 return rc;
196}