1 // SPDX-License-Identifier: GPL-2.0
2 #include <sys/un.h>
3 
4 #include "test_progs.h"
5 
6 #include "sock_addr_kern.skel.h"
7 #include "bind4_prog.skel.h"
8 #include "bind6_prog.skel.h"
9 #include "connect_unix_prog.skel.h"
10 #include "connect4_prog.skel.h"
11 #include "connect6_prog.skel.h"
12 #include "sendmsg4_prog.skel.h"
13 #include "sendmsg6_prog.skel.h"
14 #include "recvmsg4_prog.skel.h"
15 #include "recvmsg6_prog.skel.h"
16 #include "sendmsg_unix_prog.skel.h"
17 #include "recvmsg_unix_prog.skel.h"
18 #include "getsockname4_prog.skel.h"
19 #include "getsockname6_prog.skel.h"
20 #include "getsockname_unix_prog.skel.h"
21 #include "getpeername4_prog.skel.h"
22 #include "getpeername6_prog.skel.h"
23 #include "getpeername_unix_prog.skel.h"
24 #include "network_helpers.h"
25 
26 #ifndef ENOTSUPP
27 # define ENOTSUPP 524
28 #endif
29 
30 #define TEST_NS                 "sock_addr"
31 #define TEST_IF_PREFIX          "test_sock_addr"
32 #define TEST_IPV4               "127.0.0.4"
33 #define TEST_IPV6               "::6"
34 
35 #define SERV4_IP                "192.168.1.254"
36 #define SERV4_REWRITE_IP        "127.0.0.1"
37 #define SRC4_IP                 "172.16.0.1"
38 #define SRC4_REWRITE_IP         TEST_IPV4
39 #define SERV4_PORT              4040
40 #define SERV4_REWRITE_PORT      4444
41 
42 #define SERV6_IP                "face:b00c:1234:5678::abcd"
43 #define SERV6_REWRITE_IP        "::1"
44 #define SERV6_V4MAPPED_IP       "::ffff:192.168.0.4"
45 #define SRC6_IP                 "::1"
46 #define SRC6_REWRITE_IP         TEST_IPV6
47 #define WILDCARD6_IP            "::"
48 #define SERV6_PORT              6060
49 #define SERV6_REWRITE_PORT      6666
50 
51 #define SERVUN_ADDRESS         "bpf_cgroup_unix_test"
52 #define SERVUN_REWRITE_ADDRESS "bpf_cgroup_unix_test_rewrite"
53 #define SRCUN_ADDRESS          "bpf_cgroup_unix_test_src"
54 
55 #define save_errno_do(op) ({ int __save = errno; op; errno = __save; })
56 
57 enum sock_addr_test_type {
58 	SOCK_ADDR_TEST_BIND,
59 	SOCK_ADDR_TEST_CONNECT,
60 	SOCK_ADDR_TEST_SENDMSG,
61 	SOCK_ADDR_TEST_RECVMSG,
62 	SOCK_ADDR_TEST_GETSOCKNAME,
63 	SOCK_ADDR_TEST_GETPEERNAME,
64 };
65 
66 typedef void *(*load_fn)(int cgroup_fd,
67 			 enum bpf_attach_type attach_type,
68 			 bool expect_reject);
69 typedef void (*destroy_fn)(void *skel);
70 
71 static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
72 		    const struct sockaddr_storage *addr2, socklen_t addr2_len,
73 		    bool cmp_port);
74 
75 struct init_sock_args {
76 	int af;
77 	int type;
78 };
79 
80 struct addr_args {
81 	char addr[sizeof(struct sockaddr_storage)];
82 	int addrlen;
83 };
84 
85 struct sendmsg_args {
86 	struct addr_args addr;
87 	char msg[10];
88 	int msglen;
89 };
90 
91 static struct sock_addr_kern *skel;
92 
run_bpf_prog(const char * prog_name,void * ctx,int ctx_size)93 static int run_bpf_prog(const char *prog_name, void *ctx, int ctx_size)
94 {
95 	LIBBPF_OPTS(bpf_test_run_opts, topts);
96 	struct bpf_program *prog;
97 	int prog_fd, err;
98 
99 	topts.ctx_in = ctx;
100 	topts.ctx_size_in = ctx_size;
101 
102 	prog = bpf_object__find_program_by_name(skel->obj, prog_name);
103 	if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
104 		goto err;
105 
106 	prog_fd = bpf_program__fd(prog);
107 	err = bpf_prog_test_run_opts(prog_fd, &topts);
108 	if (!ASSERT_OK(err, prog_name))
109 		goto err;
110 
111 	err = topts.retval;
112 	errno = -topts.retval;
113 	goto out;
114 err:
115 	err = -1;
116 out:
117 	return err;
118 }
119 
kernel_init_sock(int af,int type,int protocol)120 static int kernel_init_sock(int af, int type, int protocol)
121 {
122 	struct init_sock_args args = {
123 		.af = af,
124 		.type = type,
125 	};
126 
127 	return run_bpf_prog("init_sock", &args, sizeof(args));
128 }
129 
kernel_close_sock(int fd)130 static int kernel_close_sock(int fd)
131 {
132 	return run_bpf_prog("close_sock", NULL, 0);
133 }
134 
sock_addr_op(const char * name,struct sockaddr * addr,socklen_t * addrlen,bool expect_change)135 static int sock_addr_op(const char *name, struct sockaddr *addr,
136 			socklen_t *addrlen, bool expect_change)
137 {
138 	struct addr_args args;
139 	int err;
140 
141 	if (addrlen)
142 		args.addrlen = *addrlen;
143 
144 	if (addr)
145 		memcpy(&args.addr, addr, *addrlen);
146 
147 	err = run_bpf_prog(name, &args, sizeof(args));
148 
149 	if (!expect_change && addr)
150 		if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
151 					*addrlen,
152 					(struct sockaddr_storage *)&args.addr,
153 					args.addrlen, 1),
154 			       0, "address_param_modified"))
155 			return -1;
156 
157 	if (addrlen)
158 		*addrlen = args.addrlen;
159 
160 	if (addr)
161 		memcpy(addr, &args.addr, *addrlen);
162 
163 	return err;
164 }
165 
send_msg_op(const char * name,struct sockaddr * addr,socklen_t addrlen,const char * msg,int msglen)166 static int send_msg_op(const char *name, struct sockaddr *addr,
167 		       socklen_t addrlen, const char *msg, int msglen)
168 {
169 	struct sendmsg_args args;
170 	int err;
171 
172 	memset(&args, 0, sizeof(args));
173 	memcpy(&args.addr.addr, addr, addrlen);
174 	args.addr.addrlen = addrlen;
175 	memcpy(args.msg, msg, msglen);
176 	args.msglen = msglen;
177 
178 	err = run_bpf_prog(name, &args, sizeof(args));
179 
180 	if (!ASSERT_EQ(cmp_addr((struct sockaddr_storage *)addr,
181 				addrlen,
182 				(struct sockaddr_storage *)&args.addr.addr,
183 				args.addr.addrlen, 1),
184 		       0, "address_param_modified"))
185 		return -1;
186 
187 	return err;
188 }
189 
kernel_connect(struct sockaddr * addr,socklen_t addrlen)190 static int kernel_connect(struct sockaddr *addr, socklen_t addrlen)
191 {
192 	return sock_addr_op("kernel_connect", addr, &addrlen, false);
193 }
194 
kernel_bind(int fd,struct sockaddr * addr,socklen_t addrlen)195 static int kernel_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
196 {
197 	return sock_addr_op("kernel_bind", addr, &addrlen, false);
198 }
199 
kernel_listen(void)200 static int kernel_listen(void)
201 {
202 	return sock_addr_op("kernel_listen", NULL, NULL, false);
203 }
204 
kernel_sendmsg(int fd,struct sockaddr * addr,socklen_t addrlen,char * msg,int msglen)205 static int kernel_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
206 			  char *msg, int msglen)
207 {
208 	return send_msg_op("kernel_sendmsg", addr, addrlen, msg, msglen);
209 }
210 
sock_sendmsg(int fd,struct sockaddr * addr,socklen_t addrlen,char * msg,int msglen)211 static int sock_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
212 			char *msg, int msglen)
213 {
214 	return send_msg_op("sock_sendmsg", addr, addrlen, msg, msglen);
215 }
216 
kernel_getsockname(int fd,struct sockaddr * addr,socklen_t * addrlen)217 static int kernel_getsockname(int fd, struct sockaddr *addr, socklen_t *addrlen)
218 {
219 	return sock_addr_op("kernel_getsockname", addr, addrlen, true);
220 }
221 
kernel_getpeername(int fd,struct sockaddr * addr,socklen_t * addrlen)222 static int kernel_getpeername(int fd, struct sockaddr *addr, socklen_t *addrlen)
223 {
224 	return sock_addr_op("kernel_getpeername", addr, addrlen, true);
225 }
226 
kernel_connect_to_addr(int type,const struct sockaddr_storage * addr,socklen_t addrlen,const struct network_helper_opts * opts)227 int kernel_connect_to_addr(int type, const struct sockaddr_storage *addr, socklen_t addrlen,
228 			   const struct network_helper_opts *opts)
229 {
230 	int err;
231 
232 	if (!ASSERT_OK(kernel_init_sock(addr->ss_family, type, 0),
233 		       "kernel_init_sock"))
234 		goto err;
235 
236 	if (kernel_connect((struct sockaddr *)addr, addrlen) < 0)
237 		goto err;
238 
239 	/* Test code expects a "file descriptor" on success. */
240 	err = 1;
241 	goto out;
242 err:
243 	err = -1;
244 	save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
245 out:
246 	return err;
247 }
248 
kernel_start_server(int family,int type,const char * addr_str,__u16 port,int timeout_ms)249 int kernel_start_server(int family, int type, const char *addr_str, __u16 port,
250 			int timeout_ms)
251 {
252 	struct sockaddr_storage addr;
253 	socklen_t addrlen;
254 	int err;
255 
256 	if (!ASSERT_OK(kernel_init_sock(family, type, 0), "kernel_init_sock"))
257 		goto err;
258 
259 	if (make_sockaddr(family, addr_str, port, &addr, &addrlen))
260 		goto err;
261 
262 	if (kernel_bind(0, (struct sockaddr *)&addr, addrlen) < 0)
263 		goto err;
264 
265 	if (type == SOCK_STREAM) {
266 		if (!ASSERT_OK(kernel_listen(), "kernel_listen"))
267 			goto err;
268 	}
269 
270 	/* Test code expects a "file descriptor" on success. */
271 	err = 1;
272 	goto out;
273 err:
274 	err = -1;
275 	save_errno_do(ASSERT_OK(kernel_close_sock(0), "kernel_close_sock"));
276 out:
277 	return err;
278 }
279 
280 struct sock_ops {
281 	int (*connect_to_addr)(int type, const struct sockaddr_storage *addr,
282 			       socklen_t addrlen,
283 			       const struct network_helper_opts *opts);
284 	int (*start_server)(int family, int type, const char *addr_str,
285 			    __u16 port, int timeout_ms);
286 	int (*socket)(int famil, int type, int protocol);
287 	int (*bind)(int fd, struct sockaddr *addr, socklen_t addrlen);
288 	int (*getsockname)(int fd, struct sockaddr *addr, socklen_t *addrlen);
289 	int (*getpeername)(int fd, struct sockaddr *addr, socklen_t *addrlen);
290 	int (*sendmsg)(int fd, struct sockaddr *addr, socklen_t addrlen,
291 		       char *msg, int msglen);
292 	int (*close)(int fd);
293 };
294 
user_sendmsg(int fd,struct sockaddr * addr,socklen_t addrlen,char * msg,int msglen)295 static int user_sendmsg(int fd, struct sockaddr *addr, socklen_t addrlen,
296 			char *msg, int msglen)
297 {
298 	struct msghdr hdr;
299 	struct iovec iov;
300 
301 	memset(&iov, 0, sizeof(iov));
302 	iov.iov_base = msg;
303 	iov.iov_len = msglen;
304 
305 	memset(&hdr, 0, sizeof(hdr));
306 	hdr.msg_name = (void *)addr;
307 	hdr.msg_namelen = addrlen;
308 	hdr.msg_iov = &iov;
309 	hdr.msg_iovlen = 1;
310 
311 	return sendmsg(fd, &hdr, 0);
312 }
313 
user_bind(int fd,struct sockaddr * addr,socklen_t addrlen)314 static int user_bind(int fd, struct sockaddr *addr, socklen_t addrlen)
315 {
316 	return bind(fd, (const struct sockaddr *)addr, addrlen);
317 }
318 
319 struct sock_ops user_ops = {
320 	.connect_to_addr = connect_to_addr,
321 	.start_server = start_server,
322 	.socket = socket,
323 	.bind = user_bind,
324 	.getsockname = getsockname,
325 	.getpeername = getpeername,
326 	.sendmsg = user_sendmsg,
327 	.close = close,
328 };
329 
330 struct sock_ops kern_ops_sock_sendmsg = {
331 	.connect_to_addr = kernel_connect_to_addr,
332 	.start_server = kernel_start_server,
333 	.socket = kernel_init_sock,
334 	.bind = kernel_bind,
335 	.getsockname = kernel_getsockname,
336 	.getpeername = kernel_getpeername,
337 	.sendmsg = sock_sendmsg,
338 	.close = kernel_close_sock,
339 };
340 
341 struct sock_ops kern_ops_kernel_sendmsg = {
342 	.connect_to_addr = kernel_connect_to_addr,
343 	.start_server = kernel_start_server,
344 	.socket = kernel_init_sock,
345 	.bind = kernel_bind,
346 	.getsockname = kernel_getsockname,
347 	.getpeername = kernel_getpeername,
348 	.sendmsg = kernel_sendmsg,
349 	.close = kernel_close_sock,
350 };
351 
352 struct sock_addr_test {
353 	enum sock_addr_test_type type;
354 	const char *name;
355 	/* BPF prog properties */
356 	load_fn loadfn;
357 	destroy_fn destroyfn;
358 	enum bpf_attach_type attach_type;
359 	/* Socket operations */
360 	struct sock_ops *ops;
361 	/* Socket properties */
362 	int socket_family;
363 	int socket_type;
364 	/* IP:port pairs for BPF prog to override */
365 	const char *requested_addr;
366 	unsigned short requested_port;
367 	const char *expected_addr;
368 	unsigned short expected_port;
369 	const char *expected_src_addr;
370 	/* Expected test result */
371 	enum {
372 		LOAD_REJECT,
373 		ATTACH_REJECT,
374 		SYSCALL_EPERM,
375 		SYSCALL_ENOTSUPP,
376 		SUCCESS,
377 	} expected_result;
378 };
379 
380 #define BPF_SKEL_FUNCS_RAW(skel_name, prog_name) \
381 static void *prog_name##_load_raw(int cgroup_fd, \
382 				  enum bpf_attach_type attach_type, \
383 				  bool expect_reject) \
384 { \
385 	struct skel_name *skel = skel_name##__open(); \
386 	int prog_fd = -1; \
387 	if (!ASSERT_OK_PTR(skel, "skel_open")) \
388 		goto cleanup; \
389 	if (!ASSERT_OK(skel_name##__load(skel), "load")) \
390 		goto cleanup; \
391 	prog_fd = bpf_program__fd(skel->progs.prog_name); \
392 	if (!ASSERT_GT(prog_fd, 0, "prog_fd")) \
393 		goto cleanup; \
394 	if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, \
395 			      BPF_F_ALLOW_OVERRIDE), "bpf_prog_attach") { \
396 		ASSERT_TRUE(expect_reject, "unexpected rejection"); \
397 		goto cleanup; \
398 	} \
399 	if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
400 		goto cleanup; \
401 cleanup: \
402 	if (prog_fd > 0) \
403 		bpf_prog_detach(cgroup_fd, attach_type); \
404 	skel_name##__destroy(skel); \
405 	return NULL; \
406 } \
407 static void prog_name##_destroy_raw(void *progfd) \
408 { \
409 	/* No-op. *_load_raw does all cleanup. */ \
410 } \
411 
412 #define BPF_SKEL_FUNCS(skel_name, prog_name) \
413 static void *prog_name##_load(int cgroup_fd, \
414 			      enum bpf_attach_type attach_type, \
415 			      bool expect_reject) \
416 { \
417 	struct skel_name *skel = skel_name##__open(); \
418 	if (!ASSERT_OK_PTR(skel, "skel_open")) \
419 		goto cleanup; \
420 	if (!ASSERT_OK(bpf_program__set_expected_attach_type(skel->progs.prog_name, \
421 							     attach_type), \
422 		       "set_expected_attach_type")) \
423 		goto cleanup; \
424 	if (skel_name##__load(skel)) { \
425 		ASSERT_TRUE(expect_reject, "unexpected rejection"); \
426 		goto cleanup; \
427 	} \
428 	if (!ASSERT_FALSE(expect_reject, "expected rejection")) \
429 		goto cleanup; \
430 	skel->links.prog_name = bpf_program__attach_cgroup( \
431 		skel->progs.prog_name, cgroup_fd); \
432 	if (!ASSERT_OK_PTR(skel->links.prog_name, "prog_attach")) \
433 		goto cleanup; \
434 	return skel; \
435 cleanup: \
436 	skel_name##__destroy(skel); \
437 	return NULL; \
438 } \
439 static void prog_name##_destroy(void *skel) \
440 { \
441 	skel_name##__destroy(skel); \
442 }
443 
444 BPF_SKEL_FUNCS(bind4_prog, bind_v4_prog);
445 BPF_SKEL_FUNCS_RAW(bind4_prog, bind_v4_prog);
446 BPF_SKEL_FUNCS(bind4_prog, bind_v4_deny_prog);
447 BPF_SKEL_FUNCS(bind6_prog, bind_v6_prog);
448 BPF_SKEL_FUNCS_RAW(bind6_prog, bind_v6_prog);
449 BPF_SKEL_FUNCS(bind6_prog, bind_v6_deny_prog);
450 BPF_SKEL_FUNCS(connect4_prog, connect_v4_prog);
451 BPF_SKEL_FUNCS_RAW(connect4_prog, connect_v4_prog);
452 BPF_SKEL_FUNCS(connect4_prog, connect_v4_deny_prog);
453 BPF_SKEL_FUNCS(connect6_prog, connect_v6_prog);
454 BPF_SKEL_FUNCS_RAW(connect6_prog, connect_v6_prog);
455 BPF_SKEL_FUNCS(connect6_prog, connect_v6_deny_prog);
456 BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_prog);
457 BPF_SKEL_FUNCS_RAW(connect_unix_prog, connect_unix_prog);
458 BPF_SKEL_FUNCS(connect_unix_prog, connect_unix_deny_prog);
459 BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_prog);
460 BPF_SKEL_FUNCS_RAW(sendmsg4_prog, sendmsg_v4_prog);
461 BPF_SKEL_FUNCS(sendmsg4_prog, sendmsg_v4_deny_prog);
462 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_prog);
463 BPF_SKEL_FUNCS_RAW(sendmsg6_prog, sendmsg_v6_prog);
464 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_deny_prog);
465 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_preserve_dst_prog);
466 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_v4mapped_prog);
467 BPF_SKEL_FUNCS(sendmsg6_prog, sendmsg_v6_wildcard_prog);
468 BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_prog);
469 BPF_SKEL_FUNCS_RAW(sendmsg_unix_prog, sendmsg_unix_prog);
470 BPF_SKEL_FUNCS(sendmsg_unix_prog, sendmsg_unix_deny_prog);
471 BPF_SKEL_FUNCS(recvmsg4_prog, recvmsg4_prog);
472 BPF_SKEL_FUNCS_RAW(recvmsg4_prog, recvmsg4_prog);
473 BPF_SKEL_FUNCS(recvmsg6_prog, recvmsg6_prog);
474 BPF_SKEL_FUNCS_RAW(recvmsg6_prog, recvmsg6_prog);
475 BPF_SKEL_FUNCS(recvmsg_unix_prog, recvmsg_unix_prog);
476 BPF_SKEL_FUNCS_RAW(recvmsg_unix_prog, recvmsg_unix_prog);
477 BPF_SKEL_FUNCS(getsockname_unix_prog, getsockname_unix_prog);
478 BPF_SKEL_FUNCS_RAW(getsockname_unix_prog, getsockname_unix_prog);
479 BPF_SKEL_FUNCS(getsockname4_prog, getsockname_v4_prog);
480 BPF_SKEL_FUNCS_RAW(getsockname4_prog, getsockname_v4_prog);
481 BPF_SKEL_FUNCS(getsockname6_prog, getsockname_v6_prog);
482 BPF_SKEL_FUNCS_RAW(getsockname6_prog, getsockname_v6_prog);
483 BPF_SKEL_FUNCS(getpeername_unix_prog, getpeername_unix_prog);
484 BPF_SKEL_FUNCS_RAW(getpeername_unix_prog, getpeername_unix_prog);
485 BPF_SKEL_FUNCS(getpeername4_prog, getpeername_v4_prog);
486 BPF_SKEL_FUNCS_RAW(getpeername4_prog, getpeername_v4_prog);
487 BPF_SKEL_FUNCS(getpeername6_prog, getpeername_v6_prog);
488 BPF_SKEL_FUNCS_RAW(getpeername6_prog, getpeername_v6_prog);
489 
490 static struct sock_addr_test tests[] = {
491 	/* bind - system calls */
492 	{
493 		SOCK_ADDR_TEST_BIND,
494 		"bind4: bind (stream)",
495 		bind_v4_prog_load,
496 		bind_v4_prog_destroy,
497 		BPF_CGROUP_INET4_BIND,
498 		&user_ops,
499 		AF_INET,
500 		SOCK_STREAM,
501 		SERV4_IP,
502 		SERV4_PORT,
503 		SERV4_REWRITE_IP,
504 		SERV4_REWRITE_PORT,
505 		NULL,
506 		SUCCESS,
507 	},
508 	{
509 		SOCK_ADDR_TEST_BIND,
510 		"bind4: bind deny (stream)",
511 		bind_v4_deny_prog_load,
512 		bind_v4_deny_prog_destroy,
513 		BPF_CGROUP_INET4_BIND,
514 		&user_ops,
515 		AF_INET,
516 		SOCK_STREAM,
517 		SERV4_IP,
518 		SERV4_PORT,
519 		SERV4_REWRITE_IP,
520 		SERV4_REWRITE_PORT,
521 		NULL,
522 		SYSCALL_EPERM,
523 	},
524 	{
525 		SOCK_ADDR_TEST_BIND,
526 		"bind4: bind (dgram)",
527 		bind_v4_prog_load,
528 		bind_v4_prog_destroy,
529 		BPF_CGROUP_INET4_BIND,
530 		&user_ops,
531 		AF_INET,
532 		SOCK_DGRAM,
533 		SERV4_IP,
534 		SERV4_PORT,
535 		SERV4_REWRITE_IP,
536 		SERV4_REWRITE_PORT,
537 		NULL,
538 		SUCCESS,
539 	},
540 	{
541 		SOCK_ADDR_TEST_BIND,
542 		"bind4: bind deny (dgram)",
543 		bind_v4_deny_prog_load,
544 		bind_v4_deny_prog_destroy,
545 		BPF_CGROUP_INET4_BIND,
546 		&user_ops,
547 		AF_INET,
548 		SOCK_DGRAM,
549 		SERV4_IP,
550 		SERV4_PORT,
551 		SERV4_REWRITE_IP,
552 		SERV4_REWRITE_PORT,
553 		NULL,
554 		SYSCALL_EPERM,
555 	},
556 	{
557 		SOCK_ADDR_TEST_BIND,
558 		"bind4: load prog with wrong expected attach type",
559 		bind_v4_prog_load,
560 		bind_v4_prog_destroy,
561 		BPF_CGROUP_INET6_BIND,
562 		&user_ops,
563 		AF_INET,
564 		SOCK_STREAM,
565 		NULL,
566 		0,
567 		NULL,
568 		0,
569 		NULL,
570 		LOAD_REJECT,
571 	},
572 	{
573 		SOCK_ADDR_TEST_BIND,
574 		"bind4: attach prog with wrong attach type",
575 		bind_v4_prog_load_raw,
576 		bind_v4_prog_destroy_raw,
577 		BPF_CGROUP_INET6_BIND,
578 		&user_ops,
579 		AF_INET,
580 		SOCK_STREAM,
581 		NULL,
582 		0,
583 		NULL,
584 		0,
585 		NULL,
586 		ATTACH_REJECT,
587 	},
588 	{
589 		SOCK_ADDR_TEST_BIND,
590 		"bind6: bind (stream)",
591 		bind_v6_prog_load,
592 		bind_v6_prog_destroy,
593 		BPF_CGROUP_INET6_BIND,
594 		&user_ops,
595 		AF_INET6,
596 		SOCK_STREAM,
597 		SERV6_IP,
598 		SERV6_PORT,
599 		SERV6_REWRITE_IP,
600 		SERV6_REWRITE_PORT,
601 		NULL,
602 		SUCCESS,
603 	},
604 	{
605 		SOCK_ADDR_TEST_BIND,
606 		"bind6: bind deny (stream)",
607 		bind_v6_deny_prog_load,
608 		bind_v6_deny_prog_destroy,
609 		BPF_CGROUP_INET6_BIND,
610 		&user_ops,
611 		AF_INET6,
612 		SOCK_STREAM,
613 		SERV6_IP,
614 		SERV6_PORT,
615 		SERV6_REWRITE_IP,
616 		SERV6_REWRITE_PORT,
617 		NULL,
618 		SYSCALL_EPERM,
619 	},
620 	{
621 		SOCK_ADDR_TEST_BIND,
622 		"bind6: bind (dgram)",
623 		bind_v6_prog_load,
624 		bind_v6_prog_destroy,
625 		BPF_CGROUP_INET6_BIND,
626 		&user_ops,
627 		AF_INET6,
628 		SOCK_DGRAM,
629 		SERV6_IP,
630 		SERV6_PORT,
631 		SERV6_REWRITE_IP,
632 		SERV6_REWRITE_PORT,
633 		NULL,
634 		SUCCESS,
635 	},
636 	{
637 		SOCK_ADDR_TEST_BIND,
638 		"bind6: bind deny (dgram)",
639 		bind_v6_deny_prog_load,
640 		bind_v6_deny_prog_destroy,
641 		BPF_CGROUP_INET6_BIND,
642 		&user_ops,
643 		AF_INET6,
644 		SOCK_DGRAM,
645 		SERV6_IP,
646 		SERV6_PORT,
647 		SERV6_REWRITE_IP,
648 		SERV6_REWRITE_PORT,
649 		NULL,
650 		SYSCALL_EPERM,
651 	},
652 	{
653 		SOCK_ADDR_TEST_BIND,
654 		"bind6: load prog with wrong expected attach type",
655 		bind_v6_prog_load,
656 		bind_v6_prog_destroy,
657 		BPF_CGROUP_INET4_BIND,
658 		&user_ops,
659 		AF_INET6,
660 		SOCK_STREAM,
661 		NULL,
662 		0,
663 		NULL,
664 		0,
665 		NULL,
666 		LOAD_REJECT,
667 	},
668 	{
669 		SOCK_ADDR_TEST_BIND,
670 		"bind6: attach prog with wrong attach type",
671 		bind_v6_prog_load_raw,
672 		bind_v6_prog_destroy_raw,
673 		BPF_CGROUP_INET4_BIND,
674 		&user_ops,
675 		AF_INET,
676 		SOCK_STREAM,
677 		NULL,
678 		0,
679 		NULL,
680 		0,
681 		NULL,
682 		ATTACH_REJECT,
683 	},
684 
685 	/* bind - kernel calls */
686 	{
687 		SOCK_ADDR_TEST_BIND,
688 		"bind4: kernel_bind (stream)",
689 		bind_v4_prog_load,
690 		bind_v4_prog_destroy,
691 		BPF_CGROUP_INET4_BIND,
692 		&kern_ops_sock_sendmsg,
693 		AF_INET,
694 		SOCK_STREAM,
695 		SERV4_IP,
696 		SERV4_PORT,
697 		SERV4_REWRITE_IP,
698 		SERV4_REWRITE_PORT,
699 		NULL,
700 		SUCCESS,
701 	},
702 	{
703 		SOCK_ADDR_TEST_BIND,
704 		"bind4: kernel_bind deny (stream)",
705 		bind_v4_deny_prog_load,
706 		bind_v4_deny_prog_destroy,
707 		BPF_CGROUP_INET4_BIND,
708 		&kern_ops_sock_sendmsg,
709 		AF_INET,
710 		SOCK_STREAM,
711 		SERV4_IP,
712 		SERV4_PORT,
713 		SERV4_REWRITE_IP,
714 		SERV4_REWRITE_PORT,
715 		NULL,
716 		SYSCALL_EPERM,
717 	},
718 	{
719 		SOCK_ADDR_TEST_BIND,
720 		"bind4: kernel_bind (dgram)",
721 		bind_v4_prog_load,
722 		bind_v4_prog_destroy,
723 		BPF_CGROUP_INET4_BIND,
724 		&kern_ops_sock_sendmsg,
725 		AF_INET,
726 		SOCK_DGRAM,
727 		SERV4_IP,
728 		SERV4_PORT,
729 		SERV4_REWRITE_IP,
730 		SERV4_REWRITE_PORT,
731 		NULL,
732 		SUCCESS,
733 	},
734 	{
735 		SOCK_ADDR_TEST_BIND,
736 		"bind4: kernel_bind deny (dgram)",
737 		bind_v4_deny_prog_load,
738 		bind_v4_deny_prog_destroy,
739 		BPF_CGROUP_INET4_BIND,
740 		&kern_ops_sock_sendmsg,
741 		AF_INET,
742 		SOCK_DGRAM,
743 		SERV4_IP,
744 		SERV4_PORT,
745 		SERV4_REWRITE_IP,
746 		SERV4_REWRITE_PORT,
747 		NULL,
748 		SYSCALL_EPERM,
749 	},
750 	{
751 		SOCK_ADDR_TEST_BIND,
752 		"bind6: kernel_bind (stream)",
753 		bind_v6_prog_load,
754 		bind_v6_prog_destroy,
755 		BPF_CGROUP_INET6_BIND,
756 		&kern_ops_sock_sendmsg,
757 		AF_INET6,
758 		SOCK_STREAM,
759 		SERV6_IP,
760 		SERV6_PORT,
761 		SERV6_REWRITE_IP,
762 		SERV6_REWRITE_PORT,
763 		NULL,
764 		SUCCESS,
765 	},
766 	{
767 		SOCK_ADDR_TEST_BIND,
768 		"bind6: kernel_bind deny (stream)",
769 		bind_v6_deny_prog_load,
770 		bind_v6_deny_prog_destroy,
771 		BPF_CGROUP_INET6_BIND,
772 		&kern_ops_sock_sendmsg,
773 		AF_INET6,
774 		SOCK_STREAM,
775 		SERV6_IP,
776 		SERV6_PORT,
777 		SERV6_REWRITE_IP,
778 		SERV6_REWRITE_PORT,
779 		NULL,
780 		SYSCALL_EPERM,
781 	},
782 	{
783 		SOCK_ADDR_TEST_BIND,
784 		"bind6: kernel_bind (dgram)",
785 		bind_v6_prog_load,
786 		bind_v6_prog_destroy,
787 		BPF_CGROUP_INET6_BIND,
788 		&kern_ops_sock_sendmsg,
789 		AF_INET6,
790 		SOCK_DGRAM,
791 		SERV6_IP,
792 		SERV6_PORT,
793 		SERV6_REWRITE_IP,
794 		SERV6_REWRITE_PORT,
795 		NULL,
796 		SUCCESS,
797 	},
798 	{
799 		SOCK_ADDR_TEST_BIND,
800 		"bind6: kernel_bind deny (dgram)",
801 		bind_v6_deny_prog_load,
802 		bind_v6_deny_prog_destroy,
803 		BPF_CGROUP_INET6_BIND,
804 		&kern_ops_sock_sendmsg,
805 		AF_INET6,
806 		SOCK_DGRAM,
807 		SERV6_IP,
808 		SERV6_PORT,
809 		SERV6_REWRITE_IP,
810 		SERV6_REWRITE_PORT,
811 		NULL,
812 		SYSCALL_EPERM,
813 	},
814 
815 	/* connect - system calls */
816 	{
817 		SOCK_ADDR_TEST_CONNECT,
818 		"connect4: connect (stream)",
819 		connect_v4_prog_load,
820 		connect_v4_prog_destroy,
821 		BPF_CGROUP_INET4_CONNECT,
822 		&user_ops,
823 		AF_INET,
824 		SOCK_STREAM,
825 		SERV4_IP,
826 		SERV4_PORT,
827 		SERV4_REWRITE_IP,
828 		SERV4_REWRITE_PORT,
829 		SRC4_REWRITE_IP,
830 		SUCCESS,
831 	},
832 	{
833 		SOCK_ADDR_TEST_CONNECT,
834 		"connect4: connect deny (stream)",
835 		connect_v4_deny_prog_load,
836 		connect_v4_deny_prog_destroy,
837 		BPF_CGROUP_INET4_CONNECT,
838 		&user_ops,
839 		AF_INET,
840 		SOCK_STREAM,
841 		SERV4_IP,
842 		SERV4_PORT,
843 		SERV4_REWRITE_IP,
844 		SERV4_REWRITE_PORT,
845 		SRC4_REWRITE_IP,
846 		SYSCALL_EPERM,
847 	},
848 	{
849 		SOCK_ADDR_TEST_CONNECT,
850 		"connect4: connect (dgram)",
851 		connect_v4_prog_load,
852 		connect_v4_prog_destroy,
853 		BPF_CGROUP_INET4_CONNECT,
854 		&user_ops,
855 		AF_INET,
856 		SOCK_DGRAM,
857 		SERV4_IP,
858 		SERV4_PORT,
859 		SERV4_REWRITE_IP,
860 		SERV4_REWRITE_PORT,
861 		SRC4_REWRITE_IP,
862 		SUCCESS,
863 	},
864 	{
865 		SOCK_ADDR_TEST_CONNECT,
866 		"connect4: connect deny (dgram)",
867 		connect_v4_deny_prog_load,
868 		connect_v4_deny_prog_destroy,
869 		BPF_CGROUP_INET4_CONNECT,
870 		&user_ops,
871 		AF_INET,
872 		SOCK_DGRAM,
873 		SERV4_IP,
874 		SERV4_PORT,
875 		SERV4_REWRITE_IP,
876 		SERV4_REWRITE_PORT,
877 		SRC4_REWRITE_IP,
878 		SYSCALL_EPERM,
879 	},
880 	{
881 		SOCK_ADDR_TEST_CONNECT,
882 		"connect4: load prog with wrong expected attach type",
883 		connect_v4_prog_load,
884 		connect_v4_prog_destroy,
885 		BPF_CGROUP_INET6_CONNECT,
886 		&user_ops,
887 		AF_INET,
888 		SOCK_STREAM,
889 		NULL,
890 		0,
891 		NULL,
892 		0,
893 		NULL,
894 		LOAD_REJECT,
895 	},
896 	{
897 		SOCK_ADDR_TEST_CONNECT,
898 		"connect4: attach prog with wrong attach type",
899 		connect_v4_prog_load_raw,
900 		connect_v4_prog_destroy_raw,
901 		BPF_CGROUP_INET6_CONNECT,
902 		&user_ops,
903 		AF_INET,
904 		SOCK_STREAM,
905 		NULL,
906 		0,
907 		NULL,
908 		0,
909 		NULL,
910 		ATTACH_REJECT,
911 	},
912 	{
913 		SOCK_ADDR_TEST_CONNECT,
914 		"connect6: connect (stream)",
915 		connect_v6_prog_load,
916 		connect_v6_prog_destroy,
917 		BPF_CGROUP_INET6_CONNECT,
918 		&user_ops,
919 		AF_INET6,
920 		SOCK_STREAM,
921 		SERV6_IP,
922 		SERV6_PORT,
923 		SERV6_REWRITE_IP,
924 		SERV6_REWRITE_PORT,
925 		SRC6_REWRITE_IP,
926 		SUCCESS,
927 	},
928 	{
929 		SOCK_ADDR_TEST_CONNECT,
930 		"connect6: connect deny (stream)",
931 		connect_v6_deny_prog_load,
932 		connect_v6_deny_prog_destroy,
933 		BPF_CGROUP_INET6_CONNECT,
934 		&user_ops,
935 		AF_INET6,
936 		SOCK_STREAM,
937 		SERV6_IP,
938 		SERV6_PORT,
939 		SERV6_REWRITE_IP,
940 		SERV6_REWRITE_PORT,
941 		SRC6_REWRITE_IP,
942 		SYSCALL_EPERM,
943 	},
944 	{
945 		SOCK_ADDR_TEST_CONNECT,
946 		"connect6: connect (dgram)",
947 		connect_v6_prog_load,
948 		connect_v6_prog_destroy,
949 		BPF_CGROUP_INET6_CONNECT,
950 		&user_ops,
951 		AF_INET6,
952 		SOCK_DGRAM,
953 		SERV6_IP,
954 		SERV6_PORT,
955 		SERV6_REWRITE_IP,
956 		SERV6_REWRITE_PORT,
957 		SRC6_REWRITE_IP,
958 		SUCCESS,
959 	},
960 	{
961 		SOCK_ADDR_TEST_CONNECT,
962 		"connect6: connect deny (dgram)",
963 		connect_v6_deny_prog_load,
964 		connect_v6_deny_prog_destroy,
965 		BPF_CGROUP_INET6_CONNECT,
966 		&user_ops,
967 		AF_INET6,
968 		SOCK_DGRAM,
969 		SERV6_IP,
970 		SERV6_PORT,
971 		SERV6_REWRITE_IP,
972 		SERV6_REWRITE_PORT,
973 		SRC6_REWRITE_IP,
974 		SYSCALL_EPERM,
975 	},
976 	{
977 		SOCK_ADDR_TEST_CONNECT,
978 		"connect6: load prog with wrong expected attach type",
979 		connect_v6_prog_load,
980 		connect_v6_prog_destroy,
981 		BPF_CGROUP_INET4_CONNECT,
982 		&user_ops,
983 		AF_INET6,
984 		SOCK_STREAM,
985 		NULL,
986 		0,
987 		NULL,
988 		0,
989 		NULL,
990 		LOAD_REJECT,
991 	},
992 	{
993 		SOCK_ADDR_TEST_CONNECT,
994 		"connect6: attach prog with wrong attach type",
995 		connect_v6_prog_load_raw,
996 		connect_v6_prog_destroy_raw,
997 		BPF_CGROUP_INET4_CONNECT,
998 		&user_ops,
999 		AF_INET,
1000 		SOCK_STREAM,
1001 		NULL,
1002 		0,
1003 		NULL,
1004 		0,
1005 		NULL,
1006 		ATTACH_REJECT,
1007 	},
1008 	{
1009 		SOCK_ADDR_TEST_CONNECT,
1010 		"connect_unix: connect (stream)",
1011 		connect_unix_prog_load,
1012 		connect_unix_prog_destroy,
1013 		BPF_CGROUP_UNIX_CONNECT,
1014 		&user_ops,
1015 		AF_UNIX,
1016 		SOCK_STREAM,
1017 		SERVUN_ADDRESS,
1018 		0,
1019 		SERVUN_REWRITE_ADDRESS,
1020 		0,
1021 		NULL,
1022 		SUCCESS,
1023 	},
1024 	{
1025 		SOCK_ADDR_TEST_CONNECT,
1026 		"connect_unix: connect deny (stream)",
1027 		connect_unix_deny_prog_load,
1028 		connect_unix_deny_prog_destroy,
1029 		BPF_CGROUP_UNIX_CONNECT,
1030 		&user_ops,
1031 		AF_UNIX,
1032 		SOCK_STREAM,
1033 		SERVUN_ADDRESS,
1034 		0,
1035 		SERVUN_REWRITE_ADDRESS,
1036 		0,
1037 		NULL,
1038 		SYSCALL_EPERM,
1039 	},
1040 	{
1041 		SOCK_ADDR_TEST_CONNECT,
1042 		"connect_unix: attach prog with wrong attach type",
1043 		connect_unix_prog_load_raw,
1044 		connect_unix_prog_destroy_raw,
1045 		BPF_CGROUP_INET4_CONNECT,
1046 		&user_ops,
1047 		AF_UNIX,
1048 		SOCK_STREAM,
1049 		SERVUN_ADDRESS,
1050 		0,
1051 		SERVUN_REWRITE_ADDRESS,
1052 		0,
1053 		NULL,
1054 		ATTACH_REJECT,
1055 	},
1056 
1057 	/* connect - kernel calls */
1058 	{
1059 		SOCK_ADDR_TEST_CONNECT,
1060 		"connect4: kernel_connect (stream)",
1061 		connect_v4_prog_load,
1062 		connect_v4_prog_destroy,
1063 		BPF_CGROUP_INET4_CONNECT,
1064 		&kern_ops_sock_sendmsg,
1065 		AF_INET,
1066 		SOCK_STREAM,
1067 		SERV4_IP,
1068 		SERV4_PORT,
1069 		SERV4_REWRITE_IP,
1070 		SERV4_REWRITE_PORT,
1071 		SRC4_REWRITE_IP,
1072 		SUCCESS,
1073 	},
1074 	{
1075 		SOCK_ADDR_TEST_CONNECT,
1076 		"connect4: kernel_connect deny (stream)",
1077 		connect_v4_deny_prog_load,
1078 		connect_v4_deny_prog_destroy,
1079 		BPF_CGROUP_INET4_CONNECT,
1080 		&kern_ops_sock_sendmsg,
1081 		AF_INET,
1082 		SOCK_STREAM,
1083 		SERV4_IP,
1084 		SERV4_PORT,
1085 		SERV4_REWRITE_IP,
1086 		SERV4_REWRITE_PORT,
1087 		SRC4_REWRITE_IP,
1088 		SYSCALL_EPERM,
1089 	},
1090 	{
1091 		SOCK_ADDR_TEST_CONNECT,
1092 		"connect4: kernel_connect (dgram)",
1093 		connect_v4_prog_load,
1094 		connect_v4_prog_destroy,
1095 		BPF_CGROUP_INET4_CONNECT,
1096 		&kern_ops_sock_sendmsg,
1097 		AF_INET,
1098 		SOCK_DGRAM,
1099 		SERV4_IP,
1100 		SERV4_PORT,
1101 		SERV4_REWRITE_IP,
1102 		SERV4_REWRITE_PORT,
1103 		SRC4_REWRITE_IP,
1104 		SUCCESS,
1105 	},
1106 	{
1107 		SOCK_ADDR_TEST_CONNECT,
1108 		"connect4: kernel_connect deny (dgram)",
1109 		connect_v4_deny_prog_load,
1110 		connect_v4_deny_prog_destroy,
1111 		BPF_CGROUP_INET4_CONNECT,
1112 		&kern_ops_sock_sendmsg,
1113 		AF_INET,
1114 		SOCK_DGRAM,
1115 		SERV4_IP,
1116 		SERV4_PORT,
1117 		SERV4_REWRITE_IP,
1118 		SERV4_REWRITE_PORT,
1119 		SRC4_REWRITE_IP,
1120 		SYSCALL_EPERM,
1121 	},
1122 	{
1123 		SOCK_ADDR_TEST_CONNECT,
1124 		"connect6: kernel_connect (stream)",
1125 		connect_v6_prog_load,
1126 		connect_v6_prog_destroy,
1127 		BPF_CGROUP_INET6_CONNECT,
1128 		&kern_ops_sock_sendmsg,
1129 		AF_INET6,
1130 		SOCK_STREAM,
1131 		SERV6_IP,
1132 		SERV6_PORT,
1133 		SERV6_REWRITE_IP,
1134 		SERV6_REWRITE_PORT,
1135 		SRC6_REWRITE_IP,
1136 		SUCCESS,
1137 	},
1138 	{
1139 		SOCK_ADDR_TEST_CONNECT,
1140 		"connect6: kernel_connect deny (stream)",
1141 		connect_v6_deny_prog_load,
1142 		connect_v6_deny_prog_destroy,
1143 		BPF_CGROUP_INET6_CONNECT,
1144 		&kern_ops_sock_sendmsg,
1145 		AF_INET6,
1146 		SOCK_STREAM,
1147 		SERV6_IP,
1148 		SERV6_PORT,
1149 		SERV6_REWRITE_IP,
1150 		SERV6_REWRITE_PORT,
1151 		SRC6_REWRITE_IP,
1152 		SYSCALL_EPERM,
1153 	},
1154 	{
1155 		SOCK_ADDR_TEST_CONNECT,
1156 		"connect6: kernel_connect (dgram)",
1157 		connect_v6_prog_load,
1158 		connect_v6_prog_destroy,
1159 		BPF_CGROUP_INET6_CONNECT,
1160 		&kern_ops_sock_sendmsg,
1161 		AF_INET6,
1162 		SOCK_DGRAM,
1163 		SERV6_IP,
1164 		SERV6_PORT,
1165 		SERV6_REWRITE_IP,
1166 		SERV6_REWRITE_PORT,
1167 		SRC6_REWRITE_IP,
1168 		SUCCESS,
1169 	},
1170 	{
1171 		SOCK_ADDR_TEST_CONNECT,
1172 		"connect6: kernel_connect deny (dgram)",
1173 		connect_v6_deny_prog_load,
1174 		connect_v6_deny_prog_destroy,
1175 		BPF_CGROUP_INET6_CONNECT,
1176 		&kern_ops_sock_sendmsg,
1177 		AF_INET6,
1178 		SOCK_DGRAM,
1179 		SERV6_IP,
1180 		SERV6_PORT,
1181 		SERV6_REWRITE_IP,
1182 		SERV6_REWRITE_PORT,
1183 		SRC6_REWRITE_IP,
1184 		SYSCALL_EPERM,
1185 	},
1186 	{
1187 		SOCK_ADDR_TEST_CONNECT,
1188 		"connect_unix: kernel_connect (dgram)",
1189 		connect_unix_prog_load,
1190 		connect_unix_prog_destroy,
1191 		BPF_CGROUP_UNIX_CONNECT,
1192 		&kern_ops_sock_sendmsg,
1193 		AF_UNIX,
1194 		SOCK_STREAM,
1195 		SERVUN_ADDRESS,
1196 		0,
1197 		SERVUN_REWRITE_ADDRESS,
1198 		0,
1199 		NULL,
1200 		SUCCESS,
1201 	},
1202 	{
1203 		SOCK_ADDR_TEST_CONNECT,
1204 		"connect_unix: kernel_connect deny (dgram)",
1205 		connect_unix_deny_prog_load,
1206 		connect_unix_deny_prog_destroy,
1207 		BPF_CGROUP_UNIX_CONNECT,
1208 		&kern_ops_sock_sendmsg,
1209 		AF_UNIX,
1210 		SOCK_STREAM,
1211 		SERVUN_ADDRESS,
1212 		0,
1213 		SERVUN_REWRITE_ADDRESS,
1214 		0,
1215 		NULL,
1216 		SYSCALL_EPERM,
1217 	},
1218 
1219 	/* sendmsg - system calls */
1220 	{
1221 		SOCK_ADDR_TEST_SENDMSG,
1222 		"sendmsg4: sendmsg (dgram)",
1223 		sendmsg_v4_prog_load,
1224 		sendmsg_v4_prog_destroy,
1225 		BPF_CGROUP_UDP4_SENDMSG,
1226 		&user_ops,
1227 		AF_INET,
1228 		SOCK_DGRAM,
1229 		SERV4_IP,
1230 		SERV4_PORT,
1231 		SERV4_REWRITE_IP,
1232 		SERV4_REWRITE_PORT,
1233 		SRC4_REWRITE_IP,
1234 		SUCCESS,
1235 	},
1236 	{
1237 		SOCK_ADDR_TEST_SENDMSG,
1238 		"sendmsg4: sendmsg deny (dgram)",
1239 		sendmsg_v4_deny_prog_load,
1240 		sendmsg_v4_deny_prog_destroy,
1241 		BPF_CGROUP_UDP4_SENDMSG,
1242 		&user_ops,
1243 		AF_INET,
1244 		SOCK_DGRAM,
1245 		SERV4_IP,
1246 		SERV4_PORT,
1247 		SERV4_REWRITE_IP,
1248 		SERV4_REWRITE_PORT,
1249 		SRC4_REWRITE_IP,
1250 		SYSCALL_EPERM,
1251 	},
1252 	{
1253 		SOCK_ADDR_TEST_SENDMSG,
1254 		"sendmsg4: load prog with wrong expected attach type",
1255 		sendmsg_v4_prog_load,
1256 		sendmsg_v4_prog_destroy,
1257 		BPF_CGROUP_UDP6_SENDMSG,
1258 		&user_ops,
1259 		AF_INET,
1260 		SOCK_DGRAM,
1261 		NULL,
1262 		0,
1263 		NULL,
1264 		0,
1265 		NULL,
1266 		LOAD_REJECT,
1267 	},
1268 	{
1269 		SOCK_ADDR_TEST_SENDMSG,
1270 		"sendmsg4: attach prog with wrong attach type",
1271 		sendmsg_v4_prog_load_raw,
1272 		sendmsg_v4_prog_destroy_raw,
1273 		BPF_CGROUP_UDP6_SENDMSG,
1274 		&user_ops,
1275 		AF_INET,
1276 		SOCK_DGRAM,
1277 		NULL,
1278 		0,
1279 		NULL,
1280 		0,
1281 		NULL,
1282 		ATTACH_REJECT,
1283 	},
1284 	{
1285 		SOCK_ADDR_TEST_SENDMSG,
1286 		"sendmsg6: sendmsg (dgram)",
1287 		sendmsg_v6_prog_load,
1288 		sendmsg_v6_prog_destroy,
1289 		BPF_CGROUP_UDP6_SENDMSG,
1290 		&user_ops,
1291 		AF_INET6,
1292 		SOCK_DGRAM,
1293 		SERV6_IP,
1294 		SERV6_PORT,
1295 		SERV6_REWRITE_IP,
1296 		SERV6_REWRITE_PORT,
1297 		SRC6_REWRITE_IP,
1298 		SUCCESS,
1299 	},
1300 	{
1301 		SOCK_ADDR_TEST_SENDMSG,
1302 		"sendmsg6: sendmsg [::] (BSD'ism) (dgram)",
1303 		sendmsg_v6_preserve_dst_prog_load,
1304 		sendmsg_v6_preserve_dst_prog_destroy,
1305 		BPF_CGROUP_UDP6_SENDMSG,
1306 		&user_ops,
1307 		AF_INET6,
1308 		SOCK_DGRAM,
1309 		WILDCARD6_IP,
1310 		SERV6_PORT,
1311 		SERV6_REWRITE_IP,
1312 		SERV6_PORT,
1313 		SRC6_IP,
1314 		SUCCESS,
1315 	},
1316 	{
1317 		SOCK_ADDR_TEST_SENDMSG,
1318 		"sendmsg6: sendmsg deny (dgram)",
1319 		sendmsg_v6_deny_prog_load,
1320 		sendmsg_v6_deny_prog_destroy,
1321 		BPF_CGROUP_UDP6_SENDMSG,
1322 		&user_ops,
1323 		AF_INET6,
1324 		SOCK_DGRAM,
1325 		SERV6_IP,
1326 		SERV6_PORT,
1327 		SERV6_REWRITE_IP,
1328 		SERV6_REWRITE_PORT,
1329 		SRC6_REWRITE_IP,
1330 		SYSCALL_EPERM,
1331 	},
1332 	{
1333 		SOCK_ADDR_TEST_SENDMSG,
1334 		"sendmsg6: sendmsg IPv4-mapped IPv6 (dgram)",
1335 		sendmsg_v6_v4mapped_prog_load,
1336 		sendmsg_v6_v4mapped_prog_destroy,
1337 		BPF_CGROUP_UDP6_SENDMSG,
1338 		&user_ops,
1339 		AF_INET6,
1340 		SOCK_DGRAM,
1341 		SERV6_IP,
1342 		SERV6_PORT,
1343 		SERV6_REWRITE_IP,
1344 		SERV6_REWRITE_PORT,
1345 		SRC6_REWRITE_IP,
1346 		SYSCALL_ENOTSUPP,
1347 	},
1348 	{
1349 		SOCK_ADDR_TEST_SENDMSG,
1350 		"sendmsg6: sendmsg dst IP = [::] (BSD'ism) (dgram)",
1351 		sendmsg_v6_wildcard_prog_load,
1352 		sendmsg_v6_wildcard_prog_destroy,
1353 		BPF_CGROUP_UDP6_SENDMSG,
1354 		&user_ops,
1355 		AF_INET6,
1356 		SOCK_DGRAM,
1357 		SERV6_IP,
1358 		SERV6_PORT,
1359 		SERV6_REWRITE_IP,
1360 		SERV6_REWRITE_PORT,
1361 		SRC6_REWRITE_IP,
1362 		SUCCESS,
1363 	},
1364 	{
1365 		SOCK_ADDR_TEST_SENDMSG,
1366 		"sendmsg6: load prog with wrong expected attach type",
1367 		sendmsg_v6_prog_load,
1368 		sendmsg_v6_prog_destroy,
1369 		BPF_CGROUP_UDP4_SENDMSG,
1370 		&user_ops,
1371 		AF_INET6,
1372 		SOCK_DGRAM,
1373 		NULL,
1374 		0,
1375 		NULL,
1376 		0,
1377 		NULL,
1378 		LOAD_REJECT,
1379 	},
1380 	{
1381 		SOCK_ADDR_TEST_SENDMSG,
1382 		"sendmsg6: attach prog with wrong attach type",
1383 		sendmsg_v6_prog_load_raw,
1384 		sendmsg_v6_prog_destroy_raw,
1385 		BPF_CGROUP_UDP4_SENDMSG,
1386 		&user_ops,
1387 		AF_INET6,
1388 		SOCK_DGRAM,
1389 		NULL,
1390 		0,
1391 		NULL,
1392 		0,
1393 		NULL,
1394 		ATTACH_REJECT,
1395 	},
1396 	{
1397 		SOCK_ADDR_TEST_SENDMSG,
1398 		"sendmsg_unix: sendmsg (dgram)",
1399 		sendmsg_unix_prog_load,
1400 		sendmsg_unix_prog_destroy,
1401 		BPF_CGROUP_UNIX_SENDMSG,
1402 		&user_ops,
1403 		AF_UNIX,
1404 		SOCK_DGRAM,
1405 		SERVUN_ADDRESS,
1406 		0,
1407 		SERVUN_REWRITE_ADDRESS,
1408 		0,
1409 		NULL,
1410 		SUCCESS,
1411 	},
1412 	{
1413 		SOCK_ADDR_TEST_SENDMSG,
1414 		"sendmsg_unix: sendmsg deny (dgram)",
1415 		sendmsg_unix_deny_prog_load,
1416 		sendmsg_unix_deny_prog_destroy,
1417 		BPF_CGROUP_UNIX_SENDMSG,
1418 		&user_ops,
1419 		AF_UNIX,
1420 		SOCK_DGRAM,
1421 		SERVUN_ADDRESS,
1422 		0,
1423 		SERVUN_REWRITE_ADDRESS,
1424 		0,
1425 		NULL,
1426 		SYSCALL_EPERM,
1427 	},
1428 	{
1429 		SOCK_ADDR_TEST_SENDMSG,
1430 		"sendmsg_unix: attach prog with wrong attach type",
1431 		sendmsg_unix_prog_load_raw,
1432 		sendmsg_unix_prog_destroy_raw,
1433 		BPF_CGROUP_UDP4_SENDMSG,
1434 		&user_ops,
1435 		AF_UNIX,
1436 		SOCK_DGRAM,
1437 		SERVUN_ADDRESS,
1438 		0,
1439 		SERVUN_REWRITE_ADDRESS,
1440 		0,
1441 		NULL,
1442 		ATTACH_REJECT,
1443 	},
1444 
1445 	/* sendmsg - kernel calls (sock_sendmsg) */
1446 	{
1447 		SOCK_ADDR_TEST_SENDMSG,
1448 		"sendmsg4: sock_sendmsg (dgram)",
1449 		sendmsg_v4_prog_load,
1450 		sendmsg_v4_prog_destroy,
1451 		BPF_CGROUP_UDP4_SENDMSG,
1452 		&kern_ops_sock_sendmsg,
1453 		AF_INET,
1454 		SOCK_DGRAM,
1455 		SERV4_IP,
1456 		SERV4_PORT,
1457 		SERV4_REWRITE_IP,
1458 		SERV4_REWRITE_PORT,
1459 		SRC4_REWRITE_IP,
1460 		SUCCESS,
1461 	},
1462 	{
1463 		SOCK_ADDR_TEST_SENDMSG,
1464 		"sendmsg4: sock_sendmsg deny (dgram)",
1465 		sendmsg_v4_deny_prog_load,
1466 		sendmsg_v4_deny_prog_destroy,
1467 		BPF_CGROUP_UDP4_SENDMSG,
1468 		&kern_ops_sock_sendmsg,
1469 		AF_INET,
1470 		SOCK_DGRAM,
1471 		SERV4_IP,
1472 		SERV4_PORT,
1473 		SERV4_REWRITE_IP,
1474 		SERV4_REWRITE_PORT,
1475 		SRC4_REWRITE_IP,
1476 		SYSCALL_EPERM,
1477 	},
1478 	{
1479 		SOCK_ADDR_TEST_SENDMSG,
1480 		"sendmsg6: sock_sendmsg (dgram)",
1481 		sendmsg_v6_prog_load,
1482 		sendmsg_v6_prog_destroy,
1483 		BPF_CGROUP_UDP6_SENDMSG,
1484 		&kern_ops_sock_sendmsg,
1485 		AF_INET6,
1486 		SOCK_DGRAM,
1487 		SERV6_IP,
1488 		SERV6_PORT,
1489 		SERV6_REWRITE_IP,
1490 		SERV6_REWRITE_PORT,
1491 		SRC6_REWRITE_IP,
1492 		SUCCESS,
1493 	},
1494 	{
1495 		SOCK_ADDR_TEST_SENDMSG,
1496 		"sendmsg6: sock_sendmsg [::] (BSD'ism) (dgram)",
1497 		sendmsg_v6_preserve_dst_prog_load,
1498 		sendmsg_v6_preserve_dst_prog_destroy,
1499 		BPF_CGROUP_UDP6_SENDMSG,
1500 		&kern_ops_sock_sendmsg,
1501 		AF_INET6,
1502 		SOCK_DGRAM,
1503 		WILDCARD6_IP,
1504 		SERV6_PORT,
1505 		SERV6_REWRITE_IP,
1506 		SERV6_PORT,
1507 		SRC6_IP,
1508 		SUCCESS,
1509 	},
1510 	{
1511 		SOCK_ADDR_TEST_SENDMSG,
1512 		"sendmsg6: sock_sendmsg deny (dgram)",
1513 		sendmsg_v6_deny_prog_load,
1514 		sendmsg_v6_deny_prog_destroy,
1515 		BPF_CGROUP_UDP6_SENDMSG,
1516 		&kern_ops_sock_sendmsg,
1517 		AF_INET6,
1518 		SOCK_DGRAM,
1519 		SERV6_IP,
1520 		SERV6_PORT,
1521 		SERV6_REWRITE_IP,
1522 		SERV6_REWRITE_PORT,
1523 		SRC6_REWRITE_IP,
1524 		SYSCALL_EPERM,
1525 	},
1526 	{
1527 		SOCK_ADDR_TEST_SENDMSG,
1528 		"sendmsg_unix: sock_sendmsg (dgram)",
1529 		sendmsg_unix_prog_load,
1530 		sendmsg_unix_prog_destroy,
1531 		BPF_CGROUP_UNIX_SENDMSG,
1532 		&kern_ops_sock_sendmsg,
1533 		AF_UNIX,
1534 		SOCK_DGRAM,
1535 		SERVUN_ADDRESS,
1536 		0,
1537 		SERVUN_REWRITE_ADDRESS,
1538 		0,
1539 		NULL,
1540 		SUCCESS,
1541 	},
1542 	{
1543 		SOCK_ADDR_TEST_SENDMSG,
1544 		"sendmsg_unix: sock_sendmsg deny (dgram)",
1545 		sendmsg_unix_deny_prog_load,
1546 		sendmsg_unix_deny_prog_destroy,
1547 		BPF_CGROUP_UNIX_SENDMSG,
1548 		&kern_ops_sock_sendmsg,
1549 		AF_UNIX,
1550 		SOCK_DGRAM,
1551 		SERVUN_ADDRESS,
1552 		0,
1553 		SERVUN_REWRITE_ADDRESS,
1554 		0,
1555 		NULL,
1556 		SYSCALL_EPERM,
1557 	},
1558 
1559 	/* sendmsg - kernel calls (kernel_sendmsg) */
1560 	{
1561 		SOCK_ADDR_TEST_SENDMSG,
1562 		"sendmsg4: kernel_sendmsg (dgram)",
1563 		sendmsg_v4_prog_load,
1564 		sendmsg_v4_prog_destroy,
1565 		BPF_CGROUP_UDP4_SENDMSG,
1566 		&kern_ops_kernel_sendmsg,
1567 		AF_INET,
1568 		SOCK_DGRAM,
1569 		SERV4_IP,
1570 		SERV4_PORT,
1571 		SERV4_REWRITE_IP,
1572 		SERV4_REWRITE_PORT,
1573 		SRC4_REWRITE_IP,
1574 		SUCCESS,
1575 	},
1576 	{
1577 		SOCK_ADDR_TEST_SENDMSG,
1578 		"sendmsg4: kernel_sendmsg deny (dgram)",
1579 		sendmsg_v4_deny_prog_load,
1580 		sendmsg_v4_deny_prog_destroy,
1581 		BPF_CGROUP_UDP4_SENDMSG,
1582 		&kern_ops_kernel_sendmsg,
1583 		AF_INET,
1584 		SOCK_DGRAM,
1585 		SERV4_IP,
1586 		SERV4_PORT,
1587 		SERV4_REWRITE_IP,
1588 		SERV4_REWRITE_PORT,
1589 		SRC4_REWRITE_IP,
1590 		SYSCALL_EPERM,
1591 	},
1592 	{
1593 		SOCK_ADDR_TEST_SENDMSG,
1594 		"sendmsg6: kernel_sendmsg (dgram)",
1595 		sendmsg_v6_prog_load,
1596 		sendmsg_v6_prog_destroy,
1597 		BPF_CGROUP_UDP6_SENDMSG,
1598 		&kern_ops_kernel_sendmsg,
1599 		AF_INET6,
1600 		SOCK_DGRAM,
1601 		SERV6_IP,
1602 		SERV6_PORT,
1603 		SERV6_REWRITE_IP,
1604 		SERV6_REWRITE_PORT,
1605 		SRC6_REWRITE_IP,
1606 		SUCCESS,
1607 	},
1608 	{
1609 		SOCK_ADDR_TEST_SENDMSG,
1610 		"sendmsg6: kernel_sendmsg [::] (BSD'ism) (dgram)",
1611 		sendmsg_v6_preserve_dst_prog_load,
1612 		sendmsg_v6_preserve_dst_prog_destroy,
1613 		BPF_CGROUP_UDP6_SENDMSG,
1614 		&kern_ops_kernel_sendmsg,
1615 		AF_INET6,
1616 		SOCK_DGRAM,
1617 		WILDCARD6_IP,
1618 		SERV6_PORT,
1619 		SERV6_REWRITE_IP,
1620 		SERV6_PORT,
1621 		SRC6_IP,
1622 		SUCCESS,
1623 	},
1624 	{
1625 		SOCK_ADDR_TEST_SENDMSG,
1626 		"sendmsg6: kernel_sendmsg deny (dgram)",
1627 		sendmsg_v6_deny_prog_load,
1628 		sendmsg_v6_deny_prog_destroy,
1629 		BPF_CGROUP_UDP6_SENDMSG,
1630 		&kern_ops_kernel_sendmsg,
1631 		AF_INET6,
1632 		SOCK_DGRAM,
1633 		SERV6_IP,
1634 		SERV6_PORT,
1635 		SERV6_REWRITE_IP,
1636 		SERV6_REWRITE_PORT,
1637 		SRC6_REWRITE_IP,
1638 		SYSCALL_EPERM,
1639 	},
1640 	{
1641 		SOCK_ADDR_TEST_SENDMSG,
1642 		"sendmsg_unix: sock_sendmsg (dgram)",
1643 		sendmsg_unix_prog_load,
1644 		sendmsg_unix_prog_destroy,
1645 		BPF_CGROUP_UNIX_SENDMSG,
1646 		&kern_ops_kernel_sendmsg,
1647 		AF_UNIX,
1648 		SOCK_DGRAM,
1649 		SERVUN_ADDRESS,
1650 		0,
1651 		SERVUN_REWRITE_ADDRESS,
1652 		0,
1653 		NULL,
1654 		SUCCESS,
1655 	},
1656 	{
1657 		SOCK_ADDR_TEST_SENDMSG,
1658 		"sendmsg_unix: kernel_sendmsg deny (dgram)",
1659 		sendmsg_unix_deny_prog_load,
1660 		sendmsg_unix_deny_prog_destroy,
1661 		BPF_CGROUP_UNIX_SENDMSG,
1662 		&kern_ops_kernel_sendmsg,
1663 		AF_UNIX,
1664 		SOCK_DGRAM,
1665 		SERVUN_ADDRESS,
1666 		0,
1667 		SERVUN_REWRITE_ADDRESS,
1668 		0,
1669 		NULL,
1670 		SYSCALL_EPERM,
1671 	},
1672 
1673 	/* recvmsg - system calls */
1674 	{
1675 		SOCK_ADDR_TEST_RECVMSG,
1676 		"recvmsg4: recvfrom (dgram)",
1677 		recvmsg4_prog_load,
1678 		recvmsg4_prog_destroy,
1679 		BPF_CGROUP_UDP4_RECVMSG,
1680 		&user_ops,
1681 		AF_INET,
1682 		SOCK_DGRAM,
1683 		SERV4_REWRITE_IP,
1684 		SERV4_REWRITE_PORT,
1685 		SERV4_REWRITE_IP,
1686 		SERV4_REWRITE_PORT,
1687 		SERV4_IP,
1688 		SUCCESS,
1689 	},
1690 	{
1691 		SOCK_ADDR_TEST_RECVMSG,
1692 		"recvmsg4: attach prog with wrong attach type",
1693 		recvmsg4_prog_load_raw,
1694 		recvmsg4_prog_destroy_raw,
1695 		BPF_CGROUP_UDP6_RECVMSG,
1696 		&user_ops,
1697 		AF_INET,
1698 		SOCK_DGRAM,
1699 		SERV4_REWRITE_IP,
1700 		SERV4_REWRITE_PORT,
1701 		SERV4_REWRITE_IP,
1702 		SERV4_REWRITE_PORT,
1703 		SERV4_IP,
1704 		ATTACH_REJECT,
1705 	},
1706 	{
1707 		SOCK_ADDR_TEST_RECVMSG,
1708 		"recvmsg6: recvfrom (dgram)",
1709 		recvmsg6_prog_load,
1710 		recvmsg6_prog_destroy,
1711 		BPF_CGROUP_UDP6_RECVMSG,
1712 		&user_ops,
1713 		AF_INET6,
1714 		SOCK_DGRAM,
1715 		SERV6_REWRITE_IP,
1716 		SERV6_REWRITE_PORT,
1717 		SERV6_REWRITE_IP,
1718 		SERV6_REWRITE_PORT,
1719 		SERV6_IP,
1720 		SUCCESS,
1721 	},
1722 	{
1723 		SOCK_ADDR_TEST_RECVMSG,
1724 		"recvmsg6: attach prog with wrong attach type",
1725 		recvmsg6_prog_load_raw,
1726 		recvmsg6_prog_destroy_raw,
1727 		BPF_CGROUP_UDP4_RECVMSG,
1728 		&user_ops,
1729 		AF_INET6,
1730 		SOCK_DGRAM,
1731 		SERV6_REWRITE_IP,
1732 		SERV6_REWRITE_PORT,
1733 		SERV6_REWRITE_IP,
1734 		SERV6_REWRITE_PORT,
1735 		SERV6_IP,
1736 		ATTACH_REJECT,
1737 	},
1738 	{
1739 		SOCK_ADDR_TEST_RECVMSG,
1740 		"recvmsg_unix: recvfrom (dgram)",
1741 		recvmsg_unix_prog_load,
1742 		recvmsg_unix_prog_destroy,
1743 		BPF_CGROUP_UNIX_RECVMSG,
1744 		&user_ops,
1745 		AF_UNIX,
1746 		SOCK_DGRAM,
1747 		SERVUN_REWRITE_ADDRESS,
1748 		0,
1749 		SERVUN_REWRITE_ADDRESS,
1750 		0,
1751 		SERVUN_ADDRESS,
1752 		SUCCESS,
1753 	},
1754 	{
1755 		SOCK_ADDR_TEST_RECVMSG,
1756 		"recvmsg_unix: recvfrom (stream)",
1757 		recvmsg_unix_prog_load,
1758 		recvmsg_unix_prog_destroy,
1759 		BPF_CGROUP_UNIX_RECVMSG,
1760 		&user_ops,
1761 		AF_UNIX,
1762 		SOCK_STREAM,
1763 		SERVUN_REWRITE_ADDRESS,
1764 		0,
1765 		SERVUN_REWRITE_ADDRESS,
1766 		0,
1767 		SERVUN_ADDRESS,
1768 		SUCCESS,
1769 	},
1770 	{
1771 		SOCK_ADDR_TEST_RECVMSG,
1772 		"recvmsg_unix: attach prog with wrong attach type",
1773 		recvmsg_unix_prog_load_raw,
1774 		recvmsg_unix_prog_destroy_raw,
1775 		BPF_CGROUP_UDP4_RECVMSG,
1776 		&user_ops,
1777 		AF_INET6,
1778 		SOCK_STREAM,
1779 		SERVUN_REWRITE_ADDRESS,
1780 		0,
1781 		SERVUN_REWRITE_ADDRESS,
1782 		0,
1783 		SERVUN_ADDRESS,
1784 		ATTACH_REJECT,
1785 	},
1786 
1787 	/* getsockname - system calls */
1788 	{
1789 		SOCK_ADDR_TEST_GETSOCKNAME,
1790 		"getsockname4: getsockname (stream)",
1791 		getsockname_v4_prog_load,
1792 		getsockname_v4_prog_destroy,
1793 		BPF_CGROUP_INET4_GETSOCKNAME,
1794 		&user_ops,
1795 		AF_INET,
1796 		SOCK_STREAM,
1797 		SERV4_REWRITE_IP,
1798 		SERV4_REWRITE_PORT,
1799 		SERV4_IP,
1800 		SERV4_PORT,
1801 		NULL,
1802 		SUCCESS,
1803 	},
1804 	{
1805 		SOCK_ADDR_TEST_GETSOCKNAME,
1806 		"getsockname4: getsockname (dgram)",
1807 		getsockname_v4_prog_load,
1808 		getsockname_v4_prog_destroy,
1809 		BPF_CGROUP_INET4_GETSOCKNAME,
1810 		&user_ops,
1811 		AF_INET,
1812 		SOCK_DGRAM,
1813 		SERV4_REWRITE_IP,
1814 		SERV4_REWRITE_PORT,
1815 		SERV4_IP,
1816 		SERV4_PORT,
1817 		NULL,
1818 		SUCCESS,
1819 	},
1820 	{
1821 		SOCK_ADDR_TEST_GETSOCKNAME,
1822 		"getsockname4: attach prog with wrong attach type",
1823 		getsockname_v4_prog_load_raw,
1824 		getsockname_v4_prog_destroy_raw,
1825 		BPF_CGROUP_INET6_GETSOCKNAME,
1826 		&user_ops,
1827 		AF_INET,
1828 		SOCK_DGRAM,
1829 		SERV4_REWRITE_IP,
1830 		SERV4_REWRITE_PORT,
1831 		SERV4_IP,
1832 		SERV4_PORT,
1833 		NULL,
1834 		ATTACH_REJECT,
1835 	},
1836 	{
1837 		SOCK_ADDR_TEST_GETSOCKNAME,
1838 		"getsockname6: getsockname (stream)",
1839 		getsockname_v6_prog_load,
1840 		getsockname_v6_prog_destroy,
1841 		BPF_CGROUP_INET6_GETSOCKNAME,
1842 		&user_ops,
1843 		AF_INET6,
1844 		SOCK_STREAM,
1845 		SERV6_REWRITE_IP,
1846 		SERV6_REWRITE_PORT,
1847 		SERV6_IP,
1848 		SERV6_PORT,
1849 		NULL,
1850 		SUCCESS,
1851 	},
1852 	{
1853 		SOCK_ADDR_TEST_GETSOCKNAME,
1854 		"getsockname6: getsockname (dgram)",
1855 		getsockname_v6_prog_load,
1856 		getsockname_v6_prog_destroy,
1857 		BPF_CGROUP_INET6_GETSOCKNAME,
1858 		&user_ops,
1859 		AF_INET6,
1860 		SOCK_DGRAM,
1861 		SERV6_REWRITE_IP,
1862 		SERV6_REWRITE_PORT,
1863 		SERV6_IP,
1864 		SERV6_PORT,
1865 		NULL,
1866 		SUCCESS,
1867 	},
1868 	{
1869 		SOCK_ADDR_TEST_GETSOCKNAME,
1870 		"getsockname6: attach prog with wrong attach type",
1871 		getsockname_v6_prog_load_raw,
1872 		getsockname_v6_prog_destroy_raw,
1873 		BPF_CGROUP_INET4_GETSOCKNAME,
1874 		&user_ops,
1875 		AF_INET6,
1876 		SOCK_DGRAM,
1877 		SERV6_REWRITE_IP,
1878 		SERV6_REWRITE_PORT,
1879 		SERV6_IP,
1880 		SERV6_PORT,
1881 		NULL,
1882 		ATTACH_REJECT,
1883 	},
1884 	{
1885 		SOCK_ADDR_TEST_GETSOCKNAME,
1886 		"getsockname_unix: getsockname",
1887 		getsockname_unix_prog_load,
1888 		getsockname_unix_prog_destroy,
1889 		BPF_CGROUP_UNIX_GETSOCKNAME,
1890 		&user_ops,
1891 		AF_UNIX,
1892 		SOCK_STREAM,
1893 		SERVUN_ADDRESS,
1894 		0,
1895 		SERVUN_REWRITE_ADDRESS,
1896 		0,
1897 		NULL,
1898 		SUCCESS,
1899 	},
1900 	{
1901 		SOCK_ADDR_TEST_GETSOCKNAME,
1902 		"getsockname_unix: attach prog with wrong attach type",
1903 		getsockname_unix_prog_load_raw,
1904 		getsockname_unix_prog_destroy_raw,
1905 		BPF_CGROUP_INET4_GETSOCKNAME,
1906 		&user_ops,
1907 		AF_UNIX,
1908 		SOCK_STREAM,
1909 		SERVUN_ADDRESS,
1910 		0,
1911 		SERVUN_REWRITE_ADDRESS,
1912 		0,
1913 		NULL,
1914 		ATTACH_REJECT,
1915 	},
1916 
1917 	/* getsockname - kernel calls */
1918 	{
1919 		SOCK_ADDR_TEST_GETSOCKNAME,
1920 		"getsockname4: kernel_getsockname (stream)",
1921 		getsockname_v4_prog_load,
1922 		getsockname_v4_prog_destroy,
1923 		BPF_CGROUP_INET4_GETSOCKNAME,
1924 		&kern_ops_kernel_sendmsg,
1925 		AF_INET,
1926 		SOCK_STREAM,
1927 		SERV4_REWRITE_IP,
1928 		SERV4_REWRITE_PORT,
1929 		SERV4_IP,
1930 		SERV4_PORT,
1931 		NULL,
1932 		SUCCESS,
1933 	},
1934 	{
1935 		SOCK_ADDR_TEST_GETSOCKNAME,
1936 		"getsockname4: kernel_getsockname (dgram)",
1937 		getsockname_v4_prog_load,
1938 		getsockname_v4_prog_destroy,
1939 		BPF_CGROUP_INET4_GETSOCKNAME,
1940 		&kern_ops_kernel_sendmsg,
1941 		AF_INET,
1942 		SOCK_DGRAM,
1943 		SERV4_REWRITE_IP,
1944 		SERV4_REWRITE_PORT,
1945 		SERV4_IP,
1946 		SERV4_PORT,
1947 		NULL,
1948 		SUCCESS,
1949 	},
1950 	{
1951 		SOCK_ADDR_TEST_GETSOCKNAME,
1952 		"getsockname6: kernel_getsockname (stream)",
1953 		getsockname_v6_prog_load,
1954 		getsockname_v6_prog_destroy,
1955 		BPF_CGROUP_INET6_GETSOCKNAME,
1956 		&kern_ops_kernel_sendmsg,
1957 		AF_INET6,
1958 		SOCK_STREAM,
1959 		SERV6_REWRITE_IP,
1960 		SERV6_REWRITE_PORT,
1961 		SERV6_IP,
1962 		SERV6_PORT,
1963 		NULL,
1964 		SUCCESS,
1965 	},
1966 	{
1967 		SOCK_ADDR_TEST_GETSOCKNAME,
1968 		"getsockname6: kernel_getsockname (dgram)",
1969 		getsockname_v6_prog_load,
1970 		getsockname_v6_prog_destroy,
1971 		BPF_CGROUP_INET6_GETSOCKNAME,
1972 		&kern_ops_kernel_sendmsg,
1973 		AF_INET6,
1974 		SOCK_DGRAM,
1975 		SERV6_REWRITE_IP,
1976 		SERV6_REWRITE_PORT,
1977 		SERV6_IP,
1978 		SERV6_PORT,
1979 		NULL,
1980 		SUCCESS,
1981 	},
1982 	{
1983 		SOCK_ADDR_TEST_GETSOCKNAME,
1984 		"getsockname_unix: kernel_getsockname",
1985 		getsockname_unix_prog_load,
1986 		getsockname_unix_prog_destroy,
1987 		BPF_CGROUP_UNIX_GETSOCKNAME,
1988 		&kern_ops_kernel_sendmsg,
1989 		AF_UNIX,
1990 		SOCK_STREAM,
1991 		SERVUN_ADDRESS,
1992 		0,
1993 		SERVUN_REWRITE_ADDRESS,
1994 		0,
1995 		NULL,
1996 		SUCCESS,
1997 	},
1998 
1999 	/* getpeername - system calls */
2000 	{
2001 		SOCK_ADDR_TEST_GETPEERNAME,
2002 		"getpeername4: getpeername (stream)",
2003 		getpeername_v4_prog_load,
2004 		getpeername_v4_prog_destroy,
2005 		BPF_CGROUP_INET4_GETPEERNAME,
2006 		&user_ops,
2007 		AF_INET,
2008 		SOCK_STREAM,
2009 		SERV4_REWRITE_IP,
2010 		SERV4_REWRITE_PORT,
2011 		SERV4_IP,
2012 		SERV4_PORT,
2013 		NULL,
2014 		SUCCESS,
2015 	},
2016 	{
2017 		SOCK_ADDR_TEST_GETPEERNAME,
2018 		"getpeername4: getpeername (dgram)",
2019 		getpeername_v4_prog_load,
2020 		getpeername_v4_prog_destroy,
2021 		BPF_CGROUP_INET4_GETPEERNAME,
2022 		&user_ops,
2023 		AF_INET,
2024 		SOCK_DGRAM,
2025 		SERV4_REWRITE_IP,
2026 		SERV4_REWRITE_PORT,
2027 		SERV4_IP,
2028 		SERV4_PORT,
2029 		NULL,
2030 		SUCCESS,
2031 	},
2032 	{
2033 		SOCK_ADDR_TEST_GETPEERNAME,
2034 		"getpeername4: attach prog with wrong attach type",
2035 		getpeername_v4_prog_load_raw,
2036 		getpeername_v4_prog_destroy_raw,
2037 		BPF_CGROUP_INET6_GETSOCKNAME,
2038 		&user_ops,
2039 		AF_UNIX,
2040 		SOCK_DGRAM,
2041 		SERV4_REWRITE_IP,
2042 		SERV4_REWRITE_PORT,
2043 		SERV4_IP,
2044 		SERV4_PORT,
2045 		NULL,
2046 		ATTACH_REJECT,
2047 	},
2048 	{
2049 		SOCK_ADDR_TEST_GETPEERNAME,
2050 		"getpeername6: getpeername (stream)",
2051 		getpeername_v6_prog_load,
2052 		getpeername_v6_prog_destroy,
2053 		BPF_CGROUP_INET6_GETPEERNAME,
2054 		&user_ops,
2055 		AF_INET6,
2056 		SOCK_STREAM,
2057 		SERV6_REWRITE_IP,
2058 		SERV6_REWRITE_PORT,
2059 		SERV6_IP,
2060 		SERV6_PORT,
2061 		NULL,
2062 		SUCCESS,
2063 	},
2064 	{
2065 		SOCK_ADDR_TEST_GETPEERNAME,
2066 		"getpeername6: getpeername (dgram)",
2067 		getpeername_v6_prog_load,
2068 		getpeername_v6_prog_destroy,
2069 		BPF_CGROUP_INET6_GETPEERNAME,
2070 		&user_ops,
2071 		AF_INET6,
2072 		SOCK_DGRAM,
2073 		SERV6_REWRITE_IP,
2074 		SERV6_REWRITE_PORT,
2075 		SERV6_IP,
2076 		SERV6_PORT,
2077 		NULL,
2078 		SUCCESS,
2079 	},
2080 	{
2081 		SOCK_ADDR_TEST_GETPEERNAME,
2082 		"getpeername6: attach prog with wrong attach type",
2083 		getpeername_v6_prog_load_raw,
2084 		getpeername_v6_prog_destroy_raw,
2085 		BPF_CGROUP_INET4_GETSOCKNAME,
2086 		&user_ops,
2087 		AF_INET6,
2088 		SOCK_DGRAM,
2089 		SERV6_REWRITE_IP,
2090 		SERV6_REWRITE_PORT,
2091 		SERV6_IP,
2092 		SERV6_PORT,
2093 		NULL,
2094 		ATTACH_REJECT,
2095 	},
2096 	{
2097 		SOCK_ADDR_TEST_GETPEERNAME,
2098 		"getpeername_unix: getpeername",
2099 		getpeername_unix_prog_load,
2100 		getpeername_unix_prog_destroy,
2101 		BPF_CGROUP_UNIX_GETPEERNAME,
2102 		&user_ops,
2103 		AF_UNIX,
2104 		SOCK_STREAM,
2105 		SERVUN_ADDRESS,
2106 		0,
2107 		SERVUN_REWRITE_ADDRESS,
2108 		0,
2109 		NULL,
2110 		SUCCESS,
2111 	},
2112 	{
2113 		SOCK_ADDR_TEST_GETPEERNAME,
2114 		"getpeername_unix: attach prog with wrong attach type",
2115 		getpeername_unix_prog_load_raw,
2116 		getpeername_unix_prog_destroy_raw,
2117 		BPF_CGROUP_INET4_GETSOCKNAME,
2118 		&user_ops,
2119 		AF_UNIX,
2120 		SOCK_STREAM,
2121 		SERVUN_ADDRESS,
2122 		0,
2123 		SERVUN_REWRITE_ADDRESS,
2124 		0,
2125 		NULL,
2126 		ATTACH_REJECT,
2127 	},
2128 
2129 	/* getpeername - kernel calls */
2130 	{
2131 		SOCK_ADDR_TEST_GETPEERNAME,
2132 		"getpeername4: kernel_getpeername (stream)",
2133 		getpeername_v4_prog_load,
2134 		getpeername_v4_prog_destroy,
2135 		BPF_CGROUP_INET4_GETPEERNAME,
2136 		&kern_ops_kernel_sendmsg,
2137 		AF_INET,
2138 		SOCK_STREAM,
2139 		SERV4_REWRITE_IP,
2140 		SERV4_REWRITE_PORT,
2141 		SERV4_IP,
2142 		SERV4_PORT,
2143 		NULL,
2144 		SUCCESS,
2145 	},
2146 	{
2147 		SOCK_ADDR_TEST_GETPEERNAME,
2148 		"getpeername4: kernel_getpeername (dgram)",
2149 		getpeername_v4_prog_load,
2150 		getpeername_v4_prog_destroy,
2151 		BPF_CGROUP_INET4_GETPEERNAME,
2152 		&kern_ops_kernel_sendmsg,
2153 		AF_INET,
2154 		SOCK_DGRAM,
2155 		SERV4_REWRITE_IP,
2156 		SERV4_REWRITE_PORT,
2157 		SERV4_IP,
2158 		SERV4_PORT,
2159 		NULL,
2160 		SUCCESS,
2161 	},
2162 	{
2163 		SOCK_ADDR_TEST_GETPEERNAME,
2164 		"getpeername6: kernel_getpeername (stream)",
2165 		getpeername_v6_prog_load,
2166 		getpeername_v6_prog_destroy,
2167 		BPF_CGROUP_INET6_GETPEERNAME,
2168 		&kern_ops_kernel_sendmsg,
2169 		AF_INET6,
2170 		SOCK_STREAM,
2171 		SERV6_REWRITE_IP,
2172 		SERV6_REWRITE_PORT,
2173 		SERV6_IP,
2174 		SERV6_PORT,
2175 		NULL,
2176 		SUCCESS,
2177 	},
2178 	{
2179 		SOCK_ADDR_TEST_GETPEERNAME,
2180 		"getpeername6: kernel_getpeername (dgram)",
2181 		getpeername_v6_prog_load,
2182 		getpeername_v6_prog_destroy,
2183 		BPF_CGROUP_INET6_GETPEERNAME,
2184 		&kern_ops_kernel_sendmsg,
2185 		AF_INET6,
2186 		SOCK_DGRAM,
2187 		SERV6_REWRITE_IP,
2188 		SERV6_REWRITE_PORT,
2189 		SERV6_IP,
2190 		SERV6_PORT,
2191 		NULL,
2192 		SUCCESS,
2193 	},
2194 	{
2195 		SOCK_ADDR_TEST_GETPEERNAME,
2196 		"getpeername_unix: kernel_getpeername",
2197 		getpeername_unix_prog_load,
2198 		getpeername_unix_prog_destroy,
2199 		BPF_CGROUP_UNIX_GETPEERNAME,
2200 		&kern_ops_kernel_sendmsg,
2201 		AF_UNIX,
2202 		SOCK_STREAM,
2203 		SERVUN_ADDRESS,
2204 		0,
2205 		SERVUN_REWRITE_ADDRESS,
2206 		0,
2207 		NULL,
2208 		SUCCESS,
2209 	},
2210 };
2211 
2212 typedef int (*info_fn)(int, struct sockaddr *, socklen_t *);
2213 
cmp_addr(const struct sockaddr_storage * addr1,socklen_t addr1_len,const struct sockaddr_storage * addr2,socklen_t addr2_len,bool cmp_port)2214 static int cmp_addr(const struct sockaddr_storage *addr1, socklen_t addr1_len,
2215 		    const struct sockaddr_storage *addr2, socklen_t addr2_len,
2216 		    bool cmp_port)
2217 {
2218 	const struct sockaddr_in *four1, *four2;
2219 	const struct sockaddr_in6 *six1, *six2;
2220 	const struct sockaddr_un *un1, *un2;
2221 
2222 	if (addr1->ss_family != addr2->ss_family)
2223 		return -1;
2224 
2225 	if (addr1_len != addr2_len)
2226 		return -1;
2227 
2228 	if (addr1->ss_family == AF_INET) {
2229 		four1 = (const struct sockaddr_in *)addr1;
2230 		four2 = (const struct sockaddr_in *)addr2;
2231 		return !((four1->sin_port == four2->sin_port || !cmp_port) &&
2232 			 four1->sin_addr.s_addr == four2->sin_addr.s_addr);
2233 	} else if (addr1->ss_family == AF_INET6) {
2234 		six1 = (const struct sockaddr_in6 *)addr1;
2235 		six2 = (const struct sockaddr_in6 *)addr2;
2236 		return !((six1->sin6_port == six2->sin6_port || !cmp_port) &&
2237 			 !memcmp(&six1->sin6_addr, &six2->sin6_addr,
2238 				 sizeof(struct in6_addr)));
2239 	} else if (addr1->ss_family == AF_UNIX) {
2240 		un1 = (const struct sockaddr_un *)addr1;
2241 		un2 = (const struct sockaddr_un *)addr2;
2242 		return memcmp(un1, un2, addr1_len);
2243 	}
2244 
2245 	return -1;
2246 }
2247 
cmp_sock_addr(info_fn fn,int sock1,const struct sockaddr_storage * addr2,socklen_t addr2_len,bool cmp_port)2248 static int cmp_sock_addr(info_fn fn, int sock1,
2249 			 const struct sockaddr_storage *addr2,
2250 			 socklen_t addr2_len, bool cmp_port)
2251 {
2252 	struct sockaddr_storage addr1;
2253 	socklen_t len1 = sizeof(addr1);
2254 
2255 	memset(&addr1, 0, len1);
2256 	if (fn(sock1, (struct sockaddr *)&addr1, (socklen_t *)&len1) != 0)
2257 		return -1;
2258 
2259 	return cmp_addr(&addr1, len1, addr2, addr2_len, cmp_port);
2260 }
2261 
load_sock_addr_kern(void)2262 static int load_sock_addr_kern(void)
2263 {
2264 	int err;
2265 
2266 	skel = sock_addr_kern__open_and_load();
2267 	if (!ASSERT_OK_PTR(skel, "skel"))
2268 		goto err;
2269 
2270 	err = 0;
2271 	goto out;
2272 err:
2273 	err = -1;
2274 out:
2275 	return err;
2276 }
2277 
unload_sock_addr_kern(void)2278 static void unload_sock_addr_kern(void)
2279 {
2280 	sock_addr_kern__destroy(skel);
2281 }
2282 
test_bind(struct sock_addr_test * test)2283 static int test_bind(struct sock_addr_test *test)
2284 {
2285 	struct sockaddr_storage expected_addr;
2286 	socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
2287 	int serv = -1, client = -1, err;
2288 
2289 	serv = test->ops->start_server(test->socket_family, test->socket_type,
2290 				       test->requested_addr,
2291 				       test->requested_port, 0);
2292 	if (serv < 0) {
2293 		err = errno;
2294 		goto err;
2295 	}
2296 
2297 	err = make_sockaddr(test->socket_family,
2298 			    test->expected_addr, test->expected_port,
2299 			    &expected_addr, &expected_addr_len);
2300 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2301 		goto cleanup;
2302 
2303 	err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr,
2304 			    expected_addr_len, true);
2305 	if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2306 		goto cleanup;
2307 
2308 	/* Try to connect to server just in case */
2309 	client = connect_to_addr(test->socket_type, &expected_addr, expected_addr_len, NULL);
2310 	if (!ASSERT_GE(client, 0, "connect_to_addr"))
2311 		goto cleanup;
2312 
2313 cleanup:
2314 	err = 0;
2315 err:
2316 	if (client != -1)
2317 		close(client);
2318 	if (serv != -1)
2319 		test->ops->close(serv);
2320 
2321 	return err;
2322 }
2323 
test_connect(struct sock_addr_test * test)2324 static int test_connect(struct sock_addr_test *test)
2325 {
2326 	struct sockaddr_storage addr, expected_addr, expected_src_addr;
2327 	socklen_t addr_len = sizeof(struct sockaddr_storage),
2328 		  expected_addr_len = sizeof(struct sockaddr_storage),
2329 		  expected_src_addr_len = sizeof(struct sockaddr_storage);
2330 	int serv = -1, client = -1, err;
2331 
2332 	serv = start_server(test->socket_family, test->socket_type,
2333 			    test->expected_addr, test->expected_port, 0);
2334 	if (!ASSERT_GE(serv, 0, "start_server"))
2335 		goto cleanup;
2336 
2337 	err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2338 			    &addr, &addr_len);
2339 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2340 		goto cleanup;
2341 
2342 	client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
2343 					    NULL);
2344 	if (client < 0) {
2345 		err = errno;
2346 		goto err;
2347 	}
2348 
2349 	err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
2350 			    &expected_addr, &expected_addr_len);
2351 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2352 		goto cleanup;
2353 
2354 	if (test->expected_src_addr) {
2355 		err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
2356 				    &expected_src_addr, &expected_src_addr_len);
2357 		if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2358 			goto cleanup;
2359 	}
2360 
2361 	err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
2362 			    expected_addr_len, true);
2363 	if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
2364 		goto cleanup;
2365 
2366 	if (test->expected_src_addr) {
2367 		err = cmp_sock_addr(test->ops->getsockname, client,
2368 				    &expected_src_addr, expected_src_addr_len,
2369 				    false);
2370 		if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2371 			goto cleanup;
2372 	}
2373 cleanup:
2374 	err = 0;
2375 err:
2376 	if (client != -1)
2377 		test->ops->close(client);
2378 	if (serv != -1)
2379 		close(serv);
2380 
2381 	return err;
2382 }
2383 
test_xmsg(struct sock_addr_test * test)2384 static int test_xmsg(struct sock_addr_test *test)
2385 {
2386 	struct sockaddr_storage addr, src_addr;
2387 	socklen_t addr_len = sizeof(struct sockaddr_storage),
2388 		  src_addr_len = sizeof(struct sockaddr_storage);
2389 	char data = 'a';
2390 	int serv = -1, client = -1, err;
2391 
2392 	/* Unlike the other tests, here we test that we can rewrite the src addr
2393 	 * with a recvmsg() hook.
2394 	 */
2395 
2396 	serv = start_server(test->socket_family, test->socket_type,
2397 			    test->expected_addr, test->expected_port, 0);
2398 	if (!ASSERT_GE(serv, 0, "start_server"))
2399 		goto cleanup;
2400 
2401 	client = test->ops->socket(test->socket_family, test->socket_type, 0);
2402 	if (!ASSERT_GE(client, 0, "socket"))
2403 		goto cleanup;
2404 
2405 	/* AF_UNIX sockets have to be bound to something to trigger the recvmsg bpf program. */
2406 	if (test->socket_family == AF_UNIX) {
2407 		err = make_sockaddr(AF_UNIX, SRCUN_ADDRESS, 0, &src_addr, &src_addr_len);
2408 		if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2409 			goto cleanup;
2410 
2411 		err = test->ops->bind(client, (struct sockaddr *)&src_addr,
2412 				      src_addr_len);
2413 		if (!ASSERT_OK(err, "bind"))
2414 			goto cleanup;
2415 	}
2416 
2417 	err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2418 			    &addr, &addr_len);
2419 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2420 		goto cleanup;
2421 
2422 	if (test->socket_type == SOCK_DGRAM) {
2423 		err = test->ops->sendmsg(client, (struct sockaddr *)&addr,
2424 					 addr_len, &data, sizeof(data));
2425 		if (err < 0) {
2426 			err = errno;
2427 			goto err;
2428 		}
2429 
2430 		if (!ASSERT_EQ(err, sizeof(data), "sendmsg"))
2431 			goto cleanup;
2432 	} else {
2433 		/* Testing with connection-oriented sockets is only valid for
2434 		 * recvmsg() tests.
2435 		 */
2436 		if (!ASSERT_EQ(test->type, SOCK_ADDR_TEST_RECVMSG, "recvmsg"))
2437 			goto cleanup;
2438 
2439 		err = connect(client, (const struct sockaddr *)&addr, addr_len);
2440 		if (!ASSERT_OK(err, "connect"))
2441 			goto cleanup;
2442 
2443 		err = send(client, &data, sizeof(data), 0);
2444 		if (!ASSERT_EQ(err, sizeof(data), "send"))
2445 			goto cleanup;
2446 
2447 		err = listen(serv, 0);
2448 		if (!ASSERT_OK(err, "listen"))
2449 			goto cleanup;
2450 
2451 		err = accept(serv, NULL, NULL);
2452 		if (!ASSERT_GE(err, 0, "accept"))
2453 			goto cleanup;
2454 
2455 		close(serv);
2456 		serv = err;
2457 	}
2458 
2459 	addr_len = src_addr_len = sizeof(struct sockaddr_storage);
2460 
2461 	err = recvfrom(serv, &data, sizeof(data), 0, (struct sockaddr *) &src_addr, &src_addr_len);
2462 	if (!ASSERT_EQ(err, sizeof(data), "recvfrom"))
2463 		goto cleanup;
2464 
2465 	ASSERT_EQ(data, 'a', "data mismatch");
2466 
2467 	if (test->expected_src_addr) {
2468 		err = make_sockaddr(test->socket_family, test->expected_src_addr, 0,
2469 				    &addr, &addr_len);
2470 		if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2471 			goto cleanup;
2472 
2473 		err = cmp_addr(&src_addr, src_addr_len, &addr, addr_len, false);
2474 		if (!ASSERT_EQ(err, 0, "cmp_addr"))
2475 			goto cleanup;
2476 	}
2477 
2478 cleanup:
2479 	err = 0;
2480 err:
2481 	if (client != -1)
2482 		test->ops->close(client);
2483 	if (serv != -1)
2484 		close(serv);
2485 
2486 	return err;
2487 }
2488 
test_getsockname(struct sock_addr_test * test)2489 static int test_getsockname(struct sock_addr_test *test)
2490 {
2491 	struct sockaddr_storage expected_addr;
2492 	socklen_t expected_addr_len = sizeof(struct sockaddr_storage);
2493 	int serv = -1, err;
2494 
2495 	serv = test->ops->start_server(test->socket_family, test->socket_type,
2496 			    test->requested_addr, test->requested_port, 0);
2497 	if (!ASSERT_GE(serv, 0, "start_server"))
2498 		goto cleanup;
2499 
2500 	err = make_sockaddr(test->socket_family,
2501 			    test->expected_addr, test->expected_port,
2502 			    &expected_addr, &expected_addr_len);
2503 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2504 		goto cleanup;
2505 
2506 	err = cmp_sock_addr(test->ops->getsockname, serv, &expected_addr, expected_addr_len, true);
2507 	if (!ASSERT_EQ(err, 0, "cmp_local_addr"))
2508 		goto cleanup;
2509 
2510 cleanup:
2511 	if (serv != -1)
2512 		test->ops->close(serv);
2513 
2514 	return 0;
2515 }
2516 
test_getpeername(struct sock_addr_test * test)2517 static int test_getpeername(struct sock_addr_test *test)
2518 {
2519 	struct sockaddr_storage addr, expected_addr;
2520 	socklen_t addr_len = sizeof(struct sockaddr_storage),
2521 		  expected_addr_len = sizeof(struct sockaddr_storage);
2522 	int serv = -1, client = -1, err;
2523 
2524 	serv = start_server(test->socket_family, test->socket_type,
2525 			    test->requested_addr, test->requested_port, 0);
2526 	if (!ASSERT_GE(serv, 0, "start_server"))
2527 		goto cleanup;
2528 
2529 	err = make_sockaddr(test->socket_family, test->requested_addr, test->requested_port,
2530 			    &addr, &addr_len);
2531 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2532 		goto cleanup;
2533 
2534 	client = test->ops->connect_to_addr(test->socket_type, &addr, addr_len,
2535 					    NULL);
2536 	if (!ASSERT_GE(client, 0, "connect_to_addr"))
2537 		goto cleanup;
2538 
2539 	err = make_sockaddr(test->socket_family, test->expected_addr, test->expected_port,
2540 			    &expected_addr, &expected_addr_len);
2541 	if (!ASSERT_EQ(err, 0, "make_sockaddr"))
2542 		goto cleanup;
2543 
2544 	err = cmp_sock_addr(test->ops->getpeername, client, &expected_addr,
2545 			    expected_addr_len, true);
2546 	if (!ASSERT_EQ(err, 0, "cmp_peer_addr"))
2547 		goto cleanup;
2548 
2549 cleanup:
2550 	if (client != -1)
2551 		test->ops->close(client);
2552 	if (serv != -1)
2553 		close(serv);
2554 
2555 	return 0;
2556 }
2557 
setup_test_env(struct nstoken ** tok)2558 static int setup_test_env(struct nstoken **tok)
2559 {
2560 	int err;
2561 
2562 	SYS_NOFAIL("ip netns delete %s", TEST_NS);
2563 	SYS(fail, "ip netns add %s", TEST_NS);
2564 	*tok = open_netns(TEST_NS);
2565 	if (!ASSERT_OK_PTR(*tok, "netns token"))
2566 		goto fail;
2567 
2568 	SYS(fail, "ip link add dev %s1 type veth peer name %s2", TEST_IF_PREFIX,
2569 	    TEST_IF_PREFIX);
2570 	SYS(fail, "ip link set lo up");
2571 	SYS(fail, "ip link set %s1 up", TEST_IF_PREFIX);
2572 	SYS(fail, "ip link set %s2 up", TEST_IF_PREFIX);
2573 	SYS(fail, "ip -4 addr add %s/8 dev %s1", TEST_IPV4, TEST_IF_PREFIX);
2574 	SYS(fail, "ip -6 addr add %s/128 nodad dev %s1", TEST_IPV6, TEST_IF_PREFIX);
2575 
2576 	err = 0;
2577 	goto out;
2578 fail:
2579 	err = -1;
2580 	close_netns(*tok);
2581 	*tok = NULL;
2582 	SYS_NOFAIL("ip netns delete %s", TEST_NS);
2583 out:
2584 	return err;
2585 }
2586 
cleanup_test_env(struct nstoken * tok)2587 static void cleanup_test_env(struct nstoken *tok)
2588 {
2589 	close_netns(tok);
2590 	SYS_NOFAIL("ip netns delete %s", TEST_NS);
2591 }
2592 
test_sock_addr(void)2593 void test_sock_addr(void)
2594 {
2595 	struct nstoken *tok = NULL;
2596 	int cgroup_fd = -1;
2597 	void *skel;
2598 
2599 	cgroup_fd = test__join_cgroup("/sock_addr");
2600 	if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup"))
2601 		goto cleanup;
2602 
2603 	if (!ASSERT_OK(setup_test_env(&tok), "setup_test_env"))
2604 		goto cleanup;
2605 
2606 	if (!ASSERT_OK(load_sock_addr_kern(), "load_sock_addr_kern"))
2607 		goto cleanup;
2608 
2609 	for (size_t i = 0; i < ARRAY_SIZE(tests); ++i) {
2610 		struct sock_addr_test *test = &tests[i];
2611 		int err;
2612 
2613 		if (!test__start_subtest(test->name))
2614 			continue;
2615 
2616 		skel = test->loadfn(cgroup_fd, test->attach_type,
2617 				    test->expected_result == LOAD_REJECT ||
2618 					test->expected_result == ATTACH_REJECT);
2619 		if (!skel)
2620 			continue;
2621 
2622 		switch (test->type) {
2623 		/* Not exercised yet but we leave this code here for when the
2624 		 * INET and INET6 sockaddr tests are migrated to this file in
2625 		 * the future.
2626 		 */
2627 		case SOCK_ADDR_TEST_BIND:
2628 			err = test_bind(test);
2629 			break;
2630 		case SOCK_ADDR_TEST_CONNECT:
2631 			err = test_connect(test);
2632 			break;
2633 		case SOCK_ADDR_TEST_SENDMSG:
2634 		case SOCK_ADDR_TEST_RECVMSG:
2635 			err = test_xmsg(test);
2636 			break;
2637 		case SOCK_ADDR_TEST_GETSOCKNAME:
2638 			err = test_getsockname(test);
2639 			break;
2640 		case SOCK_ADDR_TEST_GETPEERNAME:
2641 			err = test_getpeername(test);
2642 			break;
2643 		default:
2644 			ASSERT_TRUE(false, "Unknown sock addr test type");
2645 			err = -EINVAL;
2646 			break;
2647 		}
2648 
2649 		if (test->expected_result == SYSCALL_EPERM)
2650 			ASSERT_EQ(err, EPERM, "socket operation returns EPERM");
2651 		else if (test->expected_result == SYSCALL_ENOTSUPP)
2652 			ASSERT_EQ(err, ENOTSUPP, "socket operation returns ENOTSUPP");
2653 		else if (test->expected_result == SUCCESS)
2654 			ASSERT_OK(err, "socket operation succeeds");
2655 
2656 		test->destroyfn(skel);
2657 	}
2658 
2659 cleanup:
2660 	unload_sock_addr_kern();
2661 	cleanup_test_env(tok);
2662 	if (cgroup_fd >= 0)
2663 		close(cgroup_fd);
2664 }
2665