1 /*
2 * Copyright 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * OffloadUtilsTest.cpp - unit tests for OffloadUtils.cpp
17 */
18
19 #include <gtest/gtest.h>
20
21 #include "OffloadUtils.h"
22
23 #include <linux/if_arp.h>
24 #include <stdlib.h>
25 #include <sys/wait.h>
26
27 #include "bpf/BpfUtils.h"
28 #include "netdbpf/bpf_shared.h"
29
30 namespace android {
31 namespace net {
32
33 class OffloadUtilsTest : public ::testing::Test {
34 public:
SetUp()35 void SetUp() {}
36 };
37
TEST_F(OffloadUtilsTest,HardwareAddressTypeOfNonExistingIf)38 TEST_F(OffloadUtilsTest, HardwareAddressTypeOfNonExistingIf) {
39 ASSERT_EQ(-ENODEV, hardwareAddressType("not_existing_if"));
40 }
41
TEST_F(OffloadUtilsTest,HardwareAddressTypeOfLoopback)42 TEST_F(OffloadUtilsTest, HardwareAddressTypeOfLoopback) {
43 ASSERT_EQ(ARPHRD_LOOPBACK, hardwareAddressType("lo"));
44 }
45
46 // If wireless 'wlan0' interface exists it should be Ethernet.
TEST_F(OffloadUtilsTest,HardwareAddressTypeOfWireless)47 TEST_F(OffloadUtilsTest, HardwareAddressTypeOfWireless) {
48 int type = hardwareAddressType("wlan0");
49 if (type == -ENODEV) return;
50
51 ASSERT_EQ(ARPHRD_ETHER, type);
52 }
53
54 // If cellular 'rmnet_data0' interface exists it should
55 // *probably* not be Ethernet and instead be RawIp.
TEST_F(OffloadUtilsTest,HardwareAddressTypeOfCellular)56 TEST_F(OffloadUtilsTest, HardwareAddressTypeOfCellular) {
57 int type = hardwareAddressType("rmnet_data0");
58 if (type == -ENODEV) return;
59
60 ASSERT_NE(ARPHRD_ETHER, type);
61
62 // ARPHRD_RAWIP is 530 on some pre-4.14 Qualcomm devices.
63 if (type == 530) return;
64
65 ASSERT_EQ(ARPHRD_RAWIP, type);
66 }
67
TEST_F(OffloadUtilsTest,IsEthernetOfNonExistingIf)68 TEST_F(OffloadUtilsTest, IsEthernetOfNonExistingIf) {
69 auto res = isEthernet("not_existing_if");
70 ASSERT_FALSE(res.ok());
71 ASSERT_EQ(ENODEV, res.error().code());
72 }
73
TEST_F(OffloadUtilsTest,IsEthernetOfLoopback)74 TEST_F(OffloadUtilsTest, IsEthernetOfLoopback) {
75 auto res = isEthernet("lo");
76 ASSERT_FALSE(res.ok());
77 ASSERT_EQ(EAFNOSUPPORT, res.error().code());
78 }
79
80 // If wireless 'wlan0' interface exists it should be Ethernet.
81 // See also HardwareAddressTypeOfWireless.
TEST_F(OffloadUtilsTest,IsEthernetOfWireless)82 TEST_F(OffloadUtilsTest, IsEthernetOfWireless) {
83 auto res = isEthernet("wlan0");
84 if (!res.ok() && res.error().code() == ENODEV) return;
85
86 ASSERT_RESULT_OK(res);
87 ASSERT_TRUE(res.value());
88 }
89
90 // If cellular 'rmnet_data0' interface exists it should
91 // *probably* not be Ethernet and instead be RawIp.
92 // See also HardwareAddressTypeOfCellular.
TEST_F(OffloadUtilsTest,IsEthernetOfCellular)93 TEST_F(OffloadUtilsTest, IsEthernetOfCellular) {
94 auto res = isEthernet("rmnet_data0");
95 if (!res.ok() && res.error().code() == ENODEV) return;
96
97 ASSERT_RESULT_OK(res);
98 ASSERT_FALSE(res.value());
99 }
100
TEST_F(OffloadUtilsTest,GetClatEgressMapFd)101 TEST_F(OffloadUtilsTest, GetClatEgressMapFd) {
102 SKIP_IF_BPF_NOT_SUPPORTED;
103
104 int fd = getClatEgressMapFd();
105 ASSERT_GE(fd, 3); // 0,1,2 - stdin/out/err, thus fd >= 3
106 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
107 close(fd);
108 }
109
TEST_F(OffloadUtilsTest,GetClatEgressRawIpProgFd)110 TEST_F(OffloadUtilsTest, GetClatEgressRawIpProgFd) {
111 SKIP_IF_BPF_NOT_SUPPORTED;
112
113 int fd = getClatEgressProgFd(RAWIP);
114 ASSERT_GE(fd, 3);
115 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
116 close(fd);
117 }
118
TEST_F(OffloadUtilsTest,GetClatEgressEtherProgFd)119 TEST_F(OffloadUtilsTest, GetClatEgressEtherProgFd) {
120 SKIP_IF_BPF_NOT_SUPPORTED;
121
122 int fd = getClatEgressProgFd(ETHER);
123 ASSERT_GE(fd, 3);
124 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
125 close(fd);
126 }
127
TEST_F(OffloadUtilsTest,GetClatIngressMapFd)128 TEST_F(OffloadUtilsTest, GetClatIngressMapFd) {
129 SKIP_IF_BPF_NOT_SUPPORTED;
130
131 int fd = getClatIngressMapFd();
132 ASSERT_GE(fd, 3); // 0,1,2 - stdin/out/err, thus fd >= 3
133 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
134 close(fd);
135 }
136
TEST_F(OffloadUtilsTest,GetClatIngressRawIpProgFd)137 TEST_F(OffloadUtilsTest, GetClatIngressRawIpProgFd) {
138 SKIP_IF_BPF_NOT_SUPPORTED;
139
140 int fd = getClatIngressProgFd(RAWIP);
141 ASSERT_GE(fd, 3);
142 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
143 close(fd);
144 }
145
TEST_F(OffloadUtilsTest,GetClatIngressEtherProgFd)146 TEST_F(OffloadUtilsTest, GetClatIngressEtherProgFd) {
147 SKIP_IF_BPF_NOT_SUPPORTED;
148
149 int fd = getClatIngressProgFd(ETHER);
150 ASSERT_GE(fd, 3);
151 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
152 close(fd);
153 }
154
TEST_F(OffloadUtilsTest,GetTetherIngressMapFd)155 TEST_F(OffloadUtilsTest, GetTetherIngressMapFd) {
156 SKIP_IF_BPF_NOT_SUPPORTED;
157
158 int fd = getTetherIngressMapFd();
159 ASSERT_GE(fd, 3); // 0,1,2 - stdin/out/err, thus fd >= 3
160 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
161 close(fd);
162 }
163
TEST_F(OffloadUtilsTest,GetTetherIngressRawIpProgFd)164 TEST_F(OffloadUtilsTest, GetTetherIngressRawIpProgFd) {
165 // Currently only implementing downstream direction offload.
166 // RX Rawip -> TX Ether requires header adjustments and thus 4.14.
167 SKIP_IF_EXTENDED_BPF_NOT_SUPPORTED;
168
169 int fd = getTetherIngressProgFd(RAWIP);
170 ASSERT_GE(fd, 3);
171 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
172 close(fd);
173 }
174
TEST_F(OffloadUtilsTest,GetTetherIngressEtherProgFd)175 TEST_F(OffloadUtilsTest, GetTetherIngressEtherProgFd) {
176 // Currently only implementing downstream direction offload.
177 // RX Ether -> TX Ether does not require header adjustments
178 SKIP_IF_BPF_NOT_SUPPORTED;
179
180 int fd = getTetherIngressProgFd(ETHER);
181 ASSERT_GE(fd, 3);
182 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
183 close(fd);
184 }
185
TEST_F(OffloadUtilsTest,GetTetherStatsMapFd)186 TEST_F(OffloadUtilsTest, GetTetherStatsMapFd) {
187 SKIP_IF_BPF_NOT_SUPPORTED;
188
189 int fd = getTetherStatsMapFd();
190 ASSERT_GE(fd, 3); // 0,1,2 - stdin/out/err, thus fd >= 3
191 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
192 close(fd);
193 }
194
TEST_F(OffloadUtilsTest,GetTetherLimitMapFd)195 TEST_F(OffloadUtilsTest, GetTetherLimitMapFd) {
196 SKIP_IF_BPF_NOT_SUPPORTED;
197
198 int fd = getTetherLimitMapFd();
199 ASSERT_GE(fd, 3); // 0,1,2 - stdin/out/err, thus fd >= 3
200 EXPECT_EQ(FD_CLOEXEC, fcntl(fd, F_GETFD));
201 close(fd);
202 }
203
204 // The SKIP_IF_BPF_NOT_SUPPORTED macro is effectively a check for 4.9+ kernel
205 // combined with a launched on P device. Ie. it's a test for 4.9-P or better.
206
207 // NET_SCH_INGRESS is only enabled starting with 4.9-Q and as such we need
208 // a separate way to test for this...
doKernelSupportsNetSchIngress(void)209 int doKernelSupportsNetSchIngress(void) {
210 // NOLINTNEXTLINE(cert-env33-c)
211 return system("zcat /proc/config.gz | egrep -q '^CONFIG_NET_SCH_INGRESS=[my]$'");
212 }
213
214 // NET_CLS_BPF is only enabled starting with 4.9-Q...
doKernelSupportsNetClsBpf(void)215 int doKernelSupportsNetClsBpf(void) {
216 // NOLINTNEXTLINE(cert-env33-c)
217 return system("zcat /proc/config.gz | egrep -q '^CONFIG_NET_CLS_BPF=[my]$'");
218 }
219
220 // Make sure the above functions actually execute correctly rather than failing
221 // due to missing binary or execution failure...
TEST_F(OffloadUtilsTest,KernelSupportsNetFuncs)222 TEST_F(OffloadUtilsTest, KernelSupportsNetFuncs) {
223 // Make sure the file is present and readable and decompressable.
224 // NOLINTNEXTLINE(cert-env33-c)
225 ASSERT_EQ(W_EXITCODE(0, 0), system("zcat /proc/config.gz > /dev/null"));
226
227 int v = doKernelSupportsNetSchIngress();
228 int w = doKernelSupportsNetClsBpf();
229
230 // They should always either return 0 (match) or 1 (no match),
231 // anything else is some sort of exec/environment/etc failure.
232 if (v != W_EXITCODE(1, 0)) ASSERT_EQ(v, W_EXITCODE(0, 0));
233 if (w != W_EXITCODE(1, 0)) ASSERT_EQ(w, W_EXITCODE(0, 0));
234 }
235
236 // True iff CONFIG_NET_SCH_INGRESS is enabled in /proc/config.gz
kernelSupportsNetSchIngress(void)237 bool kernelSupportsNetSchIngress(void) {
238 return doKernelSupportsNetSchIngress() == W_EXITCODE(0, 0);
239 }
240
241 // True iff CONFIG_NET_CLS_BPF is enabled in /proc/config.gz
kernelSupportsNetClsBpf(void)242 bool kernelSupportsNetClsBpf(void) {
243 return doKernelSupportsNetClsBpf() == W_EXITCODE(0, 0);
244 }
245
246 // See Linux kernel source in include/net/flow.h
247 #define LOOPBACK_IFINDEX 1
248
TEST_F(OffloadUtilsTest,AttachReplaceDetachClsactLo)249 TEST_F(OffloadUtilsTest, AttachReplaceDetachClsactLo) {
250 // Technically does not depend on ebpf, but does depend on clsact,
251 // and we do not really care if it works on pre-4.9-Q anyway.
252 SKIP_IF_BPF_NOT_SUPPORTED;
253 if (!kernelSupportsNetSchIngress()) return;
254
255 // This attaches and detaches a configuration-less and thus no-op clsact
256 // qdisc to loopback interface (and it takes fractions of a second)
257 EXPECT_EQ(0, tcQdiscAddDevClsact(LOOPBACK_IFINDEX));
258 EXPECT_EQ(0, tcQdiscReplaceDevClsact(LOOPBACK_IFINDEX));
259 EXPECT_EQ(0, tcQdiscDelDevClsact(LOOPBACK_IFINDEX));
260 EXPECT_EQ(-EINVAL, tcQdiscDelDevClsact(LOOPBACK_IFINDEX));
261 }
262
checkAttachDetachBpfFilterClsactLo(const bool ingress,const bool ethernet)263 static void checkAttachDetachBpfFilterClsactLo(const bool ingress, const bool ethernet) {
264 // This test requires kernel 4.9-Q or better
265 SKIP_IF_BPF_NOT_SUPPORTED;
266 if (!kernelSupportsNetSchIngress()) return;
267 if (!kernelSupportsNetClsBpf()) return;
268
269 const bool extended =
270 (android::bpf::getBpfSupportLevel() >= android::bpf::BpfLevel::EXTENDED_4_14);
271 // Older kernels return EINVAL instead of ENOENT due to lacking proper error propagation...
272 const int errNOENT =
273 (android::bpf::getBpfSupportLevel() >= android::bpf::BpfLevel::EXTENDED_4_19) ? ENOENT
274 : EINVAL;
275
276 int clatBpfFd = ingress ? getClatIngressProgFd(ethernet) : getClatEgressProgFd(ethernet);
277 ASSERT_GE(clatBpfFd, 3);
278
279 int tetherBpfFd = -1;
280 if (extended && ingress) {
281 tetherBpfFd = getTetherIngressProgFd(ethernet);
282 ASSERT_GE(tetherBpfFd, 3);
283 }
284
285 // This attaches and detaches a clsact plus ebpf program to loopback
286 // interface, but it should not affect traffic by virtue of us not
287 // actually populating the ebpf control map.
288 // Furthermore: it only takes fractions of a second.
289 EXPECT_EQ(-EINVAL, tcFilterDelDevIngressClatIpv6(LOOPBACK_IFINDEX));
290 EXPECT_EQ(-EINVAL, tcFilterDelDevEgressClatIpv4(LOOPBACK_IFINDEX));
291 EXPECT_EQ(0, tcQdiscAddDevClsact(LOOPBACK_IFINDEX));
292 EXPECT_EQ(-errNOENT, tcFilterDelDevIngressClatIpv6(LOOPBACK_IFINDEX));
293 EXPECT_EQ(-errNOENT, tcFilterDelDevEgressClatIpv4(LOOPBACK_IFINDEX));
294 if (ingress) {
295 EXPECT_EQ(0, tcFilterAddDevIngressClatIpv6(LOOPBACK_IFINDEX, clatBpfFd, ethernet));
296 if (extended) {
297 EXPECT_EQ(0, tcFilterAddDevIngressTether(LOOPBACK_IFINDEX, tetherBpfFd, ethernet));
298 EXPECT_EQ(0, tcFilterDelDevIngressTether(LOOPBACK_IFINDEX));
299 }
300 EXPECT_EQ(0, tcFilterDelDevIngressClatIpv6(LOOPBACK_IFINDEX));
301 } else {
302 EXPECT_EQ(0, tcFilterAddDevEgressClatIpv4(LOOPBACK_IFINDEX, clatBpfFd, ethernet));
303 EXPECT_EQ(0, tcFilterDelDevEgressClatIpv4(LOOPBACK_IFINDEX));
304 }
305 EXPECT_EQ(-errNOENT, tcFilterDelDevIngressClatIpv6(LOOPBACK_IFINDEX));
306 EXPECT_EQ(-errNOENT, tcFilterDelDevEgressClatIpv4(LOOPBACK_IFINDEX));
307 EXPECT_EQ(0, tcQdiscDelDevClsact(LOOPBACK_IFINDEX));
308 EXPECT_EQ(-EINVAL, tcFilterDelDevIngressClatIpv6(LOOPBACK_IFINDEX));
309 EXPECT_EQ(-EINVAL, tcFilterDelDevEgressClatIpv4(LOOPBACK_IFINDEX));
310
311 if (tetherBpfFd != -1) close(tetherBpfFd);
312 close(clatBpfFd);
313 }
314
TEST_F(OffloadUtilsTest,CheckAttachBpfFilterRawIpClsactEgressLo)315 TEST_F(OffloadUtilsTest, CheckAttachBpfFilterRawIpClsactEgressLo) {
316 checkAttachDetachBpfFilterClsactLo(EGRESS, RAWIP);
317 }
318
TEST_F(OffloadUtilsTest,CheckAttachBpfFilterEthernetClsactEgressLo)319 TEST_F(OffloadUtilsTest, CheckAttachBpfFilterEthernetClsactEgressLo) {
320 checkAttachDetachBpfFilterClsactLo(EGRESS, ETHER);
321 }
322
TEST_F(OffloadUtilsTest,CheckAttachBpfFilterRawIpClsactIngressLo)323 TEST_F(OffloadUtilsTest, CheckAttachBpfFilterRawIpClsactIngressLo) {
324 checkAttachDetachBpfFilterClsactLo(INGRESS, RAWIP);
325 }
326
TEST_F(OffloadUtilsTest,CheckAttachBpfFilterEthernetClsactIngressLo)327 TEST_F(OffloadUtilsTest, CheckAttachBpfFilterEthernetClsactIngressLo) {
328 checkAttachDetachBpfFilterClsactLo(INGRESS, ETHER);
329 }
330
331 } // namespace net
332 } // namespace android
333