link: add test suite for netkit

The netkit link support was added without a test suite due to a lack of support for driver-specific extractions in the `github.com/jsimonetti/rtnetlink` package. The driver support has been added to `rtnetlink`. This commit adds a test suite for the netkit link and pulls in the `github.com/jsimonetti/rtnetlink/v2` package for testing. Signed-off-by: Birol Bilgin <birolbilgin@gmail.com>
cilium · May 10, 2024 · 9bf62a3 · 9bf62a3
1 parent 5650724
commit 9bf62a3
Show file tree

Hide file tree

Showing 3 changed files with 127 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -4,13 +4,19 @@ go 1.21
 
 require (
 	github.com/go-quicktest/qt v1.101.0
-	github.com/google/go-cmp v0.5.9
+	github.com/google/go-cmp v0.6.0
+	github.com/jsimonetti/rtnetlink/v2 v2.0.1
 	golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2
-	golang.org/x/sys v0.15.0
+	golang.org/x/sys v0.20.0
 )
 
 require (
+	github.com/josharian/native v1.1.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
+	github.com/mdlayher/netlink v1.7.2 // indirect
+	github.com/mdlayher/socket v0.4.1 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sync v0.1.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,17 +1,29 @@
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
+github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
+github.com/jsimonetti/rtnetlink/v2 v2.0.1 h1:xda7qaHDSVOsADNouv7ukSuicKZO7GgVUCXxpaIEIlM=
+github.com/jsimonetti/rtnetlink/v2 v2.0.1/go.mod h1:7MoNYNbb3UaDHtF8udiJo/RH6VsTKP1pqKLUTVCvToE=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=
+github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
+github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
+github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI=
 golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
diff --git a/link/netkit_test.go b/link/netkit_test.go
@@ -0,0 +1,103 @@
+package link
+
+import (
+	"fmt"
+	"net"
+	"testing"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/internal/testutils"
+	"github.com/go-quicktest/qt"
+	"github.com/jsimonetti/rtnetlink/v2"
+	"github.com/jsimonetti/rtnetlink/v2/driver"
+	"golang.org/x/sys/unix"
+)
+
+func TestAttachNetkit(t *testing.T) {
+	testutils.SkipOnOldKernel(t, "6.7", "Netkit Device")
+
+	prog := mustLoadProgram(t, ebpf.SchedCLS, ebpf.AttachNetkitPrimary, "")
+	link, _ := mustAttachNetkit(t, prog, ebpf.AttachNetkitPrimary)
+
+	testLink(t, link, prog)
+}
+
+func TestNetkitAnchor(t *testing.T) {
+	testutils.SkipOnOldKernel(t, "6.7", "Netkit Device")
+
+	a := mustLoadProgram(t, ebpf.SchedCLS, ebpf.AttachNetkitPrimary, "")
+	b := mustLoadProgram(t, ebpf.SchedCLS, ebpf.AttachNetkitPrimary, "")
+
+	linkA, iface := mustAttachNetkit(t, a, ebpf.AttachNetkitPrimary)
+
+	programInfo, err := a.Info()
+	qt.Assert(t, qt.IsNil(err))
+	programID, _ := programInfo.ID()
+
+	linkInfo, err := linkA.Info()
+	qt.Assert(t, qt.IsNil(err))
+	linkID := linkInfo.ID
+
+	for _, anchor := range []Anchor{
+		Head(),
+		Tail(),
+		BeforeProgram(a),
+		BeforeProgramByID(programID),
+		AfterLink(linkA),
+		AfterLinkByID(linkID),
+	} {
+		t.Run(fmt.Sprintf("%T", anchor), func(t *testing.T) {
+			linkB, err := AttachNetkit(NetkitOptions{
+				Program:   b,
+				Attach:    ebpf.AttachNetkitPrimary,
+				Interface: iface,
+				Anchor:    anchor,
+			})
+			qt.Assert(t, qt.IsNil(err))
+			qt.Assert(t, qt.IsNil(linkB.Close()))
+		})
+	}
+}
+
+func mustAttachNetkit(tb testing.TB, prog *ebpf.Program, attachType ebpf.AttachType) (Link, int) {
+	var err error
+	conn, err := rtnetlink.Dial(nil)
+	qt.Assert(tb, qt.IsNil(err))
+
+	layer2 := driver.NetkitModeL2
+	blackhole := driver.NetkitPolicyDrop
+	err = conn.Link.New(&rtnetlink.LinkMessage{
+		Family: unix.AF_UNSPEC,
+		Index:  1000,
+		Flags:  unix.IFF_UP,
+		Change: unix.IFF_UP,
+		Attributes: &rtnetlink.LinkAttributes{
+			Name: "nk1",
+			Info: &rtnetlink.LinkInfo{
+				Kind: "netkit",
+				Data: &driver.Netkit{
+					Mode:       &layer2,
+					PeerPolicy: &blackhole,
+				},
+			},
+		},
+	})
+	qt.Assert(tb, qt.IsNil(err))
+
+	iface, err := net.InterfaceByName("nk1")
+	qt.Assert(tb, qt.IsNil(err))
+
+	link, err := AttachNetkit(NetkitOptions{
+		Program:   prog,
+		Attach:    attachType,
+		Interface: iface.Index,
+	})
+	qt.Assert(tb, qt.IsNil(err))
+	tb.Cleanup(func() {
+		qt.Assert(tb, qt.IsNil(link.Close()))
+		qt.Assert(tb, qt.IsNil(conn.Link.Delete(1000)))
+		qt.Assert(tb, qt.IsNil(conn.Close()))
+	})
+
+	return link, iface.Index
+}