selftests/bpf: Add asserts for netfilter link info

Add assertions/tests to verify `bpf_link_info` fields for netfilter link
are correctly populated.

Signed-off-by: Tyrone Wu <wudevelops@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20241011193252.178997-2-wudevelops@gmail.com

diff --git a/tools/testing/selftests/bpf/prog_tests/netfilter_link_attach.c b/tools/testing/selftests/bpf/prog_tests/netfilter_link_attach.c
index 4297a2a4cb11b1edb83ad8f1649d932de2c4d024..2f52fa2641baf53c2335f7375d367e86c3164b5c 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/netfilter_link_attach.c
+++ b/tools/testing/selftests/bpf/prog_tests/netfilter_link_attach.c
@@ -26,10 +26,43 @@ static const struct nf_link_test nf_hook_link_tests[] = {
 
        { .pf = NFPROTO_INET, .priority = 1, .name = "invalid-inet-not-supported", },
 
-       { .pf = NFPROTO_IPV4, .priority = -10000, .expect_success = true, .name = "attach ipv4", },
-       { .pf = NFPROTO_IPV6, .priority =  10001, .expect_success = true, .name = "attach ipv6", },
+       {
+               .pf = NFPROTO_IPV4,
+               .hooknum = NF_INET_POST_ROUTING,
+               .priority = -10000,
+               .flags = 0,
+               .expect_success = true,
+               .name = "attach ipv4",
+       },
+       {
+               .pf = NFPROTO_IPV6,
+               .hooknum = NF_INET_FORWARD,
+               .priority =  10001,
+               .flags = BPF_F_NETFILTER_IP_DEFRAG,
+               .expect_success = true,
+               .name = "attach ipv6",
+       },
 };
 
+static void verify_netfilter_link_info(struct bpf_link *link, const struct nf_link_test nf_expected)
+{
+       struct bpf_link_info info;
+       __u32 len = sizeof(info);
+       int err, fd;
+
+       memset(&info, 0, len);
+
+       fd = bpf_link__fd(link);
+       err = bpf_link_get_info_by_fd(fd, &info, &len);
+       ASSERT_OK(err, "get_link_info");
+
+       ASSERT_EQ(info.type, BPF_LINK_TYPE_NETFILTER, "info link type");
+       ASSERT_EQ(info.netfilter.pf, nf_expected.pf, "info nf protocol family");
+       ASSERT_EQ(info.netfilter.hooknum, nf_expected.hooknum, "info nf hooknum");
+       ASSERT_EQ(info.netfilter.priority, nf_expected.priority, "info nf priority");
+       ASSERT_EQ(info.netfilter.flags, nf_expected.flags, "info nf flags");
+}
+
 void test_netfilter_link_attach(void)
 {
        struct test_netfilter_link_attach *skel;
@@ -64,6 +97,8 @@ void test_netfilter_link_attach(void)
                        if (!ASSERT_OK_PTR(link, "program attach successful"))
                                continue;
 
+                       verify_netfilter_link_info(link, nf_hook_link_tests[i]);
+
                        link2 = bpf_program__attach_netfilter(prog, &opts);
                        ASSERT_ERR_PTR(link2, "attach program with same pf/hook/priority");
 
@@ -73,6 +108,9 @@ void test_netfilter_link_attach(void)
                        link2 = bpf_program__attach_netfilter(prog, &opts);
                        if (!ASSERT_OK_PTR(link2, "program reattach successful"))
                                continue;
+
+                       verify_netfilter_link_info(link2, nf_hook_link_tests[i]);
+
                        if (!ASSERT_OK(bpf_link__destroy(link2), "link destroy"))
                                break;
                } else {