prog: Allow explicit ifindex specification

Signed-off-by: Aapo Poutanen <[email protected]>
Co-authored-by: Timo Beckers <[email protected]>

Author: twaapo

prog.go

@@ -110,6 +110,13 @@ type ProgramSpec struct {
 	// Type determines at which hook in the kernel a program will run.
 	Type ProgramType
 
+	// Network interface index the user intends to attach this program to after
+	// loading. Only valid for some program types.
+	//
+	// Provides driver-specific context about the target interface to the
+	// verifier, required when using certain BPF helpers.
+	Ifindex uint32
+
 	// AttachType of the program, needed to differentiate allowed context
 	// accesses in some newer program types like CGroupSockAddr.
 	//
@@ -280,6 +287,7 @@ func newProgramWithOptions(spec *ProgramSpec, opts ProgramOptions, c *btf.Cache)
 		ProgName:           maybeFillObjName(spec.Name),
 		ProgType:           sys.ProgType(progType),
 		ProgFlags:          spec.Flags,
+		ProgIfindex:        spec.Ifindex,
 		ExpectedAttachType: sys.AttachType(spec.AttachType),
 		License:            sys.NewStringPointer(spec.License),
 		KernVersion:        kv,

prog_test.go

@@ -643,11 +643,14 @@ func TestProgramRejectIncorrectByteOrder(t *testing.T) {
 	}
 }
 
+// This uses unkeyed fields on purpose to force setting a non-zero value when
+// a new field is added.
 func TestProgramSpecCopy(t *testing.T) {
 	a := &ProgramSpec{
 		"test",
 		1,
 		1,
+		1,
 		"attach",
 		nil, // Can't copy Program
 		"section",
@@ -902,6 +905,35 @@ func TestProgramTargetsKernelModule(t *testing.T) {
 	qt.Assert(t, qt.IsTrue(ps.targetsKernelModule()))
 }
 
+func TestProgramLoadBoundToDevice(t *testing.T) {
+	testutils.SkipOnOldKernel(t, "6.3", "device-bound XDP programs")
+
+	ins := asm.Instructions{
+		asm.LoadImm(asm.R0, 2, asm.DWord).WithSymbol("out"),
+		asm.Return(),
+	}
+
+	_, err := NewProgram(&ProgramSpec{
+		Type:         XDP,
+		Ifindex:      math.MaxUint32,
+		AttachType:   AttachXDP,
+		Instructions: ins,
+		Flags:        sys.BPF_F_XDP_DEV_BOUND_ONLY,
+		License:      "MIT",
+	})
+	testutils.SkipIfNotSupportedOnOS(t, err)
+
+	// Binding to loopback leads to crashes, yet is only explicitly disallowed
+	// since 3595599fa836 ("net: xdp: Disallow attaching device-bound programs in
+	// generic mode"). This only landed in 6.14 and returns EOPNOTSUPP.
+	//
+	// However, since attaching to loopback quietly succeeds on older kernels, use
+	// a non-existent ifindex to trigger EINVAL on all kernels. Without specifying
+	// ifindex, loading the program succeeds if the kernel knows the
+	// DEV_BOUND_ONLY flag.
+	qt.Assert(t, qt.ErrorIs(err, unix.EINVAL))
+}
+
 func BenchmarkNewProgram(b *testing.B) {
 	testutils.SkipOnOldKernel(b, "5.18", "kfunc support")
 	spec, err := LoadCollectionSpec(testutils.NativeFile(b, "testdata/kfunc-%s.elf"))