test: skip ipv4ll tests when eBPF is enabled and not functional

When building with eBPF support enabled in n-acd, it is possible that
unprivileged access to eBFP calls is disabled by the distro. If so,
skip ipv4ll tests.

config.h.meson

@@ -283,3 +283,5 @@
 /* Define to 1 if you have history support from -lreadline. */
 #mesondefine HAVE_READLINE_HISTORY
 
+/* Define to 1 if you are building with eBPF support */
+#mesondefine WITH_EBPF

configure.ac

@@ -571,6 +571,11 @@ fi
 if test "$with_ebpf" = "yes" -a "$have_ebpf" = "no"; then
 	AC_MSG_ERROR([--with-ebpf=yes requires eBPF kernel header])
 fi
+if test "$with_ebpf" = "yes"; then
+	AC_DEFINE(WITH_EBPF, 1, [Define to 1 if you are building with eBPF support])
+else
+	AC_DEFINE(WITH_EBPF, 0, [Define to 1 if you are building with eBPF support])
+fi
 AM_CONDITIONAL(WITH_EBPF, test "${have_ebpf}" = "yes")
 
 # SELinux support

meson.build

@@ -476,6 +476,7 @@ else
     enable_ebpf = false
   endif
 endif
+config_h.set10('WITH_EBPF', enable_ebpf)
 
 # libaudit support
 libaudit = get_option('libaudit')

src/core/platform/tests/test-common.c

@@ -13,6 +13,10 @@
 #include <fcntl.h>
 #include <linux/if_tun.h>
 #include <linux/rtnetlink.h>
+#include <sys/syscall.h>
+#if WITH_EBPF
+#include <linux/bpf.h>
+#endif
 
 #include "n-acd/src/n-acd.h"
 #include "libnm-platform/nm-platform-utils.h"
@@ -96,6 +100,46 @@ nmtstp_is_root_test(void)
                      nm_linux_platform_setup_with_tc_cache);
 }
 
+/*
+ * Check that eBPF is usable if needed.
+ *
+ * Since Linux 4.4, unprivileged users may create programs of type
+ * BPF_PROG_TYPE_SOCKET_FILTER and associated maps, with some limitations.
+ * However, most distributions disable unprivileged access by setting
+ * /proc/sys/kernel/unprivileged_bpf_disabled to 1 or 2.
+ */
+gboolean
+nmtstp_check_ebpf(void)
+{
+#if WITH_EBPF
+    {
+        static int     cached = -1;
+        union bpf_attr attr;
+        int            ret;
+
+        if (cached != -1)
+            return cached;
+
+        attr = (union bpf_attr){
+            .map_type    = BPF_MAP_TYPE_HASH,
+            .key_size    = sizeof(uint32_t),
+            .value_size  = sizeof(uint8_t),
+            .max_entries = 1,
+        };
+
+        ret = (int) syscall(__NR_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
+        if (ret >= 0) {
+            nm_close(ret);
+            cached = TRUE;
+        } else {
+            cached = FALSE;
+        }
+        return cached;
+    }
+#endif
+    return TRUE;
+}
+
 gboolean
 nmtstp_is_sysfs_writable(void)
 {

src/core/platform/tests/test-common.h

@@ -68,6 +68,7 @@
 
 gboolean nmtstp_is_root_test(void);
 gboolean nmtstp_is_sysfs_writable(void);
+gboolean nmtstp_check_ebpf(void);
 
 /*****************************************************************************/
 

src/core/tests/test-l3cfg.c

@@ -669,6 +669,11 @@ test_l3_ipv4ll(gconstpointer test_data)
     nm_auto_remove_l3ipv4ll_registration NML3IPv4LLRegistration *l3ipv4ll_reg = NULL;
     char                                                         sbuf_addr[NM_INET_ADDRSTRLEN];
 
+    if (!nmtstp_check_ebpf()) {
+        g_test_skip("eBPF is not usable. Try: echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled");
+        return;
+    }
+
     _LOGD("test start (/l3-ipv4ll/%d)", TEST_IDX);
 
     if (nmtst_test_quick()) {