From patchwork Fri Dec 10 13:02:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 1566483 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=Nqi6Cmju; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by bilbo.ozlabs.org (Postfix) with ESMTP id 4J9WKq0RX6z9sRK for ; Sat, 11 Dec 2021 00:03:11 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241502AbhLJNGo (ORCPT ); Fri, 10 Dec 2021 08:06:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241458AbhLJNGi (ORCPT ); Fri, 10 Dec 2021 08:06:38 -0500 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8AA67C061353; Fri, 10 Dec 2021 05:03:03 -0800 (PST) Received: by mail-pl1-x642.google.com with SMTP id y8so6257145plg.1; Fri, 10 Dec 2021 05:03:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=qm2U5bTkEJTdtWyXDG71Entszgzc/RhG3xXJ9RDf29M=; b=Nqi6Cmjut0CLkeWtRGADWnc33ymjkrNBqQfOx09oWZI4g7ImeJwypamRdL/eGIWqcG 88Yw2O0G1IKcTzZ9w6M3hgZbZ+65EU+DwFtmiihGOQygEjyI9M1T6pWWETGhcmikX2Sa bQA7KDK4RMcJFWftSgsTukFtiyFiLTlMZWGKHu93mq9L5SeBe3SPYYRVGuuCugtSrKKC EoHtYFjKdCY9BpVrzHCKBvSxxQA91DL0FX69ctS4JtlZlw/7Rl+wZLLcudGi2z43WGzW YsWG/GVYrTVYsWC6gWPcneUYU44CLnXYLf1VqzqehMMv3VN2Vb+nHk/HTiW2gGTqXpLN rJJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qm2U5bTkEJTdtWyXDG71Entszgzc/RhG3xXJ9RDf29M=; b=EhT9Msj6PoPtUiFooyV05XlVAUeRsZ/Q+AP1Tu6P4yfcgD/EbdcsFdaGI0lC39Ae4X CM4nvCDOnQUh9ZEKJddb8841ogBIW9r5rhPAgmpoXReBriz/Ukrv67halfRPN091OIlc CVJCx6OrxD7gvBY5vAC2BvVyXQRW42YPs0h782PKZRpqeiVpypxfQ5DpnLYtOskEthAC 46SH7+mm+vo3TAoY+L1dUQ4lqrIf+dMcSr06muEMs8JsN7X0M044AIfljoB9hF3EUSuA W4+ne2E/91lnD3qNdgsh2Q5BTczN4RqjNssSpHkHE4JJog2NgAQs54hF7JfAjH3cXpY5 kN4A== X-Gm-Message-State: AOAM530VPq9xpQfR87qb3Sg+q24LtedoZFrP6PIa8PyksynyBkWeVWCr gzUyzIIgukv1XJGXKhKvxZpAWLsEPrY= X-Google-Smtp-Source: ABdhPJzxCr2aXQbZ4Hfz9FTYRhnWnQf8dV+kAKWbItnc8SxypUWUs+cDi9gcUudSClO/tk0oa5GrJA== X-Received: by 2002:a17:90a:43c4:: with SMTP id r62mr24057872pjg.86.1639141382914; Fri, 10 Dec 2021 05:03:02 -0800 (PST) Received: from localhost ([2405:201:6014:d064:3d4e:6265:800c:dc84]) by smtp.gmail.com with ESMTPSA id h186sm3247356pfg.59.2021.12.10.05.03.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Dec 2021 05:03:02 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , Maxim Mikityanskiy , Florian Westphal , Jesper Dangaard Brouer , =?utf-8?q?Toke_H=C3=B8iland-J?= =?utf-8?q?=C3=B8rgensen?= , netdev@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH bpf-next v3 9/9] selftests/bpf: Add test for unstable CT lookup API Date: Fri, 10 Dec 2021 18:32:30 +0530 Message-Id: <20211210130230.4128676-10-memxor@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20211210130230.4128676-1-memxor@gmail.com> References: <20211210130230.4128676-1-memxor@gmail.com> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9113; h=from:subject; bh=+oKhHtTdeDTEem517MijXEkkhf1i2X5kWae8iRTXYG8=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBhs0/UWbucVzRpT2e+Xac2C7LdIpXLjyge4u6GMVcc kfG1lheJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCYbNP1AAKCRBM4MiGSL8Ryq0NEA CAmmsSpabBhYQJ0Ki4f5UeBXcl35nXGPR1tl05Vi2mIkunIApZJfokcdsBr5AO24wcgEvqzVcEA/2w s6ZM0Yyvz7ouxr981f3kgbl18f6TI8ny0X44imMPgEFI0jqC5OBO7AHWR3pdPBi0BjIlnbRvRARi8M bg8RhUINmwCo/04uTb6luoEqY4CoWuqZNDnhca3ySBLQsuO5gKjugAI3hXIXIRsrcMXR2hEMlFAPji DfTecBcuySJ4/abzudcysY6T1IF2xAECevCUt1WDFWQOHvA+RDT7FY0CNfNyadTcnsV1HGQx/L419V 7eALLjH+/FuBwF6wUUtcPjbisJJKABziEaNtViQilK6DmDjI9c/tGinlLXcdXX1ueDWprCYdCtSBji 5Ln3ll5sAOtQ90B9mba26Qr36+pw3DeReYkTliuu61oOCHkd4PvgwDxRutHXUGA5Ptpa/QElPSm/aC 7bIoNQweX7N5eyFtFCy1lad6SUTLARP+lGO+biZCBVp4v1X5fF03AEwcNt300CGN2Azxcy49kGJmsW GniGovgWICSUlu5Im5AmaC0FNnpM/9vWk8x/e+Ncez9eylfZUskKQu6jNBbzzAWnZOy7RzX7giVT8U C2ZZZMT94KGB8+QMRQ4g9SqGxsEFsYzoZOk8dRrPqG+bLOsuzeDItjkTvKjQ== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This tests that we return errors as documented, and also that the kfunc calls work from both XDP and TC hooks. Signed-off-by: Kumar Kartikeya Dwivedi --- tools/testing/selftests/bpf/config | 4 + .../testing/selftests/bpf/prog_tests/bpf_nf.c | 48 ++++++++ .../testing/selftests/bpf/progs/test_bpf_nf.c | 113 ++++++++++++++++++ 3 files changed, 165 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/bpf_nf.c create mode 100644 tools/testing/selftests/bpf/progs/test_bpf_nf.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 5192305159ec..4a2a47fcd6ef 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -46,3 +46,7 @@ CONFIG_IMA_READ_POLICY=y CONFIG_BLK_DEV_LOOP=y CONFIG_FUNCTION_TRACER=y CONFIG_DYNAMIC_FTRACE=y +CONFIG_NETFILTER=y +CONFIG_NF_DEFRAG_IPV4=y +CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_CONNTRACK=y diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c new file mode 100644 index 000000000000..56e8d745b8c8 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include "test_bpf_nf.skel.h" + +enum { + TEST_XDP, + TEST_TC_BPF, +}; + +void test_bpf_nf_ct(int mode) +{ + struct test_bpf_nf *skel; + int prog_fd, err, retval; + + skel = test_bpf_nf__open_and_load(); + if (!ASSERT_OK_PTR(skel, "test_bpf_nf__open_and_load")) + return; + + if (mode == TEST_XDP) + prog_fd = bpf_program__fd(skel->progs.nf_xdp_ct_test); + else + prog_fd = bpf_program__fd(skel->progs.nf_skb_ct_test); + + err = bpf_prog_test_run(prog_fd, 1, &pkt_v4, sizeof(pkt_v4), NULL, NULL, + (__u32 *)&retval, NULL); + if (!ASSERT_OK(err, "bpf_prog_test_run")) + goto end; + + ASSERT_EQ(skel->bss->test_einval_bpf_tuple, -EINVAL, "Test EINVAL for NULL bpf_tuple"); + ASSERT_EQ(skel->bss->test_einval_reserved, -EINVAL, "Test EINVAL for reserved not set to 0"); + ASSERT_EQ(skel->bss->test_einval_netns_id, -EINVAL, "Test EINVAL for netns_id < -1"); + ASSERT_EQ(skel->bss->test_einval_len_opts, -EINVAL, "Test EINVAL for len__opts != NF_BPF_CT_OPTS_SZ"); + ASSERT_EQ(skel->bss->test_eproto_l4proto, -EPROTO, "Test EPROTO for l4proto != TCP or UDP"); + ASSERT_EQ(skel->bss->test_enonet_netns_id, -ENONET, "Test ENONET for bad but valid netns_id"); + ASSERT_EQ(skel->bss->test_enoent_lookup, -ENOENT, "Test ENOENT for failed lookup"); + ASSERT_EQ(skel->bss->test_eafnosupport, -EAFNOSUPPORT,"Test EAFNOSUPPORT for invalid len__tuple"); +end: + test_bpf_nf__destroy(skel); +} + +void test_bpf_nf(void) +{ + if (test__start_subtest("xdp-ct")) + test_bpf_nf_ct(TEST_XDP); + if (test__start_subtest("tc-bpf-ct")) + test_bpf_nf_ct(TEST_TC_BPF); +} diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c new file mode 100644 index 000000000000..7cfff245b24f --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include + +#define EAFNOSUPPORT 97 +#define EPROTO 71 +#define ENONET 64 +#define EINVAL 22 +#define ENOENT 2 + +int test_einval_bpf_tuple = 0; +int test_einval_reserved = 0; +int test_einval_netns_id = 0; +int test_einval_len_opts = 0; +int test_eproto_l4proto = 0; +int test_enonet_netns_id = 0; +int test_enoent_lookup = 0; +int test_eafnosupport = 0; + +struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *, struct bpf_sock_tuple *, u32, + struct bpf_ct_opts *, u32) __weak __ksym; +struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32, + struct bpf_ct_opts *, u32) __weak __ksym; +void bpf_ct_release(struct nf_conn *) __weak __ksym; + +#define nf_ct_test(func, ctx) \ + ({ \ + struct bpf_ct_opts opts_def = { .l4proto = IPPROTO_TCP, \ + .netns_id = -1 }; \ + struct bpf_sock_tuple bpf_tuple; \ + struct nf_conn *ct; \ + \ + __builtin_memset(&bpf_tuple, 0, sizeof(bpf_tuple.ipv4)); \ + ct = func(ctx, NULL, 0, &opts_def, sizeof(opts_def)); \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_einval_bpf_tuple = opts_def.error; \ + \ + opts_def.reserved[0] = 1; \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def)); \ + opts_def.reserved[0] = 0; \ + opts_def.l4proto = IPPROTO_TCP; \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_einval_reserved = opts_def.error; \ + \ + opts_def.netns_id = -2; \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def)); \ + opts_def.netns_id = -1; \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_einval_netns_id = opts_def.error; \ + \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def) - 1); \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_einval_len_opts = opts_def.error; \ + \ + opts_def.l4proto = IPPROTO_ICMP; \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def)); \ + opts_def.l4proto = IPPROTO_TCP; \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_eproto_l4proto = opts_def.error; \ + \ + opts_def.netns_id = 0xf00f; \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def)); \ + opts_def.netns_id = -1; \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_enonet_netns_id = opts_def.error; \ + \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, \ + sizeof(opts_def)); \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_enoent_lookup = opts_def.error; \ + \ + ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4) - 1, \ + &opts_def, sizeof(opts_def)); \ + if (ct) \ + bpf_ct_release(ct); \ + else \ + test_eafnosupport = opts_def.error; \ + }) + +SEC("xdp") +int nf_xdp_ct_test(struct xdp_md *ctx) +{ + nf_ct_test(bpf_xdp_ct_lookup, ctx); + return 0; +} + +SEC("tc") +int nf_skb_ct_test(struct __sk_buff *ctx) +{ + nf_ct_test(bpf_skb_ct_lookup, ctx); + return 0; +} + +char _license[] SEC("license") = "GPL";