From patchwork Fri Mar 22 15:14:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061297 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="I8yQh64L"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnJy1WTnz9sRk for ; Sat, 23 Mar 2019 02:15:14 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726875AbfCVPPN (ORCPT ); Fri, 22 Mar 2019 11:15:13 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:39071 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726041AbfCVPPK (ORCPT ); Fri, 22 Mar 2019 11:15:10 -0400 Received: by mail-qk1-f194.google.com with SMTP id c189so1413524qke.6 for ; Fri, 22 Mar 2019 08:15:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QrTIattnnzoIoCXnBhPZLw71a4gsLg0y5JBNqRqRd9A=; b=I8yQh64L5/sei1ZFgULSDjdbcZrts3eqPPegz2hruKJgFS1Pke5C5sIIMGLCwQlFuy 2L1llrc9zmJpxIgbrBoLLwNBMnDt4LPD2b8BZZu/uevFi9TyOeSUTOlZjtrZmt06O2Fh WdfEAdNmbG8l9kJELHNkUz5kfZ+gojZs0YOo/mzejzNpuULZonZ9sEn4IXHkND7+kAsN IBugNRqE4aCndLdS57bCxtwdhLW/UbT+1In3WJs7rHbVPCwO1sSvaFGUTWhNTg2anj9G TxIClCd6ohHV4VmoRlUTHlwKKhv7PQJH1MFtIzAvf9DiSErD5KZ11sAFejLisjMIlQEg Shdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QrTIattnnzoIoCXnBhPZLw71a4gsLg0y5JBNqRqRd9A=; b=c/BwdyaHUF46dkrsNwc9LKDzCIVi6/Hj8aY4eVsIFb3qLeBcd4pR03hmSnXZS5vtFs f7vsSVeXQtIuGkm0QFoetpvqDMfNc/xCVSVZMxmgX4hoMLQVq+t8kJBm8sPFVxmfNy4K a24Ox9Fa43fOENShn+/8J0SdFA+faQqfTHCj/17nLGvpVjZekYOTtLGvT4nNmortQGkp feNpcLyOVVXpforZI/zsQr/NT0kNKqTRWqOGr50UeWr8kpiTTvNIlost4GaeWSOMTh28 nMrW4P5jIlbEGmxLiBd7E2NKLIGUblpTK0Hj5W4NaGgIR2DrIjs+FupdiSm4Cgw3OI7r ZWvA== X-Gm-Message-State: APjAAAXT4yox66Z+BO3hIHqo70DOoJS/Kxf67vBE/6KZz/A4Y0J5+8/o t7319TKPOXkPWfVcetEbQSSVz208 X-Google-Smtp-Source: APXvYqxVAZQH9TrLLAnSpLenjWApZswNh1p3OQ+FrN5yF7O4C4y0OwW6aTiGmTfbYFQLUPxhRdSolg== X-Received: by 2002:a37:b587:: with SMTP id e129mr8165515qkf.145.1553267708724; Fri, 22 Mar 2019 08:15:08 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:07 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 01/13] bpf: in bpf_skb_adjust_room avoid copy in tx fast path Date: Fri, 22 Mar 2019 11:14:52 -0400 Message-Id: <20190322151504.89983-2-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn bpf_skb_adjust_room calls skb_cow on grow. This expensive operation can be avoided in the fast path when the only other clone has released the header. This is the common case for TCP, where one headerless clone is kept on the retransmit queue. It is safe to do so even when touching the gso fields in skb_shinfo. Regular tunnel encap with iptunnel_handle_offloads takes the same optimization. The tcp stack unclones in the unlikely case that it accesses these fields through headerless clones packets on the retransmit queue (see __tcp_retransmit_skb). If any other clones are present, e.g., from packet sockets, skb_cow_head returns the same value as skb_cow(). Signed-off-by: Willem de Bruijn --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index d2511fe46db3..d21e1acdde29 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2971,7 +2971,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff) if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) return -ENOTSUPP; - ret = skb_cow(skb, len_diff); + ret = skb_cow_head(skb, len_diff); if (unlikely(ret < 0)) return ret; From patchwork Fri Mar 22 15:14:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061298 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hajNK3Xx"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnJz29XQz9sRk for ; Sat, 23 Mar 2019 02:15:15 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726056AbfCVPPM (ORCPT ); Fri, 22 Mar 2019 11:15:12 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:37633 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725982AbfCVPPL (ORCPT ); Fri, 22 Mar 2019 11:15:11 -0400 Received: by mail-qt1-f193.google.com with SMTP id z16so2903755qtn.4 for ; Fri, 22 Mar 2019 08:15:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YV7TUn8O/0V9LCfHwQRczM71x2YJO4G/M8x5rt32xGs=; b=hajNK3Xxhqdxfin14gu8T/qf/qf2ZPGegxZd6JspQ+9Webwm2sCxErtNpEuc9XtsEf wnRsOXbw8gleFEMG4E0bvlexsyJOSb+0jEDwog/sgntlDWbaXNucDc1l34dTegIEY3CK 1TnvvOynDpIbLIaAjJkwQX77A3B45J9uAhosbU50AR7988kBEtSDOGrlfSQ0rAO3D+gd FysVf1C8FN2I0J+ZobEwYxNSKn9ftDnvsFhOyo4z0kOg4Lu17CYfMZiUp9ZH6tZftAEZ 9EbgwEXTm0BaIoEeJA0+jqUbrsq/k1UfHQBDM829rVNUQhW3h4VSYN9zMlRhsvcMW27t MVew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YV7TUn8O/0V9LCfHwQRczM71x2YJO4G/M8x5rt32xGs=; b=jeYZYsR+U+XccgDegIXPdb7cq7mrnPk7m8feWSqAplG7lemYzh5ta6zVYoYkfV8kxc 2TNEsc1EcrKChzk4V+UQ5+7xv14jjIv1vP2P97JlXecC7zL/0B8Oa+PndZNGKHu384Wh Rv2L+yllflq5gqGwDSDreTJ5vo2EcVjB2i+KuTSSEPqKnt+bePxQ/71PkAdtmWZu1VzD JL3G8EGivU8Fb4/b3GNhHdrAp+ZQLleBvyNU77SQAYw/+/JXYz4o/vCppu+Dd/EIrfdi SmC9O5/nGTf7TNRgQ7F2vGO+uJ/kJVW7/KC3cA9z/p0plV8XRgcovpZmNlnfQhY2BUz8 Wm9w== X-Gm-Message-State: APjAAAVJKnpRlIjrI/xS2DaVU0xzDL+yqEphSbSoG/bLGWOsS+7eCqpg 7+zqhrWQLAIyh4zYzVavGZwHcn/K X-Google-Smtp-Source: APXvYqyNBEgjWKQwf/lufLg7ICANAJ68oGLNAP9ZDZGPeMhBxszsgy59ADqczB33N02Asd5eXbt5tQ== X-Received: by 2002:ac8:1497:: with SMTP id l23mr8583576qtj.296.1553267710325; Fri, 22 Mar 2019 08:15:10 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:09 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 02/13] selftests/bpf: bpf tunnel encap test Date: Fri, 22 Mar 2019 11:14:53 -0400 Message-Id: <20190322151504.89983-3-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Validate basic tunnel encapsulation using ipip. Set up two namespaces connected by veth. Connect a client and server. Do this with and without bpf encap. Signed-off-by: Willem de Bruijn --- tools/testing/selftests/bpf/Makefile | 3 +- .../selftests/bpf/progs/test_tc_tunnel.c | 83 +++++++++++++++++++ tools/testing/selftests/bpf/test_tc_tunnel.sh | 75 +++++++++++++++++ 3 files changed, 160 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/progs/test_tc_tunnel.c create mode 100755 tools/testing/selftests/bpf/test_tc_tunnel.sh diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index edd59707cb1f..cdcc54ddf4b9 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -52,7 +52,8 @@ TEST_PROGS := test_kmod.sh \ test_flow_dissector.sh \ test_xdp_vlan.sh \ test_lwt_ip_encap.sh \ - test_tcp_check_syncookie.sh + test_tcp_check_syncookie.sh \ + test_tc_tunnel.sh TEST_PROGS_EXTENDED := with_addr.sh \ with_tunnels.sh \ diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c new file mode 100644 index 000000000000..8223e4347be8 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* In-place tunneling */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "bpf_endian.h" +#include "bpf_helpers.h" + +static const int cfg_port = 8000; + +static __always_inline void set_ipv4_csum(struct iphdr *iph) +{ + __u16 *iph16 = (__u16 *)iph; + __u32 csum; + int i; + + iph->check = 0; + +#pragma clang loop unroll(full) + for (i = 0, csum = 0; i < sizeof(*iph) >> 1; i++) + csum += *iph16++; + + iph->check = ~((csum & 0xffff) + (csum >> 16)); +} + +SEC("encap") +int encap_f(struct __sk_buff *skb) +{ + struct iphdr iph_outer, iph_inner; + struct tcphdr tcph; + + if (skb->protocol != __bpf_constant_htons(ETH_P_IP)) + return TC_ACT_OK; + + if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, + sizeof(iph_inner)) < 0) + return TC_ACT_OK; + + /* filter only packets we want */ + if (iph_inner.ihl != 5 || iph_inner.protocol != IPPROTO_TCP) + return TC_ACT_OK; + + if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_inner), + &tcph, sizeof(tcph)) < 0) + return TC_ACT_OK; + + if (tcph.dest != __bpf_constant_htons(cfg_port)) + return TC_ACT_OK; + + /* add room between mac and network header */ + if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0)) + return TC_ACT_SHOT; + + /* prepare new outer network header */ + iph_outer = iph_inner; + iph_outer.protocol = IPPROTO_IPIP; + iph_outer.tot_len = bpf_htons(sizeof(iph_outer) + + bpf_htons(iph_outer.tot_len)); + set_ipv4_csum(&iph_outer); + + /* store new outer network header */ + if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer), + BPF_F_INVALIDATE_HASH) < 0) + return TC_ACT_SHOT; + + /* bpf_skb_adjust_room has moved header to start of room: restore */ + if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer), + &iph_inner, sizeof(iph_inner), + BPF_F_INVALIDATE_HASH) < 0) + return TC_ACT_SHOT; + + return TC_ACT_OK; +} + +char __license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh new file mode 100755 index 000000000000..6ebb288a3afc --- /dev/null +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# In-place tunneling + +# must match the port that the bpf program filters on +readonly port=8000 + +readonly ns_prefix="ns-$$-" +readonly ns1="${ns_prefix}1" +readonly ns2="${ns_prefix}2" + +readonly ns1_v4=192.168.1.1 +readonly ns2_v4=192.168.1.2 + +setup() { + ip netns add "${ns1}" + ip netns add "${ns2}" + + ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \ + peer name veth2 mtu 1500 netns "${ns2}" + + ip -netns "${ns1}" link set veth1 up + ip -netns "${ns2}" link set veth2 up + + ip -netns "${ns1}" -4 addr add "${ns1_v4}/24" dev veth1 + ip -netns "${ns2}" -4 addr add "${ns2_v4}/24" dev veth2 + + sleep 1 +} + +cleanup() { + ip netns del "${ns2}" + ip netns del "${ns1}" +} + +server_listen() { + ip netns exec "${ns2}" nc -l -p "${port}" & + sleep 0.2 +} + +client_connect() { + ip netns exec "${ns1}" nc -z -w 1 "${ns2_v4}" "${port}" + echo $? +} + +set -e +trap cleanup EXIT + +setup + +# basic communication works +echo "test basic connectivity" +server_listen +client_connect + +# clientside, insert bpf program to encap all TCP to port ${port} +# client can no longer connect +ip netns exec "${ns1}" tc qdisc add dev veth1 clsact +ip netns exec "${ns1}" tc filter add dev veth1 egress \ + bpf direct-action object-file ./test_tc_tunnel.o section encap +echo "test bpf encap without decap (expect failure)" +server_listen +! client_connect + +# serverside, insert decap module +# server is still running +# client can connect again +ip netns exec "${ns2}" ip link add dev testtun0 type ipip \ + remote "${ns1_v4}" local "${ns2_v4}" +ip netns exec "${ns2}" ip link set dev testtun0 up +echo "test bpf encap with tunnel device decap" +client_connect + +echo OK From patchwork Fri Mar 22 15:14:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061299 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="AoEYdRCj"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK10ZMSz9sRk for ; Sat, 23 Mar 2019 02:15:17 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726916AbfCVPPP (ORCPT ); Fri, 22 Mar 2019 11:15:15 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:34247 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726681AbfCVPPM (ORCPT ); Fri, 22 Mar 2019 11:15:12 -0400 Received: by mail-qk1-f194.google.com with SMTP id n68so1432899qka.1 for ; Fri, 22 Mar 2019 08:15:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3IJTOJ3NuE4a4eb2X9ZRlfqVP0NHRFc69ek8Q6qamsc=; b=AoEYdRCjD+LmEf2eatmoyYOoM3l1MwcB7oBghQGs70AYgAxW74VRVi2LBhytd1oBok izFUb+7R9GUr4qMr7jBfTDCWLWO2ORIdtvM7SYC2CZAmDgEBJYFLMtGuwhYKylKrg/ZQ HwOipQrA/qWc9LxlKu44VtlNleXsyZleVVJ0cQnS0RQUyx6OFMJMcC9NeVl0kWwnWVXz 0kLS3z7aa/g/AuYD+Qg5+BpTqX5ZowRqY5ztdfqpDt6N50fio9Kdb4VHDTsGaSaj/rNv F9Hhz6fUCZG2PUH7oi/bHtTkaoJkBaATS7p94h08kDl1VBC6yZ/e7uQBDgIPI8nreepJ PxGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3IJTOJ3NuE4a4eb2X9ZRlfqVP0NHRFc69ek8Q6qamsc=; b=ZLgZIHFTIgPPoOEE/FsqlMHMuTu4zkcE7QsgCAa/5kcUJG7ZBmWE0e+l+QsKhmxq6c m8Ay0y+oga0d/4Ce6QMRrF5ZGq3NxAiKXVrOWCtaLLmcWxhk3AQnYLUQxeKBpqADwYF7 xuXwZqdv7Qt89BHh8Ecmq3a5DerV9duq5SoYhENzyYCrbFuo+Ek12vG7XOssAF0HVLRj Cu3UMqof4IzRXrBpikEYz8w6/ncX+2VVQdwO/YvK4YqqQ+c6zw6SpdAZ7E69W5Ps+csz rPI6g9abtgbe8V4zJ8p5GjyoJ5nF52psA3YC2RLTmAbzBpFqpPlnOoJJ1h6cc8RGSrR9 wNVg== X-Gm-Message-State: APjAAAXKVD2TBgbeJ6viWL4vQY9pqR4Yn+O1Lwwk2XcmgRLeuL207yAd QzeKfX2Kb3InZU//yOW0Z3l9MNZX X-Google-Smtp-Source: APXvYqyfBmgoe0klDm1Jls7JcH/uUC/2M9tBQnIBi8EjoP4M84wajAKIk4HiXXkqppSNeRfLHsELtg== X-Received: by 2002:a37:d8e:: with SMTP id 136mr7803911qkn.95.1553267711656; Fri, 22 Mar 2019 08:15:11 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:10 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 03/13] selftests/bpf: expand bpf tunnel test with decap Date: Fri, 22 Mar 2019 11:14:54 -0400 Message-Id: <20190322151504.89983-4-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn The bpf tunnel test encapsulates using bpf, then decapsulates using a standard tunnel device to verify correctness. Once encap is verified, also test decap, by replacing the tunnel device on decap with another bpf program. Signed-off-by: Willem de Bruijn --- .../selftests/bpf/progs/test_tc_tunnel.c | 31 +++++++++++++++++++ tools/testing/selftests/bpf/test_tc_tunnel.sh | 9 ++++++ 2 files changed, 40 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index 8223e4347be8..25db148635ab 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -80,4 +80,35 @@ int encap_f(struct __sk_buff *skb) return TC_ACT_OK; } +SEC("decap") +int decap_f(struct __sk_buff *skb) +{ + struct iphdr iph_outer, iph_inner; + + if (skb->protocol != __bpf_constant_htons(ETH_P_IP)) + return TC_ACT_OK; + + if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer, + sizeof(iph_outer)) < 0) + return TC_ACT_OK; + + if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP) + return TC_ACT_OK; + + if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_outer), + &iph_inner, sizeof(iph_inner)) < 0) + return TC_ACT_OK; + + if (bpf_skb_adjust_room(skb, -(int)sizeof(iph_outer), + BPF_ADJ_ROOM_NET, 0)) + return TC_ACT_SHOT; + + /* bpf_skb_adjust_room has moved outer over inner header: restore */ + if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner), + BPF_F_INVALIDATE_HASH) < 0) + return TC_ACT_SHOT; + + return TC_ACT_OK; +} + char __license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 6ebb288a3afc..91151d91e5a1 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -72,4 +72,13 @@ ip netns exec "${ns2}" ip link set dev testtun0 up echo "test bpf encap with tunnel device decap" client_connect +# serverside, use BPF for decap +ip netns exec "${ns2}" ip link del dev testtun0 +ip netns exec "${ns2}" tc qdisc add dev veth2 clsact +ip netns exec "${ns2}" tc filter add dev veth2 ingress \ + bpf direct-action object-file ./test_tc_tunnel.o section decap +server_listen +echo "test bpf encap with bpf decap" +client_connect + echo OK From patchwork Fri Mar 22 15:14:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061310 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="X1h+co+B"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnKL6Wr9z9sRk for ; Sat, 23 Mar 2019 02:15:34 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726897AbfCVPPO (ORCPT ); Fri, 22 Mar 2019 11:15:14 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:46046 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726041AbfCVPPO (ORCPT ); Fri, 22 Mar 2019 11:15:14 -0400 Received: by mail-qk1-f196.google.com with SMTP id z76so1391972qkb.12 for ; Fri, 22 Mar 2019 08:15:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=V3Xe9B9UkTPy9YDW9cUkuFKo3t2iJY2gVpnJaQiNSuU=; b=X1h+co+B1vkU6jrE6Jh5mJHQiAxazdV2s2rNhZhpkJm+yrsDgkL3yxGU7AK4PDFPZS J+U0cjjLRHmfxVmKvcyMxTjtv3Wz46L+79pZfUJhONoLRBZpqnPyagWVvJ/4xXENKW4G qv1FtPWX1UHlpKfQNQxPoFKYq9t/u4G100k5gmvUH43TE+X0mDDCwHZHLfW6i1ePPC01 DCJ2eMs/+i4lAhIkWaohiwvCxLRHho/6ZYVkRJsNH123gPIpSoqXhcU4WKVQNouW7ZxY fYZM7vAylXA6z9aZ0BcYJSiRo2KhNmesrEerv9m5+DuXe5tIBWYeGua1FVlVsVxnIjUp WUJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=V3Xe9B9UkTPy9YDW9cUkuFKo3t2iJY2gVpnJaQiNSuU=; b=rOmbOrcufJrEKWAKE897griKgDwhtMgM7KPlJ+d8HvTEI9O+STMMMhWga7+h6uTS3a 7Zsyqw6z3rBsGs8EfqbgZ9dpP03bp+5Ez88nImOztkj+LRugyRmP15HnAx5VOOjk9lXG L2J5DEt45MptmlDFADulENKHZEmYAWiUSBqYWyq7aWN301Vk0EYaEzRh8sFmzh+Fp3F7 jmD4Hex1q3M5kKForkFnFYaSX85jQgpC1OQWasDm+NCnJvAWSpT56oTfhoM3+X/3BZvj ZzRtqkhNOacQdp24JjsfdbkDpIk68DBOfoUlJwf6dgHFoChR7UUfKx/Imp1rBwZLqkxy IoxA== X-Gm-Message-State: APjAAAXPHOlkwwG4mdiaapQaJ3HrqLN1sI+glY8xkxHS/TxeDVMdx/MF L81xXzkqj5uvHqyXaGworwtpX08l X-Google-Smtp-Source: APXvYqztvpUV0aztTq9iz/J+Fa5+rzZWZrOKWFWRDVUeRVAZbU85LDY84w61OOe68+NA9tZJyegT4g== X-Received: by 2002:a37:b46:: with SMTP id 67mr8172204qkl.70.1553267712788; Fri, 22 Mar 2019 08:15:12 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:11 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 04/13] selftests/bpf: expand bpf tunnel test to ipv6 Date: Fri, 22 Mar 2019 11:14:55 -0400 Message-Id: <20190322151504.89983-5-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn The test only uses ipv4 so far, expand to ipv6. This is mostly a boilerplate near copy of the ipv4 path. Signed-off-by: Willem de Bruijn --- tools/testing/selftests/bpf/config | 2 + .../selftests/bpf/progs/test_tc_tunnel.c | 116 +++++++++++++++--- tools/testing/selftests/bpf/test_tc_tunnel.sh | 53 +++++++- 3 files changed, 149 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 37f947ec44ed..a42f4fc4dc11 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -23,3 +23,5 @@ CONFIG_LWTUNNEL=y CONFIG_BPF_STREAM_PARSER=y CONFIG_XDP_SOCKETS=y CONFIG_FTRACE_SYSCALLS=y +CONFIG_IPV6_TUNNEL=y +CONFIG_IPV6_GRE=y diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index 25db148635ab..591f540ce513 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -31,15 +32,11 @@ static __always_inline void set_ipv4_csum(struct iphdr *iph) iph->check = ~((csum & 0xffff) + (csum >> 16)); } -SEC("encap") -int encap_f(struct __sk_buff *skb) +static int encap_ipv4(struct __sk_buff *skb) { struct iphdr iph_outer, iph_inner; struct tcphdr tcph; - if (skb->protocol != __bpf_constant_htons(ETH_P_IP)) - return TC_ACT_OK; - if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner)) < 0) return TC_ACT_OK; @@ -80,35 +77,118 @@ int encap_f(struct __sk_buff *skb) return TC_ACT_OK; } -SEC("decap") -int decap_f(struct __sk_buff *skb) +static int encap_ipv6(struct __sk_buff *skb) { - struct iphdr iph_outer, iph_inner; + struct ipv6hdr iph_outer, iph_inner; + struct tcphdr tcph; - if (skb->protocol != __bpf_constant_htons(ETH_P_IP)) + if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, + sizeof(iph_inner)) < 0) return TC_ACT_OK; - if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer, - sizeof(iph_outer)) < 0) + /* filter only packets we want */ + if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_inner), + &tcph, sizeof(tcph)) < 0) return TC_ACT_OK; - if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP) + if (tcph.dest != __bpf_constant_htons(cfg_port)) + return TC_ACT_OK; + + /* add room between mac and network header */ + if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0)) + return TC_ACT_SHOT; + + /* prepare new outer network header */ + iph_outer = iph_inner; + iph_outer.nexthdr = IPPROTO_IPV6; + iph_outer.payload_len = bpf_htons(sizeof(iph_outer) + + bpf_ntohs(iph_outer.payload_len)); + + /* store new outer network header */ + if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer), + BPF_F_INVALIDATE_HASH) < 0) + return TC_ACT_SHOT; + + /* bpf_skb_adjust_room has moved header to start of room: restore */ + if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer), + &iph_inner, sizeof(iph_inner), + BPF_F_INVALIDATE_HASH) < 0) + return TC_ACT_SHOT; + + return TC_ACT_OK; +} + +SEC("encap") +int encap_f(struct __sk_buff *skb) +{ + switch (skb->protocol) { + case __bpf_constant_htons(ETH_P_IP): + return encap_ipv4(skb); + case __bpf_constant_htons(ETH_P_IPV6): + return encap_ipv6(skb); + default: + /* does not match, ignore */ return TC_ACT_OK; + } +} - if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_outer), - &iph_inner, sizeof(iph_inner)) < 0) +static int decap_internal(struct __sk_buff *skb, int off, int len) +{ + char buf[sizeof(struct ipv6hdr)]; + + if (bpf_skb_load_bytes(skb, off + len, &buf, len) < 0) return TC_ACT_OK; - if (bpf_skb_adjust_room(skb, -(int)sizeof(iph_outer), - BPF_ADJ_ROOM_NET, 0)) + if (bpf_skb_adjust_room(skb, -len, BPF_ADJ_ROOM_NET, 0)) return TC_ACT_SHOT; /* bpf_skb_adjust_room has moved outer over inner header: restore */ - if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner), - BPF_F_INVALIDATE_HASH) < 0) + if (bpf_skb_store_bytes(skb, off, buf, len, BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; return TC_ACT_OK; } +static int decap_ipv4(struct __sk_buff *skb) +{ + struct iphdr iph_outer; + + if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer, + sizeof(iph_outer)) < 0) + return TC_ACT_OK; + + if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP) + return TC_ACT_OK; + + return decap_internal(skb, ETH_HLEN, sizeof(iph_outer)); +} + +static int decap_ipv6(struct __sk_buff *skb) +{ + struct ipv6hdr iph_outer; + + if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer, + sizeof(iph_outer)) < 0) + return TC_ACT_OK; + + if (iph_outer.nexthdr != IPPROTO_IPV6) + return TC_ACT_OK; + + return decap_internal(skb, ETH_HLEN, sizeof(iph_outer)); +} + +SEC("decap") +int decap_f(struct __sk_buff *skb) +{ + switch (skb->protocol) { + case __bpf_constant_htons(ETH_P_IP): + return decap_ipv4(skb); + case __bpf_constant_htons(ETH_P_IPV6): + return decap_ipv6(skb); + default: + /* does not match, ignore */ + return TC_ACT_OK; + } +} + char __license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 91151d91e5a1..7b1758f3006b 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -12,6 +12,9 @@ readonly ns2="${ns_prefix}2" readonly ns1_v4=192.168.1.1 readonly ns2_v4=192.168.1.2 +readonly ns1_v6=fd::1 +readonly ns2_v6=fd::2 + setup() { ip netns add "${ns1}" @@ -25,6 +28,8 @@ setup() { ip -netns "${ns1}" -4 addr add "${ns1_v4}/24" dev veth1 ip -netns "${ns2}" -4 addr add "${ns2_v4}/24" dev veth2 + ip -netns "${ns1}" -6 addr add "${ns1_v6}/64" dev veth1 nodad + ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad sleep 1 } @@ -35,16 +40,56 @@ cleanup() { } server_listen() { - ip netns exec "${ns2}" nc -l -p "${port}" & + ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" & sleep 0.2 } client_connect() { - ip netns exec "${ns1}" nc -z -w 1 "${ns2_v4}" "${port}" + ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}" echo $? } set -e + +# no arguments: automated test, run all +if [[ "$#" -eq "0" ]]; then + echo "ipip" + $0 ipv4 + + echo "ip6ip6" + $0 ipv6 + + echo "OK. All tests passed" + exit 0 +fi + +if [[ "$#" -ne "1" ]]; then + echo "Usage: $0" + echo " or: $0 " + exit 1 +fi + +case "$1" in +"ipv4") + readonly tuntype=ipip + readonly addr1="${ns1_v4}" + readonly addr2="${ns2_v4}" + readonly netcat_opt=-4 + ;; +"ipv6") + readonly tuntype=ip6tnl + readonly addr1="${ns1_v6}" + readonly addr2="${ns2_v6}" + readonly netcat_opt=-6 + ;; +*) + echo "unknown arg: $1" + exit 1 + ;; +esac + +echo "encap ${addr1} to ${addr2}, type ${tuntype}" + trap cleanup EXIT setup @@ -66,8 +111,8 @@ server_listen # serverside, insert decap module # server is still running # client can connect again -ip netns exec "${ns2}" ip link add dev testtun0 type ipip \ - remote "${ns1_v4}" local "${ns2_v4}" +ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \ + remote "${addr1}" local "${addr2}" ip netns exec "${ns2}" ip link set dev testtun0 up echo "test bpf encap with tunnel device decap" client_connect From patchwork Fri Mar 22 15:14:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061300 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="qWgsSFin"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK161Nwz9sRm for ; Sat, 23 Mar 2019 02:15:17 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726969AbfCVPPQ (ORCPT ); Fri, 22 Mar 2019 11:15:16 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:43634 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726041AbfCVPPP (ORCPT ); Fri, 22 Mar 2019 11:15:15 -0400 Received: by mail-qk1-f193.google.com with SMTP id c20so1399921qkc.10 for ; Fri, 22 Mar 2019 08:15:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2tN6ndlAYd76zQ7/OWBo5Boikc748C5oq1qjQBshevg=; b=qWgsSFinZ89wLF3CkWQLje0XTSiMUt6AsrQN040rXZjvkYRf/FtwHb0xudDlS337gG joYD6BVJw+Wo/YR7UJdc4QYKw89CY3KHdRsYsthxXqTc1HxsOI6GjHXXl3BWwzPdiHrU TR/PBqd4T/oIzqZu81opOVCeOOk13SNOFQ6yQJKMrBA5ZuRXV0UGHzFkv4jlafC9qpoI sPYzs6IlhVmRpjL8lVKyedlK1WZhGgROrnivlII6IHcCwuE51BdXYj6Cy7Qhb/pk+FCJ VoOeuHqQAx9jFFtJ8bCnc2LWr/WPERy0Au9wcLhze5NemHV06+ED5aavkIcaOKdxYf1u y4OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2tN6ndlAYd76zQ7/OWBo5Boikc748C5oq1qjQBshevg=; b=DGLlmzqNv5yF3cMJywzBA3AWok7p4tzRfC7mztUWtKKWdbFWeiNRIxkiqXJqHfoIGq blSlb10qAgNKvprHiPhw74VHvL7v3GONPtpOKxmmGr26oiHIyMQbH0uPbBHLNr8mCb+0 uIsI4PEQr2Kil3CtwfJCiF6Z7MRai3700CxpKPtzrDbBJpZEs+AyItWCWPN/N6KW7A/G rhoi2PzviGSAnYD5BwPo880szfNp4LmI5VWE5mvqiKo7UJ6AButMdzixCa2UhUQHmvti A9zZDDG2O4VPMbXOmpTnHWgr62PvyeiQCzBPKlmGh8PAT/POzK3+TSCJz59dwCnv5fHH 6dag== X-Gm-Message-State: APjAAAW/1fY3feqAMQi66GmXcmJleaLHjLmt60+f/p2fbSv0066nnTuP WDiTRey7r1Exnw3klHq0L/ix5Efm X-Google-Smtp-Source: APXvYqyklRXUjY4uEFga5xeqCbk+JJ9/8clx14fTj2icrCLAfW52iqJgU1rK5SfhZsJuV4j0v8AM5g== X-Received: by 2002:a37:a2d5:: with SMTP id l204mr7609722qke.297.1553267714005; Fri, 22 Mar 2019 08:15:14 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:13 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 05/13] selftests/bpf: extend bpf tunnel test with gre Date: Fri, 22 Mar 2019 11:14:56 -0400 Message-Id: <20190322151504.89983-6-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn GRE is a commonly used protocol. Add GRE cases for both IPv4 and IPv6. It also inserts different sized headers, which can expose some unexpected edge cases. Signed-off-by: Willem de Bruijn --- .../selftests/bpf/progs/test_tc_tunnel.c | 148 +++++++++++++----- tools/testing/selftests/bpf/test_tc_tunnel.sh | 21 ++- 2 files changed, 123 insertions(+), 46 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index 591f540ce513..900c5653105f 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -2,6 +2,9 @@ /* In-place tunneling */ +#include +#include + #include #include #include @@ -17,6 +20,18 @@ static const int cfg_port = 8000; +struct grev4hdr { + struct iphdr ip; + __be16 flags; + __be16 protocol; +} __attribute__((packed)); + +struct grev6hdr { + struct ipv6hdr ip; + __be16 flags; + __be16 protocol; +} __attribute__((packed)); + static __always_inline void set_ipv4_csum(struct iphdr *iph) { __u16 *iph16 = (__u16 *)iph; @@ -32,10 +47,12 @@ static __always_inline void set_ipv4_csum(struct iphdr *iph) iph->check = ~((csum & 0xffff) + (csum >> 16)); } -static int encap_ipv4(struct __sk_buff *skb) +static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) { - struct iphdr iph_outer, iph_inner; + struct grev4hdr h_outer; + struct iphdr iph_inner; struct tcphdr tcph; + int olen; if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner)) < 0) @@ -52,24 +69,33 @@ static int encap_ipv4(struct __sk_buff *skb) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; + olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); + /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0)) return TC_ACT_SHOT; /* prepare new outer network header */ - iph_outer = iph_inner; - iph_outer.protocol = IPPROTO_IPIP; - iph_outer.tot_len = bpf_htons(sizeof(iph_outer) + - bpf_htons(iph_outer.tot_len)); - set_ipv4_csum(&iph_outer); + h_outer.ip = iph_inner; + h_outer.ip.tot_len = bpf_htons(olen + + bpf_htons(h_outer.ip.tot_len)); + if (with_gre) { + h_outer.ip.protocol = IPPROTO_GRE; + h_outer.protocol = bpf_htons(ETH_P_IP); + h_outer.flags = 0; + } else { + h_outer.ip.protocol = IPPROTO_IPIP; + } + + set_ipv4_csum((void *)&h_outer.ip); /* store new outer network header */ - if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer), + if (bpf_skb_store_bytes(skb, ETH_HLEN, &h_outer, olen, BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; /* bpf_skb_adjust_room has moved header to start of room: restore */ - if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer), + if (bpf_skb_store_bytes(skb, ETH_HLEN + olen, &iph_inner, sizeof(iph_inner), BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; @@ -77,10 +103,12 @@ static int encap_ipv4(struct __sk_buff *skb) return TC_ACT_OK; } -static int encap_ipv6(struct __sk_buff *skb) +static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) { - struct ipv6hdr iph_outer, iph_inner; + struct ipv6hdr iph_inner; + struct grev6hdr h_outer; struct tcphdr tcph; + int olen; if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner)) < 0) @@ -94,23 +122,31 @@ static int encap_ipv6(struct __sk_buff *skb) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; + olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); + /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0)) return TC_ACT_SHOT; /* prepare new outer network header */ - iph_outer = iph_inner; - iph_outer.nexthdr = IPPROTO_IPV6; - iph_outer.payload_len = bpf_htons(sizeof(iph_outer) + - bpf_ntohs(iph_outer.payload_len)); + h_outer.ip = iph_inner; + h_outer.ip.payload_len = bpf_htons(olen + + bpf_ntohs(h_outer.ip.payload_len)); + if (with_gre) { + h_outer.ip.nexthdr = IPPROTO_GRE; + h_outer.protocol = bpf_htons(ETH_P_IPV6); + h_outer.flags = 0; + } else { + h_outer.ip.nexthdr = IPPROTO_IPV6; + } /* store new outer network header */ - if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer), + if (bpf_skb_store_bytes(skb, ETH_HLEN, &h_outer, olen, BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; /* bpf_skb_adjust_room has moved header to start of room: restore */ - if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer), + if (bpf_skb_store_bytes(skb, ETH_HLEN + olen, &iph_inner, sizeof(iph_inner), BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; @@ -118,28 +154,63 @@ static int encap_ipv6(struct __sk_buff *skb) return TC_ACT_OK; } -SEC("encap") -int encap_f(struct __sk_buff *skb) +SEC("encap_ipip") +int __encap_ipip(struct __sk_buff *skb) { - switch (skb->protocol) { - case __bpf_constant_htons(ETH_P_IP): - return encap_ipv4(skb); - case __bpf_constant_htons(ETH_P_IPV6): - return encap_ipv6(skb); - default: - /* does not match, ignore */ + if (skb->protocol == __bpf_constant_htons(ETH_P_IP)) + return encap_ipv4(skb, false); + else return TC_ACT_OK; - } } -static int decap_internal(struct __sk_buff *skb, int off, int len) +SEC("encap_gre") +int __encap_gre(struct __sk_buff *skb) { - char buf[sizeof(struct ipv6hdr)]; + if (skb->protocol == __bpf_constant_htons(ETH_P_IP)) + return encap_ipv4(skb, true); + else + return TC_ACT_OK; +} - if (bpf_skb_load_bytes(skb, off + len, &buf, len) < 0) +SEC("encap_ip6tnl") +int __encap_ip6tnl(struct __sk_buff *skb) +{ + if (skb->protocol == __bpf_constant_htons(ETH_P_IPV6)) + return encap_ipv6(skb, false); + else + return TC_ACT_OK; +} + +SEC("encap_ip6gre") +int __encap_ip6gre(struct __sk_buff *skb) +{ + if (skb->protocol == __bpf_constant_htons(ETH_P_IPV6)) + return encap_ipv6(skb, true); + else return TC_ACT_OK; +} - if (bpf_skb_adjust_room(skb, -len, BPF_ADJ_ROOM_NET, 0)) +static int decap_internal(struct __sk_buff *skb, int off, int len, char proto) +{ + char buf[sizeof(struct grev6hdr)]; + int olen; + + switch (proto) { + case IPPROTO_IPIP: + case IPPROTO_IPV6: + olen = len; + break; + case IPPROTO_GRE: + olen = len + 4 /* gre hdr */; + break; + default: + return TC_ACT_OK; + } + + if (bpf_skb_load_bytes(skb, off + olen, &buf, olen) < 0) + return TC_ACT_OK; + + if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_NET, 0)) return TC_ACT_SHOT; /* bpf_skb_adjust_room has moved outer over inner header: restore */ @@ -157,10 +228,11 @@ static int decap_ipv4(struct __sk_buff *skb) sizeof(iph_outer)) < 0) return TC_ACT_OK; - if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP) + if (iph_outer.ihl != 5) return TC_ACT_OK; - return decap_internal(skb, ETH_HLEN, sizeof(iph_outer)); + return decap_internal(skb, ETH_HLEN, sizeof(iph_outer), + iph_outer.protocol); } static int decap_ipv6(struct __sk_buff *skb) @@ -171,10 +243,8 @@ static int decap_ipv6(struct __sk_buff *skb) sizeof(iph_outer)) < 0) return TC_ACT_OK; - if (iph_outer.nexthdr != IPPROTO_IPV6) - return TC_ACT_OK; - - return decap_internal(skb, ETH_HLEN, sizeof(iph_outer)); + return decap_internal(skb, ETH_HLEN, sizeof(iph_outer), + iph_outer.nexthdr); } SEC("decap") diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7b1758f3006b..c78922048610 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -54,30 +54,36 @@ set -e # no arguments: automated test, run all if [[ "$#" -eq "0" ]]; then echo "ipip" - $0 ipv4 + $0 ipv4 ipip echo "ip6ip6" - $0 ipv6 + $0 ipv6 ip6tnl + + echo "ip gre" + $0 ipv4 gre + + echo "ip6 gre" + $0 ipv6 ip6gre echo "OK. All tests passed" exit 0 fi -if [[ "$#" -ne "1" ]]; then +if [[ "$#" -ne "2" ]]; then echo "Usage: $0" - echo " or: $0 " + echo " or: $0 " exit 1 fi case "$1" in "ipv4") - readonly tuntype=ipip + readonly tuntype=$2 readonly addr1="${ns1_v4}" readonly addr2="${ns2_v4}" readonly netcat_opt=-4 ;; "ipv6") - readonly tuntype=ip6tnl + readonly tuntype=$2 readonly addr1="${ns1_v6}" readonly addr2="${ns2_v6}" readonly netcat_opt=-6 @@ -103,7 +109,8 @@ client_connect # client can no longer connect ip netns exec "${ns1}" tc qdisc add dev veth1 clsact ip netns exec "${ns1}" tc filter add dev veth1 egress \ - bpf direct-action object-file ./test_tc_tunnel.o section encap + bpf direct-action object-file ./test_tc_tunnel.o \ + section "encap_${tuntype}" echo "test bpf encap without decap (expect failure)" server_listen ! client_connect From patchwork Fri Mar 22 15:14:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061301 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="rXVChrJ6"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK42hB5z9sRk for ; Sat, 23 Mar 2019 02:15:20 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727000AbfCVPPT (ORCPT ); Fri, 22 Mar 2019 11:15:19 -0400 Received: from mail-qt1-f176.google.com ([209.85.160.176]:44379 "EHLO mail-qt1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726681AbfCVPPR (ORCPT ); Fri, 22 Mar 2019 11:15:17 -0400 Received: by mail-qt1-f176.google.com with SMTP id w5so2845446qtb.11 for ; Fri, 22 Mar 2019 08:15:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=V9O1k0o8XdKC1BLCZRfnqqhrwkkqM2cCLE+lxk24dIo=; b=rXVChrJ6jpgT+rha8mXYq+VZ0RmZNjSWbDuWITPM8kv6yzUDxzk4jbMm2zrTCJYLxW KLYUGpZCsTF3fPIyP7o5+dNiYbm9sfRZmCQnuSGHY3lVN5WyHC9DRmpDiIKTd5DARa2s UY/+H/n8s7vYKdAutQ/930lQqEOpqZZitlugBvqI2xvavJS+SGaN3/8F5m6kpM4l/2vC +CdZaBqXAVslmbIDyiFLXSKxCfxNwJcFCCV+KpNoX+DUBGphejJYHdNiYv20/uZs6d1B phRbMmMQw+cftIYChy2rXMoJ1H6uxxG3LJMMwnOZrn0vHzGxzpdHd8Y4NTQKJ4tNB9jv PzTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=V9O1k0o8XdKC1BLCZRfnqqhrwkkqM2cCLE+lxk24dIo=; b=oQN3buRqRONz6dWHknz2+QvxkWz87uf9AWqrivzqLtMwfMpTRJ1n6R1cCkcfg8iIyV zNPbES1Yvydz1ynD1FH9BbfJH7ef1oCp9K7LygF2o293L9w+97sNUmMA4BP3OKfl05RV U4Np3JW6EcOhGVOlbVddS1zToNpAXcGhRJnZouRA4BtnrPdQrY9KMDWqU72souwFm+nV lgPNKrGUb9u4kH7/RgAx6uf8yglfYm3JA5LNglc0R5bamSi2ZqYUOOHjFBWpDH682NPt HyeBZYfifXba3FPMol6k6DalRyDjOva9yr1e5hFhxQ5NqC89FLd2iDrYEjOYwoDU5Syz 0xfA== X-Gm-Message-State: APjAAAV1ouI0uwPT27a4F7VI5miG7eHfSbkO8Gzlr6L/2DrC46nsnzHh fU/KoAHk2T+k3OK3q4HITfKrWqrV X-Google-Smtp-Source: APXvYqw2/B42Ol4ykophVZJjHay7f7DITuppK1E0VY/RQQn2og05z9iaZ8k2jaxmeiFLdNFHGzTYKw== X-Received: by 2002:aed:3ee7:: with SMTP id o36mr8681341qtf.355.1553267715445; Fri, 22 Mar 2019 08:15:15 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:14 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 06/13] selftests/bpf: extend bpf tunnel test with tso Date: Fri, 22 Mar 2019 11:14:57 -0400 Message-Id: <20190322151504.89983-7-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Segmentation offload takes a longer path. Verify that the feature works with large packets. The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth TSO is permissive. If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on supporting NICs. The feature sets SKB_GSO_DODGY because the caller is untrusted. As a result the packets traverse through the gso stack at least up to TCP. And fail the gso_type validation, such as the skb->encapsulation check in gre_gso_segment and the gso_type checks introduced in commit 418e897e0716 ("gso: validate gso_type on ipip style tunnel"). This will be addressed in a follow-on feature patch. In the meantime, disable the new gso tests. Changes v1->v2: - not all netcat versions support flag '-q', use timeout instead Signed-off-by: Willem de Bruijn --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 +++++++++++++++---- 1 file changed, 49 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index c78922048610..9e18754f2354 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2 readonly ns1_v6=fd::1 readonly ns2_v6=fd::2 +readonly infile="$(mktemp)" +readonly outfile="$(mktemp)" setup() { ip netns add "${ns1}" @@ -23,6 +25,8 @@ setup() { ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \ peer name veth2 mtu 1500 netns "${ns2}" + ip netns exec "${ns1}" ethtool -K veth1 tso off + ip -netns "${ns1}" link set veth1 up ip -netns "${ns2}" link set veth2 up @@ -32,58 +36,86 @@ setup() { ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad sleep 1 + + dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none } cleanup() { ip netns del "${ns2}" ip netns del "${ns1}" + + if [[ -f "${outfile}" ]]; then + rm "${outfile}" + fi + if [[ -f "${infile}" ]]; then + rm "${infile}" + fi } server_listen() { - ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" & + ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & + server_pid=$! sleep 0.2 } client_connect() { - ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}" + ip netns exec "${ns1}" timeout 2 nc "${netcat_opt}" -w 1 "${addr2}" "${port}" < "${infile}" echo $? } +verify_data() { + wait "${server_pid}" + # sha1sum returns two fields [sha1] [filepath] + # convert to bash array and access first elem + insum=($(sha1sum ${infile})) + outsum=($(sha1sum ${outfile})) + if [[ "${insum[0]}" != "${outsum[0]}" ]]; then + echo "data mismatch" + exit 1 + fi +} + set -e # no arguments: automated test, run all if [[ "$#" -eq "0" ]]; then echo "ipip" - $0 ipv4 ipip + $0 ipv4 ipip 100 echo "ip6ip6" - $0 ipv6 ip6tnl + $0 ipv6 ip6tnl 100 echo "ip gre" - $0 ipv4 gre + $0 ipv4 gre 100 echo "ip6 gre" - $0 ipv6 ip6gre + $0 ipv6 ip6gre 100 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip gre gso" + # $0 ipv4 gre 2000 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip6 gre gso" + # $0 ipv6 ip6gre 2000 echo "OK. All tests passed" exit 0 fi -if [[ "$#" -ne "2" ]]; then +if [[ "$#" -ne "3" ]]; then echo "Usage: $0" - echo " or: $0 " + echo " or: $0 " exit 1 fi case "$1" in "ipv4") - readonly tuntype=$2 readonly addr1="${ns1_v4}" readonly addr2="${ns2_v4}" readonly netcat_opt=-4 ;; "ipv6") - readonly tuntype=$2 readonly addr1="${ns1_v6}" readonly addr2="${ns2_v6}" readonly netcat_opt=-6 @@ -94,7 +126,10 @@ case "$1" in ;; esac -echo "encap ${addr1} to ${addr2}, type ${tuntype}" +readonly tuntype=$2 +readonly datalen=$3 + +echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}" trap cleanup EXIT @@ -104,6 +139,7 @@ setup echo "test basic connectivity" server_listen client_connect +verify_data # clientside, insert bpf program to encap all TCP to port ${port} # client can no longer connect @@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \ ip netns exec "${ns2}" ip link set dev testtun0 up echo "test bpf encap with tunnel device decap" client_connect +verify_data # serverside, use BPF for decap ip netns exec "${ns2}" ip link del dev testtun0 @@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \ server_listen echo "test bpf encap with bpf decap" client_connect +verify_data echo OK From patchwork Fri Mar 22 15:14:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061302 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Vk8qqGb/"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK54zkrz9sRk for ; Sat, 23 Mar 2019 02:15:21 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727050AbfCVPPU (ORCPT ); Fri, 22 Mar 2019 11:15:20 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:46600 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726041AbfCVPPS (ORCPT ); Fri, 22 Mar 2019 11:15:18 -0400 Received: by mail-qt1-f195.google.com with SMTP id z17so2834188qts.13 for ; Fri, 22 Mar 2019 08:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZST5GqxUBIvT8T0S0DznoG5C1ARfm8EFpNqt1tBLxew=; b=Vk8qqGb/ATdX9UPGiKgJuINrCcrYOJ8MTuS/wJ0btkt0KEuRMMEOmY/AAuVAYkqzTp t56MXOg5/C51/PpPOsEucZ/rt4JuDMsOM//dpsJgJbbrQYDvmgOtDR+lcLioBQsJAx5+ Z4BZuzeOohq35nGNUSQkbBuMn2hjIO/8upsEZ7bKNXmbiW3KMGVY0c1eek1xf27iTDUz vNA6eVlk7yQll2KNghNmpTWuNDWTMxZJRziwoKMZy/uCOr25a/9yZKa+pdNtlV82OTYI cNPn3mxrKOgbU4PCb3T+L4xBTCQSJU0ISZlyKQCQc9vQaK26FmdHD5Y4kWIl7gn5CwH5 DWoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZST5GqxUBIvT8T0S0DznoG5C1ARfm8EFpNqt1tBLxew=; b=JSAG61bLO4W7RyVP4lTrikF1nk0p0CbvdS40QJiHiKVaHtEFX+agi75Gz8Y0TEsK4V dHTp7Lj2lxujqyYO+R1g2IrbujQ4dRXDL7Y17shgZmzVOFpey7YH+khp49cD/Iz82Fud a+IbDI4le2GLEE027Nvi7k+qEQeWauPkqKUstfGpkUSoFVcMBgZfga/SPkDooeF6Kvdv jvNrEW4306NvSorLoUXKOmPlRr7AqmIqKJepsY9nsunN/z0GFXD/AO9C+TYG4eGZ/J/y dILlFdfi1myeSVPRSb4w0MtIlYJ8d3TddJdNQKUiKfwZ0bb6tu19adIqnBgCsC1phKTn 5Bfg== X-Gm-Message-State: APjAAAVDNmdv+R1uUvTgzu6CztiWIlk0TSBIxaa0gGfmSSvqq8vKxkYe 5zMpyqKgCtL1YAAi6ZDWptIYXRJP X-Google-Smtp-Source: APXvYqzsjsh+k2j33dqtCbEXRb5+HzMp9D2Vn8LAmgwuJodB0FUKUmJoN4fu5RQX/8dsEs5F9UbXoQ== X-Received: by 2002:ac8:2acc:: with SMTP id c12mr8631023qta.108.1553267716635; Fri, 22 Mar 2019 08:15:16 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:15 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 07/13] bpf: add bpf_skb_adjust_room mode BPF_ADJ_ROOM_MAC Date: Fri, 22 Mar 2019 11:14:58 -0400 Message-Id: <20190322151504.89983-8-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn bpf_skb_adjust_room net allows inserting room in an skb. Existing mode BPF_ADJ_ROOM_NET inserts room after the network header by pulling the skb, moving the network header forward and zeroing the new space. Add new mode BPF_ADJUST_ROOM_MAC that inserts room after the mac header. This allows inserting tunnel headers in front of the network header without having to recreate the network header in the original space, avoiding two copies. Signed-off-by: Willem de Bruijn --- include/uapi/linux/bpf.h | 6 +++++- net/core/filter.c | 38 ++++++++++++++++++++------------------ 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 3c04410137d9..7c8fd0647070 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -1478,7 +1478,10 @@ union bpf_attr { * Grow or shrink the room for data in the packet associated to * *skb* by *len_diff*, and according to the selected *mode*. * - * There is a single supported mode at this time: + * There are two supported modes at this time: + * + * * **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer + * (room space is added or removed below the layer 2 header). * * * **BPF_ADJ_ROOM_NET**: Adjust room at the network layer * (room space is added or removed below the layer 3 header). @@ -2627,6 +2630,7 @@ enum bpf_func_id { /* Mode for BPF_FUNC_skb_adjust_room helper. */ enum bpf_adj_room_mode { BPF_ADJ_ROOM_NET, + BPF_ADJ_ROOM_MAC, }; /* Mode for BPF_FUNC_skb_load_bytes_relative helper. */ diff --git a/net/core/filter.c b/net/core/filter.c index d21e1acdde29..e7b7720b18e9 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2963,9 +2963,8 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb) } } -static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff) +static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff) { - u32 off = skb_mac_header_len(skb) + bpf_skb_net_base_len(skb); int ret; if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) @@ -2992,9 +2991,8 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff) return 0; } -static int bpf_skb_net_shrink(struct sk_buff *skb, u32 len_diff) +static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff) { - u32 off = skb_mac_header_len(skb) + bpf_skb_net_base_len(skb); int ret; if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) @@ -3027,7 +3025,8 @@ static u32 __bpf_skb_max_len(const struct sk_buff *skb) SKB_MAX_ALLOC; } -static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff) +BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, + u32, mode, u64, flags) { bool trans_same = skb->transport_header == skb->network_header; u32 len_cur, len_diff_abs = abs(len_diff); @@ -3035,14 +3034,28 @@ static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff) u32 len_max = __bpf_skb_max_len(skb); __be16 proto = skb->protocol; bool shrink = len_diff < 0; + u32 off; int ret; + if (unlikely(flags)) + return -EINVAL; if (unlikely(len_diff_abs > 0xfffU)) return -EFAULT; if (unlikely(proto != htons(ETH_P_IP) && proto != htons(ETH_P_IPV6))) return -ENOTSUPP; + off = skb_mac_header_len(skb); + switch (mode) { + case BPF_ADJ_ROOM_NET: + off += bpf_skb_net_base_len(skb); + break; + case BPF_ADJ_ROOM_MAC: + break; + default: + return -ENOTSUPP; + } + len_cur = skb->len - skb_network_offset(skb); if (skb_transport_header_was_set(skb) && !trans_same) len_cur = skb_network_header_len(skb); @@ -3052,24 +3065,13 @@ static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff) !skb_is_gso(skb)))) return -ENOTSUPP; - ret = shrink ? bpf_skb_net_shrink(skb, len_diff_abs) : - bpf_skb_net_grow(skb, len_diff_abs); + ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs) : + bpf_skb_net_grow(skb, off, len_diff_abs); bpf_compute_data_pointers(skb); return ret; } -BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, - u32, mode, u64, flags) -{ - if (unlikely(flags)) - return -EINVAL; - if (likely(mode == BPF_ADJ_ROOM_NET)) - return bpf_skb_adjust_net(skb, len_diff); - - return -ENOTSUPP; -} - static const struct bpf_func_proto bpf_skb_adjust_room_proto = { .func = bpf_skb_adjust_room, .gpl_only = false, From patchwork Fri Mar 22 15:14:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061303 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="u+L5YhId"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK64Kdzz9sRm for ; Sat, 23 Mar 2019 02:15:22 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727066AbfCVPPV (ORCPT ); Fri, 22 Mar 2019 11:15:21 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:40495 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726995AbfCVPPT (ORCPT ); Fri, 22 Mar 2019 11:15:19 -0400 Received: by mail-qt1-f193.google.com with SMTP id x12so2882986qts.7 for ; Fri, 22 Mar 2019 08:15:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SZUgT7jqjPKvxVPFpplaYzoTds3V8Vv05KAFBKPkgKk=; b=u+L5YhIdaXgMDHL3MLA26yiewRhKujdFF0Uk8hP0f4Dm4Xqp64wuxjm16MiifX1byC mi4zMbwFB+9gX2ZbcEYb6kGJCyXxFzHd0n7/nlxlp9mQEz0HhHKKimGdahgWd45qEqHG bfQS+m7fOTn3DIPFL+5Zter/2NPQ9M8FX5pYhW8X+at11Uis8UEe15gn/DTYEzm0gm6J 2BTruOEOATxA3LknOIsLsd3qEamhRnYZixngv/d46Rm4Des+nTsCbAbfCcQwjuMjSqMs ZwYNoWHkbgXaOWYJU6ziUOGJA6xltNoTGOhno+bTY8BEqqlgRprUsNP0xNXOkVX1d0iz uHfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SZUgT7jqjPKvxVPFpplaYzoTds3V8Vv05KAFBKPkgKk=; b=GYM+x3a8cfLdYxg+gEijySBHuGU5fQcMnN7d5teU08OfbdHv5rvMAN6NY+wAEyjhxD ReX/S13CHb8e2RSsKWfccKkJlfRPqrLOb9VRba7ahXGHL779Ho1dJNVVP5zyiKtbiWzi o7RwJnzwj5BnWPKb2pzMO1Thu8GEsShzCsrSyDQ0fm+6MOPvugDLpl9Dlh0/oTG89RKf XlfeUKuWRwr269T2abjnm7do5GyNqXOd4nVNX+4PZVSWIbihDReYMstbFs7e9zHxAjvJ NO5h1TaGNpW/nxYzpR00XFQayVp7EFQSNrmnhavXvwTEJLP910J0tADIi1dfdx+1rQY7 Zk6Q== X-Gm-Message-State: APjAAAX/fOYGX/hHGKpPrlA+9yGXoRVyeQlx52Dn42M6Pfnn8fa7FT2n b4UvTwrez3NNRlWQoJr+qCfqblOG X-Google-Smtp-Source: APXvYqy3WqVWdZc1xp7UZY7QpxgVA5kF97v6bSGc6LfzT0dS83c49DHAz2EId6xGcV+5Ul9MDu/zZw== X-Received: by 2002:ac8:3328:: with SMTP id t37mr8875141qta.246.1553267717879; Fri, 22 Mar 2019 08:15:17 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:16 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 08/13] bpf: add bpf_skb_adjust_room flag BPF_F_ADJ_ROOM_FIXED_GSO Date: Fri, 22 Mar 2019 11:14:59 -0400 Message-Id: <20190322151504.89983-9-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn bpf_skb_adjust_room adjusts gso_size of gso packets to account for the pushed or popped header room. This is not allowed with UDP, where gso_size delineates datagrams. Add an option to avoid these updates and allow this call for datagrams. It can also be used with TCP, when MSS is known to allow headroom, e.g., through MSS clamping or route MTU. Changes v1->v2: - document flag BPF_F_ADJ_ROOM_FIXED_GSO - do not expose BPF_F_ADJ_ROOM_MASK through uapi, as it may change. Link: https://patchwork.ozlabs.org/patch/1052497/ Signed-off-by: Willem de Bruijn --- include/uapi/linux/bpf.h | 9 +++++++-- net/core/filter.c | 38 +++++++++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 7c8fd0647070..4f157d0ec571 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -1486,8 +1486,10 @@ union bpf_attr { * * **BPF_ADJ_ROOM_NET**: Adjust room at the network layer * (room space is added or removed below the layer 3 header). * - * All values for *flags* are reserved for future usage, and must - * be left at zero. + * There is one supported flag at this time: + * + * * **BPF_F_ADJ_ROOM_FIXED_GSO**: Do not adjust gso_size. + * Adjusting mss in this way is not allowed for datagrams. * * A call to this helper is susceptible to change the underlaying * packet buffer. Therefore, at load time, all checks on pointers @@ -2627,6 +2629,9 @@ enum bpf_func_id { /* Current network namespace */ #define BPF_F_CURRENT_NETNS (-1L) +/* BPF_FUNC_skb_adjust_room flags. */ +#define BPF_F_ADJ_ROOM_FIXED_GSO (1ULL << 0) + /* Mode for BPF_FUNC_skb_adjust_room helper. */ enum bpf_adj_room_mode { BPF_ADJ_ROOM_NET, diff --git a/net/core/filter.c b/net/core/filter.c index e7b7720b18e9..393d1e4903b5 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2963,12 +2963,17 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb) } } -static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff) +static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, + u64 flags) { int ret; - if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) - return -ENOTSUPP; + if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) { + /* udp gso_size delineates datagrams, only allow if fixed */ + if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) || + !(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) + return -ENOTSUPP; + } ret = skb_cow_head(skb, len_diff); if (unlikely(ret < 0)) @@ -2982,7 +2987,9 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff) struct skb_shared_info *shinfo = skb_shinfo(skb); /* Due to header grow, MSS needs to be downgraded. */ - skb_decrease_gso_size(shinfo, len_diff); + if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) + skb_decrease_gso_size(shinfo, len_diff); + /* Header must be checked, and gso_segs recomputed. */ shinfo->gso_type |= SKB_GSO_DODGY; shinfo->gso_segs = 0; @@ -2991,12 +2998,17 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff) return 0; } -static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff) +static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, + u64 flags) { int ret; - if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) - return -ENOTSUPP; + if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) { + /* udp gso_size delineates datagrams, only allow if fixed */ + if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) || + !(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) + return -ENOTSUPP; + } ret = skb_unclone(skb, GFP_ATOMIC); if (unlikely(ret < 0)) @@ -3010,7 +3022,9 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff) struct skb_shared_info *shinfo = skb_shinfo(skb); /* Due to header shrink, MSS can be upgraded. */ - skb_increase_gso_size(shinfo, len_diff); + if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) + skb_increase_gso_size(shinfo, len_diff); + /* Header must be checked, and gso_segs recomputed. */ shinfo->gso_type |= SKB_GSO_DODGY; shinfo->gso_segs = 0; @@ -3025,6 +3039,8 @@ static u32 __bpf_skb_max_len(const struct sk_buff *skb) SKB_MAX_ALLOC; } +#define BPF_F_ADJ_ROOM_MASK (BPF_F_ADJ_ROOM_FIXED_GSO) + BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, u32, mode, u64, flags) { @@ -3037,7 +3053,7 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, u32 off; int ret; - if (unlikely(flags)) + if (unlikely(flags & ~BPF_F_ADJ_ROOM_MASK)) return -EINVAL; if (unlikely(len_diff_abs > 0xfffU)) return -EFAULT; @@ -3065,8 +3081,8 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, !skb_is_gso(skb)))) return -ENOTSUPP; - ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs) : - bpf_skb_net_grow(skb, off, len_diff_abs); + ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs, flags) : + bpf_skb_net_grow(skb, off, len_diff_abs, flags); bpf_compute_data_pointers(skb); return ret; From patchwork Fri Mar 22 15:15:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061304 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hU2CPwXc"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnK92zvRz9sRm for ; Sat, 23 Mar 2019 02:15:25 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727092AbfCVPPX (ORCPT ); Fri, 22 Mar 2019 11:15:23 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:35075 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726681AbfCVPPU (ORCPT ); Fri, 22 Mar 2019 11:15:20 -0400 Received: by mail-qt1-f194.google.com with SMTP id h39so2916175qte.2 for ; Fri, 22 Mar 2019 08:15:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dYDUyrmySvIu7IN8aocM6MTGfzr672SlfeFaQPagAyA=; b=hU2CPwXc0KtfdEK1pW6IxICOQXKES5eBZDOhlTW/7hHmaFFZymWG+YeXYTkyYTcZqI mn52JZTkrW/qmGnbaFFbUQxJhkVNPbh+ntuuxpjvXS30G1tdtpS77X42/3SNL0DTe6G9 LC4gt4/SidH7xjuF9x9RKyWwv6/3jHpKJlIpVPQ2OACtbBf6n2fR3ivJocKnOl5GSryg j4nPYz2dcVW+aG/lgwRS6rTtDwb0LOHPGb33EYHGkRmSNUUOzwL5DyuBWIHWv32KEN/1 3Gb+JjWcTpvjbvLY5xdeh/pmy5IZXB5GGruKPhV4CT21xmLuj94hDczXaeHTmoeaNYrt aNHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dYDUyrmySvIu7IN8aocM6MTGfzr672SlfeFaQPagAyA=; b=bOWEebW2hqGc8VwTxY1G+clQC7SY4LJ1vvBA4yNI87OOWEDvyZOvPAdTB/TlZ8jnzf 9srcvzQe3YkBwRJWx6GTNQ2Pw8YcNNOCeqYDHLqAJVZfr9gRPqB5+5+Un5UzRCKF5m6u Jr7LCuyXZAhmiWZWJ9CtdJWbIPb4cF+iWGCXyaOw5Y73Ig+2S77w18q+yhEPjSZPVNZu cyvwCSX2FZE7iAfQT3nQGSy+y2J/N/vEmCI1gozWjfdoYgzr3bw4M+xjRDR+t9AohHMz +Gct7dif4kG2Ru7vn3ycxY1vUCQ1soTBnGyK/GxmZ2u8LP4qwMJdYm64/fy2u6KgORBW XrhQ== X-Gm-Message-State: APjAAAWqKGlRxNt3CitdqIT/i+khpbKBQe1QtmjreRiXtTv7cpHUjNIJ LviBXgoS7oQte6GctOtIeWh34wFO X-Google-Smtp-Source: APXvYqyL6yM+GqTIzCRstqY2FNc1CgI4FKRtBHAwxEX0ArpCboGu9+uZWz8ScxRVDnM8jixCUF3r6A== X-Received: by 2002:ac8:1884:: with SMTP id s4mr8776822qtj.339.1553267719189; Fri, 22 Mar 2019 08:15:19 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:18 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 09/13] bpf: add bpf_skb_adjust_room encap flags Date: Fri, 22 Mar 2019 11:15:00 -0400 Message-Id: <20190322151504.89983-10-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn When pushing tunnel headers, annotate skbs in the same way as tunnel devices. For GSO packets, the network stack requires certain fields set to segment packets with tunnel headers. gro_gse_segment depends on transport and inner mac header, for instance. Add an option to pass this information. Remove the restriction on len_diff to network header length, which is too short, e.g., for GRE protocols. Changes v1->v2: - document new flags - BPF_F_ADJ_ROOM_MASK moved Signed-off-by: Willem de Bruijn --- include/uapi/linux/bpf.h | 19 +++++++++++- net/core/filter.c | 63 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 76 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 4f157d0ec571..f770f0de5b9c 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -1486,11 +1486,20 @@ union bpf_attr { * * **BPF_ADJ_ROOM_NET**: Adjust room at the network layer * (room space is added or removed below the layer 3 header). * - * There is one supported flag at this time: + * The following flags are supported at this time: * * * **BPF_F_ADJ_ROOM_FIXED_GSO**: Do not adjust gso_size. * Adjusting mss in this way is not allowed for datagrams. * + * * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 **: + * * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 **: + * Any new space is reserved to hold a tunnel header. + * Configure skb offsets and other fields accordingly. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L4_GRE **: + * * **BPF_F_ADJ_ROOM_ENCAP_L4_UDP **: + * Use with ENCAP_L3 flags to further specify the tunnel type. + * * A call to this helper is susceptible to change the underlaying * packet buffer. Therefore, at load time, all checks on pointers * previously done by the verifier are invalidated and must be @@ -2632,6 +2641,14 @@ enum bpf_func_id { /* BPF_FUNC_skb_adjust_room flags. */ #define BPF_F_ADJ_ROOM_FIXED_GSO (1ULL << 0) +#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 (1ULL << 1) +#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 (1ULL << 2) +#define BPF_F_ADJ_ROOM_ENCAP_L3_MASK (BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \ + BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) + +#define BPF_F_ADJ_ROOM_ENCAP_L4_GRE (1ULL << 3) +#define BPF_F_ADJ_ROOM_ENCAP_L4_UDP (1ULL << 4) + /* Mode for BPF_FUNC_skb_adjust_room helper. */ enum bpf_adj_room_mode { BPF_ADJ_ROOM_NET, diff --git a/net/core/filter.c b/net/core/filter.c index 393d1e4903b5..d0ebeb0147bc 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2966,6 +2966,9 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb) static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, u64 flags) { + bool encap = flags & BPF_F_ADJ_ROOM_ENCAP_L3_MASK; + unsigned int gso_type = SKB_GSO_DODGY; + u16 mac_len, inner_net, inner_trans; int ret; if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) { @@ -2979,10 +2982,60 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, if (unlikely(ret < 0)) return ret; + if (encap) { + if (skb->protocol != htons(ETH_P_IP) && + skb->protocol != htons(ETH_P_IPV6)) + return -ENOTSUPP; + + if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 && + flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) + return -EINVAL; + + if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE && + flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) + return -EINVAL; + + if (skb->encapsulation) + return -EALREADY; + + mac_len = skb->network_header - skb->mac_header; + inner_net = skb->network_header; + inner_trans = skb->transport_header; + } + ret = bpf_skb_net_hdr_push(skb, off, len_diff); if (unlikely(ret < 0)) return ret; + if (encap) { + /* inner mac == inner_net on l3 encap */ + skb->inner_mac_header = inner_net; + skb->inner_network_header = inner_net; + skb->inner_transport_header = inner_trans; + skb_set_inner_protocol(skb, skb->protocol); + + skb->encapsulation = 1; + skb_set_network_header(skb, mac_len); + + if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) + gso_type |= SKB_GSO_UDP_TUNNEL; + else if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE) + gso_type |= SKB_GSO_GRE; + else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) + gso_type |= SKB_GSO_IPXIP6; + else + gso_type |= SKB_GSO_IPXIP4; + + if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE || + flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) { + int nh_len = flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 ? + sizeof(struct ipv6hdr) : + sizeof(struct iphdr); + + skb_set_transport_header(skb, mac_len + nh_len); + } + } + if (skb_is_gso(skb)) { struct skb_shared_info *shinfo = skb_shinfo(skb); @@ -2991,7 +3044,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff, skb_decrease_gso_size(shinfo, len_diff); /* Header must be checked, and gso_segs recomputed. */ - shinfo->gso_type |= SKB_GSO_DODGY; + shinfo->gso_type |= gso_type; shinfo->gso_segs = 0; } @@ -3039,12 +3092,14 @@ static u32 __bpf_skb_max_len(const struct sk_buff *skb) SKB_MAX_ALLOC; } -#define BPF_F_ADJ_ROOM_MASK (BPF_F_ADJ_ROOM_FIXED_GSO) +#define BPF_F_ADJ_ROOM_MASK (BPF_F_ADJ_ROOM_FIXED_GSO | \ + BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \ + BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \ + BPF_F_ADJ_ROOM_ENCAP_L4_UDP) BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, u32, mode, u64, flags) { - bool trans_same = skb->transport_header == skb->network_header; u32 len_cur, len_diff_abs = abs(len_diff); u32 len_min = bpf_skb_net_base_len(skb); u32 len_max = __bpf_skb_max_len(skb); @@ -3073,8 +3128,6 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, } len_cur = skb->len - skb_network_offset(skb); - if (skb_transport_header_was_set(skb) && !trans_same) - len_cur = skb_network_header_len(skb); if ((shrink && (len_diff_abs >= len_cur || len_cur - len_diff_abs < len_min)) || (!shrink && (skb->len + len_diff_abs > len_max && From patchwork Fri Mar 22 15:15:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061309 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hcFMIGIr"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnKK5NVJz9sRk for ; Sat, 23 Mar 2019 02:15:33 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727139AbfCVPPc (ORCPT ); Fri, 22 Mar 2019 11:15:32 -0400 Received: from mail-qt1-f196.google.com ([209.85.160.196]:36212 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727055AbfCVPPV (ORCPT ); Fri, 22 Mar 2019 11:15:21 -0400 Received: by mail-qt1-f196.google.com with SMTP id y36so2905038qtb.3 for ; Fri, 22 Mar 2019 08:15:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yzf7MP+ZsipkYSpIxiz0fAp3Unje0Bmtm76uggU2Yyw=; b=hcFMIGIr0j3G0vw0t55s9ox28KschP57YADhk2vWpMPsDmpFzC6TeG5SXZuruT2ZcN JFRpKpjLbFCGfm9Wo7yqHrul4uf3jpT3PNVMdIzT8MBZ7Bx9pYtqYYdKQOsHXzfPheYR w5ll7EjF/v17ToX1dxUAaROix2P2padP451zEE7rJuzXkudLdm4gxE6RuPH194c4fDNh cW4A92sCeXPQsFiIWey4luTduK7u0y7nDD8bvTmdcjpXa2DSyEjTnszRKYPbbneqbGOV xC22kMN4VihRkdQ2ubJcRXHBgzXdcRCHP22x6x8RUm/3BXUYRkYP6UCp7FnTobeXumEs +wxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yzf7MP+ZsipkYSpIxiz0fAp3Unje0Bmtm76uggU2Yyw=; b=jvRGmFpL9VjWizfEnUfz0ZLjdkTpVehVgq/rCV4ukMNtNG9sNK60T8yM/XtATZ+CV/ uVpHhN7LAdJ6EkVeORNGc4A7RJUFFdgg0ht06zyVqImr2voKxkbGK9MV8t+glfrjUX5M qdII0w2FYNxOqISLzMfcEH5LvhypF52WsLvUB2SY0+UMoYRQZ8abGiGEUuc7LqGpGFnu xIK3T/Jw6hkzLt0m+3C7I7B2IPOr84HtV1bMckuJTXIBimzGsV4Hpkwp8N1fJpg2N0Gm OrwklZACoB9U7OpoY+ynkxeIXzsphDIqzVf41q8rmdKYFiPO4bv2AuddtzQYbmevoxSo JXDQ== X-Gm-Message-State: APjAAAW6tj57NvM9EX3iWBGT9rlt1DH4HdzkYtP51Mod6dABh7hdCWpg VD1MuB61oXK4q/qw/EaRyL6UZHvl X-Google-Smtp-Source: APXvYqxRjdrn23yOiiukUD4U4hmIN2OFaKVDBZAAzf6QQU3T7suNjQK8Iah1NEShOoaQja6aLT9z4Q== X-Received: by 2002:ac8:32fb:: with SMTP id a56mr8758288qtb.338.1553267720403; Fri, 22 Mar 2019 08:15:20 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:19 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 10/13] bpf: Sync bpf.h to tools Date: Fri, 22 Mar 2019 11:15:01 -0400 Message-Id: <20190322151504.89983-11-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Sync include/uapi/linux/bpf.h with tools/ Changes v1->v2: - BPF_F_ADJ_ROOM_MASK moved, no longer in this commit Signed-off-by: Willem de Bruijn --- tools/include/uapi/linux/bpf.h | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 3c04410137d9..f770f0de5b9c 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -1478,13 +1478,27 @@ union bpf_attr { * Grow or shrink the room for data in the packet associated to * *skb* by *len_diff*, and according to the selected *mode*. * - * There is a single supported mode at this time: + * There are two supported modes at this time: + * + * * **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer + * (room space is added or removed below the layer 2 header). * * * **BPF_ADJ_ROOM_NET**: Adjust room at the network layer * (room space is added or removed below the layer 3 header). * - * All values for *flags* are reserved for future usage, and must - * be left at zero. + * The following flags are supported at this time: + * + * * **BPF_F_ADJ_ROOM_FIXED_GSO**: Do not adjust gso_size. + * Adjusting mss in this way is not allowed for datagrams. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 **: + * * **BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 **: + * Any new space is reserved to hold a tunnel header. + * Configure skb offsets and other fields accordingly. + * + * * **BPF_F_ADJ_ROOM_ENCAP_L4_GRE **: + * * **BPF_F_ADJ_ROOM_ENCAP_L4_UDP **: + * Use with ENCAP_L3 flags to further specify the tunnel type. * * A call to this helper is susceptible to change the underlaying * packet buffer. Therefore, at load time, all checks on pointers @@ -2624,9 +2638,21 @@ enum bpf_func_id { /* Current network namespace */ #define BPF_F_CURRENT_NETNS (-1L) +/* BPF_FUNC_skb_adjust_room flags. */ +#define BPF_F_ADJ_ROOM_FIXED_GSO (1ULL << 0) + +#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 (1ULL << 1) +#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 (1ULL << 2) +#define BPF_F_ADJ_ROOM_ENCAP_L3_MASK (BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \ + BPF_F_ADJ_ROOM_ENCAP_L3_IPV6) + +#define BPF_F_ADJ_ROOM_ENCAP_L4_GRE (1ULL << 3) +#define BPF_F_ADJ_ROOM_ENCAP_L4_UDP (1ULL << 4) + /* Mode for BPF_FUNC_skb_adjust_room helper. */ enum bpf_adj_room_mode { BPF_ADJ_ROOM_NET, + BPF_ADJ_ROOM_MAC, }; /* Mode for BPF_FUNC_skb_load_bytes_relative helper. */ From patchwork Fri Mar 22 15:15:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061307 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="h/Dywkcb"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnKC6R11z9sRk for ; Sat, 23 Mar 2019 02:15:27 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727117AbfCVPP0 (ORCPT ); Fri, 22 Mar 2019 11:15:26 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:46619 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726995AbfCVPPX (ORCPT ); Fri, 22 Mar 2019 11:15:23 -0400 Received: by mail-qt1-f194.google.com with SMTP id z17so2834593qts.13 for ; Fri, 22 Mar 2019 08:15:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=faDCZq3vDUIzfEdmy9yh7udpg6/rvRbGMCfeuiQ/5UI=; b=h/DywkcbMh1aRHO/pK9/3RO03tUSrjJZ/MCLqgRKsX3JHuif0aY9/St/FFt2bXK6H1 5yuKiQDB5Gt8I7ilK+nCrwbX3ymg1VfTbKQDuu74yPN4X5+zC0IwOhXtQgj5MSzQskLS n4Mf0JhVjOxeFRlym/UDW2+PIYvmG66XaH1aaM6oF95NMDUmxp596byF+XlG1GyH0hIS JD2zCWRE7uNMM3bBTPYKXozJbekKWF9zUBH1KT2prgkDAMxWWxC7qK1ojnO17c4JH4w2 YS3UjJTesP9y5ArLkSKorLDoSVHJacuDMIk4VKJJnAOpwMlfIzIaobsQcj9PsTC2JOTf tvjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=faDCZq3vDUIzfEdmy9yh7udpg6/rvRbGMCfeuiQ/5UI=; b=cAM4we5M0/MLh3Sdb/788Xx4SM86L4uvCJKH0qcuzoI3dZkIhJjDX+vEvp2s1Fvf4E Wz6ZTlQRMaDhCrL9Mzd3VsX2AVdCFc7QiIZmY9f2/4mknNQOPHfaTsTWohwo/4ZRgV8f THr3wcw/An8r+UMVJcKjHrWozHsJAJSCrcd7SmmP/I0osDUVMFAO7iavAjmdHO6Ck5mB kZ8WZeZwBctv16xxa3ETfOnMAxiiHHtjsHRHbAl//QXny/XSp65mN6LPgZC7SNMZZ9+g 502e4bA0yxxWsCJF3SXC711wwQf9CDDOjeqjFTMNvUgBue2Jf4XOFim0lm8S3gr/UVGU pzZg== X-Gm-Message-State: APjAAAXwI7q6Y/xZxLrPsOFXdMcetUlBRzkrnwuVahuiPQ0Npk87D7qz X0zCwldejA3e0HgWWK9oxQvkPDAR X-Google-Smtp-Source: APXvYqw/4onATUMVP5FtMlGZLYq8Tm2GuMd6BTg6WWuhaEHGSDQjlmoZHVwHcxBtbNYex+9nyfyBXg== X-Received: by 2002:ac8:21ad:: with SMTP id 42mr8390959qty.219.1553267721875; Fri, 22 Mar 2019 08:15:21 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:21 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 11/13] selftests/bpf: convert bpf tunnel test to BPF_ADJ_ROOM_MAC Date: Fri, 22 Mar 2019 11:15:02 -0400 Message-Id: <20190322151504.89983-12-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Avoid moving the network layer header when prefixing tunnel headers. This avoids an explicit call to bpf_skb_store_bytes and an implicit move of the network header bytes in bpf_skb_adjust_room. Signed-off-by: Willem de Bruijn --- .../selftests/bpf/progs/test_tc_tunnel.c | 25 +++---------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index 900c5653105f..f6a16fd23dbd 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -72,7 +72,7 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0)) return TC_ACT_SHOT; /* prepare new outer network header */ @@ -94,12 +94,6 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; - /* bpf_skb_adjust_room has moved header to start of room: restore */ - if (bpf_skb_store_bytes(skb, ETH_HLEN + olen, - &iph_inner, sizeof(iph_inner), - BPF_F_INVALIDATE_HASH) < 0) - return TC_ACT_SHOT; - return TC_ACT_OK; } @@ -125,7 +119,7 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0)) return TC_ACT_SHOT; /* prepare new outer network header */ @@ -145,12 +139,6 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) BPF_F_INVALIDATE_HASH) < 0) return TC_ACT_SHOT; - /* bpf_skb_adjust_room has moved header to start of room: restore */ - if (bpf_skb_store_bytes(skb, ETH_HLEN + olen, - &iph_inner, sizeof(iph_inner), - BPF_F_INVALIDATE_HASH) < 0) - return TC_ACT_SHOT; - return TC_ACT_OK; } @@ -207,14 +195,7 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto) return TC_ACT_OK; } - if (bpf_skb_load_bytes(skb, off + olen, &buf, olen) < 0) - return TC_ACT_OK; - - if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_NET, 0)) - return TC_ACT_SHOT; - - /* bpf_skb_adjust_room has moved outer over inner header: restore */ - if (bpf_skb_store_bytes(skb, off, buf, len, BPF_F_INVALIDATE_HASH) < 0) + if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, 0)) return TC_ACT_SHOT; return TC_ACT_OK; From patchwork Fri Mar 22 15:15:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061306 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Z8Z+stb1"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnKB6D08z9sRm for ; Sat, 23 Mar 2019 02:15:26 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727103AbfCVPPZ (ORCPT ); Fri, 22 Mar 2019 11:15:25 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:39295 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727089AbfCVPPY (ORCPT ); Fri, 22 Mar 2019 11:15:24 -0400 Received: by mail-qt1-f195.google.com with SMTP id t28so2888279qte.6 for ; Fri, 22 Mar 2019 08:15:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=V0ZBZC8qVpvNiiYA6J6qbh0v6rRFturbYQg6FWbe7tM=; b=Z8Z+stb19VgrRIBC7+iSSVPK4E9vYivPlmXMp6qtRxeCQ0x9Xqp43GsrluqiGAhhhi 8KJFzNRk2zRHAOqFg8b116qd5kPRYse3ssyCrIIoGdchryxLYY+4lu/VW8Ki6MhIIRZp O5Kkm88CfH7C20E5FKjtKR/1TF9BvePsu7kwNVWUAp8AJUH5KKGuRW+Z+0fcIdtwbEvh 1vWcB1V37YyeV9xSLXLux7R4a8f6m/wau41eYSlROSpX6wJohL7MSJDgj4J17v+/uBhu inLit32hRjUNmrOA0NQMRrAfhXwAdV9rpc9loeLMpf0aC4II6qKz2mCVWIR4jDR66yHn x7iA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=V0ZBZC8qVpvNiiYA6J6qbh0v6rRFturbYQg6FWbe7tM=; b=X1RpO9eIVVpkcHuaorBdvChy+eSHZDK7oLdL/JhiRbqO1ieQ0YkVh/4Dh3ZgALA2mX BaRNObkAth3E0ypK3GP1A7fA1f3bGjXam1Pa9HvH+ML23gGxfbgmXzcqBNV64urRTYQJ ZTLUCMXz1EG5gSdoLFZpfhSsDpiIGr7U8sUg88Bq8AANR1hFEHKf+3tvJpSW1cV9LwvK IqDAK+sxMlNEKB/1TiED0KHMmjZ20kh5YWwgBtLbdpDTp+JGSyKYzOURiABVbjo9JKRd P2xGn1Grwx9wy+m7mIE/vW+z7oA3KL3/2l2NGD4O2J9BP/cKkFqjGMdScKOC5WRu3iCf ne0A== X-Gm-Message-State: APjAAAX5XyPuJCiY8CN+UdDg4a6smDdz9KYcDN28EMG96+Cl8/sWgjvA MnKsEYTWES0Esk7h0jw1Z9DQpHGR X-Google-Smtp-Source: APXvYqzsFpzo7AO4bg2kXMf7qcjykxYII7wOf0jCaWN6TtlolRmDBXZC+nvGP1GKjmIwiBKDmN86/w== X-Received: by 2002:ac8:28d0:: with SMTP id j16mr8698061qtj.15.1553267723023; Fri, 22 Mar 2019 08:15:23 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:22 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 12/13] selftests/bpf: convert bpf tunnel test to BPF_F_ADJ_ROOM_FIXED_GSO Date: Fri, 22 Mar 2019 11:15:03 -0400 Message-Id: <20190322151504.89983-13-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Lower route MTU to ensure packets fit in device MTU after encap, then skip the gso_size changes. Signed-off-by: Willem de Bruijn --- tools/testing/selftests/bpf/progs/test_tc_tunnel.c | 11 ++++++++--- tools/testing/selftests/bpf/test_tc_tunnel.sh | 6 ++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index f6a16fd23dbd..3b79dffb8103 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -52,6 +52,7 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) struct grev4hdr h_outer; struct iphdr iph_inner; struct tcphdr tcph; + __u64 flags; int olen; if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, @@ -69,10 +70,11 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; + flags = BPF_F_ADJ_ROOM_FIXED_GSO; olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags)) return TC_ACT_SHOT; /* prepare new outer network header */ @@ -102,6 +104,7 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) struct ipv6hdr iph_inner; struct grev6hdr h_outer; struct tcphdr tcph; + __u64 flags; int olen; if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner, @@ -116,10 +119,11 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; + flags = BPF_F_ADJ_ROOM_FIXED_GSO; olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); /* add room between mac and network header */ - if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0)) + if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags)) return TC_ACT_SHOT; /* prepare new outer network header */ @@ -195,7 +199,8 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto) return TC_ACT_OK; } - if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, 0)) + if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, + BPF_F_ADJ_ROOM_FIXED_GSO)) return TC_ACT_SHOT; return TC_ACT_OK; diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 9e18754f2354..cda5317790d2 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -35,6 +35,12 @@ setup() { ip -netns "${ns1}" -6 addr add "${ns1_v6}/64" dev veth1 nodad ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad + # clamp route to reserve room for tunnel headers + ip -netns "${ns1}" -4 route flush table main + ip -netns "${ns1}" -6 route flush table main + ip -netns "${ns1}" -4 route add "${ns2_v4}" mtu 1476 dev veth1 + ip -netns "${ns1}" -6 route add "${ns2_v6}" mtu 1456 dev veth1 + sleep 1 dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none From patchwork Fri Mar 22 15:15:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1061308 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="E4Yu8N0u"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44QnKG04n5z9sRk for ; Sat, 23 Mar 2019 02:15:30 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727134AbfCVPP2 (ORCPT ); Fri, 22 Mar 2019 11:15:28 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:38279 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727102AbfCVPPZ (ORCPT ); Fri, 22 Mar 2019 11:15:25 -0400 Received: by mail-qt1-f194.google.com with SMTP id s1so2887849qte.5 for ; Fri, 22 Mar 2019 08:15:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=7UWFSxcw2QlWgfFUBLbBz67vjVubFjwYhkLBx4l4Mkc=; b=E4Yu8N0uxNGwd+wZvJr0w20vSVVo4Oe+U4k7J+vwMptcHtbxTspza6YtSU1uKnnipR 5WxaFThp+b6H8FqWWz+mqP2IND2Y9Xl4J1xIGK0emUegZ7Y9sFboFZxXBglFjcYNguCO p6IvrFU4Bkb7ts+e1N5cATTsh6FHlbT8fizLhHwbzZNDFoOnFo4byHWcMgAPCkdqh0Ce +jL4K9Mf9n+jdjHjdnG8Y5KjqZh90QZAyBsK7UDxlUXfnE5+Ki30B6n2jiP/Qzr9nxaW hIdD/yBtQ1OJ2RZTySXrZCZb+zXP1m91U+SkTpJg46IJSyMg7vD2YvnhbCCJ7WAZpvfy cE7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7UWFSxcw2QlWgfFUBLbBz67vjVubFjwYhkLBx4l4Mkc=; b=gbcS9dq5+yojwBqx4D7exctG3c3G9Ehk/ZF8wnoC8wjWZNb4bbZhfzuvx2znmJoMUP O5h4r9ol69/PqZZfPER08pbGIqE7YUe3R/k64rCQQIPRw04fFP4wRp+nQ1LUOjR0vgFp RtOi81H6R7mYUpcbszCTnttMwcAeVOdU2FWe9rJNJQ2KCJ+eCwkvnt2mFux5wFd2e71N IWvsPHZt6TatdxDs/aqP0HWWLwQYGiL0XYgdw6pITa5D44FPHPh3v2VASx+GSEBRRyX7 Y+YJv6ueLe0a6KNX4gSrHG1Cen1LB6fobW2VtvwWuGj03B34VkKveCMK+KE01L1eHfwI worA== X-Gm-Message-State: APjAAAWtDtZfXE77yz+n6Wv8IIQ32C2m8Lvo4W8XZG3XDfwk/qvjhfU5 JJLd6z8/jwqw0igZEs6B5NAvxTOh X-Google-Smtp-Source: APXvYqwMaxSczHULyy9h53hM39PNs0hQPvAustR9PKLUHWr5Y79WTJo6sJO7PBHAGmwONsXaGBIOlw== X-Received: by 2002:a0c:b711:: with SMTP id t17mr8464983qvd.56.1553267724360; Fri, 22 Mar 2019 08:15:24 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id v4sm4631317qtq.94.2019.03.22.08.15.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 08:15:23 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, alan.maguire@oracle.com, Willem de Bruijn Subject: [PATCH bpf-next v2 13/13] selftests/bpf: convert bpf tunnel test to encap modes Date: Fri, 22 Mar 2019 11:15:04 -0400 Message-Id: <20190322151504.89983-14-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog In-Reply-To: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> References: <20190322151504.89983-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Make the tests correctly annotate skbs with tunnel metadata. This makes the gso tests succeed. Enable them. Signed-off-by: Willem de Bruijn --- .../selftests/bpf/progs/test_tc_tunnel.c | 19 +++++++++++++++---- tools/testing/selftests/bpf/test_tc_tunnel.sh | 10 ++++------ 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c index 3b79dffb8103..f541c2de947d 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c @@ -70,8 +70,13 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; - flags = BPF_F_ADJ_ROOM_FIXED_GSO; - olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); + flags = BPF_F_ADJ_ROOM_FIXED_GSO | BPF_F_ADJ_ROOM_ENCAP_L3_IPV4; + if (with_gre) { + flags |= BPF_F_ADJ_ROOM_ENCAP_L4_GRE; + olen = sizeof(h_outer); + } else { + olen = sizeof(h_outer.ip); + } /* add room between mac and network header */ if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags)) @@ -119,8 +124,14 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre) if (tcph.dest != __bpf_constant_htons(cfg_port)) return TC_ACT_OK; - flags = BPF_F_ADJ_ROOM_FIXED_GSO; - olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip); + flags = BPF_F_ADJ_ROOM_FIXED_GSO | BPF_F_ADJ_ROOM_ENCAP_L3_IPV6; + if (with_gre) { + flags |= BPF_F_ADJ_ROOM_ENCAP_L4_GRE; + olen = sizeof(h_outer); + } else { + olen = sizeof(h_outer.ip); + } + /* add room between mac and network header */ if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags)) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index cda5317790d2..dcf320626931 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -97,13 +97,11 @@ if [[ "$#" -eq "0" ]]; then echo "ip6 gre" $0 ipv6 ip6gre 100 - # disabled until passes SKB_GSO_DODGY checks - # echo "ip gre gso" - # $0 ipv4 gre 2000 + echo "ip gre gso" + $0 ipv4 gre 2000 - # disabled until passes SKB_GSO_DODGY checks - # echo "ip6 gre gso" - # $0 ipv6 ip6gre 2000 + echo "ip6 gre gso" + $0 ipv6 ip6gre 2000 echo "OK. All tests passed" exit 0