From patchwork Wed Mar 20 14:49:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willem de Bruijn X-Patchwork-Id: 1059279 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="M6PvChpy"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44PXsH1Mqnz9sNf for ; Thu, 21 Mar 2019 01:50:27 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728213AbfCTOuA (ORCPT ); Wed, 20 Mar 2019 10:50:00 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:40807 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728136AbfCTOt7 (ORCPT ); Wed, 20 Mar 2019 10:49:59 -0400 Received: by mail-qt1-f195.google.com with SMTP id x12so2800802qts.7 for ; Wed, 20 Mar 2019 07:49:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D85CsJgl+kcIbJUqxmLfqlp2s/y22H4NCCY+ZRzanrw=; b=M6PvChpyNfbYhnbiNNZN4TXu2WRNlPLgtdrI4IzGGqodcrWcvf5BLTeVRyajhH7STS rNL99TsdnCNpMP9chJjpojcrMgnVgeutN2GQiJMr3ZMpzI5v8JaN7o1wNvxhXOtMNVdN eJKbL3yXqPp2AnRQhP8+t5FGaPWhIkZrLP2osUF17WqvQPG7G+CPSznnaFlsrzF7CTYA gQYULFTxvyc5Tbiv+l+XtAkoMVs3i6pGfAUy0fCSErfaVGDXw/hFI9d6lZPVP5HKhnot uhnvo4UZ+neVDeg7xJCnupA/ZW7vd6pU7ysDqvsA98nrmgAXzJ2iANkEngEkW/7bTB/y dqvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D85CsJgl+kcIbJUqxmLfqlp2s/y22H4NCCY+ZRzanrw=; b=K5Y9ppUaOHDKhGCwjDcKS4TecUktc48jgfpEb3NHiFgOWaMiEPqLyhzdfqC1mWkZnP DnQJkqbSQUz0+U+zTiy0UOQCS3Kp5JmscaybTwGMXIrvllnmcTzpdudpIMZ+gXU4MWiZ /mhnBT49RYAu5BI0lSf5A0yw6dZ8D4LEuaTAkNOuhn1+zAF9w+0VoJaagiXl2y3V28D8 vr3JCgLfBjUWK5C27en3ESxFBN6SwYEfqj9k9tsWi7JphHU4ucQeyQ+IOZcYDQbFr2Pe bWA0OaQu0JMhRuPEbcUFhq1eA1IgfCVaxv5hj5/K35AXheqboG+uAxBKZ3PWV+C1d8I6 54iw== X-Gm-Message-State: APjAAAXf8JzQT9S9ABHm792Fw6JRz2bTIOl8HVFQKXnIQ5aLJVA5aah/ ijDzYmn7PwNbhJ+bIBckjykM4JQ0 X-Google-Smtp-Source: APXvYqzdVygD9dav9RO5uaLwY9epcFXMpkehjzxgn1zz3YAV4uw9LL6IzkWXFwwvAGN0FRcdO8IWvw== X-Received: by 2002:ac8:266d:: with SMTP id v42mr7139885qtv.116.1553093397539; Wed, 20 Mar 2019 07:49:57 -0700 (PDT) Received: from willemb1.nyc.corp.google.com ([2620:0:1003:315:3fa1:a34c:1128:1d39]) by smtp.gmail.com with ESMTPSA id x201sm1142257qkb.92.2019.03.20.07.49.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Mar 2019 07:49:56 -0700 (PDT) From: Willem de Bruijn To: netdev@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com, posk@google.com, Willem de Bruijn Subject: [PATCH bpf-next 06/13] selftests/bpf: extend bpf tunnel test with tso Date: Wed, 20 Mar 2019 10:49:37 -0400 Message-Id: <20190320144944.147862-7-willemdebruijn.kernel@gmail.com> X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com> References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Willem de Bruijn Segmentation offload takes a longer path. Verify that the feature works with large packets. The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth TSO is permissive. If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on supporting NICs. The feature sets SKB_GSO_DODGY because the caller is untrusted. As a result the packets traverse through the gso stack at least up to TCP. And fail the gso_type validation, such as the skb->encapsulation check in gre_gso_segment and the gso_type checks introduced in commit 418e897e0716 ("gso: validate gso_type on ipip style tunnel"). This will be addressed in a follow-on feature patch. In the meantime, disable the new gso tests. Signed-off-by: Willem de Bruijn --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 +++++++++++++++---- 1 file changed, 49 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index c78922048610b..5d9d56520c694 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2 readonly ns1_v6=fd::1 readonly ns2_v6=fd::2 +readonly infile="$(mktemp)" +readonly outfile="$(mktemp)" setup() { ip netns add "${ns1}" @@ -23,6 +25,8 @@ setup() { ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \ peer name veth2 mtu 1500 netns "${ns2}" + ip netns exec "${ns1}" ethtool -K veth1 tso off + ip -netns "${ns1}" link set veth1 up ip -netns "${ns2}" link set veth2 up @@ -32,58 +36,86 @@ setup() { ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad sleep 1 + + dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none } cleanup() { ip netns del "${ns2}" ip netns del "${ns1}" + + if [[ -f "${outfile}" ]]; then + rm "${outfile}" + fi + if [[ -f "${infile}" ]]; then + rm "${infile}" + fi } server_listen() { - ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" & + ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & + server_pid=$! sleep 0.2 } client_connect() { - ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}" + ip netns exec "${ns1}" nc "${netcat_opt}" -q 0 -w 1 "${addr2}" "${port}" < "${infile}" echo $? } +verify_data() { + wait "${server_pid}" + # sha1sum returns two fields [sha1] [filepath] + # convert to bash array and access first elem + insum=($(sha1sum ${infile})) + outsum=($(sha1sum ${outfile})) + if [[ "${insum[0]}" != "${outsum[0]}" ]]; then + echo "data mismatch" + exit 1 + fi +} + set -e # no arguments: automated test, run all if [[ "$#" -eq "0" ]]; then echo "ipip" - $0 ipv4 ipip + $0 ipv4 ipip 100 echo "ip6ip6" - $0 ipv6 ip6tnl + $0 ipv6 ip6tnl 100 echo "ip gre" - $0 ipv4 gre + $0 ipv4 gre 100 echo "ip6 gre" - $0 ipv6 ip6gre + $0 ipv6 ip6gre 100 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip gre gso" + # $0 ipv4 gre 2000 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip6 gre gso" + # $0 ipv6 ip6gre 2000 echo "OK. All tests passed" exit 0 fi -if [[ "$#" -ne "2" ]]; then +if [[ "$#" -ne "3" ]]; then echo "Usage: $0" - echo " or: $0 " + echo " or: $0 " exit 1 fi case "$1" in "ipv4") - readonly tuntype=$2 readonly addr1="${ns1_v4}" readonly addr2="${ns2_v4}" readonly netcat_opt=-4 ;; "ipv6") - readonly tuntype=$2 readonly addr1="${ns1_v6}" readonly addr2="${ns2_v6}" readonly netcat_opt=-6 @@ -94,7 +126,10 @@ case "$1" in ;; esac -echo "encap ${addr1} to ${addr2}, type ${tuntype}" +readonly tuntype=$2 +readonly datalen=$3 + +echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}" trap cleanup EXIT @@ -104,6 +139,7 @@ setup echo "test basic connectivity" server_listen client_connect +verify_data # clientside, insert bpf program to encap all TCP to port ${port} # client can no longer connect @@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \ ip netns exec "${ns2}" ip link set dev testtun0 up echo "test bpf encap with tunnel device decap" client_connect +verify_data # serverside, use BPF for decap ip netns exec "${ns2}" ip link del dev testtun0 @@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \ server_listen echo "test bpf encap with bpf decap" client_connect +verify_data echo OK