From patchwork Wed Mar 20 14:49:32 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059269
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="a1eVZSgT"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrf1hRyz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:49:54 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728051AbfCTOtx (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:49:53 -0400
Received: from mail-qk1-f193.google.com ([209.85.222.193]:43163 "EHLO
	mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726067AbfCTOtv (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:51 -0400
Received: by mail-qk1-f193.google.com with SMTP id c20so9506196qkc.10
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=MPg2+bByfx3IwFWrB/UbrDJlrmtNctIrkmc3yCxFTVs=;
	b=a1eVZSgTMLovGZz30EutuS6koWkuL1+kDT0grKA+Ah3JsgPFoy/Vnj0+QvcWC3MZP8
	ZqANNXSvKyDM5CmkWuK8FH+/Il/Wp92V58jtAE1VcgCLHKTS7ivjxQNut3BDaKbhmi4i
	NhpHf84iZAs4qvuvvn/WEZpaL9sxq4hV+/yEdiyxUXIMegVLUsCe0nThTtETVK/+9Qw3
	N9YezhZ9Ek96/5+HF9D1OkRnTxYzUyjak6fQzC8a5TTxNv7QOu/twbGJyEvxfuSY3mgx
	GPsMlYRIRtqsxSLLZdO6SR2klcntzUo+v5+0J24FRWR0x3r0A3+WnP08D+PnLoeaZKWR
	wKlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=MPg2+bByfx3IwFWrB/UbrDJlrmtNctIrkmc3yCxFTVs=;
	b=mLS18SjuI2kygN2fSPSNkSoMk9yfzHsQFXWdNnA2o5qV/eHBjDyuKRHAdq0deAqMSW
	lvKyItuulYVDa+ioT/rSrhcMPm6QfkxxUpRQKnRURdiCJKJOq3sPu1pm7mg6evKe7S25
	E4X4wx+12/YNgD4VHaxG1pIYcAsx5nc7c/YRPRjieuWXriHCGl/egW20hb/oV4WB/Kr/
	tONT0GAWsdG501PYfiKuq0TlKxOTPR6zQZ/8r/0+RgoLZnFtbH8dl5mZHd9BzWgaG8bQ
	fo1ibJu1gneh9bK455bH3XGYKNkGWg55DWPgrrBCzg59/sE7Ey4tfWqQHCBwiALmTayY
	r6nQ==
X-Gm-Message-State: APjAAAW1bN/b8SjihyFqjVNCMpyFIWd7FFoDtw28LHlh3QaHa7AesApi
	8Pb/v+HVtzxcBRxWO8qJDXxEzUgG
X-Google-Smtp-Source: 
 APXvYqy4+4Is7gFBL1lk3KZlRF5VKtyf+4F9ybUJN5B1QcvzFte1+F1JOIrNfepbh6cRSGnlpKGvUQ==
X-Received: by 2002:a37:e503:: with SMTP id e3mr6598413qkg.316.1553093390582;
	Wed, 20 Mar 2019 07:49:50 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.49
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:49 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 01/13] bpf: in bpf_skb_adjust_room avoid copy in tx
	fast path
Date: Wed, 20 Mar 2019 10:49:32 -0400
Message-Id: <20190320144944.147862-2-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

bpf_skb_adjust_room calls skb_cow on grow.

This expensive operation can be avoided in the fast path when the only
other clone has released the header. This is the common case for TCP,
where one headerless clone is kept on the retransmit queue.

It is safe to do so even when touching the gso fields in skb_shinfo.
Regular tunnel encap with iptunnel_handle_offloads takes the same
optimization.

The tcp stack unclones in the unlikely case that it accesses these
fields through headerless clones packets on the retransmit queue (see
__tcp_retransmit_skb).

If any other clones are present, e.g., from packet sockets,
skb_cow_head returns the same value as skb_cow().

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 net/core/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/filter.c b/net/core/filter.c
index 647c63a7b25b6..8e15fb919b574 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2971,7 +2971,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff)
 	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb))
 		return -ENOTSUPP;
 
-	ret = skb_cow(skb, len_diff);
+	ret = skb_cow_head(skb, len_diff);
 	if (unlikely(ret < 0))
 		return ret;
 

From patchwork Wed Mar 20 14:49:33 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059270
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="p/8wjZCc"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrh2kgKz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:49:56 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728065AbfCTOty (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:49:54 -0400
Received: from mail-qk1-f194.google.com ([209.85.222.194]:40096 "EHLO
	mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728038AbfCTOtx (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:53 -0400
Received: by mail-qk1-f194.google.com with SMTP id w20so6061974qka.7
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=G9BU6/Grqv3fgXGN7X9aT8VGUpxCzGOC0VvuPOfkWh0=;
	b=p/8wjZCchYuiSR1tRdANCmbOY8LDWHPthJLbQlFBGxLbmYQeXtrDHsK09ur0T+As6b
	wpxPd51crpemfIexYNhz2FlpeMEmHK314gcpWsidwPymK0jFBpKLOykZLIdydwtdYryB
	uQ+fqktUlot9bzFYQoFGBPVlYRig/HSvs661R1b8heQUi9Fwy8HaypjuO1vkc2zfxRUL
	1kxRMz+4vMrCo8bHq9V8iU8qyWQjXkp0zioKnZSTrcWkA71gtwbQJeWICR5CzFILleqQ
	6AJha9hY4UF2wGFg0t06f6OZ3TH4lweUe0277mHStEXEZSmyLSxKhXCKKYzoE2Icm/B5
	8Naw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=G9BU6/Grqv3fgXGN7X9aT8VGUpxCzGOC0VvuPOfkWh0=;
	b=oPwILf7gLm6fYG8AwJ4DDyUrpOOKvomdfScJmfXVg93SxFMaDnoFaOvsX4ddwbUsm0
	epGsFJPpDSSbrI87CvqfXVitBFWnyXLwRFMKkq0+JcPiVzzLyiT3L1irst1AtwtHHbjW
	zCmTtrzNWcZBcU0Tfsx48tAquPOJfmXLVWHTpHzzALzzX4mKwNt20Sm7q5PS1VXEEG7P
	y4p9KmyAKy4xko8wsW3kkVz7DoTYXIyOaw2KHrAzIa1GK7wfimZ0dYMZZDAONZmilWD8
	cPCYr5nW3hiKCqOqoQCKrXYS5hgVPg6pEVUNIbJLSXap8gye+kOIW3g/Dzlm4JvNm3K+
	EQrQ==
X-Gm-Message-State: APjAAAUzfkWBPxis4QTUREAEIE7cF7crBRtPvtvfCkTh7LvvqqfUTijP
	juWi8GGfgwfDD3evRc++1Cpq4pmx
X-Google-Smtp-Source: 
 APXvYqwQ6UrXVrdNfiOxqME+qwSUMRPAkGeyzwoodTV9QBtMjkS2XkrQ/OlK++sPw6YzZWKXliHuuA==
X-Received: by 2002:a37:790:: with SMTP id 138mr6821640qkh.271.1553093391780;
	Wed, 20 Mar 2019 07:49:51 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.50
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:50 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 02/13] selftests/bpf: bpf tunnel encap test
Date: Wed, 20 Mar 2019 10:49:33 -0400
Message-Id: <20190320144944.147862-3-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Validate basic tunnel encapsulation using ipip.

Set up two namespaces connected by veth. Connect a client and server.
Do this with and without bpf encap.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 tools/testing/selftests/bpf/Makefile          |  3 +-
 .../selftests/bpf/progs/test_tc_tunnel.c      | 83 +++++++++++++++++++
 tools/testing/selftests/bpf/test_tc_tunnel.sh | 75 +++++++++++++++++
 3 files changed, 160 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/bpf/progs/test_tc_tunnel.c
 create mode 100755 tools/testing/selftests/bpf/test_tc_tunnel.sh

diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
index 2aed37ea61a4c..40992d12b5c8a 100644
--- a/tools/testing/selftests/bpf/Makefile
+++ b/tools/testing/selftests/bpf/Makefile
@@ -51,7 +51,8 @@ TEST_PROGS := test_kmod.sh \
 	test_skb_cgroup_id.sh \
 	test_flow_dissector.sh \
 	test_xdp_vlan.sh \
-	test_lwt_ip_encap.sh
+	test_lwt_ip_encap.sh \
+	test_tc_tunnel.sh
 
 TEST_PROGS_EXTENDED := with_addr.sh \
 	with_tunnels.sh \
diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
new file mode 100644
index 0000000000000..8223e4347be8f
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: GPL-2.0
+
+/* In-place tunneling */
+
+#include <linux/stddef.h>
+#include <linux/bpf.h>
+#include <linux/if_ether.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/pkt_cls.h>
+#include <linux/types.h>
+
+#include "bpf_endian.h"
+#include "bpf_helpers.h"
+
+static const int cfg_port = 8000;
+
+static __always_inline void set_ipv4_csum(struct iphdr *iph)
+{
+	__u16 *iph16 = (__u16 *)iph;
+	__u32 csum;
+	int i;
+
+	iph->check = 0;
+
+#pragma clang loop unroll(full)
+	for (i = 0, csum = 0; i < sizeof(*iph) >> 1; i++)
+		csum += *iph16++;
+
+	iph->check = ~((csum & 0xffff) + (csum >> 16));
+}
+
+SEC("encap")
+int encap_f(struct __sk_buff *skb)
+{
+	struct iphdr iph_outer, iph_inner;
+	struct tcphdr tcph;
+
+	if (skb->protocol != __bpf_constant_htons(ETH_P_IP))
+		return TC_ACT_OK;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
+			       sizeof(iph_inner)) < 0)
+		return TC_ACT_OK;
+
+	/* filter only packets we want */
+	if (iph_inner.ihl != 5 || iph_inner.protocol != IPPROTO_TCP)
+		return TC_ACT_OK;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_inner),
+			       &tcph, sizeof(tcph)) < 0)
+		return TC_ACT_OK;
+
+	if (tcph.dest != __bpf_constant_htons(cfg_port))
+		return TC_ACT_OK;
+
+	/* add room between mac and network header */
+	if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0))
+		return TC_ACT_SHOT;
+
+	/* prepare new outer network header */
+	iph_outer = iph_inner;
+	iph_outer.protocol = IPPROTO_IPIP;
+	iph_outer.tot_len = bpf_htons(sizeof(iph_outer) +
+				      bpf_htons(iph_outer.tot_len));
+	set_ipv4_csum(&iph_outer);
+
+	/* store new outer network header */
+	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer),
+				BPF_F_INVALIDATE_HASH) < 0)
+		return TC_ACT_SHOT;
+
+	/* bpf_skb_adjust_room has moved header to start of room: restore */
+	if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+				&iph_inner, sizeof(iph_inner),
+				BPF_F_INVALIDATE_HASH) < 0)
+		return TC_ACT_SHOT;
+
+	return TC_ACT_OK;
+}
+
+char __license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
new file mode 100755
index 0000000000000..6ebb288a3afc7
--- /dev/null
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# In-place tunneling
+
+# must match the port that the bpf program filters on
+readonly port=8000
+
+readonly ns_prefix="ns-$$-"
+readonly ns1="${ns_prefix}1"
+readonly ns2="${ns_prefix}2"
+
+readonly ns1_v4=192.168.1.1
+readonly ns2_v4=192.168.1.2
+
+setup() {
+	ip netns add "${ns1}"
+	ip netns add "${ns2}"
+
+	ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \
+	      peer name veth2 mtu 1500 netns "${ns2}"
+
+	ip -netns "${ns1}" link set veth1 up
+	ip -netns "${ns2}" link set veth2 up
+
+	ip -netns "${ns1}" -4 addr add "${ns1_v4}/24" dev veth1
+	ip -netns "${ns2}" -4 addr add "${ns2_v4}/24" dev veth2
+
+	sleep 1
+}
+
+cleanup() {
+	ip netns del "${ns2}"
+	ip netns del "${ns1}"
+}
+
+server_listen() {
+	ip netns exec "${ns2}" nc -l -p "${port}" &
+	sleep 0.2
+}
+
+client_connect() {
+	ip netns exec "${ns1}" nc -z -w 1 "${ns2_v4}" "${port}"
+	echo $?
+}
+
+set -e
+trap cleanup EXIT
+
+setup
+
+# basic communication works
+echo "test basic connectivity"
+server_listen
+client_connect
+
+# clientside, insert bpf program to encap all TCP to port ${port}
+# client can no longer connect
+ip netns exec "${ns1}" tc qdisc add dev veth1 clsact
+ip netns exec "${ns1}" tc filter add dev veth1 egress \
+	bpf direct-action object-file ./test_tc_tunnel.o section encap
+echo "test bpf encap without decap (expect failure)"
+server_listen
+! client_connect
+
+# serverside, insert decap module
+# server is still running
+# client can connect again
+ip netns exec "${ns2}" ip link add dev testtun0 type ipip \
+	remote "${ns1_v4}" local "${ns2_v4}"
+ip netns exec "${ns2}" ip link set dev testtun0 up
+echo "test bpf encap with tunnel device decap"
+client_connect
+
+echo OK

From patchwork Wed Mar 20 14:49:34 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059271
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="aMdriKlq"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrj5vlCz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:49:57 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728120AbfCTOt4 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:49:56 -0400
Received: from mail-qt1-f195.google.com ([209.85.160.195]:43543 "EHLO
	mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728054AbfCTOty (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:54 -0400
Received: by mail-qt1-f195.google.com with SMTP id v32so2783978qtc.10
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=/nmec+GYuRB+1FYbBFUIeWupMYZu5rBNq/WI5++txPE=;
	b=aMdriKlqQIoPndiq9lDPJNoJQ1NKWbRKrb7iICy3+CsHS6OSYMl/PSWCNj+GdsBg/L
	yFgEx7eCq9qhw/Evp3Tt5paVY4KF4wPLFXhnhbP5DXfFWrCJ+RmfH/2KuUez9ec7Qdpb
	rwTua2PJ2KweqBShYUVZfIB54lkusGLYU8wTsBTtzU7VkyqcICGOvG94rYpiIyfPCXlH
	gPKFAQVVLl6jOl4rjmq3fcQUeTYPufVOQ5MRinn+UJ6W60rVcM48UFH+DhndHe8pL36W
	+rWZrV3X37O4TvmhIgYgeyHF3GQ18i+fyFiREwsGn+LM612quto9TTKYh6boxCppBfra
	cYEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=/nmec+GYuRB+1FYbBFUIeWupMYZu5rBNq/WI5++txPE=;
	b=Z6FPXGnCWT6wKlsYU3EXSWmHzKojp127O3lpbxK+QbWyIC5qj0JOgq2h9X1sFc7ILx
	GrZZAGoBUmXHq1FCImiKKlDai7ietNianxY16haTi0wgpU8gSoGz9/YQ9gy+//r9rIHv
	ue8t+dJFEMn6jdT2+UcVBMC6SqVlNU+g8eAUmy3unTzjcf7y2C3irJlAMM5KK4KtWMth
	OqodRPJhA6HdQNPGk4Yit64Dt7qDvzuGSIdYRIFODWPO/VMJlrn+fvAWrah6KlXT9uhk
	XBYVlKwdVBilAtXdxfVUKuV4ZboSkXzvtZt4vnCoFyWQpptIVukZamr9KQ8SAwUnAnSF
	Eozw==
X-Gm-Message-State: APjAAAVx5gNG4rUmZEVGc+Y62hYHKzP5IcvIJnQTfVC6Ey/prZoI4PwT
	+CguY4fV1ZyWgZzkPw4vKPqCLMna
X-Google-Smtp-Source: 
 APXvYqylTgCxcMiAf34E7LL6yoR52JshN86DI0YR2gziHu6IIBYjYnxCYtsV+R3KwhNnsfKLIL/RnQ==
X-Received: by 2002:ac8:2c93:: with SMTP id 19mr7419566qtw.126.1553093393215;
	Wed, 20 Mar 2019 07:49:53 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.51
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:52 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 03/13] selftests/bpf: expand bpf tunnel test with
	decap
Date: Wed, 20 Mar 2019 10:49:34 -0400
Message-Id: <20190320144944.147862-4-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

The bpf tunnel test encapsulates using bpf, then decapsulates using
a standard tunnel device to verify correctness.

Once encap is verified, also test decap, by replacing the tunnel
device on decap with another bpf program.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 .../selftests/bpf/progs/test_tc_tunnel.c      | 31 +++++++++++++++++++
 tools/testing/selftests/bpf/test_tc_tunnel.sh |  9 ++++++
 2 files changed, 40 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index 8223e4347be8f..25db148635ab7 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -80,4 +80,35 @@ int encap_f(struct __sk_buff *skb)
 	return TC_ACT_OK;
 }
 
+SEC("decap")
+int decap_f(struct __sk_buff *skb)
+{
+	struct iphdr iph_outer, iph_inner;
+
+	if (skb->protocol != __bpf_constant_htons(ETH_P_IP))
+		return TC_ACT_OK;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer,
+			       sizeof(iph_outer)) < 0)
+		return TC_ACT_OK;
+
+	if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP)
+		return TC_ACT_OK;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+			       &iph_inner, sizeof(iph_inner)) < 0)
+		return TC_ACT_OK;
+
+	if (bpf_skb_adjust_room(skb, -(int)sizeof(iph_outer),
+				BPF_ADJ_ROOM_NET, 0))
+		return TC_ACT_SHOT;
+
+	/* bpf_skb_adjust_room has moved outer over inner header: restore */
+	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner),
+				BPF_F_INVALIDATE_HASH) < 0)
+		return TC_ACT_SHOT;
+
+	return TC_ACT_OK;
+}
+
 char __license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 6ebb288a3afc7..91151d91e5a1b 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -72,4 +72,13 @@ ip netns exec "${ns2}" ip link set dev testtun0 up
 echo "test bpf encap with tunnel device decap"
 client_connect
 
+# serverside, use BPF for decap
+ip netns exec "${ns2}" ip link del dev testtun0
+ip netns exec "${ns2}" tc qdisc add dev veth2 clsact
+ip netns exec "${ns2}" tc filter add dev veth2 ingress \
+	bpf direct-action object-file ./test_tc_tunnel.o section decap
+server_listen
+echo "test bpf encap with bpf decap"
+client_connect
+
 echo OK

From patchwork Wed Mar 20 14:49:35 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059281
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="arBr6ZBu"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXsQ0tZqz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:34 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728138AbfCTOt6 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:49:58 -0400
Received: from mail-qk1-f196.google.com ([209.85.222.196]:33408 "EHLO
	mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728038AbfCTOt4 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:56 -0400
Received: by mail-qk1-f196.google.com with SMTP id k189so9015922qkc.0
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=Rh/Bs6oMTXVJWT92/Uqsfi2eJHIsspTTv3QlqDIQ9f4=;
	b=arBr6ZBu+sZ+asZCP+mrTVuTYgg+pS363Fv2AL3JSWH4qQkv8pOZW0gSyqt6IziM3Z
	Y8APL71JToKxNOfxB+5M0ezvOYsv8f0vOj428TXoliuxx4u23ycfuTp1p5+JI8+rE/dt
	c6NMSgkzZ2Rq+xLvQN/abI5aQWHDavNZVEZn/5TY1eu7gFPW1c4VL7FVR6vs2XpmgeYe
	eDPBkVj5uTiHWKY4zLlm6JiqNxV83goNILUrLVw8VqcP96vQn6hPxWvaAhxujF/XaVnq
	4cDvroP5aLYz79EwhE9deeqz/DicJsehIANhC9gy7K61bOIPyCSQVSntRUqVNj8FrguL
	v9Ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=Rh/Bs6oMTXVJWT92/Uqsfi2eJHIsspTTv3QlqDIQ9f4=;
	b=SRMl2FdWb272LcYz6jQCNWMsE0PVlX+vLIwOBBEzI2YxaYDywmH/v/EhwXlsmrjSL2
	5f6mqXn+VIkZZZCfI7vYYNfT14hyr/vU0M727rx8kiPwKyntVZcIzmhqgIMR6bY3cIVg
	+VeH+W02dU97xkiIZqFnBnQniE5/GpAjucgEQc6arG6EAsJ0zQJf89083hL5D0lysUSt
	h2hIpsKJPuzUUmkhD9s2J1OerypkZeMB4QzICOCu8CEY31QxUC0eSSvINdgoDlg7Kfrs
	SGRc9j3kbfid0PyAjTI7yc1KWEMJ2XxdQHrlaIpOeIy7kHPxuyvd7uWBhcfs1VPuNULt
	EF/Q==
X-Gm-Message-State: APjAAAX5vZo+9/vRPALmlcV5/+lF8ROWaNeQdZvCINJxK6EyC/vNE3qk
	m/n9nOowwlc9XGaqhB/oFfe7XCZk
X-Google-Smtp-Source: 
 APXvYqzy9tKG/LTfMwc1wiRLAnxkVh7LeWA7GKeL6LDUOrmzEe3wBjmLdUlWHVovOBRmPa3zcWoRCQ==
X-Received: by 2002:a37:8dc1:: with SMTP id
	p184mr6625935qkd.172.1553093394531;
	Wed, 20 Mar 2019 07:49:54 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.53
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:53 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 04/13] selftests/bpf: expand bpf tunnel test to ipv6
Date: Wed, 20 Mar 2019 10:49:35 -0400
Message-Id: <20190320144944.147862-5-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

The test only uses ipv4 so far, expand to ipv6.
This is mostly a boilerplate near copy of the ipv4 path.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 tools/testing/selftests/bpf/config            |   2 +
 .../selftests/bpf/progs/test_tc_tunnel.c      | 116 +++++++++++++++---
 tools/testing/selftests/bpf/test_tc_tunnel.sh |  53 +++++++-
 3 files changed, 149 insertions(+), 22 deletions(-)

diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config
index 37f947ec44ed9..a42f4fc4dc11f 100644
--- a/tools/testing/selftests/bpf/config
+++ b/tools/testing/selftests/bpf/config
@@ -23,3 +23,5 @@ CONFIG_LWTUNNEL=y
 CONFIG_BPF_STREAM_PARSER=y
 CONFIG_XDP_SOCKETS=y
 CONFIG_FTRACE_SYSCALLS=y
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index 25db148635ab7..591f540ce513d 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -7,6 +7,7 @@
 #include <linux/if_ether.h>
 #include <linux/in.h>
 #include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/tcp.h>
 #include <linux/pkt_cls.h>
 #include <linux/types.h>
@@ -31,15 +32,11 @@ static __always_inline void set_ipv4_csum(struct iphdr *iph)
 	iph->check = ~((csum & 0xffff) + (csum >> 16));
 }
 
-SEC("encap")
-int encap_f(struct __sk_buff *skb)
+static int encap_ipv4(struct __sk_buff *skb)
 {
 	struct iphdr iph_outer, iph_inner;
 	struct tcphdr tcph;
 
-	if (skb->protocol != __bpf_constant_htons(ETH_P_IP))
-		return TC_ACT_OK;
-
 	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
 			       sizeof(iph_inner)) < 0)
 		return TC_ACT_OK;
@@ -80,35 +77,118 @@ int encap_f(struct __sk_buff *skb)
 	return TC_ACT_OK;
 }
 
-SEC("decap")
-int decap_f(struct __sk_buff *skb)
+static int encap_ipv6(struct __sk_buff *skb)
 {
-	struct iphdr iph_outer, iph_inner;
+	struct ipv6hdr iph_outer, iph_inner;
+	struct tcphdr tcph;
 
-	if (skb->protocol != __bpf_constant_htons(ETH_P_IP))
+	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
+			       sizeof(iph_inner)) < 0)
 		return TC_ACT_OK;
 
-	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer,
-			       sizeof(iph_outer)) < 0)
+	/* filter only packets we want */
+	if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_inner),
+			       &tcph, sizeof(tcph)) < 0)
 		return TC_ACT_OK;
 
-	if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP)
+	if (tcph.dest != __bpf_constant_htons(cfg_port))
+		return TC_ACT_OK;
+
+	/* add room between mac and network header */
+	if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0))
+		return TC_ACT_SHOT;
+
+	/* prepare new outer network header */
+	iph_outer = iph_inner;
+	iph_outer.nexthdr = IPPROTO_IPV6;
+	iph_outer.payload_len = bpf_htons(sizeof(iph_outer) +
+					  bpf_ntohs(iph_outer.payload_len));
+
+	/* store new outer network header */
+	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer),
+				BPF_F_INVALIDATE_HASH) < 0)
+		return TC_ACT_SHOT;
+
+	/* bpf_skb_adjust_room has moved header to start of room: restore */
+	if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+				&iph_inner, sizeof(iph_inner),
+				BPF_F_INVALIDATE_HASH) < 0)
+		return TC_ACT_SHOT;
+
+	return TC_ACT_OK;
+}
+
+SEC("encap")
+int encap_f(struct __sk_buff *skb)
+{
+	switch (skb->protocol) {
+	case __bpf_constant_htons(ETH_P_IP):
+		return encap_ipv4(skb);
+	case __bpf_constant_htons(ETH_P_IPV6):
+		return encap_ipv6(skb);
+	default:
+		/* does not match, ignore */
 		return TC_ACT_OK;
+	}
+}
 
-	if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_outer),
-			       &iph_inner, sizeof(iph_inner)) < 0)
+static int decap_internal(struct __sk_buff *skb, int off, int len)
+{
+	char buf[sizeof(struct ipv6hdr)];
+
+	if (bpf_skb_load_bytes(skb, off + len, &buf, len) < 0)
 		return TC_ACT_OK;
 
-	if (bpf_skb_adjust_room(skb, -(int)sizeof(iph_outer),
-				BPF_ADJ_ROOM_NET, 0))
+	if (bpf_skb_adjust_room(skb, -len, BPF_ADJ_ROOM_NET, 0))
 		return TC_ACT_SHOT;
 
 	/* bpf_skb_adjust_room has moved outer over inner header: restore */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner),
-				BPF_F_INVALIDATE_HASH) < 0)
+	if (bpf_skb_store_bytes(skb, off, buf, len, BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
 
 	return TC_ACT_OK;
 }
 
+static int decap_ipv4(struct __sk_buff *skb)
+{
+	struct iphdr iph_outer;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer,
+			       sizeof(iph_outer)) < 0)
+		return TC_ACT_OK;
+
+	if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP)
+		return TC_ACT_OK;
+
+	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer));
+}
+
+static int decap_ipv6(struct __sk_buff *skb)
+{
+	struct ipv6hdr iph_outer;
+
+	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer,
+			       sizeof(iph_outer)) < 0)
+		return TC_ACT_OK;
+
+	if (iph_outer.nexthdr != IPPROTO_IPV6)
+		return TC_ACT_OK;
+
+	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer));
+}
+
+SEC("decap")
+int decap_f(struct __sk_buff *skb)
+{
+	switch (skb->protocol) {
+	case __bpf_constant_htons(ETH_P_IP):
+		return decap_ipv4(skb);
+	case __bpf_constant_htons(ETH_P_IPV6):
+		return decap_ipv6(skb);
+	default:
+		/* does not match, ignore */
+		return TC_ACT_OK;
+	}
+}
+
 char __license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 91151d91e5a1b..7b1758f3006b0 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -12,6 +12,9 @@ readonly ns2="${ns_prefix}2"
 
 readonly ns1_v4=192.168.1.1
 readonly ns2_v4=192.168.1.2
+readonly ns1_v6=fd::1
+readonly ns2_v6=fd::2
+
 
 setup() {
 	ip netns add "${ns1}"
@@ -25,6 +28,8 @@ setup() {
 
 	ip -netns "${ns1}" -4 addr add "${ns1_v4}/24" dev veth1
 	ip -netns "${ns2}" -4 addr add "${ns2_v4}/24" dev veth2
+	ip -netns "${ns1}" -6 addr add "${ns1_v6}/64" dev veth1 nodad
+	ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
 
 	sleep 1
 }
@@ -35,16 +40,56 @@ cleanup() {
 }
 
 server_listen() {
-	ip netns exec "${ns2}" nc -l -p "${port}" &
+	ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" &
 	sleep 0.2
 }
 
 client_connect() {
-	ip netns exec "${ns1}" nc -z -w 1 "${ns2_v4}" "${port}"
+	ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}"
 	echo $?
 }
 
 set -e
+
+# no arguments: automated test, run all
+if [[ "$#" -eq "0" ]]; then
+	echo "ipip"
+	$0 ipv4
+
+	echo "ip6ip6"
+	$0 ipv6
+
+	echo "OK. All tests passed"
+	exit 0
+fi
+
+if [[ "$#" -ne "1" ]]; then
+	echo "Usage: $0"
+	echo "   or: $0 <ipv4|ipv6>"
+	exit 1
+fi
+
+case "$1" in
+"ipv4")
+	readonly tuntype=ipip
+	readonly addr1="${ns1_v4}"
+	readonly addr2="${ns2_v4}"
+	readonly netcat_opt=-4
+	;;
+"ipv6")
+	readonly tuntype=ip6tnl
+	readonly addr1="${ns1_v6}"
+	readonly addr2="${ns2_v6}"
+	readonly netcat_opt=-6
+	;;
+*)
+	echo "unknown arg: $1"
+	exit 1
+	;;
+esac
+
+echo "encap ${addr1} to ${addr2}, type ${tuntype}"
+
 trap cleanup EXIT
 
 setup
@@ -66,8 +111,8 @@ server_listen
 # serverside, insert decap module
 # server is still running
 # client can connect again
-ip netns exec "${ns2}" ip link add dev testtun0 type ipip \
-	remote "${ns1_v4}" local "${ns2_v4}"
+ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
+	remote "${addr1}" local "${addr2}"
 ip netns exec "${ns2}" ip link set dev testtun0 up
 echo "test bpf encap with tunnel device decap"
 client_connect

From patchwork Wed Mar 20 14:49:36 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059272
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="M8VijONY"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrm2xN3z9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:00 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728160AbfCTOt7 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:49:59 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:36134 "EHLO
	mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728122AbfCTOt6 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:58 -0400
Received: by mail-qk1-f195.google.com with SMTP id k130so14276730qke.3
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=EVkQH9TIoV+1q3Epsvck3/7871VvUAEPdctkmkJgc84=;
	b=M8VijONYGads1yfAcfvzTUanBMEfL8v+c/mZRz91CCXmfLxCax6hkrXNwYKuMhsNlp
	0l5RTdbvy0iW+FGS9Us2Z0IwM1Fvrf/dqTUvXGfjQOMHSScHjWl4Aj1pc72cwO1GwLRK
	2ToQxxFd/60bP0Q/bhYiKEcJMmKIAoFjZhbuzPbmDubumn+Pe8wXeAlFgDMMQ43rwhJ5
	r4uQvVm2b4ljdCzRcsoFEI1W4Pl6cx3BZBYbqS0Say7+EtZgvkitMPXpDhNt+ARqr7G+
	vXtUbSt4IJrmyzRpwxyo2b8FCA0x2lCrwB0+jD6GmXqmorTaqppX8GJ6gb77+ULZNCM2
	daAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=EVkQH9TIoV+1q3Epsvck3/7871VvUAEPdctkmkJgc84=;
	b=TWlqxSJKYU8V/AMkMYCWj1AQmSqWE/heQNBPrxgZX1IIIEqjHMyakjVlHdAAOFJ6s1
	j6Xz1EpJUDDLwGGxTATnC/xlNe9cKz/KVTyP0xVbJGAeRLC6mTjzrfip9HxJzF3lD4rf
	3Sgs77sAyjKKErWRwckgcya3pdP7BZxwXO9Spfb6aMxWuQSN9NDUfEvuNGb5nS+Y8S/l
	obwW8nffTqiStONzjJrmvAHC0r4lLG6aQhv8E9mumRxpM0svTq0Kkj5dYaeVXTG2xkqo
	v3KMbB4Bs3GplhzrrlpZ7A3x7mKoQ7NqXy05qtb5aKpS3XMtDjo2Pmr6l9FJ5ge9baOq
	kiJQ==
X-Gm-Message-State: APjAAAWtwuPDkH9esCR34BBFMYJEB3+2ukx/uErIzvkrO+GSEIbeyOFO
	y04AUbNvG7TdIBn4GLhfwry5EGmj
X-Google-Smtp-Source: 
 APXvYqyYpU2MO9WX8QYv/D26x5O/jsqWrDzb59ReNSMU2c9mD430GgTMjLd2jcjMozXmT01qkz3bng==
X-Received: by 2002:ae9:f71a:: with SMTP id
	s26mr6779453qkg.299.1553093395867;
	Wed, 20 Mar 2019 07:49:55 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.54
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:54 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 05/13] selftests/bpf: extend bpf tunnel test with
	gre
Date: Wed, 20 Mar 2019 10:49:36 -0400
Message-Id: <20190320144944.147862-6-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

GRE is a commonly used protocol. Add GRE cases for both IPv4 and IPv6.

It also inserts different sized headers, which can expose some
unexpected edge cases.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 .../selftests/bpf/progs/test_tc_tunnel.c      | 148 +++++++++++++-----
 tools/testing/selftests/bpf/test_tc_tunnel.sh |  21 ++-
 2 files changed, 123 insertions(+), 46 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index 591f540ce513d..900c5653105fe 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -2,6 +2,9 @@
 
 /* In-place tunneling */
 
+#include <stdbool.h>
+#include <string.h>
+
 #include <linux/stddef.h>
 #include <linux/bpf.h>
 #include <linux/if_ether.h>
@@ -17,6 +20,18 @@
 
 static const int cfg_port = 8000;
 
+struct grev4hdr {
+	struct iphdr ip;
+	__be16 flags;
+	__be16 protocol;
+} __attribute__((packed));
+
+struct grev6hdr {
+	struct ipv6hdr ip;
+	__be16 flags;
+	__be16 protocol;
+} __attribute__((packed));
+
 static __always_inline void set_ipv4_csum(struct iphdr *iph)
 {
 	__u16 *iph16 = (__u16 *)iph;
@@ -32,10 +47,12 @@ static __always_inline void set_ipv4_csum(struct iphdr *iph)
 	iph->check = ~((csum & 0xffff) + (csum >> 16));
 }
 
-static int encap_ipv4(struct __sk_buff *skb)
+static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 {
-	struct iphdr iph_outer, iph_inner;
+	struct grev4hdr h_outer;
+	struct iphdr iph_inner;
 	struct tcphdr tcph;
+	int olen;
 
 	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
 			       sizeof(iph_inner)) < 0)
@@ -52,24 +69,33 @@ static int encap_ipv4(struct __sk_buff *skb)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
+	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
+
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
-	iph_outer = iph_inner;
-	iph_outer.protocol = IPPROTO_IPIP;
-	iph_outer.tot_len = bpf_htons(sizeof(iph_outer) +
-				      bpf_htons(iph_outer.tot_len));
-	set_ipv4_csum(&iph_outer);
+	h_outer.ip = iph_inner;
+	h_outer.ip.tot_len = bpf_htons(olen +
+				      bpf_htons(h_outer.ip.tot_len));
+	if (with_gre) {
+		h_outer.ip.protocol = IPPROTO_GRE;
+		h_outer.protocol = bpf_htons(ETH_P_IP);
+		h_outer.flags = 0;
+	} else {
+		h_outer.ip.protocol = IPPROTO_IPIP;
+	}
+
+	set_ipv4_csum((void *)&h_outer.ip);
 
 	/* store new outer network header */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer),
+	if (bpf_skb_store_bytes(skb, ETH_HLEN, &h_outer, olen,
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
 
 	/* bpf_skb_adjust_room has moved header to start of room: restore */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+	if (bpf_skb_store_bytes(skb, ETH_HLEN + olen,
 				&iph_inner, sizeof(iph_inner),
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
@@ -77,10 +103,12 @@ static int encap_ipv4(struct __sk_buff *skb)
 	return TC_ACT_OK;
 }
 
-static int encap_ipv6(struct __sk_buff *skb)
+static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 {
-	struct ipv6hdr iph_outer, iph_inner;
+	struct ipv6hdr iph_inner;
+	struct grev6hdr h_outer;
 	struct tcphdr tcph;
+	int olen;
 
 	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
 			       sizeof(iph_inner)) < 0)
@@ -94,23 +122,31 @@ static int encap_ipv6(struct __sk_buff *skb)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
+	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
+
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, sizeof(iph_outer), BPF_ADJ_ROOM_NET, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
-	iph_outer = iph_inner;
-	iph_outer.nexthdr = IPPROTO_IPV6;
-	iph_outer.payload_len = bpf_htons(sizeof(iph_outer) +
-					  bpf_ntohs(iph_outer.payload_len));
+	h_outer.ip = iph_inner;
+	h_outer.ip.payload_len = bpf_htons(olen +
+					   bpf_ntohs(h_outer.ip.payload_len));
+	if (with_gre) {
+		h_outer.ip.nexthdr = IPPROTO_GRE;
+		h_outer.protocol = bpf_htons(ETH_P_IPV6);
+		h_outer.flags = 0;
+	} else {
+		h_outer.ip.nexthdr = IPPROTO_IPV6;
+	}
 
 	/* store new outer network header */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_outer, sizeof(iph_outer),
+	if (bpf_skb_store_bytes(skb, ETH_HLEN, &h_outer, olen,
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
 
 	/* bpf_skb_adjust_room has moved header to start of room: restore */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+	if (bpf_skb_store_bytes(skb, ETH_HLEN + olen,
 				&iph_inner, sizeof(iph_inner),
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
@@ -118,28 +154,63 @@ static int encap_ipv6(struct __sk_buff *skb)
 	return TC_ACT_OK;
 }
 
-SEC("encap")
-int encap_f(struct __sk_buff *skb)
+SEC("encap_ipip")
+int __encap_ipip(struct __sk_buff *skb)
 {
-	switch (skb->protocol) {
-	case __bpf_constant_htons(ETH_P_IP):
-		return encap_ipv4(skb);
-	case __bpf_constant_htons(ETH_P_IPV6):
-		return encap_ipv6(skb);
-	default:
-		/* does not match, ignore */
+	if (skb->protocol == __bpf_constant_htons(ETH_P_IP))
+		return encap_ipv4(skb, false);
+	else
 		return TC_ACT_OK;
-	}
 }
 
-static int decap_internal(struct __sk_buff *skb, int off, int len)
+SEC("encap_gre")
+int __encap_gre(struct __sk_buff *skb)
 {
-	char buf[sizeof(struct ipv6hdr)];
+	if (skb->protocol == __bpf_constant_htons(ETH_P_IP))
+		return encap_ipv4(skb, true);
+	else
+		return TC_ACT_OK;
+}
 
-	if (bpf_skb_load_bytes(skb, off + len, &buf, len) < 0)
+SEC("encap_ip6tnl")
+int __encap_ip6tnl(struct __sk_buff *skb)
+{
+	if (skb->protocol == __bpf_constant_htons(ETH_P_IPV6))
+		return encap_ipv6(skb, false);
+	else
+		return TC_ACT_OK;
+}
+
+SEC("encap_ip6gre")
+int __encap_ip6gre(struct __sk_buff *skb)
+{
+	if (skb->protocol == __bpf_constant_htons(ETH_P_IPV6))
+		return encap_ipv6(skb, true);
+	else
 		return TC_ACT_OK;
+}
 
-	if (bpf_skb_adjust_room(skb, -len, BPF_ADJ_ROOM_NET, 0))
+static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
+{
+	char buf[sizeof(struct grev6hdr)];
+	int olen;
+
+	switch (proto) {
+	case IPPROTO_IPIP:
+	case IPPROTO_IPV6:
+		olen = len;
+		break;
+	case IPPROTO_GRE:
+		olen = len + 4 /* gre hdr */;
+		break;
+	default:
+		return TC_ACT_OK;
+	}
+
+	if (bpf_skb_load_bytes(skb, off + olen, &buf, olen) < 0)
+		return TC_ACT_OK;
+
+	if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_NET, 0))
 		return TC_ACT_SHOT;
 
 	/* bpf_skb_adjust_room has moved outer over inner header: restore */
@@ -157,10 +228,11 @@ static int decap_ipv4(struct __sk_buff *skb)
 			       sizeof(iph_outer)) < 0)
 		return TC_ACT_OK;
 
-	if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP)
+	if (iph_outer.ihl != 5)
 		return TC_ACT_OK;
 
-	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer));
+	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer),
+			      iph_outer.protocol);
 }
 
 static int decap_ipv6(struct __sk_buff *skb)
@@ -171,10 +243,8 @@ static int decap_ipv6(struct __sk_buff *skb)
 			       sizeof(iph_outer)) < 0)
 		return TC_ACT_OK;
 
-	if (iph_outer.nexthdr != IPPROTO_IPV6)
-		return TC_ACT_OK;
-
-	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer));
+	return decap_internal(skb, ETH_HLEN, sizeof(iph_outer),
+			      iph_outer.nexthdr);
 }
 
 SEC("decap")
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 7b1758f3006b0..c78922048610b 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -54,30 +54,36 @@ set -e
 # no arguments: automated test, run all
 if [[ "$#" -eq "0" ]]; then
 	echo "ipip"
-	$0 ipv4
+	$0 ipv4 ipip
 
 	echo "ip6ip6"
-	$0 ipv6
+	$0 ipv6 ip6tnl
+
+	echo "ip gre"
+	$0 ipv4 gre
+
+	echo "ip6 gre"
+	$0 ipv6 ip6gre
 
 	echo "OK. All tests passed"
 	exit 0
 fi
 
-if [[ "$#" -ne "1" ]]; then
+if [[ "$#" -ne "2" ]]; then
 	echo "Usage: $0"
-	echo "   or: $0 <ipv4|ipv6>"
+	echo "   or: $0 <ipv4|ipv6> <tuntype>"
 	exit 1
 fi
 
 case "$1" in
 "ipv4")
-	readonly tuntype=ipip
+	readonly tuntype=$2
 	readonly addr1="${ns1_v4}"
 	readonly addr2="${ns2_v4}"
 	readonly netcat_opt=-4
 	;;
 "ipv6")
-	readonly tuntype=ip6tnl
+	readonly tuntype=$2
 	readonly addr1="${ns1_v6}"
 	readonly addr2="${ns2_v6}"
 	readonly netcat_opt=-6
@@ -103,7 +109,8 @@ client_connect
 # client can no longer connect
 ip netns exec "${ns1}" tc qdisc add dev veth1 clsact
 ip netns exec "${ns1}" tc filter add dev veth1 egress \
-	bpf direct-action object-file ./test_tc_tunnel.o section encap
+	bpf direct-action object-file ./test_tc_tunnel.o \
+	section "encap_${tuntype}"
 echo "test bpf encap without decap (expect failure)"
 server_listen
 ! client_connect

From patchwork Wed Mar 20 14:49:37 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059279
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="M6PvChpy"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXsH1Mqnz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:27 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728213AbfCTOuA (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:00 -0400
Received: from mail-qt1-f195.google.com ([209.85.160.195]:40807 "EHLO
	mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728136AbfCTOt7 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:49:59 -0400
Received: by mail-qt1-f195.google.com with SMTP id x12so2800802qts.7
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=D85CsJgl+kcIbJUqxmLfqlp2s/y22H4NCCY+ZRzanrw=;
	b=M6PvChpyNfbYhnbiNNZN4TXu2WRNlPLgtdrI4IzGGqodcrWcvf5BLTeVRyajhH7STS
	rNL99TsdnCNpMP9chJjpojcrMgnVgeutN2GQiJMr3ZMpzI5v8JaN7o1wNvxhXOtMNVdN
	eJKbL3yXqPp2AnRQhP8+t5FGaPWhIkZrLP2osUF17WqvQPG7G+CPSznnaFlsrzF7CTYA
	gQYULFTxvyc5Tbiv+l+XtAkoMVs3i6pGfAUy0fCSErfaVGDXw/hFI9d6lZPVP5HKhnot
	uhnvo4UZ+neVDeg7xJCnupA/ZW7vd6pU7ysDqvsA98nrmgAXzJ2iANkEngEkW/7bTB/y
	dqvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=D85CsJgl+kcIbJUqxmLfqlp2s/y22H4NCCY+ZRzanrw=;
	b=K5Y9ppUaOHDKhGCwjDcKS4TecUktc48jgfpEb3NHiFgOWaMiEPqLyhzdfqC1mWkZnP
	DnQJkqbSQUz0+U+zTiy0UOQCS3Kp5JmscaybTwGMXIrvllnmcTzpdudpIMZ+gXU4MWiZ
	/mhnBT49RYAu5BI0lSf5A0yw6dZ8D4LEuaTAkNOuhn1+zAF9w+0VoJaagiXl2y3V28D8
	vr3JCgLfBjUWK5C27en3ESxFBN6SwYEfqj9k9tsWi7JphHU4ucQeyQ+IOZcYDQbFr2Pe
	bWA0OaQu0JMhRuPEbcUFhq1eA1IgfCVaxv5hj5/K35AXheqboG+uAxBKZ3PWV+C1d8I6
	54iw==
X-Gm-Message-State: APjAAAXf8JzQT9S9ABHm792Fw6JRz2bTIOl8HVFQKXnIQ5aLJVA5aah/
	ijDzYmn7PwNbhJ+bIBckjykM4JQ0
X-Google-Smtp-Source: 
 APXvYqzdVygD9dav9RO5uaLwY9epcFXMpkehjzxgn1zz3YAV4uw9LL6IzkWXFwwvAGN0FRcdO8IWvw==
X-Received: by 2002:ac8:266d:: with SMTP id
	v42mr7139885qtv.116.1553093397539;
	Wed, 20 Mar 2019 07:49:57 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.55
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:56 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 06/13] selftests/bpf: extend bpf tunnel test with
	tso
Date: Wed, 20 Mar 2019 10:49:37 -0400
Message-Id: <20190320144944.147862-7-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Segmentation offload takes a longer path. Verify that the feature
works with large packets.

The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth
TSO is permissive.

If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on
supporting NICs.

The feature sets SKB_GSO_DODGY because the caller is untrusted. As a
result the packets traverse through the gso stack at least up to TCP.
And fail the gso_type validation, such as the skb->encapsulation check
in gre_gso_segment and the gso_type checks introduced in commit
418e897e0716 ("gso: validate gso_type on ipip style tunnel").

This will be addressed in a follow-on feature patch. In the meantime,
disable the new gso tests.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 +++++++++++++++----
 1 file changed, 49 insertions(+), 11 deletions(-)

diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index c78922048610b..5d9d56520c694 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2
 readonly ns1_v6=fd::1
 readonly ns2_v6=fd::2
 
+readonly infile="$(mktemp)"
+readonly outfile="$(mktemp)"
 
 setup() {
 	ip netns add "${ns1}"
@@ -23,6 +25,8 @@ setup() {
 	ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \
 	      peer name veth2 mtu 1500 netns "${ns2}"
 
+	ip netns exec "${ns1}" ethtool -K veth1 tso off
+
 	ip -netns "${ns1}" link set veth1 up
 	ip -netns "${ns2}" link set veth2 up
 
@@ -32,58 +36,86 @@ setup() {
 	ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
 
 	sleep 1
+
+	dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none
 }
 
 cleanup() {
 	ip netns del "${ns2}"
 	ip netns del "${ns1}"
+
+	if [[ -f "${outfile}" ]]; then
+		rm "${outfile}"
+	fi
+	if [[ -f "${infile}" ]]; then
+		rm "${infile}"
+	fi
 }
 
 server_listen() {
-	ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" &
+	ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" &
+	server_pid=$!
 	sleep 0.2
 }
 
 client_connect() {
-	ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}"
+	ip netns exec "${ns1}" nc "${netcat_opt}" -q 0 -w 1 "${addr2}" "${port}" < "${infile}"
 	echo $?
 }
 
+verify_data() {
+	wait "${server_pid}"
+	# sha1sum returns two fields [sha1] [filepath]
+	# convert to bash array and access first elem
+	insum=($(sha1sum ${infile}))
+	outsum=($(sha1sum ${outfile}))
+	if [[ "${insum[0]}" != "${outsum[0]}" ]]; then
+		echo "data mismatch"
+		exit 1
+	fi
+}
+
 set -e
 
 # no arguments: automated test, run all
 if [[ "$#" -eq "0" ]]; then
 	echo "ipip"
-	$0 ipv4 ipip
+	$0 ipv4 ipip 100
 
 	echo "ip6ip6"
-	$0 ipv6 ip6tnl
+	$0 ipv6 ip6tnl 100
 
 	echo "ip gre"
-	$0 ipv4 gre
+	$0 ipv4 gre 100
 
 	echo "ip6 gre"
-	$0 ipv6 ip6gre
+	$0 ipv6 ip6gre 100
+
+	# disabled until passes SKB_GSO_DODGY checks
+	# echo "ip gre gso"
+	# $0 ipv4 gre 2000
+
+	# disabled until passes SKB_GSO_DODGY checks
+	# echo "ip6 gre gso"
+	# $0 ipv6 ip6gre 2000
 
 	echo "OK. All tests passed"
 	exit 0
 fi
 
-if [[ "$#" -ne "2" ]]; then
+if [[ "$#" -ne "3" ]]; then
 	echo "Usage: $0"
-	echo "   or: $0 <ipv4|ipv6> <tuntype>"
+	echo "   or: $0 <ipv4|ipv6> <tuntype> <data_len>"
 	exit 1
 fi
 
 case "$1" in
 "ipv4")
-	readonly tuntype=$2
 	readonly addr1="${ns1_v4}"
 	readonly addr2="${ns2_v4}"
 	readonly netcat_opt=-4
 	;;
 "ipv6")
-	readonly tuntype=$2
 	readonly addr1="${ns1_v6}"
 	readonly addr2="${ns2_v6}"
 	readonly netcat_opt=-6
@@ -94,7 +126,10 @@ case "$1" in
 	;;
 esac
 
-echo "encap ${addr1} to ${addr2}, type ${tuntype}"
+readonly tuntype=$2
+readonly datalen=$3
+
+echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}"
 
 trap cleanup EXIT
 
@@ -104,6 +139,7 @@ setup
 echo "test basic connectivity"
 server_listen
 client_connect
+verify_data
 
 # clientside, insert bpf program to encap all TCP to port ${port}
 # client can no longer connect
@@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
 ip netns exec "${ns2}" ip link set dev testtun0 up
 echo "test bpf encap with tunnel device decap"
 client_connect
+verify_data
 
 # serverside, use BPF for decap
 ip netns exec "${ns2}" ip link del dev testtun0
@@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \
 server_listen
 echo "test bpf encap with bpf decap"
 client_connect
+verify_data
 
 echo OK

From patchwork Wed Mar 20 14:49:38 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059280
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="KknKW56Y"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXsN388Hz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:32 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728298AbfCTOub (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:31 -0400
Received: from mail-qt1-f195.google.com ([209.85.160.195]:41891 "EHLO
	mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728122AbfCTOuA (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:00 -0400
Received: by mail-qt1-f195.google.com with SMTP id w30so2795851qta.8
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=BonSCT/GwMRrnyr8rbiB+8hA54xantrSveQJYaHbGxU=;
	b=KknKW56Y+YwUzU74Pz4o0FPsAdbvObYGtxXbJ8fObgl5tgUbzOqPARw/15hytLITji
	cmnUAbk1Y4DddHed88yNjGQ09ML51G9Syzw0M2x1Qihz7QLRZGz2R+lH9eU3cY2LbNjZ
	S2ryT3QszvVGY1BJINu6hNgcyePBhUYjhVrpvJU8KGhR96tr1mg6W2/07sDJ2sbkgFMK
	VFz1sTn3fnCTeBiPtzx5/6KNfPoisNTt8sXwCtHTeKrnQnXw0OFO6AjCiqyFS4CoS6eY
	A7fEavxEhbk9evWqXAE4zQbZQ31JpMJKxZo74RvfKtF2ho6J0fvoMy+KfbEHEqKVQkEw
	8yNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=BonSCT/GwMRrnyr8rbiB+8hA54xantrSveQJYaHbGxU=;
	b=V7D44gMr6/4JSOZo4kMtVssUoAppom5aEQ5pHoz9f7bUGCjkZfMMIGqbQSJH7UGvzK
	dfnZBBinKuIaRfqKwPjBg5k9yuLfZTRja9GPKfne/ieBkhcSXxMLuSkPeRvkdXNzcTeO
	llv23GclMdq1nxFT5h1sT3/ES7tgaD7585bokq73wWqg3kHO+P5uh5Qp8dnuqUoanocH
	6/uohGbQKfGgRSG1RG4w0RD1ljxjttPbd57N27wls4L6dKsHOKqHooKrzHSbZ0N9biTl
	OOd9msbRvZbtk9L95DnX0RBeyHuA9Mt5tcCAeHwvX7a2NcpColzzypYFguVWacpxvqNu
	f47Q==
X-Gm-Message-State: APjAAAXvSrJ4KdzEafehb/CKUjxelnblX47dth6qPLjnTuNc7F7XDMla
	ObG13Iii/0EsMnmL4tm1O+qSH0qn
X-Google-Smtp-Source: 
 APXvYqxGy9/LNuSi1dLY8WcSD/BSTIGEy2vXzQ7n9dfu7IFvVYMjQc9oUZxcPWhhpTzsk5iNEPs84w==
X-Received: by 2002:aed:23e1:: with SMTP id k30mr7738049qtc.17.1553093398816;
	Wed, 20 Mar 2019 07:49:58 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.57
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:57 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 07/13] bpf: add bpf_skb_adjust_room mode
	BPF_ADJ_ROOM_MAC
Date: Wed, 20 Mar 2019 10:49:38 -0400
Message-Id: <20190320144944.147862-8-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

bpf_skb_adjust_room net allows inserting room in an skb.

Existing mode BPF_ADJ_ROOM_NET inserts room after the network header
by pulling the skb, moving the network header forward and zeroing the
new space.

Add new mode BPF_ADJUST_ROOM_MAC that inserts room after the mac
header. This allows inserting tunnel headers in front of the network
header without having to recreate the network header in the original
space, avoiding two copies.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 include/uapi/linux/bpf.h |  6 +++++-
 net/core/filter.c        | 38 ++++++++++++++++++++------------------
 2 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 929c8e537a14a..4f5c918e6fcf4 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1478,7 +1478,10 @@ union bpf_attr {
  * 		Grow or shrink the room for data in the packet associated to
  * 		*skb* by *len_diff*, and according to the selected *mode*.
  *
- * 		There is a single supported mode at this time:
+ *		There are two supported modes at this time:
+ *
+ *		* **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer
+ *		  (room space is added or removed below the layer 2 header).
  *
  * 		* **BPF_ADJ_ROOM_NET**: Adjust room at the network layer
  * 		  (room space is added or removed below the layer 3 header).
@@ -2593,6 +2596,7 @@ enum bpf_func_id {
 /* Mode for BPF_FUNC_skb_adjust_room helper. */
 enum bpf_adj_room_mode {
 	BPF_ADJ_ROOM_NET,
+	BPF_ADJ_ROOM_MAC,
 };
 
 /* Mode for BPF_FUNC_skb_load_bytes_relative helper. */
diff --git a/net/core/filter.c b/net/core/filter.c
index 8e15fb919b574..1a0cf578b4502 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2963,9 +2963,8 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
 	}
 }
 
-static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff)
+static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff)
 {
-	u32 off = skb_mac_header_len(skb) + bpf_skb_net_base_len(skb);
 	int ret;
 
 	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb))
@@ -2992,9 +2991,8 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 len_diff)
 	return 0;
 }
 
-static int bpf_skb_net_shrink(struct sk_buff *skb, u32 len_diff)
+static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff)
 {
-	u32 off = skb_mac_header_len(skb) + bpf_skb_net_base_len(skb);
 	int ret;
 
 	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb))
@@ -3027,7 +3025,8 @@ static u32 __bpf_skb_max_len(const struct sk_buff *skb)
 			  SKB_MAX_ALLOC;
 }
 
-static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff)
+BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
+	   u32, mode, u64, flags)
 {
 	bool trans_same = skb->transport_header == skb->network_header;
 	u32 len_cur, len_diff_abs = abs(len_diff);
@@ -3035,14 +3034,28 @@ static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff)
 	u32 len_max = __bpf_skb_max_len(skb);
 	__be16 proto = skb->protocol;
 	bool shrink = len_diff < 0;
+	u32 off;
 	int ret;
 
+	if (unlikely(flags))
+		return -EINVAL;
 	if (unlikely(len_diff_abs > 0xfffU))
 		return -EFAULT;
 	if (unlikely(proto != htons(ETH_P_IP) &&
 		     proto != htons(ETH_P_IPV6)))
 		return -ENOTSUPP;
 
+	off = skb_mac_header_len(skb);
+	switch (mode) {
+	case BPF_ADJ_ROOM_NET:
+		off += bpf_skb_net_base_len(skb);
+		break;
+	case BPF_ADJ_ROOM_MAC:
+		break;
+	default:
+		return -ENOTSUPP;
+	}
+
 	len_cur = skb->len - skb_network_offset(skb);
 	if (skb_transport_header_was_set(skb) && !trans_same)
 		len_cur = skb_network_header_len(skb);
@@ -3052,24 +3065,13 @@ static int bpf_skb_adjust_net(struct sk_buff *skb, s32 len_diff)
 			 !skb_is_gso(skb))))
 		return -ENOTSUPP;
 
-	ret = shrink ? bpf_skb_net_shrink(skb, len_diff_abs) :
-		       bpf_skb_net_grow(skb, len_diff_abs);
+	ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs) :
+		       bpf_skb_net_grow(skb, off, len_diff_abs);
 
 	bpf_compute_data_pointers(skb);
 	return ret;
 }
 
-BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
-	   u32, mode, u64, flags)
-{
-	if (unlikely(flags))
-		return -EINVAL;
-	if (likely(mode == BPF_ADJ_ROOM_NET))
-		return bpf_skb_adjust_net(skb, len_diff);
-
-	return -ENOTSUPP;
-}
-
 static const struct bpf_func_proto bpf_skb_adjust_room_proto = {
 	.func		= bpf_skb_adjust_room,
 	.gpl_only	= false,

From patchwork Wed Mar 20 14:49:39 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059273
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Hc5U9X+c"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrt00yGz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:05 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728252AbfCTOuD (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:03 -0400
Received: from mail-qt1-f193.google.com ([209.85.160.193]:46714 "EHLO
	mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728222AbfCTOuC (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:02 -0400
Received: by mail-qt1-f193.google.com with SMTP id z17so1763560qts.13
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=8o4W8WkdmJpZl6Lc6s1+ki2S26z5uqWMe6DdbR52Oac=;
	b=Hc5U9X+ce9PYI7SIe0WLN6EWqZURyhKJgYIN80I+1cNDMujX78Xu8qoEE2vt4SgN91
	TJFGxUNPUV/U0rnbpxWwUqeQzqQj2Ur1wNpMPmZB7CCfXkuAWRXhUDb+PCrOEtaPIZ90
	+AS87YPzeqVe4HprWXisWgIVHeGWlq1TGT+kVTqDj2sm1pzSIKn6z5X/25iDRWInZmKO
	sNWTDXgQ4LqZ4+wA+F6RbXSYEKuo9UoLfFt2urHon1F2hNBr/T466WAhA5uHGQw1m/jx
	XkNUSSeRvaUqWWLhAZRvjSVuiWqWjDFoG0aYAeD/7yXP+9z2XyPaJQNbVMIpo2rP79hc
	K3Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=8o4W8WkdmJpZl6Lc6s1+ki2S26z5uqWMe6DdbR52Oac=;
	b=TcfjwlQivf8khzKCjUML3218cpg9Vhde35GzNqyExhn9CKAOeCHYZAcqI7Dgl3Vcor
	xjVVbac5/yxGN7fS77+Zl1l86QDnD9ZbI96nXRKmrA1lq1+m1+obuFSyfoOcYC+5c2Rv
	nPO+LYUkoyCGmT3MLzTYnL+hhxMMP+EwRJ6sKtQ1MzRvcsq6NLrm660HE/tS4u5wIwi0
	JuiRKG01Qqv08f1Cs/Ns2mygyOW5QECC0VDaJMEHgh8PmfNV4RQXaCarevjmrCCg6M7T
	RDK+vsTzIJyTkslK/jn04jsUisIXZwB3vrMjBQvmeuSWDEN84/z12OiPeeeKQJGr29F2
	Iw0g==
X-Gm-Message-State: APjAAAUiYXGKI7vArDSLkFx17wSaOrns8+JnXTKMyc4H++BTVYVvWkep
	QTrwghrs2OPbcwfCjffCYZIidzuN
X-Google-Smtp-Source: 
 APXvYqyVdW3zlMiRC3i189ljmkZxa+Y4kxHhP6Tspn+Mu3xsluFNY7Ly65+ue0DAz9ywlpWLUEZ83g==
X-Received: by 2002:a0c:ad4a:: with SMTP id
	v10mr6810764qvc.232.1553093400257;
	Wed, 20 Mar 2019 07:50:00 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.49.58
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:49:59 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 08/13] bpf: add bpf_skb_adjust_room flag
	BPF_F_ADJ_ROOM_FIXED_GSO
Date: Wed, 20 Mar 2019 10:49:39 -0400
Message-Id: <20190320144944.147862-9-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

bpf_skb_adjust_room adjusts gso_size of gso packets to account for the
pushed or popped header room.

This is not allowed with UDP, where gso_size delineates datagrams. Add
an option to avoid these updates and allow this call for datagrams.

It can also be used with TCP, when MSS is known to allow headroom,
e.g., through MSS clamping or route MTU.

Link: https://patchwork.ozlabs.org/patch/1052497/
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
---
 include/uapi/linux/bpf.h |  4 ++++
 net/core/filter.c        | 36 +++++++++++++++++++++++++-----------
 2 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4f5c918e6fcf4..0eda8f564a381 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2593,6 +2593,10 @@ enum bpf_func_id {
 /* Current network namespace */
 #define BPF_F_CURRENT_NETNS		(-1L)
 
+/* BPF_FUNC_skb_adjust_room flags. */
+#define BPF_F_ADJ_ROOM_FIXED_GSO	(1ULL << 0)
+#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO)
+
 /* Mode for BPF_FUNC_skb_adjust_room helper. */
 enum bpf_adj_room_mode {
 	BPF_ADJ_ROOM_NET,
diff --git a/net/core/filter.c b/net/core/filter.c
index 1a0cf578b4502..e346e48098000 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2963,12 +2963,17 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
 	}
 }
 
-static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff)
+static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
+			    u64 flags)
 {
 	int ret;
 
-	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb))
-		return -ENOTSUPP;
+	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) {
+		/* udp gso_size delineates datagrams, only allow if fixed */
+		if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) ||
+		    !(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
+			return -ENOTSUPP;
+	}
 
 	ret = skb_cow_head(skb, len_diff);
 	if (unlikely(ret < 0))
@@ -2982,7 +2987,9 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff)
 		struct skb_shared_info *shinfo = skb_shinfo(skb);
 
 		/* Due to header grow, MSS needs to be downgraded. */
-		skb_decrease_gso_size(shinfo, len_diff);
+		if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
+			skb_decrease_gso_size(shinfo, len_diff);
+
 		/* Header must be checked, and gso_segs recomputed. */
 		shinfo->gso_type |= SKB_GSO_DODGY;
 		shinfo->gso_segs = 0;
@@ -2991,12 +2998,17 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff)
 	return 0;
 }
 
-static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff)
+static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff,
+			      u64 flags)
 {
 	int ret;
 
-	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb))
-		return -ENOTSUPP;
+	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) {
+		/* udp gso_size delineates datagrams, only allow if fixed */
+		if (!(skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) ||
+		    !(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
+			return -ENOTSUPP;
+	}
 
 	ret = skb_unclone(skb, GFP_ATOMIC);
 	if (unlikely(ret < 0))
@@ -3010,7 +3022,9 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff)
 		struct skb_shared_info *shinfo = skb_shinfo(skb);
 
 		/* Due to header shrink, MSS can be upgraded. */
-		skb_increase_gso_size(shinfo, len_diff);
+		if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
+			skb_increase_gso_size(shinfo, len_diff);
+
 		/* Header must be checked, and gso_segs recomputed. */
 		shinfo->gso_type |= SKB_GSO_DODGY;
 		shinfo->gso_segs = 0;
@@ -3037,7 +3051,7 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 	u32 off;
 	int ret;
 
-	if (unlikely(flags))
+	if (unlikely(flags & ~BPF_F_ADJ_ROOM_MASK))
 		return -EINVAL;
 	if (unlikely(len_diff_abs > 0xfffU))
 		return -EFAULT;
@@ -3065,8 +3079,8 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 			 !skb_is_gso(skb))))
 		return -ENOTSUPP;
 
-	ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs) :
-		       bpf_skb_net_grow(skb, off, len_diff_abs);
+	ret = shrink ? bpf_skb_net_shrink(skb, off, len_diff_abs, flags) :
+		       bpf_skb_net_grow(skb, off, len_diff_abs, flags);
 
 	bpf_compute_data_pointers(skb);
 	return ret;

From patchwork Wed Mar 20 14:49:40 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059278
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="QKdMx+4a"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXsC6BPhz9sPF
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:23 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728296AbfCTOuV (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:21 -0400
Received: from mail-qt1-f196.google.com ([209.85.160.196]:45560 "EHLO
	mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728145AbfCTOuD (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:03 -0400
Received: by mail-qt1-f196.google.com with SMTP id v20so2769661qtv.12
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=8WXcS1KrE6vua5wx+Bvx3BW9RQeN93C5u2MIzbYeVsE=;
	b=QKdMx+4aZlCf5ZRuSeTAzURaz++FND9uOr8mYgUD3f+7Es19W0L2eSergn0JoCYkb8
	p42PAjD8bb8fgdqutmFPu6tTwNjPZ8/a0vkSNRAePBFFIyZwdmmhKqZqsG9MkLcmvb+U
	ucVOmO5sjsrprLcMTnw2r5Ly7XUSWjLj1yfPpE7LZJ2nPLR64wjSfny7AA3OZwFrC4Gu
	+F5ATAb1pSdjhm3yrPQXM+P/TsOksFgDtBBrLsVzYZ2Fvy4F/G2KSEvjrf70ANbOQYk3
	juKK3v1dE6MrovVF+tZRR2b/AQWhl05Jxa7Bw5FlXoeDAEqIJ1g+ursGWtqkGFjNoCky
	E5Sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=8WXcS1KrE6vua5wx+Bvx3BW9RQeN93C5u2MIzbYeVsE=;
	b=fgw0vdjEFSD+hm44E/JqdufPjxjIJndhhujaGSxdTwVS/erfWIfUySjTKmypnpClTo
	YLtIkdSGG6ZaNBE+WsgHjWU/Q6OTZlMm2CD8hPBxpoYdOYRSV3WL1ZK6dazsglqUTQyT
	OJc2gpZhXXsEeWFGIv799xrZL+aoO4dRYJzWsdfMPdPngd+niGsn/gfu1p8RZ5cqw/lA
	LAH9HE8uzLsMf0gQbe3Uhpm8OxxYa7hHeVfEh/FhKhqxd4tn6INpRilpwU3Lu2q39O3d
	y3kKlA3asGqj/nZazd2tfuZTQKWN38vW7vV3e2c6ZSbvaDJhhwiAxNsfg7YrCgzg4fY9
	Fu3w==
X-Gm-Message-State: APjAAAXjH9BnneDSItgSOT0hk0QMiaQaFUv5SHv/vYXzDbDGZUAWvZva
	6n8AGV3m3ky0AbLYkd0c296EkWt5
X-Google-Smtp-Source: 
 APXvYqyS+XOi5Do5+vHrZ0IFXl3Mc3SAsffFSE4EuEPG6Oq6drC3QOccBBYrGa2dPtkpxfusOzpOXA==
X-Received: by 2002:a0c:d0f8:: with SMTP id b53mr7027629qvh.46.1553093401557;
	Wed, 20 Mar 2019 07:50:01 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.50.00
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:50:00 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 09/13] bpf: add bpf_skb_adjust_room encap flags
Date: Wed, 20 Mar 2019 10:49:40 -0400
Message-Id: <20190320144944.147862-10-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

When pushing tunnel headers, annotate skbs in the same way as tunnel
devices.

For GSO packets, the network stack requires certain fields set to
segment packets with tunnel headers. gro_gse_segment depends on
transport and inner mac header, for instance.

Add an option to pass this information.

Remove the restriction on len_diff to network header length, which
is too short, e.g., for GRE protocols.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Alan Maguire <alan.maguire@oracle.com>
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
 include/uapi/linux/bpf.h | 14 +++++++++-
 net/core/filter.c        | 58 +++++++++++++++++++++++++++++++++++++---
 2 files changed, 67 insertions(+), 5 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 0eda8f564a381..a444534cc88d7 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2595,7 +2595,19 @@ enum bpf_func_id {
 
 /* BPF_FUNC_skb_adjust_room flags. */
 #define BPF_F_ADJ_ROOM_FIXED_GSO	(1ULL << 0)
-#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO)
+
+#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV4	(1ULL << 1)
+#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV6	(1ULL << 2)
+#define BPF_F_ADJ_ROOM_ENCAP_L3_MASK	(BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \
+					 BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
+
+#define BPF_F_ADJ_ROOM_ENCAP_L4_GRE	(1ULL << 3)
+#define BPF_F_ADJ_ROOM_ENCAP_L4_UDP	(1ULL << 4)
+
+#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO | \
+					 BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
+					 BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
+					 BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
 
 /* Mode for BPF_FUNC_skb_adjust_room helper. */
 enum bpf_adj_room_mode {
diff --git a/net/core/filter.c b/net/core/filter.c
index e346e48098000..6007b0b4bc0d7 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2966,6 +2966,9 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
 static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
 			    u64 flags)
 {
+	bool encap = flags & BPF_F_ADJ_ROOM_ENCAP_L3_MASK;
+	unsigned int gso_type = SKB_GSO_DODGY;
+	u16 mac_len, inner_net, inner_trans;
 	int ret;
 
 	if (skb_is_gso(skb) && !skb_is_gso_tcp(skb)) {
@@ -2979,10 +2982,60 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
 	if (unlikely(ret < 0))
 		return ret;
 
+	if (encap) {
+		if (skb->protocol != htons(ETH_P_IP) &&
+		    skb->protocol != htons(ETH_P_IPV6))
+			return -ENOTSUPP;
+
+		if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 &&
+		    flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
+			return -EINVAL;
+
+		if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE &&
+		    flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
+			return -EINVAL;
+
+		if (skb->encapsulation)
+			return -EALREADY;
+
+		mac_len = skb->network_header - skb->mac_header;
+		inner_net = skb->network_header;
+		inner_trans = skb->transport_header;
+	}
+
 	ret = bpf_skb_net_hdr_push(skb, off, len_diff);
 	if (unlikely(ret < 0))
 		return ret;
 
+	if (encap) {
+		/* inner mac == inner_net on l3 encap */
+		skb->inner_mac_header = inner_net;
+		skb->inner_network_header = inner_net;
+		skb->inner_transport_header = inner_trans;
+		skb_set_inner_protocol(skb, skb->protocol);
+
+		skb->encapsulation = 1;
+		skb_set_network_header(skb, mac_len);
+
+		if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
+			gso_type |= SKB_GSO_UDP_TUNNEL;
+		else if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE)
+			gso_type |= SKB_GSO_GRE;
+		else if (flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
+			gso_type |= SKB_GSO_IPXIP6;
+		else
+			gso_type |= SKB_GSO_IPXIP4;
+
+		if (flags & BPF_F_ADJ_ROOM_ENCAP_L4_GRE ||
+		    flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP) {
+			int nh_len = flags & BPF_F_ADJ_ROOM_ENCAP_L3_IPV6 ?
+					sizeof(struct ipv6hdr) :
+					sizeof(struct iphdr);
+
+			skb_set_transport_header(skb, mac_len + nh_len);
+		}
+	}
+
 	if (skb_is_gso(skb)) {
 		struct skb_shared_info *shinfo = skb_shinfo(skb);
 
@@ -2991,7 +3044,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
 			skb_decrease_gso_size(shinfo, len_diff);
 
 		/* Header must be checked, and gso_segs recomputed. */
-		shinfo->gso_type |= SKB_GSO_DODGY;
+		shinfo->gso_type |= gso_type;
 		shinfo->gso_segs = 0;
 	}
 
@@ -3042,7 +3095,6 @@ static u32 __bpf_skb_max_len(const struct sk_buff *skb)
 BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 	   u32, mode, u64, flags)
 {
-	bool trans_same = skb->transport_header == skb->network_header;
 	u32 len_cur, len_diff_abs = abs(len_diff);
 	u32 len_min = bpf_skb_net_base_len(skb);
 	u32 len_max = __bpf_skb_max_len(skb);
@@ -3071,8 +3123,6 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff,
 	}
 
 	len_cur = skb->len - skb_network_offset(skb);
-	if (skb_transport_header_was_set(skb) && !trans_same)
-		len_cur = skb_network_header_len(skb);
 	if ((shrink && (len_diff_abs >= len_cur ||
 			len_cur - len_diff_abs < len_min)) ||
 	    (!shrink && (skb->len + len_diff_abs > len_max &&

From patchwork Wed Mar 20 14:49:41 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059274
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="j3U+lL6X"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrv5gPcz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:07 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728258AbfCTOuG (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:06 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:41300 "EHLO
	mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728251AbfCTOuE (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:04 -0400
Received: by mail-qk1-f195.google.com with SMTP id o129so14266962qke.8
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=R05JDjxl8VGkdC1nKl9yFK1U2jzSRFJNn/0VfPOuD7s=;
	b=j3U+lL6XiPya3wJB80ZmML51j/TMNyKiMPo4PLO7Ddp57MLEqwpR1dds4nAqLK3EMT
	9jgAKjeYqpqdJWKjRuJiUZ3qs/yxQTCM4cm0vDdJV+U5KeiOyXS+axctNAY8fj14Fpww
	4M7nay0BfdSzoc3o2q3cLMbprZmugVqIrvZUEA2O3o79H9m43zKSL8zekEebBdiolr2C
	Tiv8f1xIXg02gxmMjNSVI3pTUCJCMFAEhFx0RUCyNyPqitCA0pDRvd/bJ7kAwuyHrMEC
	VVjHQ1mh/GBZQFlR48FG/qx800ilci5i738otlV8cRvhgmc5HPJekzVB/WS/sErmW2lX
	BV0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=R05JDjxl8VGkdC1nKl9yFK1U2jzSRFJNn/0VfPOuD7s=;
	b=S0tt8N0NUpTg+Atc1EUusU/vj5dTmV0BwFgrLdMZUaBpYDs/A3SaxJ49rFPvznqRfS
	WjSPOhR9VWopdu3pahaKvfHyAxtMX+F9dRGrPc/sOaVMCHwZT0EXBUNQuWBir9YdWNxM
	pjl4Ta4BlZw4Hz0xl/a7SJ09WxeXntTUw/EZxlawa6VTJSPcnJb79t7VJHXnMGG49XP8
	erp4Est+AlF8RNUMkpNdOzi7H4YlAqkMxuM46yV+tocBrJ5qaF93M2KKrABUzc8HwPvV
	dDKHukFiT2u0eMn7+tCX6Hx11Bpm3YBBUzVPd8vseRR8jLXCY6F04gG3+eSBy5PSKLn6
	/n6g==
X-Gm-Message-State: APjAAAUwxIdbnGD1sS6KHfwrhtLhYFQnCpXa1aK2ZdACwrkyD00gsJ1O
	qhJS9G5Qxj8aAg+bNkGwOtQlIRJE
X-Google-Smtp-Source: 
 APXvYqzDr1Hfvj3PxszEB1kuWdqI06iksBwss8nt1B3unYGvk0NrOCg+1SSj1fqG8yDtUhOOkGgZ0Q==
X-Received: by 2002:a37:d6d6:: with SMTP id p83mr6554171qkl.51.1553093402855;
	Wed, 20 Mar 2019 07:50:02 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.50.01
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:50:01 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 10/13] bpf: Sync bpf.h to tools
Date: Wed, 20 Mar 2019 10:49:41 -0400
Message-Id: <20190320144944.147862-11-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Sync include/uapi/linux/bpf.h with tools/

Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
---
 tools/include/uapi/linux/bpf.h | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 929c8e537a14a..a444534cc88d7 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1478,7 +1478,10 @@ union bpf_attr {
  * 		Grow or shrink the room for data in the packet associated to
  * 		*skb* by *len_diff*, and according to the selected *mode*.
  *
- * 		There is a single supported mode at this time:
+ *		There are two supported modes at this time:
+ *
+ *		* **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer
+ *		  (room space is added or removed below the layer 2 header).
  *
  * 		* **BPF_ADJ_ROOM_NET**: Adjust room at the network layer
  * 		  (room space is added or removed below the layer 3 header).
@@ -2590,9 +2593,26 @@ enum bpf_func_id {
 /* Current network namespace */
 #define BPF_F_CURRENT_NETNS		(-1L)
 
+/* BPF_FUNC_skb_adjust_room flags. */
+#define BPF_F_ADJ_ROOM_FIXED_GSO	(1ULL << 0)
+
+#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV4	(1ULL << 1)
+#define BPF_F_ADJ_ROOM_ENCAP_L3_IPV6	(1ULL << 2)
+#define BPF_F_ADJ_ROOM_ENCAP_L3_MASK	(BPF_F_ADJ_ROOM_ENCAP_L3_IPV4 | \
+					 BPF_F_ADJ_ROOM_ENCAP_L3_IPV6)
+
+#define BPF_F_ADJ_ROOM_ENCAP_L4_GRE	(1ULL << 3)
+#define BPF_F_ADJ_ROOM_ENCAP_L4_UDP	(1ULL << 4)
+
+#define BPF_F_ADJ_ROOM_MASK		(BPF_F_ADJ_ROOM_FIXED_GSO | \
+					 BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
+					 BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
+					 BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
+
 /* Mode for BPF_FUNC_skb_adjust_room helper. */
 enum bpf_adj_room_mode {
 	BPF_ADJ_ROOM_NET,
+	BPF_ADJ_ROOM_MAC,
 };
 
 /* Mode for BPF_FUNC_skb_load_bytes_relative helper. */

From patchwork Wed Mar 20 14:49:42 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059277
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="vRWB7CES"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXsC0skXz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:23 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728251AbfCTOuV (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:21 -0400
Received: from mail-qt1-f193.google.com ([209.85.160.193]:45571 "EHLO
	mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728222AbfCTOuF (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:05 -0400
Received: by mail-qt1-f193.google.com with SMTP id v20so2769881qtv.12
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=0aTdP7Ei7TpLRHJBLYCj2g5MJ9PdP46SilYb0S7ghvY=;
	b=vRWB7CES0tfeo58pAYk/iPixRnHRL/vAW3NPyM97rzYgH22UKAxA/J3lX85xbuSAsG
	JmNw2LagSzGHaK1p0nkJQkML4c8pvDeq3he4h4t3HhkDwu1IrZSh9LWuwJfALUUMOakw
	JQQZoszoSOQCV5tTHmof14WVYQlKkIDDAJkMg25f7mi7sP3g8NfYU5AylCSZEq2jHzX6
	+E8xgqQIdNFRbbRuke/8XFhCTbQsnDSZiGxLazJsQu9YfXSqYoXv3XsSv6RFsdrcAQH9
	wQaKLqW3HpdhZQfMMFJAVcDRo9pH88fc4/puGMRGECKm0xM8E4qWdxYJaSYstvVTojvd
	1QJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=0aTdP7Ei7TpLRHJBLYCj2g5MJ9PdP46SilYb0S7ghvY=;
	b=JSXjn0MjRv9HaF73WmWs2bi2Gigr2i72QmaVi+0P+MyEAoRuolulfa86gb2TqqkePB
	hZWyQ2KXNIscS4TsQamVOQ8+51uwI0pRrBFbsKJLZpoJFlmHO6XJIh3wbCPQL46lG4im
	qxArqaWxLMlHpiKWbzuuvOFEl4UIC0Moupov4Bf7KwM43XwOGSPmofqkR2vBZkW8WsDx
	sBh6G3i2CIkJ0rxNi4mZg0nNNeQTD3MErsG1XloKNxmuK/55inVZYVqNB7pYYNiS9uT2
	DL3uog8GbfcEjZhFdunsy3uRBdJIZLqL8d/LVMF+rMePqsyyo9OdH5n9K0LS7et55yDg
	zmJg==
X-Gm-Message-State: APjAAAUx3Jua35n7sa+nWpA8aDG+I8lzp4QdtRTO6kA9BQQZzKYScUBT
	tnpwBM/HTpgAauFVI5HuNg4sUwnW
X-Google-Smtp-Source: 
 APXvYqyK1HEDoNd8BjYCqst50+pNknZeyrFmuiaNmONbQO765HbuPapDB6rYa8BzehE3J6Pbu38ZJw==
X-Received: by 2002:a0c:b78e:: with SMTP id
	l14mr7061644qve.129.1553093404041;
	Wed, 20 Mar 2019 07:50:04 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.50.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:50:03 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 11/13] selftests/bpf: convert bpf tunnel test to
	BPF_ADJ_ROOM_MAC
Date: Wed, 20 Mar 2019 10:49:42 -0400
Message-Id: <20190320144944.147862-12-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Avoid moving the network layer header when prefixing tunnel headers.

This avoids an explicit call to bpf_skb_store_bytes and an implicit
move of the network header bytes in bpf_skb_adjust_room.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 .../selftests/bpf/progs/test_tc_tunnel.c      | 25 +++----------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index 900c5653105fe..f6a16fd23dbd5 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -72,7 +72,7 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
 
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
@@ -94,12 +94,6 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
 
-	/* bpf_skb_adjust_room has moved header to start of room: restore */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN + olen,
-				&iph_inner, sizeof(iph_inner),
-				BPF_F_INVALIDATE_HASH) < 0)
-		return TC_ACT_SHOT;
-
 	return TC_ACT_OK;
 }
 
@@ -125,7 +119,7 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
 
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_NET, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
@@ -145,12 +139,6 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 				BPF_F_INVALIDATE_HASH) < 0)
 		return TC_ACT_SHOT;
 
-	/* bpf_skb_adjust_room has moved header to start of room: restore */
-	if (bpf_skb_store_bytes(skb, ETH_HLEN + olen,
-				&iph_inner, sizeof(iph_inner),
-				BPF_F_INVALIDATE_HASH) < 0)
-		return TC_ACT_SHOT;
-
 	return TC_ACT_OK;
 }
 
@@ -207,14 +195,7 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
 		return TC_ACT_OK;
 	}
 
-	if (bpf_skb_load_bytes(skb, off + olen, &buf, olen) < 0)
-		return TC_ACT_OK;
-
-	if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_NET, 0))
-		return TC_ACT_SHOT;
-
-	/* bpf_skb_adjust_room has moved outer over inner header: restore */
-	if (bpf_skb_store_bytes(skb, off, buf, len, BPF_F_INVALIDATE_HASH) < 0)
+	if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, 0))
 		return TC_ACT_SHOT;
 
 	return TC_ACT_OK;

From patchwork Wed Mar 20 14:49:43 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059275
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="tCniSkUi"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrx1Y5Fz9sNf
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:09 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728271AbfCTOuH (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:07 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:42763 "EHLO
	mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728257AbfCTOuG (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:06 -0400
Received: by mail-qk1-f195.google.com with SMTP id b74so14264925qkg.9
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=OySVBb+REYSfBh6kCLdzkfQ1myemjVa95Pi1LWi2cJc=;
	b=tCniSkUiQ0ooBwPzM6kFcpqISflFiQ+Zp/3zy+JP1NlyxzYeVQK3mF52DVtkgTO2xy
	TVVJLDH22ffEo3SRrUSP4gyfvpw2IDqRHz2IjVIHKjS8Fmd8CU8GZQd9XJJlNtTTWhS2
	s5cjFGY+FKZA1uWRwbg4SN7W+PDJ7zVaTtFojvWF8uRGQSwaBpHy5DS3bGFvswnPaDqY
	ujAX1I+tipvRxdMWAjlBxkwbrADsTuqDMO45kZGTb0XA8qmGAioBodrjMBq1HuVamsTp
	E7BF9p9q01rkvOHC9Z4JfwWQ+cDLdc/+THJhjGZdMw+JbqYshdjDA0ucJXp8p4k27w8g
	LcVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=OySVBb+REYSfBh6kCLdzkfQ1myemjVa95Pi1LWi2cJc=;
	b=EhnOO8kTAn4EdzLPgfvIHGPX9WKhPmyvvXhScxGsy1qqEjiCVeTGUzvKGqk8We9KV3
	z/qTb/2ZDdOaC5+LIxgVcW/W6JKwaStyH+qam9tdHJQNOUllszziMiVPAWec4Qm+4eZa
	M0nHqmfOk6Kvr1rpPSg5bymGf0nl3JOC0/K85hfihNFmyaZTNGARSi24SSM2KjxFmxfz
	p4w53XU8IFiSaeNe0BySgZ0UTWc/Yy12VHLYW/HbOSGoMX+gL37svXziYrVBVuJK4zSy
	5yvNKf8WS+PNNqyObGCRIVBVSWcYrqVxxjfalaAtTcO7seLXd8PUBXXtU2CJCBkHt78h
	uF5A==
X-Gm-Message-State: APjAAAV8lS63A6/ZeCio/XNok4YeZ/HpWYxx4E9DHWvIDkjd40yG9otn
	3Ub/zLVB+CJlJddSzHccr/qoBEa8
X-Google-Smtp-Source: 
 APXvYqynEFQ+dDnqpbcuWoXtTbdVJOPyB+9T+yZB3RufjQQQAT1CSRNgex+XQybUilYUpF7pi6X29g==
X-Received: by 2002:a37:e503:: with SMTP id e3mr6599304qkg.316.1553093405407;
	Wed, 20 Mar 2019 07:50:05 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.50.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:50:04 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 12/13] selftests/bpf: convert bpf tunnel test to
	BPF_F_ADJ_ROOM_FIXED_GSO
Date: Wed, 20 Mar 2019 10:49:43 -0400
Message-Id: <20190320144944.147862-13-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Lower route MTU to ensure packets fit in device MTU after encap, then
skip the gso_size changes.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 tools/testing/selftests/bpf/progs/test_tc_tunnel.c | 11 ++++++++---
 tools/testing/selftests/bpf/test_tc_tunnel.sh      |  6 ++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index f6a16fd23dbd5..3b79dffb81037 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -52,6 +52,7 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 	struct grev4hdr h_outer;
 	struct iphdr iph_inner;
 	struct tcphdr tcph;
+	__u64 flags;
 	int olen;
 
 	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
@@ -69,10 +70,11 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
+	flags = BPF_F_ADJ_ROOM_FIXED_GSO;
 	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
 
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
@@ -102,6 +104,7 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 	struct ipv6hdr iph_inner;
 	struct grev6hdr h_outer;
 	struct tcphdr tcph;
+	__u64 flags;
 	int olen;
 
 	if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_inner,
@@ -116,10 +119,11 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
+	flags = BPF_F_ADJ_ROOM_FIXED_GSO;
 	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
 
 	/* add room between mac and network header */
-	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, 0))
+	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags))
 		return TC_ACT_SHOT;
 
 	/* prepare new outer network header */
@@ -195,7 +199,8 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
 		return TC_ACT_OK;
 	}
 
-	if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, 0))
+	if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC,
+				BPF_F_ADJ_ROOM_FIXED_GSO))
 		return TC_ACT_SHOT;
 
 	return TC_ACT_OK;
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 5d9d56520c694..3d2111d89315c 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -35,6 +35,12 @@ setup() {
 	ip -netns "${ns1}" -6 addr add "${ns1_v6}/64" dev veth1 nodad
 	ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
 
+	# clamp route to reserve room for tunnel headers
+	ip -netns "${ns1}" -4 route flush table main
+	ip -netns "${ns1}" -6 route flush table main
+	ip -netns "${ns1}" -4 route add "${ns2_v4}" mtu 1476 dev veth1
+	ip -netns "${ns1}" -6 route add "${ns2_v6}" mtu 1456 dev veth1
+
 	sleep 1
 
 	dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none

From patchwork Wed Mar 20 14:49:44 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1059276
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="BWh/mO/l"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PXrx5TGWz9sPF
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 21 Mar 2019 01:50:09 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728280AbfCTOuJ (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 10:50:09 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:45878 "EHLO
	mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1728261AbfCTOuH (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 10:50:07 -0400
Received: by mail-qk1-f195.google.com with SMTP id z76so14257447qkb.12
	for <netdev@vger.kernel.org>; Wed, 20 Mar 2019 07:50:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=ECidLr/mxYR9rTAsLyJ9Zj+CEqL9uK5QSiZGe/vZXvk=;
	b=BWh/mO/lkhakw0HGilqERi2aEBf0kCbPxDKJ3lhlBSq6F2kb3Ji92UCL/9NTLZ0Qnj
	N/EqOM76kPyhSY0CqoHSHjK7kwUogx37hoH3FEHr7BimHp0g8zYK4ATlybrdkCXxxLu6
	EUUcKRE/ed1BJ6+S9mN+dX6kyIRoVItdVhvMjsx/iR1JdBJ/8KGpRX7PJ5MrnsNGjD0s
	iYZhycEnWHD+8NDMsZDMO0xD9UguBsQlSmNlER2TirFA52ZNpnSGlN1n15oT4J9D29DJ
	QlJpLzNmDbfvx0bvVHly/30bwycItSJIMWWakK7n8evorufxY8belUrlJh5TWqUCRGRM
	xs8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=ECidLr/mxYR9rTAsLyJ9Zj+CEqL9uK5QSiZGe/vZXvk=;
	b=tSRnjw93cS7Y/Gf5vDgleSGzUobsrfuC9X8LfD3CEu8qDKz7iNEEfTY7u/38QvLd4U
	HNkp9zgAyIcvz9ntQqXZoCM0NZ9LWMp1WGVYYGnOLbAj/i9gmMLWLUcp6gTRAIWel7gf
	949qKpnv5EavDsg2eo75UlD30uOT74Ijbf3Z5J6XQ08nGv8K3tH99PqppdKf0P6OgMQ5
	mqUNUqH9wIPA/0MN7a2OheBoToBe8G/9sT094sIBj3bC0Pl0vJLk5J33qc39WFPLh1Oj
	Y2Xh5Rv0hkI+OcWrcmc6+r+KOWeCdsSA+0BPbQXhhm4BMkPmwHeu4rOhOz+9rsaKGyeo
	6D0A==
X-Gm-Message-State: APjAAAUROX/eQW1fr4I7gBlv87E78WXK/4hTvE9Tykrl9Zh1B9a60g/g
	tc8IoluJRagTxzThgOF+rFDTCOAo
X-Google-Smtp-Source: 
 APXvYqzl7vkhnXMyeCy/1duHSZEAtOsAtk1cBdPFjxblnnF8qQ6S1O9lqfctp9MDQDyaXQbD7WTsuw==
X-Received: by 2002:a37:9304:: with SMTP id
	v4mr21223663qkd.266.1553093406667;
	Wed, 20 Mar 2019 07:50:06 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	x201sm1142257qkb.92.2019.03.20.07.50.05
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 20 Mar 2019 07:50:05 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
	posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 13/13] selftests/bpf: convert bpf tunnel test to
	encap modes
Date: Wed, 20 Mar 2019 10:49:44 -0400
Message-Id: <20190320144944.147862-14-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
References: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

Make the tests correctly annotate skbs with tunnel metadata.

This makes the gso tests succeed. Enable them.

Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 .../selftests/bpf/progs/test_tc_tunnel.c      | 19 +++++++++++++++----
 tools/testing/selftests/bpf/test_tc_tunnel.sh | 10 ++++------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
index 3b79dffb81037..f541c2de947d2 100644
--- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
@@ -70,8 +70,13 @@ static __always_inline int encap_ipv4(struct __sk_buff *skb, bool with_gre)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
-	flags = BPF_F_ADJ_ROOM_FIXED_GSO;
-	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
+	flags = BPF_F_ADJ_ROOM_FIXED_GSO | BPF_F_ADJ_ROOM_ENCAP_L3_IPV4;
+	if (with_gre) {
+		flags |= BPF_F_ADJ_ROOM_ENCAP_L4_GRE;
+		olen = sizeof(h_outer);
+	} else {
+		olen = sizeof(h_outer.ip);
+	}
 
 	/* add room between mac and network header */
 	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags))
@@ -119,8 +124,14 @@ static __always_inline int encap_ipv6(struct __sk_buff *skb, bool with_gre)
 	if (tcph.dest != __bpf_constant_htons(cfg_port))
 		return TC_ACT_OK;
 
-	flags = BPF_F_ADJ_ROOM_FIXED_GSO;
-	olen = with_gre ? sizeof(h_outer) : sizeof(h_outer.ip);
+	flags = BPF_F_ADJ_ROOM_FIXED_GSO | BPF_F_ADJ_ROOM_ENCAP_L3_IPV6;
+	if (with_gre) {
+		flags |= BPF_F_ADJ_ROOM_ENCAP_L4_GRE;
+		olen = sizeof(h_outer);
+	} else {
+		olen = sizeof(h_outer.ip);
+	}
+
 
 	/* add room between mac and network header */
 	if (bpf_skb_adjust_room(skb, olen, BPF_ADJ_ROOM_MAC, flags))
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 3d2111d89315c..4e66c45ec465f 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -97,13 +97,11 @@ if [[ "$#" -eq "0" ]]; then
 	echo "ip6 gre"
 	$0 ipv6 ip6gre 100
 
-	# disabled until passes SKB_GSO_DODGY checks
-	# echo "ip gre gso"
-	# $0 ipv4 gre 2000
+	echo "ip gre gso"
+	$0 ipv4 gre 2000
 
-	# disabled until passes SKB_GSO_DODGY checks
-	# echo "ip6 gre gso"
-	# $0 ipv6 ip6gre 2000
+	echo "ip6 gre gso"
+	$0 ipv6 ip6gre 2000
 
 	echo "OK. All tests passed"
 	exit 0