Skip to content

Commit bbeda6e

Browse files
borkmannKernel Patches Daemon
borkmann
authored and
Kernel Patches Daemon
committed
selftests/bpf: Extend netkit tests to validate skb meta data
Add a small netkit test to validate skb mark and priority under the default scrubbing as well as with mark and priority scrubbing off. # ./vmtest.sh -- ./test_progs -t netkit [...] ./test_progs -t netkit [ 1.419662] tsc: Refined TSC clocksource calibration: 3407.993 MHz [ 1.420151] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fcd52370, max_idle_ns: 440795242006 ns [ 1.420897] clocksource: Switched to clocksource tsc [ 1.447996] bpf_testmod: loading out-of-tree module taints kernel. [ 1.448447] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel #357 tc_netkit_basic:OK #358 tc_netkit_device:OK #359 tc_netkit_multi_links:OK #360 tc_netkit_multi_opts:OK #361 tc_netkit_neigh_links:OK #362 tc_netkit_pkt_type:OK #363 tc_netkit_scrub:OK Summary: 7/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
1 parent 5d8ac95 commit bbeda6e

File tree

2 files changed

+97
-9
lines changed

2 files changed

+97
-9
lines changed

tools/testing/selftests/bpf/prog_tests/tc_netkit.c

Lines changed: 85 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,9 @@
1414
#include "netlink_helpers.h"
1515
#include "tc_helpers.h"
1616

17-
#define ICMP_ECHO 8
17+
#define MARK 42
18+
#define PRIO 0xeb9f
19+
#define ICMP_ECHO 8
1820

1921
struct icmphdr {
2022
__u8 type;
@@ -33,7 +35,7 @@ struct iplink_req {
3335
};
3436

3537
static int create_netkit(int mode, int policy, int peer_policy, int *ifindex,
36-
bool same_netns)
38+
bool same_netns, int scrub, int peer_scrub)
3739
{
3840
struct rtnl_handle rth = { .fd = -1 };
3941
struct iplink_req req = {};
@@ -58,6 +60,8 @@ static int create_netkit(int mode, int policy, int peer_policy, int *ifindex,
5860
data = addattr_nest(&req.n, sizeof(req), IFLA_INFO_DATA);
5961
addattr32(&req.n, sizeof(req), IFLA_NETKIT_POLICY, policy);
6062
addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_POLICY, peer_policy);
63+
addattr32(&req.n, sizeof(req), IFLA_NETKIT_SCRUB, scrub);
64+
addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_SCRUB, peer_scrub);
6165
addattr32(&req.n, sizeof(req), IFLA_NETKIT_MODE, mode);
6266
addattr_nest_end(&req.n, data);
6367
addattr_nest_end(&req.n, linkinfo);
@@ -118,9 +122,9 @@ static void destroy_netkit(void)
118122

119123
static int __send_icmp(__u32 dest)
120124
{
125+
int sock, ret, mark = MARK, prio = PRIO;
121126
struct sockaddr_in addr;
122127
struct icmphdr icmp;
123-
int sock, ret;
124128

125129
ret = write_sysctl("/proc/sys/net/ipv4/ping_group_range", "0 0");
126130
if (!ASSERT_OK(ret, "write_sysctl(net.ipv4.ping_group_range)"))
@@ -135,6 +139,15 @@ static int __send_icmp(__u32 dest)
135139
if (!ASSERT_OK(ret, "setsockopt(SO_BINDTODEVICE)"))
136140
goto out;
137141

142+
ret = setsockopt(sock, SOL_SOCKET, SO_MARK, &mark, sizeof(mark));
143+
if (!ASSERT_OK(ret, "setsockopt(SO_MARK)"))
144+
goto out;
145+
146+
ret = setsockopt(sock, SOL_SOCKET, SO_PRIORITY,
147+
&prio, sizeof(prio));
148+
if (!ASSERT_OK(ret, "setsockopt(SO_PRIORITY)"))
149+
goto out;
150+
138151
memset(&addr, 0, sizeof(addr));
139152
addr.sin_family = AF_INET;
140153
addr.sin_addr.s_addr = htonl(dest);
@@ -171,7 +184,8 @@ void serial_test_tc_netkit_basic(void)
171184
int err, ifindex;
172185

173186
err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS,
174-
&ifindex, false);
187+
&ifindex, false, NETKIT_SCRUB_DEFAULT,
188+
NETKIT_SCRUB_DEFAULT);
175189
if (err)
176190
return;
177191

@@ -285,7 +299,8 @@ static void serial_test_tc_netkit_multi_links_target(int mode, int target)
285299
int err, ifindex;
286300

287301
err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
288-
&ifindex, false);
302+
&ifindex, false, NETKIT_SCRUB_DEFAULT,
303+
NETKIT_SCRUB_DEFAULT);
289304
if (err)
290305
return;
291306

@@ -413,7 +428,8 @@ static void serial_test_tc_netkit_multi_opts_target(int mode, int target)
413428
int err, ifindex;
414429

415430
err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
416-
&ifindex, false);
431+
&ifindex, false, NETKIT_SCRUB_DEFAULT,
432+
NETKIT_SCRUB_DEFAULT);
417433
if (err)
418434
return;
419435

@@ -527,7 +543,8 @@ void serial_test_tc_netkit_device(void)
527543
int err, ifindex, ifindex2;
528544

529545
err = create_netkit(NETKIT_L3, NETKIT_PASS, NETKIT_PASS,
530-
&ifindex, true);
546+
&ifindex, true, NETKIT_SCRUB_DEFAULT,
547+
NETKIT_SCRUB_DEFAULT);
531548
if (err)
532549
return;
533550

@@ -638,7 +655,8 @@ static void serial_test_tc_netkit_neigh_links_target(int mode, int target)
638655
int err, ifindex;
639656

640657
err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
641-
&ifindex, false);
658+
&ifindex, false, NETKIT_SCRUB_DEFAULT,
659+
NETKIT_SCRUB_DEFAULT);
642660
if (err)
643661
return;
644662

@@ -715,7 +733,8 @@ static void serial_test_tc_netkit_pkt_type_mode(int mode)
715733
struct bpf_link *link;
716734

717735
err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS,
718-
&ifindex, true);
736+
&ifindex, true, NETKIT_SCRUB_DEFAULT,
737+
NETKIT_SCRUB_DEFAULT);
719738
if (err)
720739
return;
721740

@@ -779,3 +798,60 @@ void serial_test_tc_netkit_pkt_type(void)
779798
serial_test_tc_netkit_pkt_type_mode(NETKIT_L2);
780799
serial_test_tc_netkit_pkt_type_mode(NETKIT_L3);
781800
}
801+
802+
void serial_test_tc_netkit_scrub_type(int scrub)
803+
{
804+
LIBBPF_OPTS(bpf_netkit_opts, optl);
805+
struct test_tc_link *skel;
806+
struct bpf_link *link;
807+
int err, ifindex;
808+
809+
err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS,
810+
&ifindex, false, scrub, scrub);
811+
if (err)
812+
return;
813+
814+
skel = test_tc_link__open();
815+
if (!ASSERT_OK_PTR(skel, "skel_open"))
816+
goto cleanup;
817+
818+
ASSERT_EQ(bpf_program__set_expected_attach_type(skel->progs.tc8,
819+
BPF_NETKIT_PRIMARY), 0, "tc8_attach_type");
820+
821+
err = test_tc_link__load(skel);
822+
if (!ASSERT_OK(err, "skel_load"))
823+
goto cleanup;
824+
825+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
826+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
827+
828+
ASSERT_EQ(skel->bss->seen_tc8, false, "seen_tc8");
829+
830+
link = bpf_program__attach_netkit(skel->progs.tc8, ifindex, &optl);
831+
if (!ASSERT_OK_PTR(link, "link_attach"))
832+
goto cleanup;
833+
834+
skel->links.tc8 = link;
835+
836+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 1);
837+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
838+
839+
tc_skel_reset_all_seen(skel);
840+
ASSERT_EQ(send_icmp(), 0, "icmp_pkt");
841+
842+
ASSERT_EQ(skel->bss->seen_tc8, true, "seen_tc8");
843+
ASSERT_EQ(skel->bss->mark, scrub == NETKIT_SCRUB_NONE ? MARK : 0, "mark");
844+
ASSERT_EQ(skel->bss->prio, scrub == NETKIT_SCRUB_NONE ? PRIO : 0, "prio");
845+
cleanup:
846+
test_tc_link__destroy(skel);
847+
848+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PRIMARY, 0);
849+
assert_mprog_count_ifindex(ifindex, BPF_NETKIT_PEER, 0);
850+
destroy_netkit();
851+
}
852+
853+
void serial_test_tc_netkit_scrub(void)
854+
{
855+
serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_DEFAULT);
856+
serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_NONE);
857+
}

tools/testing/selftests/bpf/progs/test_tc_link.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,16 @@ bool seen_tc4;
1818
bool seen_tc5;
1919
bool seen_tc6;
2020
bool seen_tc7;
21+
bool seen_tc8;
2122

2223
bool set_type;
2324

2425
bool seen_eth;
2526
bool seen_host;
2627
bool seen_mcast;
2728

29+
int mark, prio;
30+
2831
SEC("tc/ingress")
2932
int tc1(struct __sk_buff *skb)
3033
{
@@ -100,3 +103,12 @@ int tc7(struct __sk_buff *skb)
100103
seen_tc7 = true;
101104
return TCX_PASS;
102105
}
106+
107+
SEC("tc/egress")
108+
int tc8(struct __sk_buff *skb)
109+
{
110+
seen_tc8 = true;
111+
mark = skb->mark;
112+
prio = skb->priority;
113+
return TCX_PASS;
114+
}

0 commit comments

Comments
 (0)