From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next v3 06/13] selftests/bpf: extend bpf tunnel test with tso
Date: Fri, 22 Mar 2019 14:32:53 -0400 [thread overview]
Message-ID: <20190322183300.196277-7-willemdebruijn.kernel@gmail.com> (raw)
In-Reply-To: <20190322183300.196277-1-willemdebruijn.kernel@gmail.com>
From: Willem de Bruijn <willemb@google.com>
Segmentation offload takes a longer path. Verify that the feature
works with large packets.
The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth
TSO is permissive.
If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on
supporting NICs.
The feature sets SKB_GSO_DODGY because the caller is untrusted. As a
result the packets traverse through the gso stack at least up to TCP.
And fail the gso_type validation, such as the skb->encapsulation check
in gre_gso_segment and the gso_type checks introduced in commit
418e897e0716 ("gso: validate gso_type on ipip style tunnel").
This will be addressed in a follow-on feature patch. In the meantime,
disable the new gso tests.
Changes v1->v2:
- not all netcat versions support flag '-q', use timeout instead
Signed-off-by: Willem de Bruijn <willemb@google.com>
---
tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 +++++++++++++++----
1 file changed, 49 insertions(+), 11 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index c78922048610..9e18754f2354 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2
readonly ns1_v6=fd::1
readonly ns2_v6=fd::2
+readonly infile="$(mktemp)"
+readonly outfile="$(mktemp)"
setup() {
ip netns add "${ns1}"
@@ -23,6 +25,8 @@ setup() {
ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \
peer name veth2 mtu 1500 netns "${ns2}"
+ ip netns exec "${ns1}" ethtool -K veth1 tso off
+
ip -netns "${ns1}" link set veth1 up
ip -netns "${ns2}" link set veth2 up
@@ -32,58 +36,86 @@ setup() {
ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
sleep 1
+
+ dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none
}
cleanup() {
ip netns del "${ns2}"
ip netns del "${ns1}"
+
+ if [[ -f "${outfile}" ]]; then
+ rm "${outfile}"
+ fi
+ if [[ -f "${infile}" ]]; then
+ rm "${infile}"
+ fi
}
server_listen() {
- ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" &
+ ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" &
+ server_pid=$!
sleep 0.2
}
client_connect() {
- ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}"
+ ip netns exec "${ns1}" timeout 2 nc "${netcat_opt}" -w 1 "${addr2}" "${port}" < "${infile}"
echo $?
}
+verify_data() {
+ wait "${server_pid}"
+ # sha1sum returns two fields [sha1] [filepath]
+ # convert to bash array and access first elem
+ insum=($(sha1sum ${infile}))
+ outsum=($(sha1sum ${outfile}))
+ if [[ "${insum[0]}" != "${outsum[0]}" ]]; then
+ echo "data mismatch"
+ exit 1
+ fi
+}
+
set -e
# no arguments: automated test, run all
if [[ "$#" -eq "0" ]]; then
echo "ipip"
- $0 ipv4 ipip
+ $0 ipv4 ipip 100
echo "ip6ip6"
- $0 ipv6 ip6tnl
+ $0 ipv6 ip6tnl 100
echo "ip gre"
- $0 ipv4 gre
+ $0 ipv4 gre 100
echo "ip6 gre"
- $0 ipv6 ip6gre
+ $0 ipv6 ip6gre 100
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip gre gso"
+ # $0 ipv4 gre 2000
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip6 gre gso"
+ # $0 ipv6 ip6gre 2000
echo "OK. All tests passed"
exit 0
fi
-if [[ "$#" -ne "2" ]]; then
+if [[ "$#" -ne "3" ]]; then
echo "Usage: $0"
- echo " or: $0 <ipv4|ipv6> <tuntype>"
+ echo " or: $0 <ipv4|ipv6> <tuntype> <data_len>"
exit 1
fi
case "$1" in
"ipv4")
- readonly tuntype=$2
readonly addr1="${ns1_v4}"
readonly addr2="${ns2_v4}"
readonly netcat_opt=-4
;;
"ipv6")
- readonly tuntype=$2
readonly addr1="${ns1_v6}"
readonly addr2="${ns2_v6}"
readonly netcat_opt=-6
@@ -94,7 +126,10 @@ case "$1" in
;;
esac
-echo "encap ${addr1} to ${addr2}, type ${tuntype}"
+readonly tuntype=$2
+readonly datalen=$3
+
+echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}"
trap cleanup EXIT
@@ -104,6 +139,7 @@ setup
echo "test basic connectivity"
server_listen
client_connect
+verify_data
# clientside, insert bpf program to encap all TCP to port ${port}
# client can no longer connect
@@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
ip netns exec "${ns2}" ip link set dev testtun0 up
echo "test bpf encap with tunnel device decap"
client_connect
+verify_data
# serverside, use BPF for decap
ip netns exec "${ns2}" ip link del dev testtun0
@@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \
server_listen
echo "test bpf encap with bpf decap"
client_connect
+verify_data
echo OK
--
2.21.0.392.gf8f6787159e-goog
next prev parent reply other threads:[~2019-03-22 18:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-22 18:32 [PATCH bpf-next v3 00/13] bpf tc tunneling Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 01/13] bpf: in bpf_skb_adjust_room avoid copy in tx fast path Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 02/13] selftests/bpf: bpf tunnel encap test Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 03/13] selftests/bpf: expand bpf tunnel test with decap Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 04/13] selftests/bpf: expand bpf tunnel test to ipv6 Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 05/13] selftests/bpf: extend bpf tunnel test with gre Willem de Bruijn
2019-03-22 18:32 ` Willem de Bruijn [this message]
2019-03-22 18:32 ` [PATCH bpf-next v3 07/13] bpf: add bpf_skb_adjust_room mode BPF_ADJ_ROOM_MAC Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 08/13] bpf: add bpf_skb_adjust_room flag BPF_F_ADJ_ROOM_FIXED_GSO Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 09/13] bpf: add bpf_skb_adjust_room encap flags Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 10/13] bpf: Sync bpf.h to tools Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 11/13] selftests/bpf: convert bpf tunnel test to BPF_ADJ_ROOM_MAC Willem de Bruijn
2019-03-22 18:32 ` [PATCH bpf-next v3 12/13] selftests/bpf: convert bpf tunnel test to BPF_F_ADJ_ROOM_FIXED_GSO Willem de Bruijn
2019-03-22 18:33 ` [PATCH bpf-next v3 13/13] selftests/bpf: convert bpf tunnel test to encap modes Willem de Bruijn
2019-03-22 21:01 ` [PATCH bpf-next v3 00/13] bpf tc tunneling Alexei Starovoitov
2019-03-23 10:53 ` Daniel Borkmann
2019-03-23 16:03 ` Willem de Bruijn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190322183300.196277-7-willemdebruijn.kernel@gmail.com \
--to=willemdebruijn.kernel@gmail.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=posk@google.com \
--cc=sdf@google.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.