* [PATCH bpf-next 0/3] bpf: Add support to set and get tunnel source ip
@ 2022-03-19 13:05 fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 1/3] bpf: Add source ip in "struct bpf_tunnel_key" fankaixi.li
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: fankaixi.li @ 2022-03-19 13:05 UTC (permalink / raw)
To: john.fastabend, kafai, bpf; +Cc: ast, daniel, kaixi.fan
From: "kaixi.fan" <fankaixi.li@bytedance.com>
Now bpf code could not set tunnel source ip address of ip tunnel. So it
could not support flow based tunnel mode completely. Because flow based
tunnel mode could set tunnel source, destination ip address and tunnel
key simultaneously.
Flow based tunnel is useful for overlay networks. And by configuring tunnel
source ip address, user could make their networks more elastic.
For example, tunnel source ip could be used to select different egress
nic interface for different flows with same tunnel destination ip. Another
example, user could choose one of multiple ip address of the egress nic
interface as the packet's tunnel source ip.
kaixi.fan (3):
bpf: Add source ip in "struct bpf_tunnel_key"
selftests/bpf: add ipv4 vxlan tunnel source testcase
selftests/bpf: add ipv6 vxlan tunnel source testcase
include/uapi/linux/bpf.h | 4 +
net/core/filter.c | 9 ++
tools/include/uapi/linux/bpf.h | 4 +
.../selftests/bpf/progs/test_tunnel_kern.c | 106 +++++++++++++++++
tools/testing/selftests/bpf/test_tunnel.sh | 109 +++++++++++++++---
5 files changed, 219 insertions(+), 13 deletions(-)
--
2.24.3 (Apple Git-128)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH bpf-next 1/3] bpf: Add source ip in "struct bpf_tunnel_key"
2022-03-19 13:05 [PATCH bpf-next 0/3] bpf: Add support to set and get tunnel source ip fankaixi.li
@ 2022-03-19 13:05 ` fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 2/3] selftests/bpf: add ipv4 vxlan tunnel source testcase fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 3/3] selftests/bpf: add ipv6 " fankaixi.li
2 siblings, 0 replies; 6+ messages in thread
From: fankaixi.li @ 2022-03-19 13:05 UTC (permalink / raw)
To: john.fastabend, kafai, bpf; +Cc: ast, daniel, kaixi.fan
From: "kaixi.fan" <fankaixi.li@bytedance.com>
Add tunnel source ip field in "struct bpf_tunnel_key".
Add code in "bpf_skb_set_tunnel_key" and "bpf_skb_get_tunnel_key" to set
and get this field based on the tunnel key from "struct ip_tunnel_info".
Signed-off-by: kaixi.fan <fankaixi.li@bytedance.com>
---
include/uapi/linux/bpf.h | 4 ++++
net/core/filter.c | 9 +++++++++
tools/include/uapi/linux/bpf.h | 4 ++++
3 files changed, 17 insertions(+)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4eebea830613..3007d3bc1f7a 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5562,6 +5562,10 @@ struct bpf_tunnel_key {
__u8 tunnel_ttl;
__u16 tunnel_ext; /* Padding, future use. */
__u32 tunnel_label;
+ union {
+ __u32 local_ipv4;
+ __u32 local_ipv6[4];
+ };
};
/* user accessible mirror of in-kernel xfrm_state.
diff --git a/net/core/filter.c b/net/core/filter.c
index 88767f7da150..cbd8471f4db4 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4498,6 +4498,7 @@ BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key
if (unlikely(size != sizeof(struct bpf_tunnel_key))) {
err = -EINVAL;
switch (size) {
+ case offsetof(struct bpf_tunnel_key, local_ipv6[0]):
case offsetof(struct bpf_tunnel_key, tunnel_label):
case offsetof(struct bpf_tunnel_key, tunnel_ext):
goto set_compat;
@@ -4523,10 +4524,14 @@ BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key
if (flags & BPF_F_TUNINFO_IPV6) {
memcpy(to->remote_ipv6, &info->key.u.ipv6.src,
sizeof(to->remote_ipv6));
+ memcpy(to->local_ipv6, &info->key.u.ipv6.dst,
+ sizeof(to->local_ipv6));
to->tunnel_label = be32_to_cpu(info->key.label);
} else {
to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src);
memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3);
+ to->local_ipv4 = be32_to_cpu(info->key.u.ipv4.dst);
+ memset(&to->local_ipv6[1], 0, sizeof(__u32) * 3);
to->tunnel_label = 0;
}
@@ -4597,6 +4602,7 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb,
return -EINVAL;
if (unlikely(size != sizeof(struct bpf_tunnel_key))) {
switch (size) {
+ case offsetof(struct bpf_tunnel_key, local_ipv6[0]):
case offsetof(struct bpf_tunnel_key, tunnel_label):
case offsetof(struct bpf_tunnel_key, tunnel_ext):
case offsetof(struct bpf_tunnel_key, remote_ipv6[1]):
@@ -4639,10 +4645,13 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb,
info->mode |= IP_TUNNEL_INFO_IPV6;
memcpy(&info->key.u.ipv6.dst, from->remote_ipv6,
sizeof(from->remote_ipv6));
+ memcpy(&info->key.u.ipv6.src, from->local_ipv6,
+ sizeof(from->local_ipv6));
info->key.label = cpu_to_be32(from->tunnel_label) &
IPV6_FLOWLABEL_MASK;
} else {
info->key.u.ipv4.dst = cpu_to_be32(from->remote_ipv4);
+ info->key.u.ipv4.src = cpu_to_be32(from->local_ipv4);
}
return 0;
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 4eebea830613..3007d3bc1f7a 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -5562,6 +5562,10 @@ struct bpf_tunnel_key {
__u8 tunnel_ttl;
__u16 tunnel_ext; /* Padding, future use. */
__u32 tunnel_label;
+ union {
+ __u32 local_ipv4;
+ __u32 local_ipv6[4];
+ };
};
/* user accessible mirror of in-kernel xfrm_state.
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH bpf-next 2/3] selftests/bpf: add ipv4 vxlan tunnel source testcase
2022-03-19 13:05 [PATCH bpf-next 0/3] bpf: Add support to set and get tunnel source ip fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 1/3] bpf: Add source ip in "struct bpf_tunnel_key" fankaixi.li
@ 2022-03-19 13:05 ` fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 3/3] selftests/bpf: add ipv6 " fankaixi.li
2 siblings, 0 replies; 6+ messages in thread
From: fankaixi.li @ 2022-03-19 13:05 UTC (permalink / raw)
To: john.fastabend, kafai, bpf; +Cc: ast, daniel, kaixi.fan
From: "kaixi.fan" <fankaixi.li@bytedance.com>
Vxlan tunnel is chosen to test bpf code could configure tunnel
source ipv4 address. It's sufficient to prove that other types
tunnels could also do it.
In the vxlan tunnel testcase, two underlay ipv4 addresses
are configured on veth device in root namespace. Test bpf kernel
code would configure the secondary ipv4 address as the tunnel
source ip.
Signed-off-by: kaixi.fan <fankaixi.li@bytedance.com>
---
.../selftests/bpf/progs/test_tunnel_kern.c | 60 +++++++++++++++++++
tools/testing/selftests/bpf/test_tunnel.sh | 38 +++++++++++-
2 files changed, 97 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
index ef0dde83b85a..4a39556ef609 100644
--- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
+++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
@@ -676,4 +676,64 @@ int _xfrm_get_state(struct __sk_buff *skb)
return TC_ACT_OK;
}
+SEC("vxlan_set_tunnel_src")
+int _vxlan_set_tunnel_src(struct __sk_buff *skb)
+{
+ int ret;
+ struct bpf_tunnel_key key;
+ struct vxlan_metadata md;
+
+ __builtin_memset(&key, 0x0, sizeof(key));
+ key.local_ipv4 = 0xac100114; /* 172.16.1.20 */
+ key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
+ key.tunnel_id = 2;
+ key.tunnel_tos = 0;
+ key.tunnel_ttl = 64;
+
+ ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
+ BPF_F_ZERO_CSUM_TX);
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ md.gbp = 0x800FF; /* Set VXLAN Group Policy extension */
+ ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ return TC_ACT_OK;
+}
+
+SEC("vxlan_get_tunnel_src")
+int _vxlan_get_tunnel_src(struct __sk_buff *skb)
+{
+ int ret;
+ struct bpf_tunnel_key key;
+ struct vxlan_metadata md;
+ char fmt[] = "key %d remote ip 0x%x source ip 0x%x\n";
+ char fmt2[] = "vxlan gbp 0x%x\n";
+
+ ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ bpf_trace_printk(fmt, sizeof(fmt),
+ key.tunnel_id, key.remote_ipv4, key.local_ipv4);
+ bpf_trace_printk(fmt2, sizeof(fmt2),
+ md.gbp);
+
+ return TC_ACT_OK;
+}
+
char _license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
index ca1372924023..62ef5c998b6a 100755
--- a/tools/testing/selftests/bpf/test_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tunnel.sh
@@ -62,6 +62,11 @@ config_device()
ip addr add dev veth1 172.16.1.200/24
}
+add_second_ip()
+{
+ ip addr add dev veth1 172.16.1.20/24
+}
+
add_gre_tunnel()
{
# at_ns0 namespace
@@ -164,7 +169,7 @@ add_vxlan_tunnel()
# at_ns0 namespace
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE \
- id 2 dstport 4789 gbp remote 172.16.1.200
+ id 2 dstport 4789 gbp remote $REMOTE_IP
ip netns exec at_ns0 \
ip link set dev $DEV_NS address 52:54:00:d9:01:00 up
ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
@@ -408,6 +413,7 @@ test_vxlan()
TYPE=vxlan
DEV_NS=vxlan00
DEV=vxlan11
+ REMOTE_IP=172.16.1.200
ret=0
check $TYPE
@@ -661,6 +667,32 @@ test_xfrm_tunnel()
echo -e ${GREEN}"PASS: xfrm tunnel"${NC}
}
+test_vxlan_tunsrc()
+{
+ TYPE=vxlan
+ DEV_NS=vxlan00
+ DEV=vxlan11
+ REMOTE_IP=172.16.1.20
+ ret=0
+
+ check $TYPE
+ config_device
+ add_second_ip
+ add_vxlan_tunnel
+ attach_bpf $DEV vxlan_set_tunnel_src vxlan_get_tunnel_src
+ ping $PING_ARG 10.1.1.100
+ check_err $?
+ ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
+ check_err $?
+ cleanup
+
+ if [ $ret -ne 0 ]; then
+ echo -e ${RED}"FAIL: $TYPE"${NC}
+ return 1
+ fi
+ echo -e ${GREEN}"PASS: $TYPE"${NC}
+}
+
attach_bpf()
{
DEV=$1
@@ -782,6 +814,10 @@ bpf_tunnel_test()
test_xfrm_tunnel
errors=$(( $errors + $? ))
+ echo "Testing VXLAN tunnel source..."
+ test_vxlan_tunsrc
+ errors=$(( $errors + $? ))
+
return $errors
}
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH bpf-next 3/3] selftests/bpf: add ipv6 vxlan tunnel source testcase
2022-03-19 13:05 [PATCH bpf-next 0/3] bpf: Add support to set and get tunnel source ip fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 1/3] bpf: Add source ip in "struct bpf_tunnel_key" fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 2/3] selftests/bpf: add ipv4 vxlan tunnel source testcase fankaixi.li
@ 2022-03-19 13:05 ` fankaixi.li
2022-03-22 0:33 ` Martin KaFai Lau
2 siblings, 1 reply; 6+ messages in thread
From: fankaixi.li @ 2022-03-19 13:05 UTC (permalink / raw)
To: john.fastabend, kafai, bpf; +Cc: ast, daniel, kaixi.fan
From: "kaixi.fan" <fankaixi.li@bytedance.com>
Add two ipv6 address on underlay nic interface, and use bpf code to
configure the secondary ipv6 address as the vxlan tunnel source ip.
Then check ping6 result and log contains the correct tunnel source
ip.
Signed-off-by: kaixi.fan <fankaixi.li@bytedance.com>
---
.../selftests/bpf/progs/test_tunnel_kern.c | 46 ++++++++++++
tools/testing/selftests/bpf/test_tunnel.sh | 71 +++++++++++++++----
2 files changed, 105 insertions(+), 12 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
index 4a39556ef609..67cb7ca3e083 100644
--- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
+++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
@@ -736,4 +736,50 @@ int _vxlan_get_tunnel_src(struct __sk_buff *skb)
return TC_ACT_OK;
}
+SEC("ip6vxlan_set_tunnel_src")
+int _ip6vxlan_set_tunnel_src(struct __sk_buff *skb)
+{
+ struct bpf_tunnel_key key;
+ int ret;
+
+ __builtin_memset(&key, 0x0, sizeof(key));
+ key.local_ipv6[3] = bpf_htonl(0xbb); /* ::bb */
+ key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
+ key.tunnel_id = 22;
+ key.tunnel_tos = 0;
+ key.tunnel_ttl = 64;
+
+ ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
+ BPF_F_TUNINFO_IPV6);
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ return TC_ACT_OK;
+}
+
+SEC("ip6vxlan_get_tunnel_src")
+int _ip6vxlan_get_tunnel_src(struct __sk_buff *skb)
+{
+ char fmt[] = "key %d remote ip6 ::%x source ip6 ::%x\n";
+ char fmt2[] = "label %x\n";
+ struct bpf_tunnel_key key;
+ int ret;
+
+ ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
+ BPF_F_TUNINFO_IPV6);
+ if (ret < 0) {
+ ERROR(ret);
+ return TC_ACT_SHOT;
+ }
+
+ bpf_trace_printk(fmt, sizeof(fmt),
+ key.tunnel_id, key.remote_ipv6[3], key.local_ipv6[3]);
+ bpf_trace_printk(fmt2, sizeof(fmt2),
+ key.tunnel_label);
+
+ return TC_ACT_OK;
+}
+
char _license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
index 62ef5c998b6a..a0f9a5c5e0a5 100755
--- a/tools/testing/selftests/bpf/test_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tunnel.sh
@@ -67,6 +67,11 @@ add_second_ip()
ip addr add dev veth1 172.16.1.20/24
}
+add_second_ip6()
+{
+ ip addr add dev veth1 ::bb/96
+}
+
add_gre_tunnel()
{
# at_ns0 namespace
@@ -94,7 +99,7 @@ add_ip6gretap_tunnel()
# at_ns0 namespace
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
- local ::11 remote ::22
+ local ::11 remote $REMOTE_IP6
ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
@@ -143,7 +148,7 @@ add_ip6erspan_tunnel()
if [ "$1" == "v1" ]; then
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE seq key 2 \
- local ::11 remote ::22 \
+ local ::11 remote $REMOTE_IP6 \
erspan_ver 1 erspan 123
else
ip netns exec at_ns0 \
@@ -196,7 +201,7 @@ add_ip6vxlan_tunnel()
# at_ns0 namespace
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
- local ::11 remote ::22
+ local ::11 remote $REMOTE_IP6
ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
ip netns exec at_ns0 ip link set dev $DEV_NS up
@@ -231,7 +236,7 @@ add_ip6geneve_tunnel()
# at_ns0 namespace
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE id 22 \
- remote ::22 # geneve has no local option
+ remote $REMOTE_IP6 # geneve has no local option
ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
ip netns exec at_ns0 ip link set dev $DEV_NS up
@@ -266,7 +271,7 @@ add_ip6tnl_tunnel()
# at_ns0 namespace
ip netns exec at_ns0 \
ip link add dev $DEV_NS type $TYPE \
- local ::11 remote ::22
+ local ::11 remote $REMOTE_IP6
ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
ip netns exec at_ns0 ip addr add dev $DEV_NS 1::11/96
ip netns exec at_ns0 ip link set dev $DEV_NS up
@@ -307,12 +312,13 @@ test_ip6gre()
TYPE=ip6gre
DEV_NS=ip6gre00
DEV=ip6gre11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
# reuse the ip6gretap function
- add_ip6gretap_tunnel
+ add_ip6gretap_tunnel $REMOTE_IP6
attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
# underlay
ping6 $PING_ARG ::11
@@ -337,11 +343,12 @@ test_ip6gretap()
TYPE=ip6gretap
DEV_NS=ip6gretap00
DEV=ip6gretap11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6gretap_tunnel
+ add_ip6gretap_tunnel $REMOTE_IP6
attach_bpf $DEV ip6gretap_set_tunnel ip6gretap_get_tunnel
# underlay
ping6 $PING_ARG ::11
@@ -390,11 +397,12 @@ test_ip6erspan()
TYPE=ip6erspan
DEV_NS=ip6erspan00
DEV=ip6erspan11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6erspan_tunnel $1
+ add_ip6erspan_tunnel $1 $REMOTE_IP6
attach_bpf $DEV ip4ip6erspan_set_tunnel ip4ip6erspan_get_tunnel
ping6 $PING_ARG ::11
ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
@@ -438,11 +446,12 @@ test_ip6vxlan()
TYPE=vxlan
DEV_NS=ip6vxlan00
DEV=ip6vxlan11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6vxlan_tunnel
+ add_ip6vxlan_tunnel $REMOTE_IP6
ip link set dev veth1 mtu 1500
attach_bpf $DEV ip6vxlan_set_tunnel ip6vxlan_get_tunnel
# underlay
@@ -490,11 +499,12 @@ test_ip6geneve()
TYPE=geneve
DEV_NS=ip6geneve00
DEV=ip6geneve11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6geneve_tunnel
+ add_ip6geneve_tunnel $REMOTE_IP6
attach_bpf $DEV ip6geneve_set_tunnel ip6geneve_get_tunnel
ping $PING_ARG 10.1.1.100
check_err $?
@@ -539,11 +549,12 @@ test_ipip6()
TYPE=ip6tnl
DEV_NS=ipip6tnl00
DEV=ipip6tnl11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6tnl_tunnel
+ add_ip6tnl_tunnel $REMOTE_IP6
ip link set dev veth1 mtu 1500
attach_bpf $DEV ipip6_set_tunnel ipip6_get_tunnel
# underlay
@@ -567,11 +578,12 @@ test_ip6ip6()
TYPE=ip6tnl
DEV_NS=ip6ip6tnl00
DEV=ip6ip6tnl11
+ REMOTE_IP6=::22
ret=0
check $TYPE
config_device
- add_ip6tnl_tunnel
+ add_ip6tnl_tunnel $REMOTE_IP6
ip link set dev veth1 mtu 1500
attach_bpf $DEV ip6ip6_set_tunnel ip6ip6_get_tunnel
# underlay
@@ -693,6 +705,36 @@ test_vxlan_tunsrc()
echo -e ${GREEN}"PASS: $TYPE"${NC}
}
+test_ip6vxlan_tunsrc()
+{
+ TYPE=vxlan
+ DEV_NS=ip6vxlan00
+ DEV=ip6vxlan11
+ REMOTE_IP6=::bb
+ ret=0
+
+ check $TYPE
+ config_device
+ add_second_ip6
+ add_ip6vxlan_tunnel $REMOTE_IP6
+ ip link set dev veth1 mtu 1500
+ attach_bpf $DEV ip6vxlan_set_tunnel_src ip6vxlan_get_tunnel_src
+ # underlay
+ ping6 $PING_ARG ::11
+ # ip4 over ip6
+ ping $PING_ARG 10.1.1.100
+ check_err $?
+ ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
+ check_err $?
+ cleanup
+
+ if [ $ret -ne 0 ]; then
+ echo -e ${RED}"FAIL: ip6$TYPE"${NC}
+ return 1
+ fi
+ echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
+}
+
attach_bpf()
{
DEV=$1
@@ -818,6 +860,11 @@ bpf_tunnel_test()
test_vxlan_tunsrc
errors=$(( $errors + $? ))
+
+ echo "Testing IP6VXLAN tunnel source..."
+ test_ip6vxlan_tunsrc
+ errors=$(( $errors + $? ))
+
return $errors
}
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH bpf-next 3/3] selftests/bpf: add ipv6 vxlan tunnel source testcase
2022-03-19 13:05 ` [PATCH bpf-next 3/3] selftests/bpf: add ipv6 " fankaixi.li
@ 2022-03-22 0:33 ` Martin KaFai Lau
2022-03-22 1:53 ` [External] " 范开喜
0 siblings, 1 reply; 6+ messages in thread
From: Martin KaFai Lau @ 2022-03-22 0:33 UTC (permalink / raw)
To: fankaixi.li; +Cc: john.fastabend, bpf, ast, daniel
On Sat, Mar 19, 2022 at 09:05:38PM +0800, fankaixi.li@bytedance.com wrote:
> From: "kaixi.fan" <fankaixi.li@bytedance.com>
>
> Add two ipv6 address on underlay nic interface, and use bpf code to
> configure the secondary ipv6 address as the vxlan tunnel source ip.
> Then check ping6 result and log contains the correct tunnel source
> ip.
>
> Signed-off-by: kaixi.fan <fankaixi.li@bytedance.com>
> ---
> .../selftests/bpf/progs/test_tunnel_kern.c | 46 ++++++++++++
> tools/testing/selftests/bpf/test_tunnel.sh | 71 +++++++++++++++----
> 2 files changed, 105 insertions(+), 12 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> index 4a39556ef609..67cb7ca3e083 100644
> --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> @@ -736,4 +736,50 @@ int _vxlan_get_tunnel_src(struct __sk_buff *skb)
> return TC_ACT_OK;
> }
>
> +SEC("ip6vxlan_set_tunnel_src")
> +int _ip6vxlan_set_tunnel_src(struct __sk_buff *skb)
> +{
> + struct bpf_tunnel_key key;
> + int ret;
> +
> + __builtin_memset(&key, 0x0, sizeof(key));
> + key.local_ipv6[3] = bpf_htonl(0xbb); /* ::bb */
> + key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
> + key.tunnel_id = 22;
> + key.tunnel_tos = 0;
> + key.tunnel_ttl = 64;
> +
> + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> + BPF_F_TUNINFO_IPV6);
> + if (ret < 0) {
> + ERROR(ret);
> + return TC_ACT_SHOT;
> + }
> +
> + return TC_ACT_OK;
> +}
> +
> +SEC("ip6vxlan_get_tunnel_src")
> +int _ip6vxlan_get_tunnel_src(struct __sk_buff *skb)
> +{
> + char fmt[] = "key %d remote ip6 ::%x source ip6 ::%x\n";
> + char fmt2[] = "label %x\n";
> + struct bpf_tunnel_key key;
> + int ret;
> +
> + ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
> + BPF_F_TUNINFO_IPV6);
> + if (ret < 0) {
> + ERROR(ret);
> + return TC_ACT_SHOT;
> + }
> +
> + bpf_trace_printk(fmt, sizeof(fmt),
> + key.tunnel_id, key.remote_ipv6[3], key.local_ipv6[3]);
> + bpf_trace_printk(fmt2, sizeof(fmt2),
> + key.tunnel_label);
How is the printk output used? Is the output text verified in the
test_tunnel.sh?
Can the values be checked in the bpf prog itself to avoid the printk?
The same goes for the patch 2.
> +
> + return TC_ACT_OK;
> +}
> +
> char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
> index 62ef5c998b6a..a0f9a5c5e0a5 100755
> --- a/tools/testing/selftests/bpf/test_tunnel.sh
> +++ b/tools/testing/selftests/bpf/test_tunnel.sh
> @@ -67,6 +67,11 @@ add_second_ip()
> ip addr add dev veth1 172.16.1.20/24
> }
>
> +add_second_ip6()
> +{
> + ip addr add dev veth1 ::bb/96
> +}
> +
> add_gre_tunnel()
> {
> # at_ns0 namespace
> @@ -94,7 +99,7 @@ add_ip6gretap_tunnel()
> # at_ns0 namespace
> ip netns exec at_ns0 \
> ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
> - local ::11 remote ::22
> + local ::11 remote $REMOTE_IP6
>
> ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
> ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
> @@ -143,7 +148,7 @@ add_ip6erspan_tunnel()
> if [ "$1" == "v1" ]; then
> ip netns exec at_ns0 \
> ip link add dev $DEV_NS type $TYPE seq key 2 \
> - local ::11 remote ::22 \
> + local ::11 remote $REMOTE_IP6 \
afaict, only add_ip6vxlan_tunnel needs something other than ::22,
so this and other similar code churns is not necessary?
> erspan_ver 1 erspan 123
> else
> ip netns exec at_ns0 \
> @@ -196,7 +201,7 @@ add_ip6vxlan_tunnel()
> # at_ns0 namespace
> ip netns exec at_ns0 \
> ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
> - local ::11 remote ::22
> + local ::11 remote $REMOTE_IP6
Can it be an optional argument instead and default to ::22 ?
Also, using $1 is as good?
[ ... ]
> +test_ip6vxlan_tunsrc()
> +{
> + TYPE=vxlan
> + DEV_NS=ip6vxlan00
> + DEV=ip6vxlan11
> + REMOTE_IP6=::bb
> + ret=0
> +
> + check $TYPE
> + config_device
> + add_second_ip6
> + add_ip6vxlan_tunnel $REMOTE_IP6
here. It seems most of the patch needs is
add_ip6vxlan_tunnel '::bb'
> + ip link set dev veth1 mtu 1500
> + attach_bpf $DEV ip6vxlan_set_tunnel_src ip6vxlan_get_tunnel_src
> + # underlay
> + ping6 $PING_ARG ::11
> + # ip4 over ip6
> + ping $PING_ARG 10.1.1.100
> + check_err $?
> + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
> + check_err $?
> + cleanup
> +
> + if [ $ret -ne 0 ]; then
> + echo -e ${RED}"FAIL: ip6$TYPE"${NC}
> + return 1
> + fi
> + echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
> +}
> +
> attach_bpf()
> {
> DEV=$1
> @@ -818,6 +860,11 @@ bpf_tunnel_test()
> test_vxlan_tunsrc
> errors=$(( $errors + $? ))
>
> +
> + echo "Testing IP6VXLAN tunnel source..."
> + test_ip6vxlan_tunsrc
> + errors=$(( $errors + $? ))
> +
> return $errors
> }
>
> --
> 2.24.3 (Apple Git-128)
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [External] Re: [PATCH bpf-next 3/3] selftests/bpf: add ipv6 vxlan tunnel source testcase
2022-03-22 0:33 ` Martin KaFai Lau
@ 2022-03-22 1:53 ` 范开喜
0 siblings, 0 replies; 6+ messages in thread
From: 范开喜 @ 2022-03-22 1:53 UTC (permalink / raw)
To: Martin KaFai Lau; +Cc: john.fastabend, bpf, ast, daniel
Martin KaFai Lau <kafai@fb.com> 于2022年3月22日周二 08:33写道:
>
> On Sat, Mar 19, 2022 at 09:05:38PM +0800, fankaixi.li@bytedance.com wrote:
> > From: "kaixi.fan" <fankaixi.li@bytedance.com>
> >
> > Add two ipv6 address on underlay nic interface, and use bpf code to
> > configure the secondary ipv6 address as the vxlan tunnel source ip.
> > Then check ping6 result and log contains the correct tunnel source
> > ip.
> >
> > Signed-off-by: kaixi.fan <fankaixi.li@bytedance.com>
> > ---
> > .../selftests/bpf/progs/test_tunnel_kern.c | 46 ++++++++++++
> > tools/testing/selftests/bpf/test_tunnel.sh | 71 +++++++++++++++----
> > 2 files changed, 105 insertions(+), 12 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > index 4a39556ef609..67cb7ca3e083 100644
> > --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > @@ -736,4 +736,50 @@ int _vxlan_get_tunnel_src(struct __sk_buff *skb)
> > return TC_ACT_OK;
> > }
> >
> > +SEC("ip6vxlan_set_tunnel_src")
> > +int _ip6vxlan_set_tunnel_src(struct __sk_buff *skb)
> > +{
> > + struct bpf_tunnel_key key;
> > + int ret;
> > +
> > + __builtin_memset(&key, 0x0, sizeof(key));
> > + key.local_ipv6[3] = bpf_htonl(0xbb); /* ::bb */
> > + key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
> > + key.tunnel_id = 22;
> > + key.tunnel_tos = 0;
> > + key.tunnel_ttl = 64;
> > +
> > + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> > + BPF_F_TUNINFO_IPV6);
> > + if (ret < 0) {
> > + ERROR(ret);
> > + return TC_ACT_SHOT;
> > + }
> > +
> > + return TC_ACT_OK;
> > +}
> > +
> > +SEC("ip6vxlan_get_tunnel_src")
> > +int _ip6vxlan_get_tunnel_src(struct __sk_buff *skb)
> > +{
> > + char fmt[] = "key %d remote ip6 ::%x source ip6 ::%x\n";
> > + char fmt2[] = "label %x\n";
> > + struct bpf_tunnel_key key;
> > + int ret;
> > +
> > + ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
> > + BPF_F_TUNINFO_IPV6);
> > + if (ret < 0) {
> > + ERROR(ret);
> > + return TC_ACT_SHOT;
> > + }
> > +
> > + bpf_trace_printk(fmt, sizeof(fmt),
> > + key.tunnel_id, key.remote_ipv6[3], key.local_ipv6[3]);
> > + bpf_trace_printk(fmt2, sizeof(fmt2),
> > + key.tunnel_label);
> How is the printk output used? Is the output text verified in the
> test_tunnel.sh?
> Can the values be checked in the bpf prog itself to avoid the printk?
>
> The same goes for the patch 2.
>
> > +
> > + return TC_ACT_OK;
> > +}
> > +
> > char _license[] SEC("license") = "GPL";
> > diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
> > index 62ef5c998b6a..a0f9a5c5e0a5 100755
> > --- a/tools/testing/selftests/bpf/test_tunnel.sh
> > +++ b/tools/testing/selftests/bpf/test_tunnel.sh
> > @@ -67,6 +67,11 @@ add_second_ip()
> > ip addr add dev veth1 172.16.1.20/24
> > }
> >
> > +add_second_ip6()
> > +{
> > + ip addr add dev veth1 ::bb/96
> > +}
> > +
> > add_gre_tunnel()
> > {
> > # at_ns0 namespace
> > @@ -94,7 +99,7 @@ add_ip6gretap_tunnel()
> > # at_ns0 namespace
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
> > - local ::11 remote ::22
> > + local ::11 remote $REMOTE_IP6
> >
> > ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
> > ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
> > @@ -143,7 +148,7 @@ add_ip6erspan_tunnel()
> > if [ "$1" == "v1" ]; then
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE seq key 2 \
> > - local ::11 remote ::22 \
> > + local ::11 remote $REMOTE_IP6 \
> afaict, only add_ip6vxlan_tunnel needs something other than ::22,
> so this and other similar code churns is not necessary?
>
> > erspan_ver 1 erspan 123
> > else
> > ip netns exec at_ns0 \
> > @@ -196,7 +201,7 @@ add_ip6vxlan_tunnel()
> > # at_ns0 namespace
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
> > - local ::11 remote ::22
> > + local ::11 remote $REMOTE_IP6
> Can it be an optional argument instead and default to ::22 ?
>
> Also, using $1 is as good?
>
> [ ... ]
>
> > +test_ip6vxlan_tunsrc()
> > +{
> > + TYPE=vxlan
> > + DEV_NS=ip6vxlan00
> > + DEV=ip6vxlan11
> > + REMOTE_IP6=::bb
> > + ret=0
> > +
> > + check $TYPE
> > + config_device
> > + add_second_ip6
> > + add_ip6vxlan_tunnel $REMOTE_IP6
> here. It seems most of the patch needs is
> add_ip6vxlan_tunnel '::bb'
>
> > + ip link set dev veth1 mtu 1500
> > + attach_bpf $DEV ip6vxlan_set_tunnel_src ip6vxlan_get_tunnel_src
> > + # underlay
> > + ping6 $PING_ARG ::11
> > + # ip4 over ip6
> > + ping $PING_ARG 10.1.1.100
> > + check_err $?
> > + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
> > + check_err $?
> > + cleanup
> > +
> > + if [ $ret -ne 0 ]; then
> > + echo -e ${RED}"FAIL: ip6$TYPE"${NC}
> > + return 1
> > + fi
> > + echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
> > +}
> > +
> > attach_bpf()
> > {
> > DEV=$1
> > @@ -818,6 +860,11 @@ bpf_tunnel_test()
> > test_vxlan_tunsrc
> > errors=$(( $errors + $? ))
> >
> > +
> > + echo "Testing IP6VXLAN tunnel source..."
> > + test_ip6vxlan_tunsrc
> > + errors=$(( $errors + $? ))
> > +
> > return $errors
> > }
> >
> > --
> > 2.24.3 (Apple Git-128)
> >
Thanks.
Maybe it's better to attach a bpf prog to the ingress of tunnel device
in namespace "at_ns0". This prog could be used to check the tunnel
source ip.
"add_ip6vxlan_tunnel" and "add_vxlan_tunnel" would be reflected to
accept an argument as tunnel remote ip.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-03-22 1:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-19 13:05 [PATCH bpf-next 0/3] bpf: Add support to set and get tunnel source ip fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 1/3] bpf: Add source ip in "struct bpf_tunnel_key" fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 2/3] selftests/bpf: add ipv4 vxlan tunnel source testcase fankaixi.li
2022-03-19 13:05 ` [PATCH bpf-next 3/3] selftests/bpf: add ipv6 " fankaixi.li
2022-03-22 0:33 ` Martin KaFai Lau
2022-03-22 1:53 ` [External] " 范开喜
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).