Re: [PATCH net-next 3/4] samples/bpf: extend test_tunnel_bpf.sh with IPIP test

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox.net>
To: William Tu <u9012063@gmail.com>, Alexei Starovoitov <ast@fb.com>
Cc: "David S . Miller" <davem@davemloft.net>,
	Thomas Graf <tgraf@suug.ch>,
	Linux Kernel Network Developers <netdev@vger.kernel.org>,
	kernel-team@fb.com
Subject: Re: [PATCH net-next 3/4] samples/bpf: extend test_tunnel_bpf.sh with IPIP test
Date: Fri, 16 Sep 2016 09:22:34 +0200	[thread overview]
Message-ID: <57DB9DBA.2030709@iogearbox.net> (raw)
In-Reply-To: <CALDO+SYktwsw-uCQRdSvU4U2jP3L1YuOUU4VThaCGDuqKWFLfA@mail.gmail.com>

Hi William,

On 09/16/2016 07:16 AM, William Tu wrote:
> Hi Alexei,
>
> Is there a corresponding patch for iproute2? I tested this patch but fails at:
> + ip link add dev ipip11 type ipip external
> because my ip command does not support "external".

Yes, like any other collect metadata backends you need a small patch
to iproute2 that sets in this case IFLA_IPTUN_COLLECT_METADATA flag
via conventional "external" keyword. Will be posted at latest on Monday
(Alexei mentioned he's pto today).

Cheers,
Daniel

> Thanks
> William
>
>
> On Thu, Sep 15, 2016 at 1:00 PM, Alexei Starovoitov <ast@fb.com> wrote:
>> extend existing tests for vxlan, geneve, gre to include IPIP tunnel.
>> It tests both traditional tunnel configuration and
>> dynamic via bpf helpers.
>>
>> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
>> ---
>>   samples/bpf/tcbpf2_kern.c      | 58 ++++++++++++++++++++++++++++++++++++++++++
>>   samples/bpf/test_tunnel_bpf.sh | 56 ++++++++++++++++++++++++++++++++++------
>>   2 files changed, 106 insertions(+), 8 deletions(-)
>>
>> diff --git a/samples/bpf/tcbpf2_kern.c b/samples/bpf/tcbpf2_kern.c
>> index 7a15289da6cc..c1917d968fb4 100644
>> --- a/samples/bpf/tcbpf2_kern.c
>> +++ b/samples/bpf/tcbpf2_kern.c
>> @@ -1,4 +1,5 @@
>>   /* Copyright (c) 2016 VMware
>> + * Copyright (c) 2016 Facebook
>>    *
>>    * This program is free software; you can redistribute it and/or
>>    * modify it under the terms of version 2 of the GNU General Public
>> @@ -188,4 +189,61 @@ int _geneve_get_tunnel(struct __sk_buff *skb)
>>          return TC_ACT_OK;
>>   }
>>
>> +SEC("ipip_set_tunnel")
>> +int _ipip_set_tunnel(struct __sk_buff *skb)
>> +{
>> +       struct bpf_tunnel_key key = {};
>> +       void *data = (void *)(long)skb->data;
>> +       struct iphdr *iph = data;
>> +       struct tcphdr *tcp = data + sizeof(*iph);
>> +       void *data_end = (void *)(long)skb->data_end;
>> +       int ret;
>> +
>> +       /* single length check */
>> +       if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
>> +               ERROR(1);
>> +               return TC_ACT_SHOT;
>> +       }
>> +
>> +       key.tunnel_ttl = 64;
>> +       if (iph->protocol == IPPROTO_ICMP) {
>> +               key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
>> +       } else {
>> +               if (iph->protocol != IPPROTO_TCP || iph->ihl != 5)
>> +                       return TC_ACT_SHOT;
>> +
>> +               if (tcp->dest == htons(5200))
>> +                       key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
>> +               else if (tcp->dest == htons(5201))
>> +                       key.remote_ipv4 = 0xac100165; /* 172.16.1.101 */
>> +               else
>> +                       return TC_ACT_SHOT;
>> +       }
>> +
>> +       ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
>> +       if (ret < 0) {
>> +               ERROR(ret);
>> +               return TC_ACT_SHOT;
>> +       }
>> +
>> +       return TC_ACT_OK;
>> +}
>> +
>> +SEC("ipip_get_tunnel")
>> +int _ipip_get_tunnel(struct __sk_buff *skb)
>> +{
>> +       int ret;
>> +       struct bpf_tunnel_key key;
>> +       char fmt[] = "remote ip 0x%x\n";
>> +
>> +       ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
>> +       if (ret < 0) {
>> +               ERROR(ret);
>> +               return TC_ACT_SHOT;
>> +       }
>> +
>> +       bpf_trace_printk(fmt, sizeof(fmt), key.remote_ipv4);
>> +       return TC_ACT_OK;
>> +}
>> +
>>   char _license[] SEC("license") = "GPL";
>> diff --git a/samples/bpf/test_tunnel_bpf.sh b/samples/bpf/test_tunnel_bpf.sh
>> index 4956589a83ae..1ff634f187b7 100755
>> --- a/samples/bpf/test_tunnel_bpf.sh
>> +++ b/samples/bpf/test_tunnel_bpf.sh
>> @@ -9,15 +9,13 @@
>>   # local 172.16.1.200 remote 172.16.1.100
>>   # veth1 IP: 172.16.1.200, tunnel dev <type>11
>>
>> -set -e
>> -
>>   function config_device {
>>          ip netns add at_ns0
>>          ip link add veth0 type veth peer name veth1
>>          ip link set veth0 netns at_ns0
>>          ip netns exec at_ns0 ip addr add 172.16.1.100/24 dev veth0
>>          ip netns exec at_ns0 ip link set dev veth0 up
>> -       ip link set dev veth1 up
>> +       ip link set dev veth1 up mtu 1500
>>          ip addr add dev veth1 172.16.1.200/24
>>   }
>>
>> @@ -67,6 +65,19 @@ function add_geneve_tunnel {
>>          ip addr add dev $DEV 10.1.1.200/24
>>   }
>>
>> +function add_ipip_tunnel {
>> +       # in namespace
>> +       ip netns exec at_ns0 \
>> +               ip link add dev $DEV_NS type $TYPE local 172.16.1.100 remote 172.16.1.200
>> +       ip netns exec at_ns0 ip link set dev $DEV_NS up
>> +       ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
>> +
>> +       # out of namespace
>> +       ip link add dev $DEV type $TYPE external
>> +       ip link set dev $DEV up
>> +       ip addr add dev $DEV 10.1.1.200/24
>> +}
>> +
>>   function attach_bpf {
>>          DEV=$1
>>          SET_TUNNEL=$2
>> @@ -85,6 +96,7 @@ function test_gre {
>>          attach_bpf $DEV gre_set_tunnel gre_get_tunnel
>>          ping -c 1 10.1.1.100
>>          ip netns exec at_ns0 ping -c 1 10.1.1.200
>> +       cleanup
>>   }
>>
>>   function test_vxlan {
>> @@ -96,6 +108,7 @@ function test_vxlan {
>>          attach_bpf $DEV vxlan_set_tunnel vxlan_get_tunnel
>>          ping -c 1 10.1.1.100
>>          ip netns exec at_ns0 ping -c 1 10.1.1.200
>> +       cleanup
>>   }
>>
>>   function test_geneve {
>> @@ -107,21 +120,48 @@ function test_geneve {
>>          attach_bpf $DEV geneve_set_tunnel geneve_get_tunnel
>>          ping -c 1 10.1.1.100
>>          ip netns exec at_ns0 ping -c 1 10.1.1.200
>> +       cleanup
>> +}
>> +
>> +function test_ipip {
>> +       TYPE=ipip
>> +       DEV_NS=ipip00
>> +       DEV=ipip11
>> +       config_device
>> +       tcpdump -nei veth1 &
>> +       cat /sys/kernel/debug/tracing/trace_pipe &
>> +       add_ipip_tunnel
>> +       ethtool -K veth1 gso off gro off rx off tx off
>> +       ip link set dev veth1 mtu 1500
>> +       attach_bpf $DEV ipip_set_tunnel ipip_get_tunnel
>> +       ping -c 1 10.1.1.100
>> +       ip netns exec at_ns0 ping -c 1 10.1.1.200
>> +       ip netns exec at_ns0 iperf -sD -p 5200 > /dev/null
>> +       sleep 0.2
>> +       iperf -c 10.1.1.100 -n 5k -p 5200
>> +       cleanup
>>   }
>>
>>   function cleanup {
>> +       set +ex
>> +       pkill iperf
>>          ip netns delete at_ns0
>>          ip link del veth1
>> -       ip link del $DEV
>> +       ip link del ipip11
>> +       ip link del gretap11
>> +       ip link del geneve11
>> +       pkill tcpdump
>> +       pkill cat
>> +       set -ex
>>   }
>>
>> +cleanup
>>   echo "Testing GRE tunnel..."
>>   test_gre
>> -cleanup
>>   echo "Testing VXLAN tunnel..."
>>   test_vxlan
>> -cleanup
>>   echo "Testing GENEVE tunnel..."
>>   test_geneve
>> -cleanup
>> -echo "Success"
>> +echo "Testing IPIP tunnel..."
>> +test_ipip
>> +echo "*** PASS ***"
>> --
>> 2.8.0
>>

next prev parent reply	other threads:[~2016-09-16  7:22 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-15 20:00 [PATCH net-next 0/4] ip_tunnel: add collect_md mode to IPv4/IPv6 tunnels Alexei Starovoitov
2016-09-15 20:00 ` [PATCH net-next 1/4] ip_tunnel: add collect_md mode to IPIP tunnel Alexei Starovoitov
2016-09-15 20:00 ` [PATCH net-next 2/4] ip6_tunnel: add collect_md mode to IPv6 tunnels Alexei Starovoitov
2016-09-15 20:00 ` [PATCH net-next 3/4] samples/bpf: extend test_tunnel_bpf.sh with IPIP test Alexei Starovoitov
2016-09-16  5:16   ` William Tu
2016-09-16  7:22     ` Daniel Borkmann [this message]
2016-09-15 20:00 ` [PATCH net-next 4/4] samples/bpf: add comprehensive ipip, ipip6, ip6ip6 test Alexei Starovoitov
2016-09-17 14:13 ` [PATCH net-next 0/4] ip_tunnel: add collect_md mode to IPv4/IPv6 tunnels David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57DB9DBA.2030709@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=ast@fb.com \
    --cc=davem@davemloft.net \
    --cc=kernel-team@fb.com \
    --cc=netdev@vger.kernel.org \
    --cc=tgraf@suug.ch \
    --cc=u9012063@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.