From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: Yonghong Song <yhs@fb.com>
Cc: Lorenzo Bianconi <lorenzo@kernel.org>,
bpf@vger.kernel.org, netdev@vger.kernel.org, ast@kernel.org,
daniel@iogearbox.net, andrii@kernel.org, davem@davemloft.net,
kuba@kernel.org, edumazet@google.com, pabeni@redhat.com,
pablo@netfilter.org, fw@strlen.de,
netfilter-devel@vger.kernel.org, brouer@redhat.com,
toke@redhat.com, memxor@gmail.com
Subject: Re: [PATCH v3 bpf-next 5/5] selftests/bpf: add selftest for bpf_xdp_ct_add and bpf_ct_refresh_timeout kfunc
Date: Wed, 18 May 2022 22:38:50 +0200 [thread overview]
Message-ID: <YoVZWsiwcX3yoLAD@lore-desk> (raw)
In-Reply-To: <1e426140-d374-5bfc-89f8-37df9ead26ba@fb.com>
[-- Attachment #1: Type: text/plain, Size: 8467 bytes --]
>
>
> On 5/18/22 3:43 AM, Lorenzo Bianconi wrote:
> > Introduce selftests for the following kfunc helpers:
> > - bpf_xdp_ct_add
> > - bpf_skb_ct_add
> > - bpf_ct_refresh_timeout
> >
> > Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> > ---
> > .../testing/selftests/bpf/prog_tests/bpf_nf.c | 4 ++
> > .../testing/selftests/bpf/progs/test_bpf_nf.c | 72 +++++++++++++++----
> > 2 files changed, 64 insertions(+), 12 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > index dd30b1e3a67c..be6c5650892f 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > @@ -39,6 +39,10 @@ void test_bpf_nf_ct(int mode)
> > ASSERT_EQ(skel->bss->test_enonet_netns_id, -ENONET, "Test ENONET for bad but valid netns_id");
> > ASSERT_EQ(skel->bss->test_enoent_lookup, -ENOENT, "Test ENOENT for failed lookup");
> > ASSERT_EQ(skel->bss->test_eafnosupport, -EAFNOSUPPORT, "Test EAFNOSUPPORT for invalid len__tuple");
> > + ASSERT_EQ(skel->bss->test_add_entry, 0, "Test for adding new entry");
> > + ASSERT_EQ(skel->bss->test_succ_lookup, 0, "Test for successful lookup");
>
> The default value for test_add_entry/test_succ_lookup are 0. So even if the
> program didn't execute, the above still succeeds. So testing with
> a non-default value (0) might be a better choice.
ack, I will fix it in v4.
>
> > + ASSERT_TRUE(skel->bss->test_delta_timeout > 9 && skel->bss->test_delta_timeout <= 10,
> > + "Test for ct timeout update");
>
> ASSERT_TRUE(skel->bss->test_delta_timeout == 10, ...)? Could you add some
> comments on why the value should be 10. It is not obvious by
> inspecting the code.
I added some tolerance to avoid races with jiffies update in test_bpf_nf.c
>
> > end:
> > test_bpf_nf__destroy(skel);
> > }
> > diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > index f00a9731930e..361430dde3f7 100644
> > --- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > @@ -1,6 +1,7 @@
> > // SPDX-License-Identifier: GPL-2.0
> > #include <vmlinux.h>
> > #include <bpf/bpf_helpers.h>
> > +#include <bpf/bpf_endian.h>
> > #define EAFNOSUPPORT 97
> > #define EPROTO 71
> > @@ -8,6 +9,8 @@
> > #define EINVAL 22
> > #define ENOENT 2
> > +extern unsigned long CONFIG_HZ __kconfig;
> > +
> > int test_einval_bpf_tuple = 0;
> > int test_einval_reserved = 0;
> > int test_einval_netns_id = 0;
> > @@ -16,6 +19,9 @@ int test_eproto_l4proto = 0;
> > int test_enonet_netns_id = 0;
> > int test_enoent_lookup = 0;
> > int test_eafnosupport = 0;
> > +int test_add_entry = 0;
> > +int test_succ_lookup = 0;
> > +u32 test_delta_timeout = 0;
> > struct nf_conn;
> > @@ -26,31 +32,40 @@ struct bpf_ct_opts___local {
> > u8 reserved[3];
> > } __attribute__((preserve_access_index));
> > +struct nf_conn *bpf_xdp_ct_add(struct xdp_md *, struct bpf_sock_tuple *, u32,
> > + struct bpf_ct_opts___local *, u32) __ksym;
> > struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *, struct bpf_sock_tuple *, u32,
> > struct bpf_ct_opts___local *, u32) __ksym;
> > +struct nf_conn *bpf_skb_ct_add(struct __sk_buff *, struct bpf_sock_tuple *, u32,
> > + struct bpf_ct_opts___local *, u32) __ksym;
> > struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
> > struct bpf_ct_opts___local *, u32) __ksym;
> > void bpf_ct_release(struct nf_conn *) __ksym;
> > +void bpf_ct_refresh_timeout(struct nf_conn *, u32) __ksym;
> > static __always_inline void
> > -nf_ct_test(struct nf_conn *(*func)(void *, struct bpf_sock_tuple *, u32,
> > - struct bpf_ct_opts___local *, u32),
> > +nf_ct_test(struct nf_conn *(*look_fn)(void *, struct bpf_sock_tuple *, u32,
> > + struct bpf_ct_opts___local *, u32),
> > + struct nf_conn *(*add_fn)(void *, struct bpf_sock_tuple *, u32,
> > + struct bpf_ct_opts___local *, u32),
> > void *ctx)
> > {
> > struct bpf_ct_opts___local opts_def = { .l4proto = IPPROTO_TCP, .netns_id = -1 };
> > struct bpf_sock_tuple bpf_tuple;
> > struct nf_conn *ct;
> > + int err;
> > __builtin_memset(&bpf_tuple, 0, sizeof(bpf_tuple.ipv4));
> > - ct = func(ctx, NULL, 0, &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, NULL, 0, &opts_def, sizeof(opts_def));
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_einval_bpf_tuple = opts_def.error;
> > opts_def.reserved[0] = 1;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > opts_def.reserved[0] = 0;
> > opts_def.l4proto = IPPROTO_TCP;
> > if (ct)
> > @@ -59,21 +74,24 @@ nf_ct_test(struct nf_conn *(*func)(void *, struct bpf_sock_tuple *, u32,
> > test_einval_reserved = opts_def.error;
> > opts_def.netns_id = -2;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > opts_def.netns_id = -1;
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_einval_netns_id = opts_def.error;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def) - 1);
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def) - 1);
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_einval_len_opts = opts_def.error;
> > opts_def.l4proto = IPPROTO_ICMP;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > opts_def.l4proto = IPPROTO_TCP;
> > if (ct)
> > bpf_ct_release(ct);
> > @@ -81,37 +99,67 @@ nf_ct_test(struct nf_conn *(*func)(void *, struct bpf_sock_tuple *, u32,
> > test_eproto_l4proto = opts_def.error;
> > opts_def.netns_id = 0xf00f;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > opts_def.netns_id = -1;
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_enonet_netns_id = opts_def.error;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_enoent_lookup = opts_def.error;
> > - ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4) - 1, &opts_def, sizeof(opts_def));
> > + ct = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4) - 1, &opts_def,
> > + sizeof(opts_def));
> > if (ct)
> > bpf_ct_release(ct);
> > else
> > test_eafnosupport = opts_def.error;
> > +
> > + bpf_tuple.ipv4.saddr = bpf_get_prandom_u32(); /* src IP */
> > + bpf_tuple.ipv4.daddr = bpf_get_prandom_u32(); /* dst IP */
> > + bpf_tuple.ipv4.sport = bpf_htons(bpf_get_prandom_u32()); /* src port */
> > + bpf_tuple.ipv4.dport = bpf_htons(bpf_get_prandom_u32()); /* dst port */
>
> Since it is already random number, bpf_htons is not needed here.
> bpf_endian.h can also be removed.
ack, I will fix it in v4.
Regards,
Lorenzo
>
> > +
> > + ct = add_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > + sizeof(opts_def));
> > + if (ct) {
> > + struct nf_conn *ct_lk;
> > +
> > + ct_lk = look_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4),
> > + &opts_def, sizeof(opts_def));
> > + if (ct_lk) {
> > + /* update ct entry timeout */
> > + bpf_ct_refresh_timeout(ct_lk, 10000);
> > + test_delta_timeout = ct_lk->timeout - bpf_jiffies64();
> > + test_delta_timeout /= CONFIG_HZ;
> > + bpf_ct_release(ct_lk);
> > + } else {
> > + test_succ_lookup = opts_def.error;
> > + }
> > + bpf_ct_release(ct);
> > + } else {
> > + test_add_entry = opts_def.error;
> > + test_succ_lookup = opts_def.error;
> > + }
> > }
> [...]
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2022-05-18 20:39 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-18 10:43 [PATCH v3 bpf-next 0/5] net: netfilter: add kfunc helper to update ct timeout Lorenzo Bianconi
2022-05-18 10:43 ` [PATCH v3 bpf-next 1/5] bpf: Add support for forcing kfunc args to be referenced Lorenzo Bianconi
2022-05-18 17:58 ` Yonghong Song
2022-05-18 18:06 ` Kumar Kartikeya Dwivedi
2022-05-18 18:23 ` Yonghong Song
2022-05-18 10:43 ` [PATCH v3 bpf-next 2/5] selftests/bpf: Add verifier selftests for forced kfunc ref args Lorenzo Bianconi
2022-05-18 18:25 ` Yonghong Song
2022-05-18 10:43 ` [PATCH v3 bpf-next 3/5] net: netfilter: add kfunc helper to update ct timeout Lorenzo Bianconi
2022-05-18 20:42 ` Toke Høiland-Jørgensen
2022-05-18 10:43 ` [PATCH v3 bpf-next 4/5] net: netfilter: add kfunc helper to add a new ct entry Lorenzo Bianconi
2022-05-18 20:47 ` Toke Høiland-Jørgensen
2022-05-18 21:08 ` Lorenzo Bianconi
2022-05-18 22:14 ` Alexei Starovoitov
2022-05-18 22:43 ` Kumar Kartikeya Dwivedi
2022-05-19 10:45 ` Toke Høiland-Jørgensen
2022-05-19 11:23 ` Kumar Kartikeya Dwivedi
2022-05-19 17:00 ` Yonghong Song
2022-05-19 17:10 ` Kumar Kartikeya Dwivedi
2022-05-19 2:06 ` kernel test robot
2022-05-18 10:43 ` [PATCH v3 bpf-next 5/5] selftests/bpf: add selftest for bpf_xdp_ct_add and bpf_ct_refresh_timeout kfunc Lorenzo Bianconi
2022-05-18 18:55 ` Yonghong Song
2022-05-18 20:38 ` Lorenzo Bianconi [this message]
2022-05-20 22:04 ` Andrii Nakryiko
2022-05-21 9:56 ` Lorenzo Bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YoVZWsiwcX3yoLAD@lore-desk \
--to=lorenzo.bianconi@redhat.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=lorenzo@kernel.org \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=toke@redhat.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.