From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Lorenzo Bianconi <lorenzo@kernel.org>,
bpf@vger.kernel.org, netdev@vger.kernel.org, ast@kernel.org,
andrii@kernel.org, davem@davemloft.net, kuba@kernel.org,
edumazet@google.com, pabeni@redhat.com, pablo@netfilter.org,
fw@strlen.de, netfilter-devel@vger.kernel.org, brouer@redhat.com,
toke@redhat.com, memxor@gmail.com
Subject: Re: [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper
Date: Fri, 2 Sep 2022 16:35:43 +0200 [thread overview]
Message-ID: <YxIUvxY8S256TTUf@lore-desk> (raw)
In-Reply-To: <aec3e8d1-6b80-c344-febe-809bbb0308eb@iogearbox.net>
[-- Attachment #1: Type: text/plain, Size: 5051 bytes --]
On Sep 02, Daniel Borkmann wrote:
> On 9/1/22 6:43 PM, Lorenzo Bianconi wrote:
> > Introduce bpf_ct_set_nat_info kfunc helper in order to set source and
> > destination nat addresses/ports in a new allocated ct entry not inserted
> > in the connection tracking table yet.
> > Introduce support for per-parameter trusted args.
> >
> > Kumar Kartikeya Dwivedi (2):
> > bpf: Add support for per-parameter trusted args
> > selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation
> >
> > Lorenzo Bianconi (2):
> > net: netfilter: add bpf_ct_set_nat_info kfunc helper
> > selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
> >
> > Documentation/bpf/kfuncs.rst | 18 +++++++
> > kernel/bpf/btf.c | 39 ++++++++++-----
> > net/bpf/test_run.c | 9 +++-
> > net/netfilter/nf_conntrack_bpf.c | 49 ++++++++++++++++++-
> > .../testing/selftests/bpf/prog_tests/bpf_nf.c | 2 +
> > .../testing/selftests/bpf/progs/test_bpf_nf.c | 26 +++++++++-
> > tools/testing/selftests/bpf/verifier/calls.c | 38 +++++++++++---
> > 7 files changed, 156 insertions(+), 25 deletions(-)
> >
>
> Looks like this fails BPF CI, ptal:
>
> https://github.com/kernel-patches/bpf/runs/8147936670?check_suite_focus=true
Hi Daniel,
it seems CONFIG_NF_NAT is not set in the kernel config file.
Am I supposed to enable it in bpf-next/tools/testing/selftests/bpf/config?
Regards,
Lorenzo
>
> [...]
> All error logs:
> test_bpf_nf_ct:PASS:test_bpf_nf__open_and_load 0 nsec
> test_bpf_nf_ct:PASS:iptables 0 nsec
> test_bpf_nf_ct:PASS:start_server 0 nsec
> connect_to_server:PASS:socket 0 nsec
> connect_to_server:PASS:connect_fd_to_fd 0 nsec
> test_bpf_nf_ct:PASS:connect_to_server 0 nsec
> test_bpf_nf_ct:PASS:accept 0 nsec
> test_bpf_nf_ct:PASS:sockaddr len 0 nsec
> test_bpf_nf_ct:PASS:bpf_prog_test_run 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for NULL bpf_tuple 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for reserved not set to 0 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for netns_id < -1 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for len__opts != NF_BPF_CT_OPTS_SZ 0 nsec
> test_bpf_nf_ct:PASS:Test EPROTO for l4proto != TCP or UDP 0 nsec
> test_bpf_nf_ct:PASS:Test ENONET for bad but valid netns_id 0 nsec
> test_bpf_nf_ct:PASS:Test ENOENT for failed lookup 0 nsec
> test_bpf_nf_ct:PASS:Test EAFNOSUPPORT for invalid len__tuple 0 nsec
> test_bpf_nf_ct:PASS:Test for alloc new entry 0 nsec
> test_bpf_nf_ct:PASS:Test for insert new entry 0 nsec
> test_bpf_nf_ct:PASS:Test for successful lookup 0 nsec
> test_bpf_nf_ct:PASS:Test for min ct timeout update 0 nsec
> test_bpf_nf_ct:PASS:Test for max ct timeout update 0 nsec
> test_bpf_nf_ct:PASS:Test for ct status update 0 nsec
> test_bpf_nf_ct:PASS:Test existing connection lookup 0 nsec
> test_bpf_nf_ct:PASS:Test existing connection lookup ctmark 0 nsec
> test_bpf_nf_ct:FAIL:Test for source natting unexpected Test for source natting: actual -22 != expected 0
> test_bpf_nf_ct:FAIL:Test for destination natting unexpected Test for destination natting: actual -22 != expected 0
> #16/1 bpf_nf/xdp-ct:FAIL
> test_bpf_nf_ct:PASS:test_bpf_nf__open_and_load 0 nsec
> test_bpf_nf_ct:PASS:iptables 0 nsec
> test_bpf_nf_ct:PASS:start_server 0 nsec
> connect_to_server:PASS:socket 0 nsec
> connect_to_server:PASS:connect_fd_to_fd 0 nsec
> test_bpf_nf_ct:PASS:connect_to_server 0 nsec
> test_bpf_nf_ct:PASS:accept 0 nsec
> test_bpf_nf_ct:PASS:sockaddr len 0 nsec
> test_bpf_nf_ct:PASS:bpf_prog_test_run 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for NULL bpf_tuple 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for reserved not set to 0 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for netns_id < -1 0 nsec
> test_bpf_nf_ct:PASS:Test EINVAL for len__opts != NF_BPF_CT_OPTS_SZ 0 nsec
> test_bpf_nf_ct:PASS:Test EPROTO for l4proto != TCP or UDP 0 nsec
> test_bpf_nf_ct:PASS:Test ENONET for bad but valid netns_id 0 nsec
> test_bpf_nf_ct:PASS:Test ENOENT for failed lookup 0 nsec
> test_bpf_nf_ct:PASS:Test EAFNOSUPPORT for invalid len__tuple 0 nsec
> test_bpf_nf_ct:PASS:Test for alloc new entry 0 nsec
> test_bpf_nf_ct:PASS:Test for insert new entry 0 nsec
> test_bpf_nf_ct:PASS:Test for successful lookup 0 nsec
> test_bpf_nf_ct:PASS:Test for min ct timeout update 0 nsec
> test_bpf_nf_ct:PASS:Test for max ct timeout update 0 nsec
> test_bpf_nf_ct:PASS:Test for ct status update 0 nsec
> test_bpf_nf_ct:PASS:Test existing connection lookup 0 nsec
> test_bpf_nf_ct:PASS:Test existing connection lookup ctmark 0 nsec
> test_bpf_nf_ct:FAIL:Test for source natting unexpected Test for source natting: actual -22 != expected 0
> test_bpf_nf_ct:FAIL:Test for destination natting unexpected Test for destination natting: actual -22 != expected 0
> #16/2 bpf_nf/tc-bpf-ct:FAIL
> #16 bpf_nf:FAIL
> [...]
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next prev parent reply other threads:[~2022-09-02 15:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 16:43 [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper Lorenzo Bianconi
2022-09-01 16:43 ` [PATCH bpf-next 1/4] bpf: Add support for per-parameter trusted args Lorenzo Bianconi
2022-09-01 16:43 ` [PATCH bpf-next 2/4] selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation Lorenzo Bianconi
2022-09-01 16:43 ` [PATCH bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper Lorenzo Bianconi
2022-09-01 16:43 ` [PATCH bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc Lorenzo Bianconi
2022-09-02 14:11 ` [PATCH bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper Daniel Borkmann
2022-09-02 14:35 ` Lorenzo Bianconi [this message]
2022-09-02 14:41 ` Daniel Borkmann
2022-09-02 15:44 ` Daniel Müller
2022-09-02 16:01 ` Lorenzo Bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YxIUvxY8S256TTUf@lore-desk \
--to=lorenzo.bianconi@redhat.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=lorenzo@kernel.org \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.