From: Lorenzo Bianconi <lorenzo@kernel.org>
To: Song Liu <song@kernel.org>
Cc: bpf <bpf@vger.kernel.org>, Networking <netdev@vger.kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"David S . Miller" <davem@davemloft.net>,
"Jakub Kicinski" <kuba@kernel.org>,
"Eric Dumazet" <edumazet@google.com>,
"Paolo Abeni" <pabeni@redhat.com>,
pablo@netfilter.org, fw@strlen.de,
netfilter-devel@vger.kernel.org, lorenzo.bianconi@redhat.com,
"Jesper Dangaard Brouer" <brouer@redhat.com>,
"Toke Høiland-Jørgensen" <toke@redhat.com>,
"Kumar Kartikeya Dwivedi" <memxor@gmail.com>
Subject: Re: [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc
Date: Wed, 7 Sep 2022 12:47:40 +0200 [thread overview]
Message-ID: <Yxh2zOZ4Q5OSMXir@lore-desk> (raw)
In-Reply-To: <CAPhsuW7J6UOihzNsmBm=tOk6QzNjok2YEh5S0yVJLXb__7t5eA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3991 bytes --]
> On Mon, Sep 5, 2022 at 6:15 AM Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> >
> > Introduce self-tests for bpf_ct_set_nat_info kfunc used to set the
> > source or destination nat addresses/ports.
> >
> > Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
> > ---
> > tools/testing/selftests/bpf/config | 1 +
> > .../testing/selftests/bpf/prog_tests/bpf_nf.c | 2 ++
> > .../testing/selftests/bpf/progs/test_bpf_nf.c | 26 ++++++++++++++++++-
> > 3 files changed, 28 insertions(+), 1 deletion(-)
> >
> > diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config
> > index 3fc46f9cfb22..8ce48f7213cb 100644
> > --- a/tools/testing/selftests/bpf/config
> > +++ b/tools/testing/selftests/bpf/config
> > @@ -57,6 +57,7 @@ CONFIG_NF_CONNTRACK=y
> > CONFIG_NF_CONNTRACK_MARK=y
> > CONFIG_NF_DEFRAG_IPV4=y
> > CONFIG_NF_DEFRAG_IPV6=y
> > +CONFIG_NF_NAT=y
> > CONFIG_RC_CORE=y
> > CONFIG_SECURITY=y
> > CONFIG_SECURITYFS=y
> > diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > index 544bf90ac2a7..f16913f8fca2 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > @@ -115,6 +115,8 @@ static void test_bpf_nf_ct(int mode)
> > ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update ");
> > ASSERT_EQ(skel->data->test_exist_lookup, 0, "Test existing connection lookup");
> > ASSERT_EQ(skel->bss->test_exist_lookup_mark, 43, "Test existing connection lookup ctmark");
> > + ASSERT_EQ(skel->data->test_snat_addr, 0, "Test for source natting");
> > + ASSERT_EQ(skel->data->test_dnat_addr, 0, "Test for destination natting");
> > end:
> > if (srv_client_fd != -1)
> > close(srv_client_fd);
> > diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > index 2722441850cc..3f441595098b 100644
> > --- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > @@ -23,6 +23,8 @@ int test_insert_entry = -EAFNOSUPPORT;
> > int test_succ_lookup = -ENOENT;
> > u32 test_delta_timeout = 0;
> > u32 test_status = 0;
> > +int test_snat_addr = -EINVAL;
> > +int test_dnat_addr = -EINVAL;
> > __be32 saddr = 0;
> > __be16 sport = 0;
> > __be32 daddr = 0;
> > @@ -53,6 +55,8 @@ void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
> > int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
> > int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
> > int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
> > +int bpf_ct_set_nat_info(struct nf_conn *, union nf_inet_addr *,
> > + __be16 *port, enum nf_nat_manip_type) __ksym;
> >
> > static __always_inline void
> > nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
> > @@ -140,10 +144,19 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
> > ct = alloc_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> > sizeof(opts_def));
> > if (ct) {
> > + __be16 sport = bpf_get_prandom_u32();
> > + __be16 dport = bpf_get_prandom_u32();
> > + union nf_inet_addr saddr = {};
> > + union nf_inet_addr daddr = {};
> > struct nf_conn *ct_ins;
> >
> > bpf_ct_set_timeout(ct, 10000);
> > - bpf_ct_set_status(ct, IPS_CONFIRMED);
>
> So this is paired with the IPS_CONFIRMED change in 3/4?
we actually do not need it since it is already done during entry allocation (or
insertion).
Looking again at the code I spotted a bug since we do not really check the value
configured with bpf_ct_change_status(ct_lk, IPS_SEEN_REPLY). I will post a fix.
Regards,
Lorenzo
>
> Thanks,
> Song
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
prev parent reply other threads:[~2022-09-07 10:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-05 13:14 [PATCH v2 bpf-next 0/4] Introduce bpf_ct_set_nat_info kfunc helper Lorenzo Bianconi
2022-09-05 13:14 ` [PATCH v2 bpf-next 1/4] bpf: Add support for per-parameter trusted args Lorenzo Bianconi
2022-09-06 21:27 ` Song Liu
2022-09-05 13:14 ` [PATCH v2 bpf-next 2/4] selftests/bpf: Extend KF_TRUSTED_ARGS test for __ref annotation Lorenzo Bianconi
2022-09-06 21:30 ` Song Liu
2022-09-05 13:14 ` [PATCH v2 bpf-next 3/4] net: netfilter: add bpf_ct_set_nat_info kfunc helper Lorenzo Bianconi
2022-09-06 21:36 ` Song Liu
2022-09-07 9:01 ` Lorenzo Bianconi
2022-09-07 4:27 ` Alexei Starovoitov
2022-09-07 4:39 ` Kumar Kartikeya Dwivedi
2022-09-07 5:15 ` Alexei Starovoitov
2022-09-07 5:51 ` Kumar Kartikeya Dwivedi
2022-09-07 17:33 ` Alexei Starovoitov
2022-09-07 18:12 ` Kumar Kartikeya Dwivedi
2022-09-05 13:14 ` [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc Lorenzo Bianconi
2022-09-06 21:54 ` Song Liu
2022-09-07 10:47 ` Lorenzo Bianconi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yxh2zOZ4Q5OSMXir@lore-desk \
--to=lorenzo@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brouer@redhat.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=song@kernel.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.