From: "Alexis Lothoré (eBPF Foundation)" <alexis.lothore@bootlin.com>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
Shuah Khan <shuah@kernel.org>
Cc: ebpf@linuxfoundation.org,
"Thomas Petazzoni" <thomas.petazzoni@bootlin.com>,
bpf@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Bastien Curutchet" <bastien.curutchet@bootlin.com>,
"Alexis Lothoré (eBPF Foundation)" <alexis.lothore@bootlin.com>
Subject: [PATCH bpf-next 2/3] selftests/bpf: add checks in tc_tunnel when entering net namespaces
Date: Fri, 31 Oct 2025 10:01:42 +0100 [thread overview]
Message-ID: <20251031-tc_tunnel_improv-v1-2-0ffe44d27eda@bootlin.com> (raw)
In-Reply-To: <20251031-tc_tunnel_improv-v1-0-0ffe44d27eda@bootlin.com>
test_tc_tunnel is missing checks on any open_netns. Add those checks
anytime we try to enter a net namespace, and skip the related operations
if we fail. While at it, reduce the number of open_netns/close_netns for
cases involving operations in two distinct namespaces: the test
currently does the following:
nstoken = open_netns("foo")
do_operation();
close(nstoken);
nstoken = open_netns("bar")
do_another_operation();
close(nstoken);
As already stated in reviews for the initial test, we don't need to go
back to the root net namespace to enter a second namespace, so just do:
ntoken_client = open_netns("foo")
do_operation();
nstoken_server = open_netns("bar")
do_another_operation();
close(nstoken_server);
close(nstoken_client);
Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
---
.../selftests/bpf/prog_tests/test_tc_tunnel.c | 134 ++++++++++++++-------
1 file changed, 88 insertions(+), 46 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/test_tc_tunnel.c b/tools/testing/selftests/bpf/prog_tests/test_tc_tunnel.c
index 1d8d38e67f8b..deea90aaefad 100644
--- a/tools/testing/selftests/bpf/prog_tests/test_tc_tunnel.c
+++ b/tools/testing/selftests/bpf/prog_tests/test_tc_tunnel.c
@@ -133,8 +133,12 @@ static void set_subtest_addresses(struct subtest_cfg *cfg)
static int run_server(struct subtest_cfg *cfg)
{
- struct nstoken *nstoken = open_netns(SERVER_NS);
int family = cfg->ipproto == 6 ? AF_INET6 : AF_INET;
+ struct nstoken *nstoken;
+
+ nstoken = open_netns(SERVER_NS);
+ if (!ASSERT_OK_PTR(nstoken, "open server ns"))
+ return -1;
cfg->server_fd = start_reuseport_server(family, SOCK_STREAM,
cfg->server_addr, TEST_PORT,
@@ -319,6 +323,10 @@ static int configure_encapsulation(struct subtest_cfg *cfg)
static int configure_kernel_decapsulation(struct subtest_cfg *cfg)
{
struct nstoken *nstoken = open_netns(SERVER_NS);
+ int ret = -1;
+
+ if (!ASSERT_OK_PTR(nstoken, "open server ns"))
+ return ret;
if (cfg->configure_fou_rx_port &&
!ASSERT_OK(add_fou_rx_port(cfg), "configure FOU RX port"))
@@ -337,11 +345,11 @@ static int configure_kernel_decapsulation(struct subtest_cfg *cfg)
SYS(fail, "sysctl -qw net.ipv4.conf.all.rp_filter=0");
SYS(fail, "sysctl -qw net.ipv4.conf.testtun0.rp_filter=0");
SYS(fail, "ip link set dev testtun0 up");
- close_netns(nstoken);
- return 0;
+
+ ret = 0;
fail:
close_netns(nstoken);
- return -1;
+ return ret;
}
static void remove_kernel_decapsulation(struct subtest_cfg *cfg)
@@ -356,6 +364,10 @@ static void remove_kernel_decapsulation(struct subtest_cfg *cfg)
static int configure_ebpf_decapsulation(struct subtest_cfg *cfg)
{
struct nstoken *nstoken = open_netns(SERVER_NS);
+ int ret = -1;
+
+ if (!ASSERT_OK_PTR(nstoken, "open server ns"))
+ return ret;
if (!cfg->expect_kern_decap_failure)
SYS(fail, "ip link del testtun0");
@@ -363,17 +375,20 @@ static int configure_ebpf_decapsulation(struct subtest_cfg *cfg)
if (!ASSERT_OK(tc_prog_attach("veth2", cfg->server_ingress_prog_fd, -1),
"attach_program"))
goto fail;
- close_netns(nstoken);
- return 0;
+
+ ret = 0;
fail:
close_netns(nstoken);
- return -1;
+ return ret;
}
static void run_test(struct subtest_cfg *cfg)
{
struct nstoken *nstoken = open_netns(CLIENT_NS);
+ if (!ASSERT_OK_PTR(nstoken, "open client ns"))
+ return;
+
if (!ASSERT_OK(run_server(cfg), "run server"))
goto fail;
@@ -407,7 +422,7 @@ static void run_test(struct subtest_cfg *cfg)
static int setup(void)
{
- struct nstoken *nstoken = NULL;
+ struct nstoken *nstoken_client, *nstoken_server;
int fd, err;
fd = open("/dev/urandom", O_RDONLY);
@@ -424,52 +439,75 @@ static int setup(void)
!ASSERT_OK(make_netns(SERVER_NS), "create server ns"))
goto fail;
- nstoken = open_netns(CLIENT_NS);
- SYS(fail, "ip link add %s type veth peer name %s",
+ nstoken_client = open_netns(CLIENT_NS);
+ if (!ASSERT_OK_PTR(nstoken_client, "open client ns"))
+ goto fail_delete_ns;
+ SYS(fail_close_ns_client, "ip link add %s type veth peer name %s",
"veth1 mtu 1500 netns " CLIENT_NS " address " MAC_ADDR_VETH1,
"veth2 mtu 1500 netns " SERVER_NS " address " MAC_ADDR_VETH2);
- SYS(fail, "ethtool -K veth1 tso off");
- SYS(fail, "ip link set veth1 up");
- close_netns(nstoken);
- nstoken = open_netns(SERVER_NS);
- SYS(fail, "ip link set veth2 up");
- close_netns(nstoken);
-
+ SYS(fail_close_ns_client, "ethtool -K veth1 tso off");
+ SYS(fail_close_ns_client, "ip link set veth1 up");
+ nstoken_server = open_netns(SERVER_NS);
+ if (!ASSERT_OK_PTR(nstoken_server, "open server ns"))
+ goto fail_close_ns_client;
+ SYS(fail_close_ns_server, "ip link set veth2 up");
+
+ close_netns(nstoken_server);
+ close_netns(nstoken_client);
return 0;
+
+fail_close_ns_server:
+ close_netns(nstoken_server);
+fail_close_ns_client:
+ close_netns(nstoken_client);
+fail_delete_ns:
+ SYS_NOFAIL("ip netns del " CLIENT_NS);
+ SYS_NOFAIL("ip netns del " SERVER_NS);
fail:
- close_netns(nstoken);
- return 1;
+ return -1;
}
static int subtest_setup(struct test_tc_tunnel *skel, struct subtest_cfg *cfg)
{
- struct nstoken *nstoken;
+ struct nstoken *nstoken_client, *nstoken_server;
+ int ret = -1;
set_subtest_addresses(cfg);
if (!ASSERT_OK(set_subtest_progs(cfg, skel),
"find subtest progs"))
- return -1;
+ goto fail;
if (cfg->extra_decap_mod_args_cb)
cfg->extra_decap_mod_args_cb(cfg, cfg->extra_decap_mod_args);
- nstoken = open_netns(CLIENT_NS);
- SYS(fail, "ip -4 addr add " IP4_ADDR_VETH1 "/24 dev veth1");
- SYS(fail, "ip -4 route flush table main");
- SYS(fail, "ip -4 route add " IP4_ADDR_VETH2 " mtu 1450 dev veth1");
- SYS(fail, "ip -6 addr add " IP6_ADDR_VETH1 "/64 dev veth1 nodad");
- SYS(fail, "ip -6 route flush table main");
- SYS(fail, "ip -6 route add " IP6_ADDR_VETH2 " mtu 1430 dev veth1");
- close_netns(nstoken);
-
- nstoken = open_netns(SERVER_NS);
- SYS(fail, "ip -4 addr add " IP4_ADDR_VETH2 "/24 dev veth2");
- SYS(fail, "ip -6 addr add " IP6_ADDR_VETH2 "/64 dev veth2 nodad");
- close_netns(nstoken);
-
- return 0;
+ nstoken_client = open_netns(CLIENT_NS);
+ if (!ASSERT_OK_PTR(nstoken_client, "open client ns"))
+ goto fail;
+ SYS(fail_close_client_ns,
+ "ip -4 addr add " IP4_ADDR_VETH1 "/24 dev veth1");
+ SYS(fail_close_client_ns, "ip -4 route flush table main");
+ SYS(fail_close_client_ns,
+ "ip -4 route add " IP4_ADDR_VETH2 " mtu 1450 dev veth1");
+ SYS(fail_close_client_ns,
+ "ip -6 addr add " IP6_ADDR_VETH1 "/64 dev veth1 nodad");
+ SYS(fail_close_client_ns, "ip -6 route flush table main");
+ SYS(fail_close_client_ns,
+ "ip -6 route add " IP6_ADDR_VETH2 " mtu 1430 dev veth1");
+ nstoken_server = open_netns(SERVER_NS);
+ if (!ASSERT_OK_PTR(nstoken_server, "open server ns"))
+ goto fail_close_client_ns;
+ SYS(fail_close_server_ns,
+ "ip -4 addr add " IP4_ADDR_VETH2 "/24 dev veth2");
+ SYS(fail_close_server_ns,
+ "ip -6 addr add " IP6_ADDR_VETH2 "/64 dev veth2 nodad");
+
+ ret = 0;
+
+fail_close_server_ns:
+ close_netns(nstoken_server);
+fail_close_client_ns:
+ close_netns(nstoken_client);
fail:
- close_netns(nstoken);
- return -1;
+ return ret;
}
@@ -478,15 +516,19 @@ static void subtest_cleanup(struct subtest_cfg *cfg)
struct nstoken *nstoken;
nstoken = open_netns(CLIENT_NS);
- SYS_NOFAIL("tc qdisc delete dev veth1 parent ffff:fff1");
- SYS_NOFAIL("ip a flush veth1");
- close_netns(nstoken);
+ if (ASSERT_OK_PTR(nstoken, "open clien ns")) {
+ SYS_NOFAIL("tc qdisc delete dev veth1 parent ffff:fff1");
+ SYS_NOFAIL("ip a flush veth1");
+ close_netns(nstoken);
+ }
nstoken = open_netns(SERVER_NS);
- SYS_NOFAIL("tc qdisc delete dev veth2 parent ffff:fff1");
- SYS_NOFAIL("ip a flush veth2");
- if (!cfg->expect_kern_decap_failure)
- remove_kernel_decapsulation(cfg);
- close_netns(nstoken);
+ if (ASSERT_OK_PTR(nstoken, "open clien ns")) {
+ SYS_NOFAIL("tc qdisc delete dev veth2 parent ffff:fff1");
+ SYS_NOFAIL("ip a flush veth2");
+ if (!cfg->expect_kern_decap_failure)
+ remove_kernel_decapsulation(cfg);
+ close_netns(nstoken);
+ }
}
static void cleanup(void)
--
2.51.1.dirty
next prev parent reply other threads:[~2025-10-31 9:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 9:01 [PATCH bpf-next 0/3] selftests/bpf: small improvements on tc_tunnel Alexis Lothoré (eBPF Foundation)
2025-10-31 9:01 ` [PATCH bpf-next 1/3] selftests/bpf: skip tc_tunnel subtest if its setup fails Alexis Lothoré (eBPF Foundation)
2025-10-31 9:01 ` Alexis Lothoré (eBPF Foundation) [this message]
2025-10-31 9:01 ` [PATCH bpf-next 3/3] selftests/bpf: use start_server_str rather than start_reuseport_server in tc_tunnel Alexis Lothoré (eBPF Foundation)
2025-11-03 21:31 ` Martin KaFai Lau
2025-11-03 21:33 ` [PATCH bpf-next 0/3] selftests/bpf: small improvements on tc_tunnel patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031-tc_tunnel_improv-v1-2-0ffe44d27eda@bootlin.com \
--to=alexis.lothore@bootlin.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bastien.curutchet@bootlin.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=ebpf@linuxfoundation.org \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=thomas.petazzoni@bootlin.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox