* [PATCH bpf-next v2 0/2] Cgroup skb add helper to get net_cls's classid
@ 2024-09-18 7:45 Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 1/2] bpf: cg_skb add get classid helper Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers Feng zhou
0 siblings, 2 replies; 5+ messages in thread
From: Feng zhou @ 2024-09-18 7:45 UTC (permalink / raw)
To: martin.lau, daniel, john.fastabend, ast, andrii, eddyz87, song,
yonghong.song, kpsingh, sdf, haoluo, jolsa, davem, edumazet, kuba,
pabeni, mykolal, shuah, geliang, laoar.shao
Cc: netdev, linux-kernel, bpf, linux-kselftest, yangzhenze,
wangdongdong.6, zhoufeng.zf
From: Feng Zhou <zhoufeng.zf@bytedance.com>
0001: Cgroup skb add bpf_skb_cgroup_classid_proto.
0002: Add a testcase for it.
Feng Zhou (2):
bpf: cg_skb add get classid helper
bpf, selftests: Add test case for cgroup skb to get net_cls classid
helpers
Changelog:
v1->v2: Addressed comments from Martin KaFai Lau
- Just bpf_skb_cgroup_classid_proto.
- Add a testcase.
Details in here:
https://lore.kernel.org/lkml/20240814095038.64523-1-zhoufeng.zf@bytedance.com/T/
net/core/filter.c | 4 +
.../bpf/prog_tests/cg_skb_get_classid.c | 87 +++++++++++++++++++
.../selftests/bpf/progs/cg_skb_get_classid.c | 19 ++++
3 files changed, 110 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
create mode 100644 tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
--
2.30.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH bpf-next v2 1/2] bpf: cg_skb add get classid helper
2024-09-18 7:45 [PATCH bpf-next v2 0/2] Cgroup skb add helper to get net_cls's classid Feng zhou
@ 2024-09-18 7:45 ` Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers Feng zhou
1 sibling, 0 replies; 5+ messages in thread
From: Feng zhou @ 2024-09-18 7:45 UTC (permalink / raw)
To: martin.lau, daniel, john.fastabend, ast, andrii, eddyz87, song,
yonghong.song, kpsingh, sdf, haoluo, jolsa, davem, edumazet, kuba,
pabeni, mykolal, shuah, geliang, laoar.shao
Cc: netdev, linux-kernel, bpf, linux-kselftest, yangzhenze,
wangdongdong.6, zhoufeng.zf
From: Feng Zhou <zhoufeng.zf@bytedance.com>
At cg_skb hook point, can get classid for v1 or v2, allowing
users to do more functions such as acl.
Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
---
net/core/filter.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index e4a4454df5f9..a4aa39b6dbba 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -8115,6 +8115,10 @@ cg_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_listener_sock_proto;
case BPF_FUNC_skb_ecn_set_ce:
return &bpf_skb_ecn_set_ce_proto;
+#endif
+#ifdef CONFIG_CGROUP_NET_CLASSID
+ case BPF_FUNC_skb_cgroup_classid:
+ return &bpf_skb_cgroup_classid_proto;
#endif
default:
return sk_filter_func_proto(func_id, prog);
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers
2024-09-18 7:45 [PATCH bpf-next v2 0/2] Cgroup skb add helper to get net_cls's classid Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 1/2] bpf: cg_skb add get classid helper Feng zhou
@ 2024-09-18 7:45 ` Feng zhou
2024-10-01 1:58 ` Martin KaFai Lau
1 sibling, 1 reply; 5+ messages in thread
From: Feng zhou @ 2024-09-18 7:45 UTC (permalink / raw)
To: martin.lau, daniel, john.fastabend, ast, andrii, eddyz87, song,
yonghong.song, kpsingh, sdf, haoluo, jolsa, davem, edumazet, kuba,
pabeni, mykolal, shuah, geliang, laoar.shao
Cc: netdev, linux-kernel, bpf, linux-kselftest, yangzhenze,
wangdongdong.6, zhoufeng.zf
From: Feng Zhou <zhoufeng.zf@bytedance.com>
This patch adds a test for cgroup skb to get classid.
Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
---
.../bpf/prog_tests/cg_skb_get_classid.c | 87 +++++++++++++++++++
.../selftests/bpf/progs/cg_skb_get_classid.c | 19 ++++
2 files changed, 106 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
create mode 100644 tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
diff --git a/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
new file mode 100644
index 000000000000..13a5943c387d
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+/*
+ * Copyright 2024 Bytedance.
+ */
+
+#include <test_progs.h>
+
+#include "cg_skb_get_classid.skel.h"
+
+#include "cgroup_helpers.h"
+#include "network_helpers.h"
+
+static int run_test(int cgroup_fd, int server_fd)
+{
+ struct cg_skb_get_classid *skel;
+ int fd, err = 0;
+
+ skel = cg_skb_get_classid__open_and_load();
+ if (!ASSERT_OK_PTR(skel, "skel_open"))
+ return -1;
+
+ skel->links.cg_skb_classid =
+ bpf_program__attach_cgroup(skel->progs.cg_skb_classid,
+ cgroup_fd);
+ if (!ASSERT_OK_PTR(skel->links.cg_skb_classid, "prog_attach")) {
+ err = -1;
+ goto out;
+ }
+
+ if (!ASSERT_OK(join_classid(), "join_classid")) {
+ err = -1;
+ goto out;
+ }
+
+ errno = 0;
+ fd = connect_to_fd_opts(server_fd, NULL);
+ if (fd >= 0) {
+ if (skel->bss->classid != getpid()) {
+ log_err("Get unexpected classid");
+ err = -1;
+ }
+
+ close(fd);
+ } else {
+ log_err("Unexpected errno from connect to server");
+ err = -1;
+ }
+out:
+ cg_skb_get_classid__destroy(skel);
+ return err;
+}
+
+void test_cg_skb_get_classid(void)
+{
+ struct network_helper_opts opts = {};
+ int server_fd, client_fd, cgroup_fd;
+ static const int port = 60120;
+
+ /* Step 1: Check base connectivity works without any BPF. */
+ server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
+ if (!ASSERT_GE(server_fd, 0, "server_fd"))
+ return;
+ client_fd = connect_to_fd_opts(server_fd, &opts);
+ if (!ASSERT_GE(client_fd, 0, "client_fd")) {
+ close(server_fd);
+ return;
+ }
+ close(client_fd);
+ close(server_fd);
+
+ /* Step 2: Check BPF prog attached to cgroups. */
+ cgroup_fd = test__join_cgroup("/cg_skb_get_classid");
+ if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd"))
+ return;
+ server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
+ if (!ASSERT_GE(server_fd, 0, "server_fd")) {
+ close(cgroup_fd);
+ return;
+ }
+ setup_classid_environment();
+ set_classid();
+ ASSERT_OK(run_test(cgroup_fd, server_fd), "cg_skb_get_classid");
+ cleanup_classid_environment();
+ close(server_fd);
+ close(cgroup_fd);
+}
diff --git a/tools/testing/selftests/bpf/progs/cg_skb_get_classid.c b/tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
new file mode 100644
index 000000000000..aef0265d24eb
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+/*
+ * Copyright 2024 Bytedance.
+ */
+
+#include <errno.h>
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+__u32 classid = 0;
+
+SEC("cgroup_skb/egress")
+int cg_skb_classid(struct __sk_buff *ctx)
+{
+ classid = bpf_skb_cgroup_classid(ctx);
+
+ return 1;
+}
--
2.30.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers
2024-09-18 7:45 ` [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers Feng zhou
@ 2024-10-01 1:58 ` Martin KaFai Lau
2024-10-16 8:28 ` [External] " Feng Zhou
0 siblings, 1 reply; 5+ messages in thread
From: Martin KaFai Lau @ 2024-10-01 1:58 UTC (permalink / raw)
To: Feng zhou
Cc: daniel, john.fastabend, ast, andrii, eddyz87, song, yonghong.song,
kpsingh, sdf, haoluo, jolsa, davem, edumazet, kuba, pabeni,
mykolal, shuah, geliang, laoar.shao, netdev, linux-kernel, bpf,
linux-kselftest, yangzhenze, wangdongdong.6
On 9/18/24 12:45 AM, Feng zhou wrote:
> From: Feng Zhou <zhoufeng.zf@bytedance.com>
>
> This patch adds a test for cgroup skb to get classid.
>
> Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
> ---
> .../bpf/prog_tests/cg_skb_get_classid.c | 87 +++++++++++++++++++
> .../selftests/bpf/progs/cg_skb_get_classid.c | 19 ++++
> 2 files changed, 106 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
> create mode 100644 tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
> new file mode 100644
> index 000000000000..13a5943c387d
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
> @@ -0,0 +1,87 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +
> +/*
> + * Copyright 2024 Bytedance.
> + */
> +
> +#include <test_progs.h>
> +
> +#include "cg_skb_get_classid.skel.h"
> +
> +#include "cgroup_helpers.h"
> +#include "network_helpers.h"
> +
> +static int run_test(int cgroup_fd, int server_fd)
> +{
> + struct cg_skb_get_classid *skel;
> + int fd, err = 0;
> +
> + skel = cg_skb_get_classid__open_and_load();
> + if (!ASSERT_OK_PTR(skel, "skel_open"))
> + return -1;
> +
> + skel->links.cg_skb_classid =
> + bpf_program__attach_cgroup(skel->progs.cg_skb_classid,
> + cgroup_fd);
> + if (!ASSERT_OK_PTR(skel->links.cg_skb_classid, "prog_attach")) {
> + err = -1;
> + goto out;
> + }
> +
> + if (!ASSERT_OK(join_classid(), "join_classid")) {
> + err = -1;
> + goto out;
> + }
> +
> + errno = 0;
> + fd = connect_to_fd_opts(server_fd, NULL);
> + if (fd >= 0) {
> + if (skel->bss->classid != getpid()) {
> + log_err("Get unexpected classid");
> + err = -1;
> + }
> +
> + close(fd);
> + } else {
> + log_err("Unexpected errno from connect to server");
> + err = -1;
> + }
> +out:
> + cg_skb_get_classid__destroy(skel);
> + return err;
> +}
> +
> +void test_cg_skb_get_classid(void)
> +{
> + struct network_helper_opts opts = {};
> + int server_fd, client_fd, cgroup_fd;
> + static const int port = 60120;
Running a test with a specific port without netns could fail when test_progs is
run in parallel (-j). e.g. cgroup_v1v2 is using the same port.
> +
> + /* Step 1: Check base connectivity works without any BPF. */
> + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
> + if (!ASSERT_GE(server_fd, 0, "server_fd"))
> + return;
> + client_fd = connect_to_fd_opts(server_fd, &opts);
> + if (!ASSERT_GE(client_fd, 0, "client_fd")) {
> + close(server_fd);
> + return;
> + }
> + close(client_fd);
> + close(server_fd);
imo, this connection pre-test is unnecessary. I would remove it.
> +
> + /* Step 2: Check BPF prog attached to cgroups. */
> + cgroup_fd = test__join_cgroup("/cg_skb_get_classid");
> + if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd"))
> + return;
> + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
> + if (!ASSERT_GE(server_fd, 0, "server_fd")) {
> + close(cgroup_fd);
> + return;
> + }
> + setup_classid_environment();
> + set_classid();
> + ASSERT_OK(run_test(cgroup_fd, server_fd), "cg_skb_get_classid");
Please run this test under a netns and without specifying a particular port.
connect_to_fd_opts will figure out the port used in server_fd.
Patch 1 lgtm.
Please add a few words to the cover letter also.
pw-bot: cr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [External] Re: [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers
2024-10-01 1:58 ` Martin KaFai Lau
@ 2024-10-16 8:28 ` Feng Zhou
0 siblings, 0 replies; 5+ messages in thread
From: Feng Zhou @ 2024-10-16 8:28 UTC (permalink / raw)
To: Martin KaFai Lau
Cc: daniel, john.fastabend, ast, andrii, eddyz87, song, yonghong.song,
kpsingh, sdf, haoluo, jolsa, davem, edumazet, kuba, pabeni,
mykolal, shuah, geliang, laoar.shao, netdev, linux-kernel, bpf,
linux-kselftest, yangzhenze, wangdongdong.6
在 2024/10/1 09:58, Martin KaFai Lau 写道:
> On 9/18/24 12:45 AM, Feng zhou wrote:
>> From: Feng Zhou <zhoufeng.zf@bytedance.com>
>>
>> This patch adds a test for cgroup skb to get classid.
>>
>> Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
>> ---
>> .../bpf/prog_tests/cg_skb_get_classid.c | 87 +++++++++++++++++++
>> .../selftests/bpf/progs/cg_skb_get_classid.c | 19 ++++
>> 2 files changed, 106 insertions(+)
>> create mode 100644
>> tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
>> create mode 100644
>> tools/testing/selftests/bpf/progs/cg_skb_get_classid.c
>>
>> diff --git
>> a/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
>> b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
>> new file mode 100644
>> index 000000000000..13a5943c387d
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/prog_tests/cg_skb_get_classid.c
>> @@ -0,0 +1,87 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +
>> +/*
>> + * Copyright 2024 Bytedance.
>> + */
>> +
>> +#include <test_progs.h>
>> +
>> +#include "cg_skb_get_classid.skel.h"
>> +
>> +#include "cgroup_helpers.h"
>> +#include "network_helpers.h"
>> +
>> +static int run_test(int cgroup_fd, int server_fd)
>> +{
>> + struct cg_skb_get_classid *skel;
>> + int fd, err = 0;
>> +
>> + skel = cg_skb_get_classid__open_and_load();
>> + if (!ASSERT_OK_PTR(skel, "skel_open"))
>> + return -1;
>> +
>> + skel->links.cg_skb_classid =
>> + bpf_program__attach_cgroup(skel->progs.cg_skb_classid,
>> + cgroup_fd);
>> + if (!ASSERT_OK_PTR(skel->links.cg_skb_classid, "prog_attach")) {
>> + err = -1;
>> + goto out;
>> + }
>> +
>> + if (!ASSERT_OK(join_classid(), "join_classid")) {
>> + err = -1;
>> + goto out;
>> + }
>> +
>> + errno = 0;
>> + fd = connect_to_fd_opts(server_fd, NULL);
>> + if (fd >= 0) {
>> + if (skel->bss->classid != getpid()) {
>> + log_err("Get unexpected classid");
>> + err = -1;
>> + }
>> +
>> + close(fd);
>> + } else {
>> + log_err("Unexpected errno from connect to server");
>> + err = -1;
>> + }
>> +out:
>> + cg_skb_get_classid__destroy(skel);
>> + return err;
>> +}
>> +
>> +void test_cg_skb_get_classid(void)
>> +{
>> + struct network_helper_opts opts = {};
>> + int server_fd, client_fd, cgroup_fd;
>> + static const int port = 60120;
>
> Running a test with a specific port without netns could fail when
> test_progs is run in parallel (-j). e.g. cgroup_v1v2 is using the same
> port.
>
>> +
>> + /* Step 1: Check base connectivity works without any BPF. */
>> + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
>> + if (!ASSERT_GE(server_fd, 0, "server_fd"))
>> + return;
>> + client_fd = connect_to_fd_opts(server_fd, &opts);
>> + if (!ASSERT_GE(client_fd, 0, "client_fd")) {
>> + close(server_fd);
>> + return;
>> + }
>> + close(client_fd);
>> + close(server_fd);
>
> imo, this connection pre-test is unnecessary. I would remove it.
>
>> +
>> + /* Step 2: Check BPF prog attached to cgroups. */
>> + cgroup_fd = test__join_cgroup("/cg_skb_get_classid");
>> + if (!ASSERT_GE(cgroup_fd, 0, "cgroup_fd"))
>> + return;
>> + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, port, 0);
>> + if (!ASSERT_GE(server_fd, 0, "server_fd")) {
>> + close(cgroup_fd);
>> + return;
>> + }
>> + setup_classid_environment();
>> + set_classid();
>> + ASSERT_OK(run_test(cgroup_fd, server_fd), "cg_skb_get_classid");
>
> Please run this test under a netns and without specifying a particular
> port. connect_to_fd_opts will figure out the port used in server_fd.
>
> Patch 1 lgtm.
>
> Please add a few words to the cover letter also.
>
> pw-bot: cr
Sorry for taking so long to reply.
Will do, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-10-16 8:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-18 7:45 [PATCH bpf-next v2 0/2] Cgroup skb add helper to get net_cls's classid Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 1/2] bpf: cg_skb add get classid helper Feng zhou
2024-09-18 7:45 ` [PATCH bpf-next v2 2/2] bpf, selftests: Add test case for cgroup skb to get net_cls classid helpers Feng zhou
2024-10-01 1:58 ` Martin KaFai Lau
2024-10-16 8:28 ` [External] " Feng Zhou
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).