From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
posk@google.com, Willem de Bruijn <willemb@google.com>
Subject: [PATCH bpf-next 06/13] selftests/bpf: extend bpf tunnel test with tso
Date: Wed, 20 Mar 2019 10:49:37 -0400 [thread overview]
Message-ID: <20190320144944.147862-7-willemdebruijn.kernel@gmail.com> (raw)
In-Reply-To: <20190320144944.147862-1-willemdebruijn.kernel@gmail.com>
From: Willem de Bruijn <willemb@google.com>
Segmentation offload takes a longer path. Verify that the feature
works with large packets.
The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth
TSO is permissive.
If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on
supporting NICs.
The feature sets SKB_GSO_DODGY because the caller is untrusted. As a
result the packets traverse through the gso stack at least up to TCP.
And fail the gso_type validation, such as the skb->encapsulation check
in gre_gso_segment and the gso_type checks introduced in commit
418e897e0716 ("gso: validate gso_type on ipip style tunnel").
This will be addressed in a follow-on feature patch. In the meantime,
disable the new gso tests.
Signed-off-by: Willem de Bruijn <willemb@google.com>
---
tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 +++++++++++++++----
1 file changed, 49 insertions(+), 11 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index c78922048610b..5d9d56520c694 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2
readonly ns1_v6=fd::1
readonly ns2_v6=fd::2
+readonly infile="$(mktemp)"
+readonly outfile="$(mktemp)"
setup() {
ip netns add "${ns1}"
@@ -23,6 +25,8 @@ setup() {
ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \
peer name veth2 mtu 1500 netns "${ns2}"
+ ip netns exec "${ns1}" ethtool -K veth1 tso off
+
ip -netns "${ns1}" link set veth1 up
ip -netns "${ns2}" link set veth2 up
@@ -32,58 +36,86 @@ setup() {
ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
sleep 1
+
+ dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none
}
cleanup() {
ip netns del "${ns2}"
ip netns del "${ns1}"
+
+ if [[ -f "${outfile}" ]]; then
+ rm "${outfile}"
+ fi
+ if [[ -f "${infile}" ]]; then
+ rm "${infile}"
+ fi
}
server_listen() {
- ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" &
+ ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" &
+ server_pid=$!
sleep 0.2
}
client_connect() {
- ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}"
+ ip netns exec "${ns1}" nc "${netcat_opt}" -q 0 -w 1 "${addr2}" "${port}" < "${infile}"
echo $?
}
+verify_data() {
+ wait "${server_pid}"
+ # sha1sum returns two fields [sha1] [filepath]
+ # convert to bash array and access first elem
+ insum=($(sha1sum ${infile}))
+ outsum=($(sha1sum ${outfile}))
+ if [[ "${insum[0]}" != "${outsum[0]}" ]]; then
+ echo "data mismatch"
+ exit 1
+ fi
+}
+
set -e
# no arguments: automated test, run all
if [[ "$#" -eq "0" ]]; then
echo "ipip"
- $0 ipv4 ipip
+ $0 ipv4 ipip 100
echo "ip6ip6"
- $0 ipv6 ip6tnl
+ $0 ipv6 ip6tnl 100
echo "ip gre"
- $0 ipv4 gre
+ $0 ipv4 gre 100
echo "ip6 gre"
- $0 ipv6 ip6gre
+ $0 ipv6 ip6gre 100
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip gre gso"
+ # $0 ipv4 gre 2000
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip6 gre gso"
+ # $0 ipv6 ip6gre 2000
echo "OK. All tests passed"
exit 0
fi
-if [[ "$#" -ne "2" ]]; then
+if [[ "$#" -ne "3" ]]; then
echo "Usage: $0"
- echo " or: $0 <ipv4|ipv6> <tuntype>"
+ echo " or: $0 <ipv4|ipv6> <tuntype> <data_len>"
exit 1
fi
case "$1" in
"ipv4")
- readonly tuntype=$2
readonly addr1="${ns1_v4}"
readonly addr2="${ns2_v4}"
readonly netcat_opt=-4
;;
"ipv6")
- readonly tuntype=$2
readonly addr1="${ns1_v6}"
readonly addr2="${ns2_v6}"
readonly netcat_opt=-6
@@ -94,7 +126,10 @@ case "$1" in
;;
esac
-echo "encap ${addr1} to ${addr2}, type ${tuntype}"
+readonly tuntype=$2
+readonly datalen=$3
+
+echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}"
trap cleanup EXIT
@@ -104,6 +139,7 @@ setup
echo "test basic connectivity"
server_listen
client_connect
+verify_data
# clientside, insert bpf program to encap all TCP to port ${port}
# client can no longer connect
@@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
ip netns exec "${ns2}" ip link set dev testtun0 up
echo "test bpf encap with tunnel device decap"
client_connect
+verify_data
# serverside, use BPF for decap
ip netns exec "${ns2}" ip link del dev testtun0
@@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \
server_listen
echo "test bpf encap with bpf decap"
client_connect
+verify_data
echo OK
--
2.21.0.225.g810b269d1ac-goog
next prev parent reply other threads:[~2019-03-20 14:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-20 14:49 [PATCH bpf-next 00/13] bpf tc tunneling Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 01/13] bpf: in bpf_skb_adjust_room avoid copy in tx fast path Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 02/13] selftests/bpf: bpf tunnel encap test Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 03/13] selftests/bpf: expand bpf tunnel test with decap Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 04/13] selftests/bpf: expand bpf tunnel test to ipv6 Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 05/13] selftests/bpf: extend bpf tunnel test with gre Willem de Bruijn
2019-03-20 14:49 ` Willem de Bruijn [this message]
2019-03-20 14:49 ` [PATCH bpf-next 07/13] bpf: add bpf_skb_adjust_room mode BPF_ADJ_ROOM_MAC Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 08/13] bpf: add bpf_skb_adjust_room flag BPF_F_ADJ_ROOM_FIXED_GSO Willem de Bruijn
2019-03-21 13:42 ` Alan Maguire
2019-03-21 14:00 ` Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 09/13] bpf: add bpf_skb_adjust_room encap flags Willem de Bruijn
2019-03-20 15:51 ` Alan Maguire
2019-03-20 18:10 ` Willem de Bruijn
2019-03-21 3:13 ` Alexei Starovoitov
2019-03-21 13:25 ` Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 10/13] bpf: Sync bpf.h to tools Willem de Bruijn
2019-03-20 14:56 ` Soheil Hassas Yeganeh
2019-03-20 14:49 ` [PATCH bpf-next 11/13] selftests/bpf: convert bpf tunnel test to BPF_ADJ_ROOM_MAC Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 12/13] selftests/bpf: convert bpf tunnel test to BPF_F_ADJ_ROOM_FIXED_GSO Willem de Bruijn
2019-03-20 14:49 ` [PATCH bpf-next 13/13] selftests/bpf: convert bpf tunnel test to encap modes Willem de Bruijn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190320144944.147862-7-willemdebruijn.kernel@gmail.com \
--to=willemdebruijn.kernel@gmail.com \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
--cc=posk@google.com \
--cc=sdf@google.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).