From: Yonghong Song <yonghong.song@linux.dev>
To: Mahe Tardy <mahe.tardy@gmail.com>, lkp@intel.com
Cc: alexei.starovoitov@gmail.com, andrii@kernel.org, ast@kernel.org,
bpf@vger.kernel.org, coreteam@netfilter.org,
daniel@iogearbox.net, fw@strlen.de, john.fastabend@gmail.com,
martin.lau@linux.dev, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, oe-kbuild-all@lists.linux.dev,
pablo@netfilter.org
Subject: Re: [PATCH bpf-next v3 4/4] selftests/bpf: add icmp_send_unreach kfunc tests
Date: Mon, 28 Jul 2025 08:40:49 -0700 [thread overview]
Message-ID: <356fe0b5-b66e-475b-b914-919339bb441a@linux.dev> (raw)
In-Reply-To: <20250728094345.46132-5-mahe.tardy@gmail.com>
On 7/28/25 2:43 AM, Mahe Tardy wrote:
> This test opens a server and client, attach a cgroup_skb program on
> egress and calls the icmp_send_unreach function from the client egress
> so that an ICMP unreach control message is sent back to the client.
> It then fetches the message from the error queue to confirm the correct
> ICMP unreach code has been sent.
>
> Note that the BPF program returns SK_PASS to let the connection being
> established to finish the test cases quicker. Otherwise, you have to
> wait for the TCP three-way handshake to timeout in the kernel and
> retrieve the errno translated from the unreach code set by the ICMP
> control message.
>
> Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
> ---
> .../bpf/prog_tests/icmp_send_unreach_kfunc.c | 99 +++++++++++++++++++
> .../selftests/bpf/progs/icmp_send_unreach.c | 36 +++++++
> 2 files changed, 135 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c
> create mode 100644 tools/testing/selftests/bpf/progs/icmp_send_unreach.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c b/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c
> new file mode 100644
> index 000000000000..414c1ed8ced3
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/icmp_send_unreach_kfunc.c
> @@ -0,0 +1,99 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <test_progs.h>
> +#include <network_helpers.h>
> +#include <linux/errqueue.h>
> +#include "icmp_send_unreach.skel.h"
> +
> +#define TIMEOUT_MS 1000
> +#define SRV_PORT 54321
> +
> +#define ICMP_DEST_UNREACH 3
> +
> +#define ICMP_FRAG_NEEDED 4
> +#define NR_ICMP_UNREACH 15
> +
> +static void read_icmp_errqueue(int sockfd, int expected_code)
> +{
> + ssize_t n;
> + struct sock_extended_err *sock_err;
> + struct cmsghdr *cm;
> + char ctrl_buf[512];
> + struct msghdr msg = {
> + .msg_control = ctrl_buf,
> + .msg_controllen = sizeof(ctrl_buf),
> + };
> +
> + n = recvmsg(sockfd, &msg, MSG_ERRQUEUE);
> + if (!ASSERT_GE(n, 0, "recvmsg_errqueue"))
> + return;
> +
> + for (cm = CMSG_FIRSTHDR(&msg); cm; cm = CMSG_NXTHDR(&msg, cm)) {
> + if (!ASSERT_EQ(cm->cmsg_level, IPPROTO_IP, "cmsg_type") ||
> + !ASSERT_EQ(cm->cmsg_type, IP_RECVERR, "cmsg_level"))
> + continue;
> +
> + sock_err = (struct sock_extended_err *)CMSG_DATA(cm);
> +
> + if (!ASSERT_EQ(sock_err->ee_origin, SO_EE_ORIGIN_ICMP,
> + "sock_err_origin_icmp"))
> + return;
> + if (!ASSERT_EQ(sock_err->ee_type, ICMP_DEST_UNREACH,
> + "sock_err_type_dest_unreach"))
> + return;
> + ASSERT_EQ(sock_err->ee_code, expected_code, "sock_err_code");
> + }
> +}
> +
> +void test_icmp_send_unreach_kfunc(void)
> +{
> + struct icmp_send_unreach *skel;
> + int cgroup_fd = -1, client_fd = 1, srv_fd = -1;
Should set client_fd = -1? See below ...
> + int *code;
> +
> + skel = icmp_send_unreach__open_and_load();
> + if (!ASSERT_OK_PTR(skel, "skel_open"))
> + goto cleanup;
> +
> + cgroup_fd = test__join_cgroup("/icmp_send_unreach_cgroup");
> + if (!ASSERT_GE(cgroup_fd, 0, "join_cgroup"))
> + goto cleanup;
> +
> + skel->links.egress =
> + bpf_program__attach_cgroup(skel->progs.egress, cgroup_fd);
> + if (!ASSERT_OK_PTR(skel->links.egress, "prog_attach_cgroup"))
> + goto cleanup;
> +
> + code = &skel->bss->unreach_code;
> +
> + for (*code = 0; *code <= NR_ICMP_UNREACH; (*code)++) {
> + // The TCP stack reacts differently when asking for
> + // fragmentation, let's ignore it for now
> + if (*code == ICMP_FRAG_NEEDED)
> + continue;
> +
> + skel->bss->kfunc_ret = -1;
> +
> + srv_fd = start_server(AF_INET, SOCK_STREAM, "127.0.0.1",
> + SRV_PORT, TIMEOUT_MS);
> + if (!ASSERT_GE(srv_fd, 0, "start_server"))
> + goto for_cleanup;
Otherwise if client_fd = 1, goto for_cleanup will close(1).
> +
> + client_fd = socket(AF_INET, SOCK_STREAM, 0);
> + ASSERT_GE(client_fd, 0, "client_socket");
The above two lines are not necessary since client_fd is
actually set in the below.
> +
> + client_fd = connect_to_fd(srv_fd, 0);
> + if (!ASSERT_GE(client_fd, 0, "client_connect"))
> + goto for_cleanup;
> +
> + read_icmp_errqueue(client_fd, *code);
> +
> + ASSERT_EQ(skel->bss->kfunc_ret, SK_DROP, "kfunc_ret");
> +for_cleanup:
> + close(client_fd);
> + close(srv_fd);
> + }
> +
> +cleanup:
> + icmp_send_unreach__destroy(skel);
> + close(cgroup_fd);
> +}
[...]
next prev parent reply other threads:[~2025-07-28 15:41 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAADnVQKq_-=N7eJoup6AqFngoocT+D02NF0md_3mi2Vcrw09nQ@mail.gmail.com>
2025-07-25 18:53 ` [PATCH bpf-next v1 0/4] bpf: add icmp_send_unreach kfunc Mahe Tardy
2025-07-25 18:53 ` [PATCH bpf-next v2 1/4] net: move netfilter nf_reject_fill_skb_dst to core ipv4 Mahe Tardy
2025-07-25 18:53 ` [PATCH bpf-next v2 2/4] net: move netfilter nf_reject6_fill_skb_dst to core ipv6 Mahe Tardy
2025-07-25 18:53 ` [PATCH bpf-next v2 3/4] bpf: add bpf_icmp_send_unreach cgroup_skb kfunc Mahe Tardy
2025-07-27 1:49 ` kernel test robot
2025-07-28 9:43 ` [PATCH bpf-next v3 0/4] bpf: add icmp_send_unreach kfunc Mahe Tardy
2025-07-28 9:43 ` [PATCH bpf-next v3 1/4] net: move netfilter nf_reject_fill_skb_dst to core ipv4 Mahe Tardy
2025-07-28 9:43 ` [PATCH bpf-next v3 2/4] net: move netfilter nf_reject6_fill_skb_dst to core ipv6 Mahe Tardy
2025-07-28 9:43 ` [PATCH bpf-next v3 3/4] bpf: add bpf_icmp_send_unreach cgroup_skb kfunc Mahe Tardy
2025-07-28 20:10 ` kernel test robot
2025-07-29 1:05 ` Martin KaFai Lau
2025-07-29 10:06 ` Mahe Tardy
2025-07-29 23:13 ` Martin KaFai Lau
2025-07-28 9:43 ` [PATCH bpf-next v3 4/4] selftests/bpf: add icmp_send_unreach kfunc tests Mahe Tardy
2025-07-28 15:40 ` Yonghong Song [this message]
2025-07-28 15:59 ` Mahe Tardy
2025-07-29 1:18 ` Martin KaFai Lau
2025-07-29 9:09 ` Mahe Tardy
2025-07-29 23:27 ` Martin KaFai Lau
2025-07-30 0:01 ` Martin KaFai Lau
2025-07-30 0:32 ` Martin KaFai Lau
2025-08-05 23:26 ` Jordan Rife
2025-07-29 1:21 ` [PATCH bpf-next v3 0/4] bpf: add icmp_send_unreach kfunc Martin KaFai Lau
2025-07-29 9:53 ` Mahe Tardy
2025-07-30 1:54 ` Martin KaFai Lau
2025-08-01 18:50 ` Mahe Tardy
2025-07-25 18:53 ` [PATCH bpf-next v2 4/4] selftests/bpf: add icmp_send_unreach kfunc tests Mahe Tardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=356fe0b5-b66e-475b-b914-919339bb441a@linux.dev \
--to=yonghong.song@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=coreteam@netfilter.org \
--cc=daniel@iogearbox.net \
--cc=fw@strlen.de \
--cc=john.fastabend@gmail.com \
--cc=lkp@intel.com \
--cc=mahe.tardy@gmail.com \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).