From 723f1b9ce332ae50dede24daa7a1abc0c87a6f83 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:40 +0100 Subject: [PATCH 01/10] selftests/bpf: helpers: Add append_tid() Some tests can't be run in parallel because they use same namespace names or veth names. Create an helper that appends the thread ID to a given string. 8 characters are used for it (7 digits + '\0') Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Link: https://patch.msgid.link/20250131-redirect-multi-v4-1-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- tools/testing/selftests/bpf/network_helpers.c | 17 +++++++++++++++++ tools/testing/selftests/bpf/network_helpers.h | 12 ++++++++++++ 2 files changed, 29 insertions(+) diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c index 80844a5fb1fe..a4252e000428 100644 --- a/tools/testing/selftests/bpf/network_helpers.c +++ b/tools/testing/selftests/bpf/network_helpers.c @@ -446,6 +446,23 @@ char *ping_command(int family) return "ping"; } +int append_tid(char *str, size_t sz) +{ + size_t end; + + if (!str) + return -1; + + end = strlen(str); + if (end + 8 > sz) + return -1; + + sprintf(&str[end], "%07d", gettid()); + str[end + 7] = '\0'; + + return 0; +} + int remove_netns(const char *name) { char *cmd; diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h index ebec8a8d6f81..9f6e05d886c5 100644 --- a/tools/testing/selftests/bpf/network_helpers.h +++ b/tools/testing/selftests/bpf/network_helpers.h @@ -98,6 +98,18 @@ int send_recv_data(int lfd, int fd, uint32_t total_bytes); int make_netns(const char *name); int remove_netns(const char *name); +/** + * append_tid() - Append thread ID to the given string. + * + * @str: string to extend + * @sz: string's size + * + * 8 characters are used to append the thread ID (7 digits + '\0') + * + * Returns -1 on errors, 0 otherwise + */ +int append_tid(char *str, size_t sz); + static __u16 csum_fold(__u32 csum) { csum = (csum & 0xffff) + (csum >> 16); From 6d34f5b728eb28e4f5acb00dc147507fea2e510c Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:41 +0100 Subject: [PATCH 02/10] selftests/bpf: test_xdp_veth: Remove unused defines IP_CMD_MAX_LEN and NS_SUFFIX_LEN aren't used anywhere. Remove these unused defines Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Link: https://patch.msgid.link/20250131-redirect-multi-v4-2-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index 8d75424fe6bc..95e1791ea7e0 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -25,11 +25,9 @@ #include "xdp_tx.skel.h" #define VETH_PAIRS_COUNT 3 -#define NS_SUFFIX_LEN 6 #define VETH_NAME_MAX_LEN 16 #define IP_SRC "10.1.1.11" #define IP_DST "10.1.1.33" -#define IP_CMD_MAX_LEN 128 struct skeletons { struct xdp_dummy *xdp_dummy; From 0f5bab8dffc4e38454e13f228e2c5eed01cc319b Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:42 +0100 Subject: [PATCH 03/10] selftests/bpf: test_xdp_veth: Remove unecessarry check_ping() check_ping() directly returns a SYS_NOFAIL without any previous treatment. It's called only once in the file and hardcodes the used namespace and ip address. Replace check_ping() with a direct call of SYS_NOFAIL in the test. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Link: https://patch.msgid.link/20250131-redirect-multi-v4-3-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index 95e1791ea7e0..d41884fdc430 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -170,15 +170,6 @@ static void cleanup_network(void) SYS_NOFAIL("ip netns del %s", config[i].namespace); } -static int check_ping(struct skeletons *skeletons) -{ - /* Test: if all interfaces are properly configured, we must be able to ping - * veth33 from veth11 - */ - return SYS_NOFAIL("ip netns exec %s ping -c 1 -W 1 %s > /dev/null", - config[0].namespace, IP_DST); -} - void test_xdp_veth_redirect(void) { struct skeletons skeletons = {}; @@ -198,7 +189,11 @@ void test_xdp_veth_redirect(void) if (configure_network(&skeletons)) goto destroy_xdp_redirect_map; - ASSERT_OK(check_ping(&skeletons), "ping"); + /* Test: if all interfaces are properly configured, we must be able to ping + * veth33 from veth11 + */ + ASSERT_OK(SYS_NOFAIL("ip netns exec %s ping -c 1 -W 1 %s > /dev/null", + config[0].namespace, IP_DST), "ping"); destroy_xdp_redirect_map: xdp_redirect_map__destroy(skeletons.xdp_redirect_maps); From 71e0b1cc72414e6f287902daaa9585078c711689 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:43 +0100 Subject: [PATCH 04/10] selftests/bpf: test_xdp_veth: Use int to describe next veth In the struct veth_configuration, the next_veth string is used to tell the next virtual interface to which packets must be redirected to. So it has to match the local_veth string of an other veth_configuration. Change next_veth type to int to avoid handling two identical strings. This integer is used as an offset in the network configuration table. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Link: https://patch.msgid.link/20250131-redirect-multi-v4-4-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../testing/selftests/bpf/prog_tests/test_xdp_veth.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index d41884fdc430..942c6e99e15e 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -39,7 +39,7 @@ struct veth_configuration { char local_veth[VETH_NAME_MAX_LEN]; /* Interface in main namespace */ char remote_veth[VETH_NAME_MAX_LEN]; /* Peer interface in dedicated namespace*/ const char *namespace; /* Namespace for the remote veth */ - char next_veth[VETH_NAME_MAX_LEN]; /* Local interface to redirect traffic to */ + int next_veth; /* Local interface to redirect traffic to */ char *remote_addr; /* IP address of the remote veth */ }; @@ -47,21 +47,21 @@ static struct veth_configuration config[VETH_PAIRS_COUNT] = { { .local_veth = "veth1", .remote_veth = "veth11", - .next_veth = "veth2", + .next_veth = 1, .remote_addr = IP_SRC, .namespace = "ns-veth11" }, { .local_veth = "veth2", .remote_veth = "veth22", - .next_veth = "veth3", + .next_veth = 2, .remote_addr = NULL, .namespace = "ns-veth22" }, { .local_veth = "veth3", .remote_veth = "veth33", - .next_veth = "veth1", + .next_veth = 0, .remote_addr = IP_DST, .namespace = "ns-veth33" } @@ -144,7 +144,9 @@ static int configure_network(struct skeletons *skeletons) if (!ASSERT_GE(map_fd, 0, "open redirect map")) goto fail; for (i = 0; i < VETH_PAIRS_COUNT; i++) { - interface_id = if_nametoindex(config[i].next_veth); + int next_veth = config[i].next_veth; + + interface_id = if_nametoindex(config[next_veth].local_veth); if (!ASSERT_NEQ(interface_id, 0, "non zero interface index")) goto fail; err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); From 3c32cbbbcda3160b7b4c235c0b207b459759c6e1 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:44 +0100 Subject: [PATCH 05/10] selftests/bpf: test_xdp_veth: Split network configuration configure_network() does two things : it first creates the network topology and then configures the BPF maps to fit the test needs. This isn't convenient if we want to re-use the same network topology for different test cases. Rename configure_network() create_network(). Move the BPF configuration to the test itself. Split the test description in two parts, first the description of the network topology, then the description of the test case. Remove the veth indexes from the ASCII art as dynamic ones are used Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Acked-by: Stanislav Fomichev Link: https://patch.msgid.link/20250131-redirect-multi-v4-5-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 81 +++++++++++-------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index 942c6e99e15e..710136861bda 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -3,17 +3,27 @@ /* Create 3 namespaces with 3 veth peers, and forward packets in-between using * native XDP * - * XDP_TX - * NS1(veth11) NS2(veth22) NS3(veth33) - * | | | - * | | | - * (veth1, (veth2, (veth3, - * id:111) id:122) id:133) - * ^ | ^ | ^ | - * | | XDP_REDIRECT | | XDP_REDIRECT | | - * | ------------------ ------------------ | - * ----------------------------------------- - * XDP_REDIRECT + * Network topology: + * ---------- ---------- ---------- + * | NS1 | | NS2 | | NS3 | + * | veth11 | | veth22 | | veth33 | + * ----|----- -----|---- -----|---- + * | | | + * veth1 veth2 veth3 + * + * Test cases: + * - [test_xdp_veth_redirect] : ping veth33 from veth11 + * + * veth11 veth22 veth33 + * (XDP_PASS) (XDP_TX) (XDP_PASS) + * | | | + * | | | + * veth1 veth2 veth3 + * (XDP_REDIRECT) (XDP_REDIRECT) (XDP_REDIRECT) + * ^ | ^ | ^ | + * | | | | | | + * | ------------------ ------------------ | + * ----------------------------------------- */ #define _GNU_SOURCE @@ -119,12 +129,9 @@ static int attach_programs_to_veth_pair(struct skeletons *skeletons, int index) return 0; } -static int configure_network(struct skeletons *skeletons) +static int create_network(void) { - int interface_id; - int map_fd; - int err; - int i = 0; + int i; /* First create and configure all interfaces */ for (i = 0; i < VETH_PAIRS_COUNT; i++) { @@ -139,27 +146,11 @@ static int configure_network(struct skeletons *skeletons) config[i].remote_veth); } - /* Then configure the redirect map and attach programs to interfaces */ - map_fd = bpf_map__fd(skeletons->xdp_redirect_maps->maps.tx_port); - if (!ASSERT_GE(map_fd, 0, "open redirect map")) - goto fail; - for (i = 0; i < VETH_PAIRS_COUNT; i++) { - int next_veth = config[i].next_veth; - - interface_id = if_nametoindex(config[next_veth].local_veth); - if (!ASSERT_NEQ(interface_id, 0, "non zero interface index")) - goto fail; - err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); - if (!ASSERT_OK(err, "configure interface redirection through map")) - goto fail; - if (attach_programs_to_veth_pair(skeletons, i)) - goto fail; - } - return 0; fail: return -1; + } static void cleanup_network(void) @@ -175,6 +166,8 @@ static void cleanup_network(void) void test_xdp_veth_redirect(void) { struct skeletons skeletons = {}; + int map_fd; + int i; skeletons.xdp_dummy = xdp_dummy__open_and_load(); if (!ASSERT_OK_PTR(skeletons.xdp_dummy, "xdp_dummy__open_and_load")) @@ -188,9 +181,29 @@ void test_xdp_veth_redirect(void) if (!ASSERT_OK_PTR(skeletons.xdp_redirect_maps, "xdp_redirect_map__open_and_load")) goto destroy_xdp_tx; - if (configure_network(&skeletons)) + if (!ASSERT_OK(create_network(), "create_network")) goto destroy_xdp_redirect_map; + /* Then configure the redirect map and attach programs to interfaces */ + map_fd = bpf_map__fd(skeletons.xdp_redirect_maps->maps.tx_port); + if (!ASSERT_OK_FD(map_fd, "open redirect map")) + goto destroy_xdp_redirect_map; + + for (i = 0; i < VETH_PAIRS_COUNT; i++) { + int next_veth = config[i].next_veth; + int interface_id; + int err; + + interface_id = if_nametoindex(config[next_veth].local_veth); + if (!ASSERT_NEQ(interface_id, 0, "non zero interface index")) + goto destroy_xdp_redirect_map; + err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); + if (!ASSERT_OK(err, "configure interface redirection through map")) + goto destroy_xdp_redirect_map; + if (attach_programs_to_veth_pair(&skeletons, i)) + goto destroy_xdp_redirect_map; + } + /* Test: if all interfaces are properly configured, we must be able to ping * veth33 from veth11 */ From 7e9f3c875d1cae35a3f23dc527d408ea4b90e562 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:45 +0100 Subject: [PATCH 06/10] selftests/bpf: test_xdp_veth: Rename config[] The network topology is held by the config[] table. This 'config' name is a bit too generic if we want to add other configuration variables. Rename config[] to net_config[]. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Acked-by: Stanislav Fomichev Link: https://patch.msgid.link/20250131-redirect-multi-v4-6-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index 710136861bda..a214d5b479be 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -53,7 +53,7 @@ struct veth_configuration { char *remote_addr; /* IP address of the remote veth */ }; -static struct veth_configuration config[VETH_PAIRS_COUNT] = { +static struct veth_configuration net_config[VETH_PAIRS_COUNT] = { { .local_veth = "veth1", .remote_veth = "veth11", @@ -105,17 +105,17 @@ static int attach_programs_to_veth_pair(struct skeletons *skeletons, int index) remote_link = &skeletons->xdp_dummy->links.xdp_dummy_prog; break; } - interface = if_nametoindex(config[index].local_veth); + interface = if_nametoindex(net_config[index].local_veth); if (!ASSERT_NEQ(interface, 0, "non zero interface index")) return -1; link = bpf_program__attach_xdp(local_prog, interface); if (!ASSERT_OK_PTR(link, "attach xdp program to local veth")) return -1; *local_link = link; - nstoken = open_netns(config[index].namespace); + nstoken = open_netns(net_config[index].namespace); if (!ASSERT_OK_PTR(nstoken, "switch to remote veth namespace")) return -1; - interface = if_nametoindex(config[index].remote_veth); + interface = if_nametoindex(net_config[index].remote_veth); if (!ASSERT_NEQ(interface, 0, "non zero interface index")) { close_netns(nstoken); return -1; @@ -135,15 +135,15 @@ static int create_network(void) /* First create and configure all interfaces */ for (i = 0; i < VETH_PAIRS_COUNT; i++) { - SYS(fail, "ip netns add %s", config[i].namespace); + SYS(fail, "ip netns add %s", net_config[i].namespace); SYS(fail, "ip link add %s type veth peer name %s netns %s", - config[i].local_veth, config[i].remote_veth, config[i].namespace); - SYS(fail, "ip link set dev %s up", config[i].local_veth); - if (config[i].remote_addr) - SYS(fail, "ip -n %s addr add %s/24 dev %s", config[i].namespace, - config[i].remote_addr, config[i].remote_veth); - SYS(fail, "ip -n %s link set dev %s up", config[i].namespace, - config[i].remote_veth); + net_config[i].local_veth, net_config[i].remote_veth, net_config[i].namespace); + SYS(fail, "ip link set dev %s up", net_config[i].local_veth); + if (net_config[i].remote_addr) + SYS(fail, "ip -n %s addr add %s/24 dev %s", net_config[i].namespace, + net_config[i].remote_addr, net_config[i].remote_veth); + SYS(fail, "ip -n %s link set dev %s up", net_config[i].namespace, + net_config[i].remote_veth); } return 0; @@ -160,7 +160,7 @@ static void cleanup_network(void) /* Deleting namespaces is enough to automatically remove veth pairs as well */ for (i = 0; i < VETH_PAIRS_COUNT; i++) - SYS_NOFAIL("ip netns del %s", config[i].namespace); + SYS_NOFAIL("ip netns del %s", net_config[i].namespace); } void test_xdp_veth_redirect(void) @@ -190,11 +190,11 @@ void test_xdp_veth_redirect(void) goto destroy_xdp_redirect_map; for (i = 0; i < VETH_PAIRS_COUNT; i++) { - int next_veth = config[i].next_veth; + int next_veth = net_config[i].next_veth; int interface_id; int err; - interface_id = if_nametoindex(config[next_veth].local_veth); + interface_id = if_nametoindex(net_config[next_veth].local_veth); if (!ASSERT_NEQ(interface_id, 0, "non zero interface index")) goto destroy_xdp_redirect_map; err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); @@ -208,7 +208,7 @@ void test_xdp_veth_redirect(void) * veth33 from veth11 */ ASSERT_OK(SYS_NOFAIL("ip netns exec %s ping -c 1 -W 1 %s > /dev/null", - config[0].namespace, IP_DST), "ping"); + net_config[0].namespace, IP_DST), "ping"); destroy_xdp_redirect_map: xdp_redirect_map__destroy(skeletons.xdp_redirect_maps); From edb996fae276927df96c3c332e18a658bc0f2492 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:46 +0100 Subject: [PATCH 07/10] selftests/bpf: test_xdp_veth: Add prog_config[] table The BPF program attached to each veth is hardcoded through the use of the struct skeletons. It prevents from re-using the initialization code in new test cases. Replace the struct skeletons by a bpf_object table. Add a struct prog_configuration that holds the name of BPF program to load on a given veth pair. Use bpf_object__find_program_by_name() / bpf_xdp_attach() API instead of bpf_program__attach_xdp() to retrieve the BPF programs from their names. Detach BPF progs in the cleanup() as it's not automatically done by this API. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Acked-by: Stanislav Fomichev Link: https://patch.msgid.link/20250131-redirect-multi-v4-7-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 133 +++++++++++------- 1 file changed, 80 insertions(+), 53 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index a214d5b479be..d1435490b967 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -38,12 +38,7 @@ #define VETH_NAME_MAX_LEN 16 #define IP_SRC "10.1.1.11" #define IP_DST "10.1.1.33" - -struct skeletons { - struct xdp_dummy *xdp_dummy; - struct xdp_tx *xdp_tx; - struct xdp_redirect_map *xdp_redirect_maps; -}; +#define PROG_NAME_MAX_LEN 128 struct veth_configuration { char local_veth[VETH_NAME_MAX_LEN]; /* Interface in main namespace */ @@ -77,55 +72,59 @@ static struct veth_configuration net_config[VETH_PAIRS_COUNT] = { } }; -static int attach_programs_to_veth_pair(struct skeletons *skeletons, int index) +struct prog_configuration { + char local_name[PROG_NAME_MAX_LEN]; /* BPF prog to attach to local_veth */ + char remote_name[PROG_NAME_MAX_LEN]; /* BPF prog to attach to remote_veth */ +}; + +static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, + struct prog_configuration *prog, int index) { struct bpf_program *local_prog, *remote_prog; - struct bpf_link **local_link, **remote_link; struct nstoken *nstoken; - struct bpf_link *link; - int interface; + int interface, ret, i; - switch (index) { - case 0: - local_prog = skeletons->xdp_redirect_maps->progs.xdp_redirect_map_0; - local_link = &skeletons->xdp_redirect_maps->links.xdp_redirect_map_0; - remote_prog = skeletons->xdp_dummy->progs.xdp_dummy_prog; - remote_link = &skeletons->xdp_dummy->links.xdp_dummy_prog; - break; - case 1: - local_prog = skeletons->xdp_redirect_maps->progs.xdp_redirect_map_1; - local_link = &skeletons->xdp_redirect_maps->links.xdp_redirect_map_1; - remote_prog = skeletons->xdp_tx->progs.xdp_tx; - remote_link = &skeletons->xdp_tx->links.xdp_tx; - break; - case 2: - local_prog = skeletons->xdp_redirect_maps->progs.xdp_redirect_map_2; - local_link = &skeletons->xdp_redirect_maps->links.xdp_redirect_map_2; - remote_prog = skeletons->xdp_dummy->progs.xdp_dummy_prog; - remote_link = &skeletons->xdp_dummy->links.xdp_dummy_prog; - break; + for (i = 0; i < nb_obj; i++) { + local_prog = bpf_object__find_program_by_name(objs[i], prog[index].local_name); + if (local_prog) + break; } + if (!ASSERT_OK_PTR(local_prog, "find local program")) + return -1; + + for (i = 0; i < nb_obj; i++) { + remote_prog = bpf_object__find_program_by_name(objs[i], prog[index].remote_name); + if (remote_prog) + break; + } + if (!ASSERT_OK_PTR(remote_prog, "find remote program")) + return -1; + interface = if_nametoindex(net_config[index].local_veth); if (!ASSERT_NEQ(interface, 0, "non zero interface index")) return -1; - link = bpf_program__attach_xdp(local_prog, interface); - if (!ASSERT_OK_PTR(link, "attach xdp program to local veth")) + + ret = bpf_xdp_attach(interface, bpf_program__fd(local_prog), 0, NULL); + if (!ASSERT_OK(ret, "attach xdp program to local veth")) return -1; - *local_link = link; + nstoken = open_netns(net_config[index].namespace); if (!ASSERT_OK_PTR(nstoken, "switch to remote veth namespace")) return -1; + interface = if_nametoindex(net_config[index].remote_veth); if (!ASSERT_NEQ(interface, 0, "non zero interface index")) { close_netns(nstoken); return -1; } - link = bpf_program__attach_xdp(remote_prog, interface); - *remote_link = link; - close_netns(nstoken); - if (!ASSERT_OK_PTR(link, "attach xdp program to remote veth")) - return -1; + ret = bpf_xdp_attach(interface, bpf_program__fd(remote_prog), 0, NULL); + if (!ASSERT_OK(ret, "attach xdp program to remote veth")) { + close_netns(nstoken); + return -1; + } + + close_netns(nstoken); return 0; } @@ -150,45 +149,73 @@ static int create_network(void) fail: return -1; - } static void cleanup_network(void) { + struct nstoken *nstoken; int i; - /* Deleting namespaces is enough to automatically remove veth pairs as well - */ - for (i = 0; i < VETH_PAIRS_COUNT; i++) + for (i = 0; i < VETH_PAIRS_COUNT; i++) { + bpf_xdp_detach(if_nametoindex(net_config[i].local_veth), 0, NULL); + nstoken = open_netns(net_config[i].namespace); + if (nstoken) { + bpf_xdp_detach(if_nametoindex(net_config[i].remote_veth), 0, NULL); + close_netns(nstoken); + } + /* in case the detach failed */ + SYS_NOFAIL("ip link del %s", net_config[i].local_veth); SYS_NOFAIL("ip netns del %s", net_config[i].namespace); + } } +#define VETH_REDIRECT_SKEL_NB 3 void test_xdp_veth_redirect(void) { - struct skeletons skeletons = {}; + struct prog_configuration ping_config[VETH_PAIRS_COUNT] = { + { + .local_name = "xdp_redirect_map_0", + .remote_name = "xdp_dummy_prog", + }, + { + .local_name = "xdp_redirect_map_1", + .remote_name = "xdp_tx", + }, + { + .local_name = "xdp_redirect_map_2", + .remote_name = "xdp_dummy_prog", + } + }; + struct bpf_object *bpf_objs[VETH_REDIRECT_SKEL_NB]; + struct xdp_redirect_map *xdp_redirect_map; + struct xdp_dummy *xdp_dummy; + struct xdp_tx *xdp_tx; int map_fd; int i; - skeletons.xdp_dummy = xdp_dummy__open_and_load(); - if (!ASSERT_OK_PTR(skeletons.xdp_dummy, "xdp_dummy__open_and_load")) + xdp_dummy = xdp_dummy__open_and_load(); + if (!ASSERT_OK_PTR(xdp_dummy, "xdp_dummy__open_and_load")) return; - skeletons.xdp_tx = xdp_tx__open_and_load(); - if (!ASSERT_OK_PTR(skeletons.xdp_tx, "xdp_tx__open_and_load")) + xdp_tx = xdp_tx__open_and_load(); + if (!ASSERT_OK_PTR(xdp_tx, "xdp_tx__open_and_load")) goto destroy_xdp_dummy; - skeletons.xdp_redirect_maps = xdp_redirect_map__open_and_load(); - if (!ASSERT_OK_PTR(skeletons.xdp_redirect_maps, "xdp_redirect_map__open_and_load")) + xdp_redirect_map = xdp_redirect_map__open_and_load(); + if (!ASSERT_OK_PTR(xdp_redirect_map, "xdp_redirect_map__open_and_load")) goto destroy_xdp_tx; if (!ASSERT_OK(create_network(), "create_network")) goto destroy_xdp_redirect_map; /* Then configure the redirect map and attach programs to interfaces */ - map_fd = bpf_map__fd(skeletons.xdp_redirect_maps->maps.tx_port); + map_fd = bpf_map__fd(xdp_redirect_map->maps.tx_port); if (!ASSERT_OK_FD(map_fd, "open redirect map")) goto destroy_xdp_redirect_map; + bpf_objs[0] = xdp_dummy->obj; + bpf_objs[1] = xdp_tx->obj; + bpf_objs[2] = xdp_redirect_map->obj; for (i = 0; i < VETH_PAIRS_COUNT; i++) { int next_veth = net_config[i].next_veth; int interface_id; @@ -200,7 +227,7 @@ void test_xdp_veth_redirect(void) err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); if (!ASSERT_OK(err, "configure interface redirection through map")) goto destroy_xdp_redirect_map; - if (attach_programs_to_veth_pair(&skeletons, i)) + if (attach_programs_to_veth_pair(bpf_objs, VETH_REDIRECT_SKEL_NB, ping_config, i)) goto destroy_xdp_redirect_map; } @@ -211,11 +238,11 @@ void test_xdp_veth_redirect(void) net_config[0].namespace, IP_DST), "ping"); destroy_xdp_redirect_map: - xdp_redirect_map__destroy(skeletons.xdp_redirect_maps); + xdp_redirect_map__destroy(xdp_redirect_map); destroy_xdp_tx: - xdp_tx__destroy(skeletons.xdp_tx); + xdp_tx__destroy(xdp_tx); destroy_xdp_dummy: - xdp_dummy__destroy(skeletons.xdp_dummy); + xdp_dummy__destroy(xdp_dummy); cleanup_network(); } From 450effe2daffb679889f3d57a1309f1efc69202b Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:47 +0100 Subject: [PATCH 08/10] selftests/bpf: test_xdp_veth: Add XDP flags to prog_configuration XDP flags are hardcoded to 0 at attachment. Add flags attributes to the struct prog_configuration to allow flag modifications for each test case. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Acked-by: Stanislav Fomichev Link: https://patch.msgid.link/20250131-redirect-multi-v4-8-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index d1435490b967..59fa742b16bd 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -75,6 +75,8 @@ static struct veth_configuration net_config[VETH_PAIRS_COUNT] = { struct prog_configuration { char local_name[PROG_NAME_MAX_LEN]; /* BPF prog to attach to local_veth */ char remote_name[PROG_NAME_MAX_LEN]; /* BPF prog to attach to remote_veth */ + u32 local_flags; /* XDP flags to use on local_veth */ + u32 remote_flags; /* XDP flags to use on remote_veth */ }; static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, @@ -104,7 +106,8 @@ static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, if (!ASSERT_NEQ(interface, 0, "non zero interface index")) return -1; - ret = bpf_xdp_attach(interface, bpf_program__fd(local_prog), 0, NULL); + ret = bpf_xdp_attach(interface, bpf_program__fd(local_prog), + prog[index].local_flags, NULL); if (!ASSERT_OK(ret, "attach xdp program to local veth")) return -1; @@ -118,7 +121,8 @@ static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, return -1; } - ret = bpf_xdp_attach(interface, bpf_program__fd(remote_prog), 0, NULL); + ret = bpf_xdp_attach(interface, bpf_program__fd(remote_prog), + prog[index].remote_flags, NULL); if (!ASSERT_OK(ret, "attach xdp program to remote veth")) { close_netns(nstoken); return -1; @@ -176,14 +180,20 @@ void test_xdp_veth_redirect(void) { .local_name = "xdp_redirect_map_0", .remote_name = "xdp_dummy_prog", + .local_flags = 0, + .remote_flags = 0, }, { .local_name = "xdp_redirect_map_1", .remote_name = "xdp_tx", + .local_flags = 0, + .remote_flags = 0, }, { .local_name = "xdp_redirect_map_2", .remote_name = "xdp_dummy_prog", + .local_flags = 0, + .remote_flags = 0, } }; struct bpf_object *bpf_objs[VETH_REDIRECT_SKEL_NB]; From 29c7bb7d0fa7c4bb30b93c9ea56de80c779fcc47 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:48 +0100 Subject: [PATCH 09/10] selftests/bpf: test_xdp_veth: Use unique names The network namespaces and the veth used by the tests have hardcoded names that can conflict with other tests during parallel runs. Use the append_tid() helper to ensure the uniqueness of these names. Use the static network configuration table as a template on which thread IDs are appended in each test. Set a fixed size to remote_addr field so the struct veth_configuration can also have a fixed size. Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Link: https://patch.msgid.link/20250131-redirect-multi-v4-9-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 51 ++++++++++++------- 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index 59fa742b16bd..b869d466ada1 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -35,40 +35,42 @@ #include "xdp_tx.skel.h" #define VETH_PAIRS_COUNT 3 -#define VETH_NAME_MAX_LEN 16 +#define VETH_NAME_MAX_LEN 32 +#define IP_MAX_LEN 16 #define IP_SRC "10.1.1.11" #define IP_DST "10.1.1.33" #define PROG_NAME_MAX_LEN 128 +#define NS_NAME_MAX_LEN 32 struct veth_configuration { char local_veth[VETH_NAME_MAX_LEN]; /* Interface in main namespace */ char remote_veth[VETH_NAME_MAX_LEN]; /* Peer interface in dedicated namespace*/ - const char *namespace; /* Namespace for the remote veth */ + char namespace[NS_NAME_MAX_LEN]; /* Namespace for the remote veth */ int next_veth; /* Local interface to redirect traffic to */ - char *remote_addr; /* IP address of the remote veth */ + char remote_addr[IP_MAX_LEN]; /* IP address of the remote veth */ }; -static struct veth_configuration net_config[VETH_PAIRS_COUNT] = { +static const struct veth_configuration default_config[VETH_PAIRS_COUNT] = { { - .local_veth = "veth1", + .local_veth = "veth1-", .remote_veth = "veth11", .next_veth = 1, .remote_addr = IP_SRC, - .namespace = "ns-veth11" + .namespace = "ns-veth11-" }, { - .local_veth = "veth2", + .local_veth = "veth2-", .remote_veth = "veth22", .next_veth = 2, - .remote_addr = NULL, - .namespace = "ns-veth22" + .remote_addr = "", + .namespace = "ns-veth22-" }, { - .local_veth = "veth3", + .local_veth = "veth3-", .remote_veth = "veth33", .next_veth = 0, .remote_addr = IP_DST, - .namespace = "ns-veth33" + .namespace = "ns-veth33-" } }; @@ -80,6 +82,7 @@ struct prog_configuration { }; static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, + struct veth_configuration *net_config, struct prog_configuration *prog, int index) { struct bpf_program *local_prog, *remote_prog; @@ -132,17 +135,27 @@ static int attach_programs_to_veth_pair(struct bpf_object **objs, size_t nb_obj, return 0; } -static int create_network(void) +static int create_network(struct veth_configuration *net_config) { - int i; + int i, err; + + memcpy(net_config, default_config, VETH_PAIRS_COUNT * sizeof(struct veth_configuration)); /* First create and configure all interfaces */ for (i = 0; i < VETH_PAIRS_COUNT; i++) { + err = append_tid(net_config[i].namespace, NS_NAME_MAX_LEN); + if (!ASSERT_OK(err, "append TID to ns name")) + return -1; + + err = append_tid(net_config[i].local_veth, VETH_NAME_MAX_LEN); + if (!ASSERT_OK(err, "append TID to local veth name")) + return -1; + SYS(fail, "ip netns add %s", net_config[i].namespace); SYS(fail, "ip link add %s type veth peer name %s netns %s", net_config[i].local_veth, net_config[i].remote_veth, net_config[i].namespace); SYS(fail, "ip link set dev %s up", net_config[i].local_veth); - if (net_config[i].remote_addr) + if (net_config[i].remote_addr[0]) SYS(fail, "ip -n %s addr add %s/24 dev %s", net_config[i].namespace, net_config[i].remote_addr, net_config[i].remote_veth); SYS(fail, "ip -n %s link set dev %s up", net_config[i].namespace, @@ -155,7 +168,7 @@ static int create_network(void) return -1; } -static void cleanup_network(void) +static void cleanup_network(struct veth_configuration *net_config) { struct nstoken *nstoken; int i; @@ -196,6 +209,7 @@ void test_xdp_veth_redirect(void) .remote_flags = 0, } }; + struct veth_configuration net_config[VETH_PAIRS_COUNT]; struct bpf_object *bpf_objs[VETH_REDIRECT_SKEL_NB]; struct xdp_redirect_map *xdp_redirect_map; struct xdp_dummy *xdp_dummy; @@ -215,7 +229,7 @@ void test_xdp_veth_redirect(void) if (!ASSERT_OK_PTR(xdp_redirect_map, "xdp_redirect_map__open_and_load")) goto destroy_xdp_tx; - if (!ASSERT_OK(create_network(), "create_network")) + if (!ASSERT_OK(create_network(net_config), "create network")) goto destroy_xdp_redirect_map; /* Then configure the redirect map and attach programs to interfaces */ @@ -237,7 +251,8 @@ void test_xdp_veth_redirect(void) err = bpf_map_update_elem(map_fd, &i, &interface_id, BPF_ANY); if (!ASSERT_OK(err, "configure interface redirection through map")) goto destroy_xdp_redirect_map; - if (attach_programs_to_veth_pair(bpf_objs, VETH_REDIRECT_SKEL_NB, ping_config, i)) + if (attach_programs_to_veth_pair(bpf_objs, VETH_REDIRECT_SKEL_NB, + net_config, ping_config, i)) goto destroy_xdp_redirect_map; } @@ -254,5 +269,5 @@ void test_xdp_veth_redirect(void) destroy_xdp_dummy: xdp_dummy__destroy(xdp_dummy); - cleanup_network(); + cleanup_network(net_config); } From 0c4ea7e3479ce92ec4fccf9ae32eddebb8e462f9 Mon Sep 17 00:00:00 2001 From: "Bastien Curutchet (eBPF Foundation)" Date: Fri, 31 Jan 2025 08:21:49 +0100 Subject: [PATCH 10/10] selftests/bpf: test_xdp_veth: Add new test cases for XDP flags The XDP redirection is tested without any flag provided to the xdp_attach() function. Add two subtests that check the correct behaviour with XDP_FLAGS_{DRV/SKB}_MODE flags Signed-off-by: Bastien Curutchet (eBPF Foundation) Signed-off-by: Martin KaFai Lau Acked-by: Stanislav Fomichev Link: https://patch.msgid.link/20250131-redirect-multi-v4-10-970b33678512@bootlin.com Signed-off-by: Alexei Starovoitov --- .../selftests/bpf/prog_tests/test_xdp_veth.c | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c index b869d466ada1..73a440e44d52 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c +++ b/tools/testing/selftests/bpf/prog_tests/test_xdp_veth.c @@ -33,6 +33,7 @@ #include "xdp_dummy.skel.h" #include "xdp_redirect_map.skel.h" #include "xdp_tx.skel.h" +#include #define VETH_PAIRS_COUNT 3 #define VETH_NAME_MAX_LEN 32 @@ -187,26 +188,26 @@ static void cleanup_network(struct veth_configuration *net_config) } #define VETH_REDIRECT_SKEL_NB 3 -void test_xdp_veth_redirect(void) +static void xdp_veth_redirect(u32 flags) { struct prog_configuration ping_config[VETH_PAIRS_COUNT] = { { .local_name = "xdp_redirect_map_0", .remote_name = "xdp_dummy_prog", - .local_flags = 0, - .remote_flags = 0, + .local_flags = flags, + .remote_flags = flags, }, { .local_name = "xdp_redirect_map_1", .remote_name = "xdp_tx", - .local_flags = 0, - .remote_flags = 0, + .local_flags = flags, + .remote_flags = flags, }, { .local_name = "xdp_redirect_map_2", .remote_name = "xdp_dummy_prog", - .local_flags = 0, - .remote_flags = 0, + .local_flags = flags, + .remote_flags = flags, } }; struct veth_configuration net_config[VETH_PAIRS_COUNT]; @@ -271,3 +272,15 @@ void test_xdp_veth_redirect(void) cleanup_network(net_config); } + +void test_xdp_veth_redirect(void) +{ + if (test__start_subtest("0")) + xdp_veth_redirect(0); + + if (test__start_subtest("DRV_MODE")) + xdp_veth_redirect(XDP_FLAGS_DRV_MODE); + + if (test__start_subtest("SKB_MODE")) + xdp_veth_redirect(XDP_FLAGS_SKB_MODE); +}