On Wed, Jul 24, 2019 at 10:11 AM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote:
>
> bpf_flow.c: exit early unless FLOW_DISSECTOR_F_PARSE_1ST_FRAG is passed
> in flags. Also, set ip_proto earlier, this makes sure we have correct
> value with fragmented packets.
>
> Add selftest cases to test ipv4/ipv6 fragments and skip eth_get_headlen
> tests that don't have FLOW_DISSECTOR_F_PARSE_1ST_FRAG flag.
>
> eth_get_headlen calls flow dissector with
> FLOW_DISSECTOR_F_PARSE_1ST_FRAG flag so we can't run tests that
> have different set of input flags against it.
>
> Cc: Willem de Bruijn <willemb@xxxxxxxxxx>
> Cc: Petar Penkov <ppenkov@xxxxxxxxxx>
> Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
> ---
> .../selftests/bpf/prog_tests/flow_dissector.c | 129 ++++++++++++++++++
> tools/testing/selftests/bpf/progs/bpf_flow.c | 28 +++-
> 2 files changed, 151 insertions(+), 6 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
> index c938283ac232..966cb3b06870 100644
> --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
> +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
> @@ -5,6 +5,10 @@
> #include <linux/if_tun.h>
> #include <sys/uio.h>
>
> +#ifndef IP_MF
> +#define IP_MF 0x2000
> +#endif
> +
> #define CHECK_FLOW_KEYS(desc, got, expected) \
> CHECK_ATTR(memcmp(&got, &expected, sizeof(got)) != 0, \
> desc, \
> @@ -49,6 +53,18 @@ struct ipv6_pkt {
> struct tcphdr tcp;
> } __packed;
>
> +struct ipv6_frag_pkt {
> + struct ethhdr eth;
> + struct ipv6hdr iph;
> + struct frag_hdr {
> + __u8 nexthdr;
> + __u8 reserved;
> + __be16 frag_off;
> + __be32 identification;
> + } ipf;
> + struct tcphdr tcp;
> +} __packed;
> +
> struct dvlan_ipv6_pkt {
> struct ethhdr eth;
> __u16 vlan_tci;
> @@ -65,9 +81,11 @@ struct test {
> struct ipv4_pkt ipv4;
> struct svlan_ipv4_pkt svlan_ipv4;
> struct ipv6_pkt ipv6;
> + struct ipv6_frag_pkt ipv6_frag;
> struct dvlan_ipv6_pkt dvlan_ipv6;
> } pkt;
> struct bpf_flow_keys keys;
> + __u32 flags;
> };
>
> #define VLAN_HLEN 4
> @@ -143,6 +161,102 @@ struct test tests[] = {
> .n_proto = __bpf_constant_htons(ETH_P_IPV6),
> },
> },
> + {
> + .name = "ipv4-frag",
> + .pkt.ipv4 = {
> + .eth.h_proto = __bpf_constant_htons(ETH_P_IP),
> + .iph.ihl = 5,
> + .iph.protocol = IPPROTO_TCP,
> + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES),
> + .iph.frag_off = __bpf_constant_htons(IP_MF),
> + .tcp.doff = 5,
> + .tcp.source = 80,
> + .tcp.dest = 8080,
> + },
> + .keys = {
> + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
> + .nhoff = ETH_HLEN,
> + .thoff = ETH_HLEN + sizeof(struct iphdr),
> + .addr_proto = ETH_P_IP,
> + .ip_proto = IPPROTO_TCP,
> + .n_proto = __bpf_constant_htons(ETH_P_IP),
> + .is_frag = true,
> + .is_first_frag = true,
> + .sport = 80,
> + .dport = 8080,
> + },
> + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
> + },
> + {
> + .name = "ipv4-no-frag",
> + .pkt.ipv4 = {
> + .eth.h_proto = __bpf_constant_htons(ETH_P_IP),
> + .iph.ihl = 5,
> + .iph.protocol = IPPROTO_TCP,
> + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES),
> + .iph.frag_off = __bpf_constant_htons(IP_MF),
> + .tcp.doff = 5,
> + .tcp.source = 80,
> + .tcp.dest = 8080,
> + },
> + .keys = {
> + .nhoff = ETH_HLEN,
> + .thoff = ETH_HLEN + sizeof(struct iphdr),
> + .addr_proto = ETH_P_IP,
> + .ip_proto = IPPROTO_TCP,
> + .n_proto = __bpf_constant_htons(ETH_P_IP),
> + .is_frag = true,
> + .is_first_frag = true,
> + },
> + },
> + {
> + .name = "ipv6-frag",
> + .pkt.ipv6_frag = {
> + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6),
> + .iph.nexthdr = IPPROTO_FRAGMENT,
> + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES),
> + .ipf.nexthdr = IPPROTO_TCP,
> + .tcp.doff = 5,
> + .tcp.source = 80,
> + .tcp.dest = 8080,
> + },
> + .keys = {
> + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
> + .nhoff = ETH_HLEN,
> + .thoff = ETH_HLEN + sizeof(struct ipv6hdr) +
> + sizeof(struct frag_hdr),
> + .addr_proto = ETH_P_IPV6,
> + .ip_proto = IPPROTO_TCP,
> + .n_proto = __bpf_constant_htons(ETH_P_IPV6),
> + .is_frag = true,
> + .is_first_frag = true,
> + .sport = 80,
> + .dport = 8080,
> + },
> + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
> + },
> + {
> + .name = "ipv6-no-frag",
> + .pkt.ipv6_frag = {
> + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6),
> + .iph.nexthdr = IPPROTO_FRAGMENT,
> + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES),
> + .ipf.nexthdr = IPPROTO_TCP,
> + .tcp.doff = 5,
> + .tcp.source = 80,
> + .tcp.dest = 8080,
> + },
> + .keys = {
> + .nhoff = ETH_HLEN,
> + .thoff = ETH_HLEN + sizeof(struct ipv6hdr) +
> + sizeof(struct frag_hdr),
> + .addr_proto = ETH_P_IPV6,
> + .ip_proto = IPPROTO_TCP,
> + .n_proto = __bpf_constant_htons(ETH_P_IPV6),
> + .is_frag = true,
> + .is_first_frag = true,
> + },
> + },
> };
>
> static int create_tap(const char *ifname)
> @@ -225,6 +339,13 @@ void test_flow_dissector(void)
> .data_size_in = sizeof(tests[i].pkt),
> .data_out = &flow_keys,
> };
> + static struct bpf_flow_keys ctx = {};
> +
> + if (tests[i].flags) {
> + tattr.ctx_in = &ctx;
> + tattr.ctx_size_in = sizeof(ctx);
> + ctx.flags = tests[i].flags;
> + }
>
> err = bpf_prog_test_run_xattr(&tattr);
> CHECK_ATTR(tattr.data_size_out != sizeof(flow_keys) ||
> @@ -255,6 +376,14 @@ void test_flow_dissector(void)
> struct bpf_prog_test_run_attr tattr = {};
> __u32 key = 0;
>
> + /* Don't run tests that are not marked as
> + * FLOW_DISSECTOR_F_PARSE_1ST_FRAG; eth_get_headlen
> + * sets this flag.
> + */
> +
> + if (tests[i].flags != FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
> + continue;
Maybe test flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG == 0 instead?
It is not necessary now, but might be useful in the future.
Thanks,
Song
