Re: [PATCH bpf-next 4/4] selftests/bpf: convert test_skb_cgroup_id_user to test_progs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 31/07/2024 11:38, Alexis Lothoré (eBPF Foundation) wrote:
> test_skb_cgroup_id_user allows testing skb cgroup id retrieval at different
> levels, but is not integrated in test_progs, so it is not run
> automatically in CI. The test overlaps a bit with
> cgroup_skb_sk_lookup_kern, which is integrated in test_progs and test
> extensively skb cgroup helpers, but there is still one major difference
> between the two tests which justifies the conversion:
> cgroup_skb_sk_lookup_kern deals with a BPF_PROG_TYPE_CGROUP_SKB (attached
> on a cgroup), while test_skb_cgroup_id_user deals with a
> BPF_PROG_TYPE_SCHED_CLS (attached on a qdisc)
> 
> Convert test_skb_cgroup_id_user into test_progs framework in order to run
> it automatically in CI. The main differences with the original test are the
> following:
> - rename the test to make it shorter and more straightforward regarding
>   tested feature
> - the wrapping shell script has been dropped since every setup step is now
>   handled in the main C test file
> - the test has been renamed for a shorter name and reflecting the tested
>   API
> - add dedicated assert log per level to ease test failure debugging
> 
> Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@xxxxxxxxxxx>

Looks great! A few things below...

> ---
> The new test has been tested in a qemu environment:
> 
>   ./test_progs -a cgroup_ancestor
>   44      cgroup_ancestor:OK
>   Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
> ---
>  tools/testing/selftests/bpf/.gitignore             |   1 -
>  tools/testing/selftests/bpf/Makefile               |   3 +-
>  .../selftests/bpf/prog_tests/cgroup_ancestor.c     | 159 ++++++++++++++++++
>  tools/testing/selftests/bpf/test_skb_cgroup_id.sh  |  67 --------
>  .../selftests/bpf/test_skb_cgroup_id_user.c        | 183 ---------------------
>  5 files changed, 160 insertions(+), 253 deletions(-)
> 
> diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore
> index a45f11f81337..c46950d4ef53 100644
> --- a/tools/testing/selftests/bpf/.gitignore
> +++ b/tools/testing/selftests/bpf/.gitignore
> @@ -20,7 +20,6 @@ test_sock
>  urandom_read
>  test_sockmap
>  test_lirc_mode2_user
> -test_skb_cgroup_id_user
>  test_flow_dissector
>  flow_dissector_load
>  test_tcpnotify_user
> diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile
> index 0ac0f9dbc2f8..057e6ba003f1 100644
> --- a/tools/testing/selftests/bpf/Makefile
> +++ b/tools/testing/selftests/bpf/Makefile
> @@ -138,7 +138,7 @@ TEST_PROGS_EXTENDED := with_addr.sh \
>  	test_xdp_vlan.sh test_bpftool.py
>  
>  # Compile but not part of 'make run_tests'
> -TEST_GEN_PROGS_EXTENDED = test_skb_cgroup_id_user \
> +TEST_GEN_PROGS_EXTENDED = \
>  	flow_dissector_load test_flow_dissector test_tcp_check_syncookie_user \
>  	test_lirc_mode2_user xdping test_cpp runqslower bench bpf_testmod.ko \
>  	xskxceiver xdp_redirect_multi xdp_synproxy veristat xdp_hw_metadata \
> @@ -292,7 +292,6 @@ CAP_HELPERS	:= $(OUTPUT)/cap_helpers.o
>  NETWORK_HELPERS := $(OUTPUT)/network_helpers.o
>  
>  $(OUTPUT)/test_dev_cgroup: $(CGROUP_HELPERS) $(TESTING_HELPERS)
> -$(OUTPUT)/test_skb_cgroup_id_user: $(CGROUP_HELPERS) $(TESTING_HELPERS)
>  $(OUTPUT)/test_sock: $(CGROUP_HELPERS) $(TESTING_HELPERS)
>  $(OUTPUT)/test_sockmap: $(CGROUP_HELPERS) $(TESTING_HELPERS)
>  $(OUTPUT)/test_tcpnotify_user: $(CGROUP_HELPERS) $(TESTING_HELPERS) $(TRACE_HELPERS)
> diff --git a/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c b/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c
> new file mode 100644
> index 000000000000..796aa3af75e8
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/cgroup_ancestor.c
> @@ -0,0 +1,159 @@
> +// SPDX-License-Identifier: GPL-2.0
> +
> +#include "test_progs.h"
> +#include "network_helpers.h"
> +#include "cgroup_helpers.h"
> +#include "cgroup_ancestor.skel.h"
> +
> +#define VETH_PREFIX "test_cgid_"
> +#define VETH_1 VETH_PREFIX "1"
> +#define VETH_2 VETH_PREFIX "2"
> +#define CGROUP_PATH "/skb_cgroup_test"
> +#define NUM_CGROUP_LEVELS 4
> +#define WAIT_AUTO_IP_MAX_ATTEMPT 10
> +#define DST_ADDR "ff02::1"
> +#define DST_PORT 1234
> +#define MAX_ASSERT_NAME 32
> +
> +struct test_data {
> +	struct cgroup_ancestor *skel;
> +	struct bpf_tc_hook qdisc;
> +	struct bpf_tc_opts tc_attach;
> +};
> +
> +static int send_datagram(void)
> +{
> +	unsigned char buf[] = "some random test data";
> +	struct sockaddr_in6 addr = { .sin6_family = AF_INET6,
> +				     .sin6_port = htons(DST_PORT),
> +				     .sin6_scope_id = if_nametoindex(VETH_1) };
> +	int sock, n;
> +
> +	if (!ASSERT_EQ(inet_pton(AF_INET6, DST_ADDR, &addr.sin6_addr), 1,
> +		       "inet_pton"))
> +		return -1;
> +
> +	sock = socket(AF_INET6, SOCK_DGRAM, 0);
> +	if (!ASSERT_OK_FD(sock, "create socket"))
> +		return sock;
> +
> +	n = sendto(sock, buf, sizeof(buf), 0, (const struct sockaddr *)&addr,
> +		   sizeof(addr));
> +	if (!ASSERT_EQ(n, sizeof(buf), "send data"))
> +		return n;
> +
> +	return 0;
> +}
> +
> +static int wait_local_ip(void)
> +{
> +	char *ping_cmd = ping_command(AF_INET6);
> +	int i, err;
> +
> +	for (i = 0; i < WAIT_AUTO_IP_MAX_ATTEMPT; i++) {
> +		err = SYS_NOFAIL("%s -c 1 -W 1 %s%%%s", ping_cmd, DST_ADDR,
> +				 VETH_1);
> +		if (!err)
> +			break;
> +	}


thinking about the risks of CI flakiness, would a small sleep between
checks be worth doing here?
> +
> +	return err;
> +}
> +
> +static int setup_network(struct test_data *t)
> +{
> +	int ret;
> +
> +	SYS(fail, "ip link add dev %s type veth peer name %s", VETH_1, VETH_2);
> +	SYS(fail, "ip link set %s up", VETH_1);
> +	SYS(fail, "ip link set %s up", VETH_2);
> +
> +	ret = wait_local_ip();
> +	if (!ASSERT_EQ(ret, 0, "wait local ip"))
> +		goto fail;
> +
> +	memset(&t->qdisc, 0, sizeof(t->qdisc));
> +	t->qdisc.sz = sizeof(t->qdisc);
> +	t->qdisc.attach_point = BPF_TC_EGRESS;
> +	t->qdisc.ifindex = if_nametoindex(VETH_1);
> +	if (!ASSERT_NEQ(t->qdisc.ifindex, 0, "if_nametoindex"))
> +		goto cleanup_interfaces;
> +	if (!ASSERT_OK(bpf_tc_hook_create(&t->qdisc), "qdisc add"))
> +		goto cleanup_interfaces;
> +
> +	memset(&t->tc_attach, 0, sizeof(t->tc_attach));
> +	t->tc_attach.sz = sizeof(t->tc_attach);
> +	t->tc_attach.prog_fd = bpf_program__fd(t->skel->progs.log_cgroup_id);
> +	if (!ASSERT_OK(bpf_tc_attach(&t->qdisc, &t->tc_attach), "filter add"))
> +		goto cleanup_qdisc;
> +
> +	return 0;
> +
> +cleanup_qdisc:
> +	bpf_tc_hook_destroy(&t->qdisc);
> +cleanup_interfaces:
> +	SYS_NOFAIL("ip link del %s", VETH_1);
> +fail:
> +	return 1;
> +}
> +
> +static void cleanup_network(struct test_data *t)
> +{
> +	bpf_tc_detach(&t->qdisc, &t->tc_attach);
> +	bpf_tc_hook_destroy(&t->qdisc);
> +	/* Deleting first interface will also delete peer interface */
> +	SYS_NOFAIL("ip link del %s", VETH_1);
> +}
> +
> +static void check_ancestors_ids(struct test_data *t)
> +{
> +	__u64 actual_ids[NUM_CGROUP_LEVELS], expected_ids[NUM_CGROUP_LEVELS];
> +	char assert_name[MAX_ASSERT_NAME];
> +	__u32 level;
> +	int err;
> +
> +	expected_ids[0] = get_cgroup_id("/.."); /* root cgroup */
> +	expected_ids[1] = get_cgroup_id("");
> +	expected_ids[2] = get_cgroup_id(CGROUP_PATH);
> +	expected_ids[3] = 0; /* non-existent cgroup */
> +
> +	for (level = 0; level < NUM_CGROUP_LEVELS; level++) {
> +		err = bpf_map__lookup_elem(t->skel->maps.cgroup_ids, &level,
> +					   sizeof(level), &actual_ids[level],
> +					   sizeof(__u64), 0);

could probably simplify this + the BPF prog using a global array of
actual_ids[], then compare it to the expected values using
skel->bss->actual_ids

> +		if (!ASSERT_OK(err, "read map"))
> +			continue;
> +		snprintf(assert_name, MAX_ASSERT_NAME,
> +			 "ancestor id at level %d", level);
> +		ASSERT_EQ(actual_ids[level], expected_ids[level], assert_name);
> +	}
> +}
> +
> +void test_cgroup_ancestor(void)
> +{
> +	struct test_data t;
> +	int cgroup_fd;
> +
> +	t.skel = cgroup_ancestor__open_and_load();
> +	if (!ASSERT_OK_PTR(t.skel, "open and load"))
> +		return;
> +
> +	if (setup_network(&t))
> +		goto cleanup_progs;
> +
> +	cgroup_fd = cgroup_setup_and_join(CGROUP_PATH);
> +	if (cgroup_fd < 0)
> +		goto cleanup_network;
> +
> +	if (send_datagram())
> +		goto cleanup_cgroups;
> +
> +	check_ancestors_ids(&t);
> +
> +cleanup_cgroups:
> +	cleanup_cgroup_environment();
> +cleanup_network:
> +	cleanup_network(&t);
> +cleanup_progs:
> +	cgroup_ancestor__destroy(t.skel);
> +}
> diff --git a/tools/testing/selftests/bpf/test_skb_cgroup_id.sh b/tools/testing/selftests/bpf/test_skb_cgroup_id.sh
> deleted file mode 100755
> index d7dad49175c2..000000000000
> --- a/tools/testing/selftests/bpf/test_skb_cgroup_id.sh
> +++ /dev/null
> @@ -1,67 +0,0 @@
> -#!/bin/sh
> -# SPDX-License-Identifier: GPL-2.0
> -# Copyright (c) 2018 Facebook
> -
> -set -eu
> -
> -wait_for_ip()
> -{
> -	local _i
> -	echo -n "Wait for testing link-local IP to become available "
> -	for _i in $(seq ${MAX_PING_TRIES}); do
> -		echo -n "."
> -		if $PING6 -c 1 -W 1 ff02::1%${TEST_IF} >/dev/null 2>&1; then
> -			echo " OK"
> -			return
> -		fi
> -		sleep 1
> -	done
> -	echo 1>&2 "ERROR: Timeout waiting for test IP to become available."
> -	exit 1
> -}
> -
> -setup()
> -{
> -	# Create testing interfaces not to interfere with current environment.
> -	ip link add dev ${TEST_IF} type veth peer name ${TEST_IF_PEER}
> -	ip link set ${TEST_IF} up
> -	ip link set ${TEST_IF_PEER} up
> -
> -	wait_for_ip
> -
> -	tc qdisc add dev ${TEST_IF} clsact
> -	mkdir -p /sys/fs/bpf/${BPF_PROG_PIN}
> -	bpftool prog loadall ${BPF_PROG_OBJ} /sys/fs/bpf/${BPF_PROG_PIN} type tc
> -	tc filter add dev ${TEST_IF} egress bpf da object-pinned \
> -		/sys/fs/bpf/${BPF_PROG_PIN}/${BPF_PROG_NAME}
> -
> -	BPF_PROG_ID=$(tc filter show dev ${TEST_IF} egress | \
> -			awk '/ id / {sub(/.* id /, "", $0); print($1)}')
> -}
> -
> -cleanup()
> -{
> -	ip link del ${TEST_IF} 2>/dev/null || :
> -	ip link del ${TEST_IF_PEER} 2>/dev/null || :
> -	rm -rf /sys/fs/bpf/${BPF_PROG_PIN}
> -}
> -
> -main()
> -{
> -	trap cleanup EXIT 2 3 6 15
> -	setup
> -	${PROG} ${TEST_IF} ${BPF_PROG_ID}
> -}
> -
> -DIR=$(dirname $0)
> -TEST_IF="test_cgid_1"
> -TEST_IF_PEER="test_cgid_2"
> -MAX_PING_TRIES=5
> -BPF_PROG_PIN="cgroup_ancestor"
> -BPF_PROG_OBJ="${DIR}/${BPF_PROG_PIN}.bpf.o"
> -BPF_PROG_NAME="log_cgroup_id"
> -BPF_PROG_ID=0
> -PROG="${DIR}/test_skb_cgroup_id_user"
> -type ping6 >/dev/null 2>&1 && PING6="ping6" || PING6="ping -6"
> -
> -main
> diff --git a/tools/testing/selftests/bpf/test_skb_cgroup_id_user.c b/tools/testing/selftests/bpf/test_skb_cgroup_id_user.c
> deleted file mode 100644
> index ed518d075d1d..000000000000
> --- a/tools/testing/selftests/bpf/test_skb_cgroup_id_user.c
> +++ /dev/null
> @@ -1,183 +0,0 @@
> -// SPDX-License-Identifier: GPL-2.0
> -// Copyright (c) 2018 Facebook
> -
> -#include <stdlib.h>
> -#include <string.h>
> -#include <unistd.h>
> -
> -#include <arpa/inet.h>
> -#include <net/if.h>
> -#include <netinet/in.h>
> -#include <sys/socket.h>
> -#include <sys/types.h>
> -
> -
> -#include <bpf/bpf.h>
> -#include <bpf/libbpf.h>
> -
> -#include "cgroup_helpers.h"
> -
> -#define CGROUP_PATH		"/skb_cgroup_test"
> -#define NUM_CGROUP_LEVELS	4
> -
> -/* RFC 4291, Section 2.7.1 */
> -#define LINKLOCAL_MULTICAST	"ff02::1"
> -
> -static int mk_dst_addr(const char *ip, const char *iface,
> -		       struct sockaddr_in6 *dst)
> -{
> -	memset(dst, 0, sizeof(*dst));
> -
> -	dst->sin6_family = AF_INET6;
> -	dst->sin6_port = htons(1025);
> -
> -	if (inet_pton(AF_INET6, ip, &dst->sin6_addr) != 1) {
> -		log_err("Invalid IPv6: %s", ip);
> -		return -1;
> -	}
> -
> -	dst->sin6_scope_id = if_nametoindex(iface);
> -	if (!dst->sin6_scope_id) {
> -		log_err("Failed to get index of iface: %s", iface);
> -		return -1;
> -	}
> -
> -	return 0;
> -}
> -
> -static int send_packet(const char *iface)
> -{
> -	struct sockaddr_in6 dst;
> -	char msg[] = "msg";
> -	int err = 0;
> -	int fd = -1;
> -
> -	if (mk_dst_addr(LINKLOCAL_MULTICAST, iface, &dst))
> -		goto err;
> -
> -	fd = socket(AF_INET6, SOCK_DGRAM, 0);
> -	if (fd == -1) {
> -		log_err("Failed to create UDP socket");
> -		goto err;
> -	}
> -
> -	if (sendto(fd, &msg, sizeof(msg), 0, (const struct sockaddr *)&dst,
> -		   sizeof(dst)) == -1) {
> -		log_err("Failed to send datagram");
> -		goto err;
> -	}
> -
> -	goto out;
> -err:
> -	err = -1;
> -out:
> -	if (fd >= 0)
> -		close(fd);
> -	return err;
> -}
> -
> -int get_map_fd_by_prog_id(int prog_id)
> -{
> -	struct bpf_prog_info info = {};
> -	__u32 info_len = sizeof(info);
> -	__u32 map_ids[1];
> -	int prog_fd = -1;
> -	int map_fd = -1;
> -
> -	prog_fd = bpf_prog_get_fd_by_id(prog_id);
> -	if (prog_fd < 0) {
> -		log_err("Failed to get fd by prog id %d", prog_id);
> -		goto err;
> -	}
> -
> -	info.nr_map_ids = 1;
> -	info.map_ids = (__u64) (unsigned long) map_ids;
> -
> -	if (bpf_prog_get_info_by_fd(prog_fd, &info, &info_len)) {
> -		log_err("Failed to get info by prog fd %d", prog_fd);
> -		goto err;
> -	}
> -
> -	if (!info.nr_map_ids) {
> -		log_err("No maps found for prog fd %d", prog_fd);
> -		goto err;
> -	}
> -
> -	map_fd = bpf_map_get_fd_by_id(map_ids[0]);
> -	if (map_fd < 0)
> -		log_err("Failed to get fd by map id %d", map_ids[0]);
> -err:
> -	if (prog_fd >= 0)
> -		close(prog_fd);
> -	return map_fd;
> -}
> -
> -int check_ancestor_cgroup_ids(int prog_id)
> -{
> -	__u64 actual_ids[NUM_CGROUP_LEVELS], expected_ids[NUM_CGROUP_LEVELS];
> -	__u32 level;
> -	int err = 0;
> -	int map_fd;
> -
> -	expected_ids[0] = get_cgroup_id("/..");	/* root cgroup */
> -	expected_ids[1] = get_cgroup_id("");
> -	expected_ids[2] = get_cgroup_id(CGROUP_PATH);
> -	expected_ids[3] = 0; /* non-existent cgroup */
> -
> -	map_fd = get_map_fd_by_prog_id(prog_id);
> -	if (map_fd < 0)
> -		goto err;
> -
> -	for (level = 0; level < NUM_CGROUP_LEVELS; ++level) {
> -		if (bpf_map_lookup_elem(map_fd, &level, &actual_ids[level])) {
> -			log_err("Failed to lookup key %d", level);
> -			goto err;
> -		}
> -		if (actual_ids[level] != expected_ids[level]) {
> -			log_err("%llx (actual) != %llx (expected), level: %u\n",
> -				actual_ids[level], expected_ids[level], level);
> -			goto err;
> -		}
> -	}
> -
> -	goto out;
> -err:
> -	err = -1;
> -out:
> -	if (map_fd >= 0)
> -		close(map_fd);
> -	return err;
> -}
> -
> -int main(int argc, char **argv)
> -{
> -	int cgfd = -1;
> -	int err = 0;
> -
> -	if (argc < 3) {
> -		fprintf(stderr, "Usage: %s iface prog_id\n", argv[0]);
> -		exit(EXIT_FAILURE);
> -	}
> -
> -	/* Use libbpf 1.0 API mode */
> -	libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
> -
> -	cgfd = cgroup_setup_and_join(CGROUP_PATH);
> -	if (cgfd < 0)
> -		goto err;
> -
> -	if (send_packet(argv[1]))
> -		goto err;
> -
> -	if (check_ancestor_cgroup_ids(atoi(argv[2])))
> -		goto err;
> -
> -	goto out;
> -err:
> -	err = -1;
> -out:
> -	close(cgfd);
> -	cleanup_cgroup_environment();
> -	printf("[%s]\n", err ? "FAIL" : "PASS");
> -	return err;
> -}
> 




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux