Re: [PATCH bpf-next 3/3] selftests/bpf: add ipv6 vxlan tunnel source testcase

Martin KaFai Lau <kafai@xxxxxx> · Mon, 21 Mar 2022 17:33:17 -0700

On Sat, Mar 19, 2022 at 09:05:38PM +0800, fankaixi.li@xxxxxxxxxxxxx wrote:
> From: "kaixi.fan" <fankaixi.li@xxxxxxxxxxxxx>
> 
> Add two ipv6 address on underlay nic interface, and use bpf code to
> configure the secondary ipv6 address as the vxlan tunnel source ip.
> Then check ping6 result and log contains the correct tunnel source
> ip.
> 
> Signed-off-by: kaixi.fan <fankaixi.li@xxxxxxxxxxxxx>
> ---
>  .../selftests/bpf/progs/test_tunnel_kern.c    | 46 ++++++++++++
>  tools/testing/selftests/bpf/test_tunnel.sh    | 71 +++++++++++++++----
>  2 files changed, 105 insertions(+), 12 deletions(-)
> 
> diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> index 4a39556ef609..67cb7ca3e083 100644
> --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> @@ -736,4 +736,50 @@ int _vxlan_get_tunnel_src(struct __sk_buff *skb)
>  	return TC_ACT_OK;
>  }
>  
> +SEC("ip6vxlan_set_tunnel_src")
> +int _ip6vxlan_set_tunnel_src(struct __sk_buff *skb)
> +{
> +	struct bpf_tunnel_key key;
> +	int ret;
> +
> +	__builtin_memset(&key, 0x0, sizeof(key));
> +	key.local_ipv6[3] = bpf_htonl(0xbb); /* ::bb */
> +	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
> +	key.tunnel_id = 22;
> +	key.tunnel_tos = 0;
> +	key.tunnel_ttl = 64;
> +
> +	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> +				     BPF_F_TUNINFO_IPV6);
> +	if (ret < 0) {
> +		ERROR(ret);
> +		return TC_ACT_SHOT;
> +	}
> +
> +	return TC_ACT_OK;
> +}
> +
> +SEC("ip6vxlan_get_tunnel_src")
> +int _ip6vxlan_get_tunnel_src(struct __sk_buff *skb)
> +{
> +	char fmt[] = "key %d remote ip6 ::%x source ip6 ::%x\n";
> +	char fmt2[] = "label %x\n";
> +	struct bpf_tunnel_key key;
> +	int ret;
> +
> +	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
> +				     BPF_F_TUNINFO_IPV6);
> +	if (ret < 0) {
> +		ERROR(ret);
> +		return TC_ACT_SHOT;
> +	}
> +
> +	bpf_trace_printk(fmt, sizeof(fmt),
> +			 key.tunnel_id, key.remote_ipv6[3], key.local_ipv6[3]);
> +	bpf_trace_printk(fmt2, sizeof(fmt2),
> +			 key.tunnel_label);
How is the printk output used?  Is the output text verified in the
test_tunnel.sh?
Can the values be checked in the bpf prog itself to avoid the printk?

The same goes for the patch 2.

> +
> +	return TC_ACT_OK;
> +}
> +
>  char _license[] SEC("license") = "GPL";
> diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
> index 62ef5c998b6a..a0f9a5c5e0a5 100755
> --- a/tools/testing/selftests/bpf/test_tunnel.sh
> +++ b/tools/testing/selftests/bpf/test_tunnel.sh
> @@ -67,6 +67,11 @@ add_second_ip()
>    ip addr add dev veth1 172.16.1.20/24
>  }
>  
> +add_second_ip6()
> +{
> +  ip addr add dev veth1 ::bb/96
> +}
> +
>  add_gre_tunnel()
>  {
>  	# at_ns0 namespace
> @@ -94,7 +99,7 @@ add_ip6gretap_tunnel()
>  	# at_ns0 namespace
>  	ip netns exec at_ns0 \
>  		ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
> -		local ::11 remote ::22
> +		local ::11 remote $REMOTE_IP6
>  
>  	ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
>  	ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
> @@ -143,7 +148,7 @@ add_ip6erspan_tunnel()
>  	if [ "$1" == "v1" ]; then
>  		ip netns exec at_ns0 \
>  		ip link add dev $DEV_NS type $TYPE seq key 2 \
> -		local ::11 remote ::22 \
> +		local ::11 remote $REMOTE_IP6 \
afaict, only add_ip6vxlan_tunnel needs something other than ::22,
so this and other similar code churns is not necessary?

>  		erspan_ver 1 erspan 123
>  	else
>  		ip netns exec at_ns0 \
> @@ -196,7 +201,7 @@ add_ip6vxlan_tunnel()
>  	# at_ns0 namespace
>  	ip netns exec at_ns0 \
>  		ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
> -		local ::11 remote ::22
> +		local ::11 remote $REMOTE_IP6
Can it be an optional argument instead and default to ::22 ?

Also, using $1 is as good?

[ ... ]

> +test_ip6vxlan_tunsrc()
> +{
> +	TYPE=vxlan
> +	DEV_NS=ip6vxlan00
> +	DEV=ip6vxlan11
> +	REMOTE_IP6=::bb
> +	ret=0
> +
> +	check $TYPE
> +	config_device
> +	add_second_ip6
> +	add_ip6vxlan_tunnel $REMOTE_IP6
here.  It seems most of the patch needs is
	add_ip6vxlan_tunnel '::bb'

> +	ip link set dev veth1 mtu 1500
> +	attach_bpf $DEV ip6vxlan_set_tunnel_src ip6vxlan_get_tunnel_src
> +	# underlay
> +	ping6 $PING_ARG ::11
> +	# ip4 over ip6
> +	ping $PING_ARG 10.1.1.100
> +	check_err $?
> +	ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
> +	check_err $?
> +	cleanup
> +
> +	if [ $ret -ne 0 ]; then
> +                echo -e ${RED}"FAIL: ip6$TYPE"${NC}
> +                return 1
> +        fi
> +        echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
> +}
> +
>  attach_bpf()
>  {
>  	DEV=$1
> @@ -818,6 +860,11 @@ bpf_tunnel_test()
>  	test_vxlan_tunsrc
>  	errors=$(( $errors + $? ))
>  
> +
> +	echo "Testing IP6VXLAN tunnel source..."
> +	test_ip6vxlan_tunsrc
> +	errors=$(( $errors + $? ))
> +
>  	return $errors
>  }
>  
> -- 
> 2.24.3 (Apple Git-128)
> 