Martin KaFai Lau <kafai@xxxxxx> 于2022年3月22日周二 08:33写道:
>
> On Sat, Mar 19, 2022 at 09:05:38PM +0800, fankaixi.li@xxxxxxxxxxxxx wrote:
> > From: "kaixi.fan" <fankaixi.li@xxxxxxxxxxxxx>
> >
> > Add two ipv6 address on underlay nic interface, and use bpf code to
> > configure the secondary ipv6 address as the vxlan tunnel source ip.
> > Then check ping6 result and log contains the correct tunnel source
> > ip.
> >
> > Signed-off-by: kaixi.fan <fankaixi.li@xxxxxxxxxxxxx>
> > ---
> > .../selftests/bpf/progs/test_tunnel_kern.c | 46 ++++++++++++
> > tools/testing/selftests/bpf/test_tunnel.sh | 71 +++++++++++++++----
> > 2 files changed, 105 insertions(+), 12 deletions(-)
> >
> > diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > index 4a39556ef609..67cb7ca3e083 100644
> > --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > @@ -736,4 +736,50 @@ int _vxlan_get_tunnel_src(struct __sk_buff *skb)
> > return TC_ACT_OK;
> > }
> >
> > +SEC("ip6vxlan_set_tunnel_src")
> > +int _ip6vxlan_set_tunnel_src(struct __sk_buff *skb)
> > +{
> > + struct bpf_tunnel_key key;
> > + int ret;
> > +
> > + __builtin_memset(&key, 0x0, sizeof(key));
> > + key.local_ipv6[3] = bpf_htonl(0xbb); /* ::bb */
> > + key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
> > + key.tunnel_id = 22;
> > + key.tunnel_tos = 0;
> > + key.tunnel_ttl = 64;
> > +
> > + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> > + BPF_F_TUNINFO_IPV6);
> > + if (ret < 0) {
> > + ERROR(ret);
> > + return TC_ACT_SHOT;
> > + }
> > +
> > + return TC_ACT_OK;
> > +}
> > +
> > +SEC("ip6vxlan_get_tunnel_src")
> > +int _ip6vxlan_get_tunnel_src(struct __sk_buff *skb)
> > +{
> > + char fmt[] = "key %d remote ip6 ::%x source ip6 ::%x\n";
> > + char fmt2[] = "label %x\n";
> > + struct bpf_tunnel_key key;
> > + int ret;
> > +
> > + ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
> > + BPF_F_TUNINFO_IPV6);
> > + if (ret < 0) {
> > + ERROR(ret);
> > + return TC_ACT_SHOT;
> > + }
> > +
> > + bpf_trace_printk(fmt, sizeof(fmt),
> > + key.tunnel_id, key.remote_ipv6[3], key.local_ipv6[3]);
> > + bpf_trace_printk(fmt2, sizeof(fmt2),
> > + key.tunnel_label);
> How is the printk output used? Is the output text verified in the
> test_tunnel.sh?
> Can the values be checked in the bpf prog itself to avoid the printk?
>
> The same goes for the patch 2.
>
> > +
> > + return TC_ACT_OK;
> > +}
> > +
> > char _license[] SEC("license") = "GPL";
> > diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh
> > index 62ef5c998b6a..a0f9a5c5e0a5 100755
> > --- a/tools/testing/selftests/bpf/test_tunnel.sh
> > +++ b/tools/testing/selftests/bpf/test_tunnel.sh
> > @@ -67,6 +67,11 @@ add_second_ip()
> > ip addr add dev veth1 172.16.1.20/24
> > }
> >
> > +add_second_ip6()
> > +{
> > + ip addr add dev veth1 ::bb/96
> > +}
> > +
> > add_gre_tunnel()
> > {
> > # at_ns0 namespace
> > @@ -94,7 +99,7 @@ add_ip6gretap_tunnel()
> > # at_ns0 namespace
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE seq flowlabel 0xbcdef key 2 \
> > - local ::11 remote ::22
> > + local ::11 remote $REMOTE_IP6
> >
> > ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24
> > ip netns exec at_ns0 ip addr add dev $DEV_NS fc80::100/96
> > @@ -143,7 +148,7 @@ add_ip6erspan_tunnel()
> > if [ "$1" == "v1" ]; then
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE seq key 2 \
> > - local ::11 remote ::22 \
> > + local ::11 remote $REMOTE_IP6 \
> afaict, only add_ip6vxlan_tunnel needs something other than ::22,
> so this and other similar code churns is not necessary?
>
> > erspan_ver 1 erspan 123
> > else
> > ip netns exec at_ns0 \
> > @@ -196,7 +201,7 @@ add_ip6vxlan_tunnel()
> > # at_ns0 namespace
> > ip netns exec at_ns0 \
> > ip link add dev $DEV_NS type $TYPE id 22 dstport 4789 \
> > - local ::11 remote ::22
> > + local ::11 remote $REMOTE_IP6
> Can it be an optional argument instead and default to ::22 ?
>
> Also, using $1 is as good?
>
> [ ... ]
>
> > +test_ip6vxlan_tunsrc()
> > +{
> > + TYPE=vxlan
> > + DEV_NS=ip6vxlan00
> > + DEV=ip6vxlan11
> > + REMOTE_IP6=::bb
> > + ret=0
> > +
> > + check $TYPE
> > + config_device
> > + add_second_ip6
> > + add_ip6vxlan_tunnel $REMOTE_IP6
> here. It seems most of the patch needs is
> add_ip6vxlan_tunnel '::bb'
>
> > + ip link set dev veth1 mtu 1500
> > + attach_bpf $DEV ip6vxlan_set_tunnel_src ip6vxlan_get_tunnel_src
> > + # underlay
> > + ping6 $PING_ARG ::11
> > + # ip4 over ip6
> > + ping $PING_ARG 10.1.1.100
> > + check_err $?
> > + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200
> > + check_err $?
> > + cleanup
> > +
> > + if [ $ret -ne 0 ]; then
> > + echo -e ${RED}"FAIL: ip6$TYPE"${NC}
> > + return 1
> > + fi
> > + echo -e ${GREEN}"PASS: ip6$TYPE"${NC}
> > +}
> > +
> > attach_bpf()
> > {
> > DEV=$1
> > @@ -818,6 +860,11 @@ bpf_tunnel_test()
> > test_vxlan_tunsrc
> > errors=$(( $errors + $? ))
> >
> > +
> > + echo "Testing IP6VXLAN tunnel source..."
> > + test_ip6vxlan_tunsrc
> > + errors=$(( $errors + $? ))
> > +
> > return $errors
> > }
> >
> > --
> > 2.24.3 (Apple Git-128)
> >
Thanks.
Maybe it's better to attach a bpf prog to the ingress of tunnel device
in namespace "at_ns0". This prog could be used to check the tunnel
source ip.
"add_ip6vxlan_tunnel" and "add_vxlan_tunnel" would be reflected to
accept an argument as tunnel remote ip.
