On Sun, Apr 24, 2022 at 9:53 AM Eyal Birger <eyal.birger@xxxxxxxxx> wrote:
>
> This commit adds test_egress_md() tests which perform a similar flow as
> test_egress() only that they use gre devices in collect_md mode and set
> the tunnel key from lwt bpf xmit.
>
> VRF scenarios are not checked since it is currently not possible to set
> the underlying device or vrf from bpf_set_tunnel_key().
>
> This introduces minor changes to the existing setup for consistency with
> the new tests:
>
> - GRE key must exist as bpf_set_tunnel_key() explicitly sets the
> TUNNEL_KEY flag
>
> - Source address for GRE traffic is set to IPv*_5 instead of IPv*_1 since
> GRE traffic is sent via veth5 so its address is selected when using
> bpf_set_tunnel_key()
>
> Signed-off-by: Eyal Birger <eyal.birger@xxxxxxxxx>
> ---
> .../selftests/bpf/progs/test_lwt_ip_encap.c | 51 ++++++++++-
> .../selftests/bpf/test_lwt_ip_encap.sh | 85 ++++++++++++++++++-
> 2 files changed, 128 insertions(+), 8 deletions(-)
>
[...]
> @@ -73,6 +77,7 @@ int bpf_lwt_encap_gre6(struct __sk_buff *skb)
> hdr.ip6hdr.daddr.s6_addr[15] = 1;
>
> hdr.greh.protocol = skb->protocol;
> + hdr.greh.flags = bpf_htons(GRE_KEY);
>
> err = bpf_lwt_push_encap(skb, BPF_LWT_ENCAP_IP, &hdr,
> sizeof(struct encap_hdr));
> @@ -82,4 +87,42 @@ int bpf_lwt_encap_gre6(struct __sk_buff *skb)
> return BPF_LWT_REROUTE;
> }
>
> +SEC("encap_gre_md")
This is not a section name that's supported by libbpf in it's strict
1.0 mode. Please update all SEC() definition to be compliant. Is this
SEC("tc") case?
> +int bpf_lwt_encap_gre_md(struct __sk_buff *skb)
> +{
> + struct bpf_tunnel_key key;
> + int err;
> +
> + __builtin_memset(&key, 0x0, sizeof(key));
> + key.remote_ipv4 = 0xac101064; /* 172.16.16.100 - always in host order */
> + key.tunnel_ttl = 0x40;
> + err = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> + BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER);
> + if (err)
> + return BPF_DROP;
> +
> + return BPF_OK;
> +}
> +
[...]
