Re: [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc

Song Liu <song@xxxxxxxxxx> · Tue, 6 Sep 2022 14:54:27 -0700

On Mon, Sep 5, 2022 at 6:15 AM Lorenzo Bianconi <lorenzo@xxxxxxxxxx> wrote:
>
> Introduce self-tests for bpf_ct_set_nat_info kfunc used to set the
> source or destination nat addresses/ports.
>
> Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
> ---
>  tools/testing/selftests/bpf/config            |  1 +
>  .../testing/selftests/bpf/prog_tests/bpf_nf.c |  2 ++
>  .../testing/selftests/bpf/progs/test_bpf_nf.c | 26 ++++++++++++++++++-
>  3 files changed, 28 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config
> index 3fc46f9cfb22..8ce48f7213cb 100644
> --- a/tools/testing/selftests/bpf/config
> +++ b/tools/testing/selftests/bpf/config
> @@ -57,6 +57,7 @@ CONFIG_NF_CONNTRACK=y
>  CONFIG_NF_CONNTRACK_MARK=y
>  CONFIG_NF_DEFRAG_IPV4=y
>  CONFIG_NF_DEFRAG_IPV6=y
> +CONFIG_NF_NAT=y
>  CONFIG_RC_CORE=y
>  CONFIG_SECURITY=y
>  CONFIG_SECURITYFS=y
> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> index 544bf90ac2a7..f16913f8fca2 100644
> --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> @@ -115,6 +115,8 @@ static void test_bpf_nf_ct(int mode)
>         ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update ");
>         ASSERT_EQ(skel->data->test_exist_lookup, 0, "Test existing connection lookup");
>         ASSERT_EQ(skel->bss->test_exist_lookup_mark, 43, "Test existing connection lookup ctmark");
> +       ASSERT_EQ(skel->data->test_snat_addr, 0, "Test for source natting");
> +       ASSERT_EQ(skel->data->test_dnat_addr, 0, "Test for destination natting");
>  end:
>         if (srv_client_fd != -1)
>                 close(srv_client_fd);
> diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> index 2722441850cc..3f441595098b 100644
> --- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> @@ -23,6 +23,8 @@ int test_insert_entry = -EAFNOSUPPORT;
>  int test_succ_lookup = -ENOENT;
>  u32 test_delta_timeout = 0;
>  u32 test_status = 0;
> +int test_snat_addr = -EINVAL;
> +int test_dnat_addr = -EINVAL;
>  __be32 saddr = 0;
>  __be16 sport = 0;
>  __be32 daddr = 0;
> @@ -53,6 +55,8 @@ void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
>  int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
>  int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
>  int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
> +int bpf_ct_set_nat_info(struct nf_conn *, union nf_inet_addr *,
> +                       __be16 *port, enum nf_nat_manip_type) __ksym;
>
>  static __always_inline void
>  nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
> @@ -140,10 +144,19 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
>         ct = alloc_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
>                       sizeof(opts_def));
>         if (ct) {
> +               __be16 sport = bpf_get_prandom_u32();
> +               __be16 dport = bpf_get_prandom_u32();
> +               union nf_inet_addr saddr = {};
> +               union nf_inet_addr daddr = {};
>                 struct nf_conn *ct_ins;
>
>                 bpf_ct_set_timeout(ct, 10000);
> -               bpf_ct_set_status(ct, IPS_CONFIRMED);

So this is paired with the IPS_CONFIRMED change in 3/4?

Thanks,
Song