> On Mon, Sep 5, 2022 at 6:15 AM Lorenzo Bianconi <lorenzo@xxxxxxxxxx> wrote: > > > > Introduce self-tests for bpf_ct_set_nat_info kfunc used to set the > > source or destination nat addresses/ports. > > > > Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx> > > --- > > tools/testing/selftests/bpf/config | 1 + > > .../testing/selftests/bpf/prog_tests/bpf_nf.c | 2 ++ > > .../testing/selftests/bpf/progs/test_bpf_nf.c | 26 ++++++++++++++++++- > > 3 files changed, 28 insertions(+), 1 deletion(-) > > > > diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config > > index 3fc46f9cfb22..8ce48f7213cb 100644 > > --- a/tools/testing/selftests/bpf/config > > +++ b/tools/testing/selftests/bpf/config > > @@ -57,6 +57,7 @@ CONFIG_NF_CONNTRACK=y > > CONFIG_NF_CONNTRACK_MARK=y > > CONFIG_NF_DEFRAG_IPV4=y > > CONFIG_NF_DEFRAG_IPV6=y > > +CONFIG_NF_NAT=y > > CONFIG_RC_CORE=y > > CONFIG_SECURITY=y > > CONFIG_SECURITYFS=y > > diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c > > index 544bf90ac2a7..f16913f8fca2 100644 > > --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c > > +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c > > @@ -115,6 +115,8 @@ static void test_bpf_nf_ct(int mode) > > ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update "); > > ASSERT_EQ(skel->data->test_exist_lookup, 0, "Test existing connection lookup"); > > ASSERT_EQ(skel->bss->test_exist_lookup_mark, 43, "Test existing connection lookup ctmark"); > > + ASSERT_EQ(skel->data->test_snat_addr, 0, "Test for source natting"); > > + ASSERT_EQ(skel->data->test_dnat_addr, 0, "Test for destination natting"); > > end: > > if (srv_client_fd != -1) > > close(srv_client_fd); > > diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c > > index 2722441850cc..3f441595098b 100644 > > --- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c > > +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c > > @@ -23,6 +23,8 @@ int test_insert_entry = -EAFNOSUPPORT; > > int test_succ_lookup = -ENOENT; > > u32 test_delta_timeout = 0; > > u32 test_status = 0; > > +int test_snat_addr = -EINVAL; > > +int test_dnat_addr = -EINVAL; > > __be32 saddr = 0; > > __be16 sport = 0; > > __be32 daddr = 0; > > @@ -53,6 +55,8 @@ void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym; > > int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym; > > int bpf_ct_set_status(struct nf_conn *, u32) __ksym; > > int bpf_ct_change_status(struct nf_conn *, u32) __ksym; > > +int bpf_ct_set_nat_info(struct nf_conn *, union nf_inet_addr *, > > + __be16 *port, enum nf_nat_manip_type) __ksym; > > > > static __always_inline void > > nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32, > > @@ -140,10 +144,19 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32, > > ct = alloc_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def, > > sizeof(opts_def)); > > if (ct) { > > + __be16 sport = bpf_get_prandom_u32(); > > + __be16 dport = bpf_get_prandom_u32(); > > + union nf_inet_addr saddr = {}; > > + union nf_inet_addr daddr = {}; > > struct nf_conn *ct_ins; > > > > bpf_ct_set_timeout(ct, 10000); > > - bpf_ct_set_status(ct, IPS_CONFIRMED); > > So this is paired with the IPS_CONFIRMED change in 3/4? we actually do not need it since it is already done during entry allocation (or insertion). Looking again at the code I spotted a bug since we do not really check the value configured with bpf_ct_change_status(ct_lk, IPS_SEEN_REPLY). I will post a fix. Regards, Lorenzo > > Thanks, > Song
Attachment:
signature.asc
Description: PGP signature