Re: [PATCH v2 bpf-next 4/4] selftests/bpf: add tests for bpf_ct_set_nat_info kfunc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Mon, Sep 5, 2022 at 6:15 AM Lorenzo Bianconi <lorenzo@xxxxxxxxxx> wrote:
> >
> > Introduce self-tests for bpf_ct_set_nat_info kfunc used to set the
> > source or destination nat addresses/ports.
> >
> > Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
> > ---
> >  tools/testing/selftests/bpf/config            |  1 +
> >  .../testing/selftests/bpf/prog_tests/bpf_nf.c |  2 ++
> >  .../testing/selftests/bpf/progs/test_bpf_nf.c | 26 ++++++++++++++++++-
> >  3 files changed, 28 insertions(+), 1 deletion(-)
> >
> > diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config
> > index 3fc46f9cfb22..8ce48f7213cb 100644
> > --- a/tools/testing/selftests/bpf/config
> > +++ b/tools/testing/selftests/bpf/config
> > @@ -57,6 +57,7 @@ CONFIG_NF_CONNTRACK=y
> >  CONFIG_NF_CONNTRACK_MARK=y
> >  CONFIG_NF_DEFRAG_IPV4=y
> >  CONFIG_NF_DEFRAG_IPV6=y
> > +CONFIG_NF_NAT=y
> >  CONFIG_RC_CORE=y
> >  CONFIG_SECURITY=y
> >  CONFIG_SECURITYFS=y
> > diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > index 544bf90ac2a7..f16913f8fca2 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
> > @@ -115,6 +115,8 @@ static void test_bpf_nf_ct(int mode)
> >         ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update ");
> >         ASSERT_EQ(skel->data->test_exist_lookup, 0, "Test existing connection lookup");
> >         ASSERT_EQ(skel->bss->test_exist_lookup_mark, 43, "Test existing connection lookup ctmark");
> > +       ASSERT_EQ(skel->data->test_snat_addr, 0, "Test for source natting");
> > +       ASSERT_EQ(skel->data->test_dnat_addr, 0, "Test for destination natting");
> >  end:
> >         if (srv_client_fd != -1)
> >                 close(srv_client_fd);
> > diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > index 2722441850cc..3f441595098b 100644
> > --- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > +++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
> > @@ -23,6 +23,8 @@ int test_insert_entry = -EAFNOSUPPORT;
> >  int test_succ_lookup = -ENOENT;
> >  u32 test_delta_timeout = 0;
> >  u32 test_status = 0;
> > +int test_snat_addr = -EINVAL;
> > +int test_dnat_addr = -EINVAL;
> >  __be32 saddr = 0;
> >  __be16 sport = 0;
> >  __be32 daddr = 0;
> > @@ -53,6 +55,8 @@ void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
> >  int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
> >  int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
> >  int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
> > +int bpf_ct_set_nat_info(struct nf_conn *, union nf_inet_addr *,
> > +                       __be16 *port, enum nf_nat_manip_type) __ksym;
> >
> >  static __always_inline void
> >  nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
> > @@ -140,10 +144,19 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32,
> >         ct = alloc_fn(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
> >                       sizeof(opts_def));
> >         if (ct) {
> > +               __be16 sport = bpf_get_prandom_u32();
> > +               __be16 dport = bpf_get_prandom_u32();
> > +               union nf_inet_addr saddr = {};
> > +               union nf_inet_addr daddr = {};
> >                 struct nf_conn *ct_ins;
> >
> >                 bpf_ct_set_timeout(ct, 10000);
> > -               bpf_ct_set_status(ct, IPS_CONFIRMED);
> 
> So this is paired with the IPS_CONFIRMED change in 3/4?

we actually do not need it since it is already done during entry allocation (or
insertion).
Looking again at the code I spotted a bug since we do not really check the value
configured with bpf_ct_change_status(ct_lk, IPS_SEEN_REPLY). I will post a fix.

Regards,
Lorenzo

> 
> Thanks,
> Song

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux