Re: [PATCH bpf-next v6 5/6] bpf: Add selftests for raw syncookie helpers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 27, 2022 at 10:19 AM Maxim Mikityanskiy <maximmi@xxxxxxxxxx> wrote:
>
> On 2022-04-27 01:11, Andrii Nakryiko wrote:
> > On Tue, Apr 26, 2022 at 11:29 AM Maxim Mikityanskiy <maximmi@xxxxxxxxxx> wrote:
> >>
> >> On 2022-04-26 09:26, Andrii Nakryiko wrote:
> >>> On Mon, Apr 25, 2022 at 5:12 PM Alexei Starovoitov
> >>> <alexei.starovoitov@xxxxxxxxx> wrote:
> >>>>
> >>>> On Fri, Apr 22, 2022 at 08:24:21PM +0300, Maxim Mikityanskiy wrote:
> >>>>> +void test_xdp_synproxy(void)
> >>>>> +{
> >>>>> +     int server_fd = -1, client_fd = -1, accept_fd = -1;
> >>>>> +     struct nstoken *ns = NULL;
> >>>>> +     FILE *ctrl_file = NULL;
> >>>>> +     char buf[1024];
> >>>>> +     size_t size;
> >>>>> +
> >>>>> +     SYS("ip netns add synproxy");
> >>>>> +
> >>>>> +     SYS("ip link add tmp0 type veth peer name tmp1");
> >>>>> +     SYS("ip link set tmp1 netns synproxy");
> >>>>> +     SYS("ip link set tmp0 up");
> >>>>> +     SYS("ip addr replace 198.18.0.1/24 dev tmp0");
> >>>>> +
> >>>>> +     // When checksum offload is enabled, the XDP program sees wrong
> >>>>> +     // checksums and drops packets.
> >>>>> +     SYS("ethtool -K tmp0 tx off");
> >>>>
> >>>> BPF CI image doesn't have ethtool installed.
> >>>> It will take some time to get it updated. Until then we cannot land the patch set.
> >>>> Can you think of a way to run this test without shelling to ethtool?
> >>>
> >>> Good news: we got updated CI image with ethtool, so that shouldn't be
> >>> a problem anymore.
> >>>
> >>> Bad news: this selftest still fails, but in different place:
> >>>
> >>> test_synproxy:FAIL:iptables -t raw -I PREROUTING -i tmp1 -p tcp -m tcp
> >>> --syn --dport 8080 -j CT --notrack unexpected error: 512 (errno 2)
> >>
> >> That's simply a matter of missing kernel config options:
> >>
> >> CONFIG_NETFILTER_SYNPROXY=y
> >> CONFIG_NETFILTER_XT_TARGET_CT=y
> >> CONFIG_NETFILTER_XT_MATCH_STATE=y
> >> CONFIG_IP_NF_FILTER=y
> >> CONFIG_IP_NF_TARGET_SYNPROXY=y
> >> CONFIG_IP_NF_RAW=y
> >>
> >> Shall I create a pull request on github to add these options to
> >> https://github.com/libbpf/libbpf/tree/master/travis-ci/vmtest/configs?
> >>
> >
> > Yes, please. But also for [0], that's the one that tests all the
> > not-yet-applied patches
> >
> >    [0] https://github.com/kernel-patches/vmtest/
>
> Created pull requests:
>
> https://github.com/kernel-patches/vmtest/pull/79
> https://github.com/libbpf/libbpf/pull/490
>

Merged both, thanks.


> >>> See [0].
> >>>
> >>>     [0] https://github.com/kernel-patches/bpf/runs/6169439612?check_suite_focus=true
> >>
>
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux