Re: [PATCH bpf-next] selftests/bpf: add lwt ip encap tests to test_progs

Daniel Borkmann <daniel@xxxxxxxxxxxxx> · Thu, 9 Jun 2022 23:37:38 +0200

Hi Eyal,

On 6/7/22 3:31 PM, Eyal Birger wrote:
Port test_lwt_ip_encap.sh tests onto test_progs.

In addition, this commit adds "egress_md" tests which test a similar
flow as egress tests only they use gre devices in collect_md mode
for encapsulation and set the tunnel key using bpf_set_tunnel_key().

This introduces minor changes to test_lwt_ip_encap.{sh,c} for consistency
with the new tests:

- GRE key must exist as bpf_set_tunnel_key() explicitly sets the
   TUNNEL_KEY flag

- Source address for GRE traffic is set to IP*_5 instead of IP*_1 since
   GRE traffic is sent via veth5 so its address is selected when using
   bpf_set_tunnel_key()

Note: currently these programs use the legacy section name convention
as iproute2 lwt configuration does not support providing function names.

Signed-off-by: Eyal Birger <eyal.birger@xxxxxxxxx>
---
  .../selftests/bpf/prog_tests/lwt_ip_encap.c   | 582 ++++++++++++++++++
  .../selftests/bpf/progs/test_lwt_ip_encap.c   |  51 +-
  .../selftests/bpf/test_lwt_ip_encap.sh        |   6 +-
  3 files changed, 633 insertions(+), 6 deletions(-)
  create mode 100644 tools/testing/selftests/bpf/prog_tests/lwt_ip_encap.c

diff --git a/tools/testing/selftests/bpf/prog_tests/lwt_ip_encap.c b/tools/testing/selftests/bpf/prog_tests/lwt_ip_encap.c
new file mode 100644
index 000000000000..e1b6f3ce6045
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/lwt_ip_encap.c
@@ -0,0 +1,582 @@
+// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
+
+/* Setup/topology:
+ *
+ *    NS1             NS2             NS3
+ *   veth1 <---> veth2   veth3 <---> veth4 (the top route)
+ *   veth5 <---> veth6   veth7 <---> veth8 (the bottom route)
+ *
+ *   each vethN gets IP[4|6]_N address
+ *
+ *   IP*_SRC = IP*_1
+ *   IP*_DST = IP*_4
+ *
+ *   all tests test pings from IP*_SRC to IP*_DST
+ *
+ *   by default, routes are configured to allow packets to go
+ *   IP*_1 <=> IP*_2 <=> IP*_3 <=> IP*_4 (the top route)
+ *
+ *   a GRE device is installed in NS3 with IP*_GRE, and
+ *   NS1/NS2 are configured to route packets to IP*_GRE via IP*_8
+ *   (the bottom route)
+ *
+ * Tests:
+ *
+ *   1. routes NS2->IP*_DST are brought down, so the only way a ping
+ *      from IP*_SRC to IP*_DST can work is via IP*_GRE
+ *
+ *   2a. in an egress test, a bpf LWT_XMIT program is installed on veth1
+ *       that encaps the packets with an IP/GRE header to route to IP*_GRE
+ *
+ *       ping: SRC->[encap at veth1:egress]->GRE:decap->DST
+ *       ping replies go DST->SRC directly
+ *
+ *   2b. in an ingress test, a bpf LWT_IN program is installed on veth2
+ *       that encaps the packets with an IP/GRE header to route to IP*_GRE
+ *
+ *       ping: SRC->[encap at veth2:ingress]->GRE:decap->DST
+ *       ping replies go DST->SRC directly
+ *
+ *   2c. in an egress_md test, a bpf LWT_XMIT program is installed on a
+ *       route towards collect_md gre{,6} devices in NS1 and sets the tunnel
+ *       key such that packets are encapsulated with an IP/GRE header to route
+ *       to IP*_GRE
+ *
+ *       ping: SRC->[encap at gre{,6}_md:xmit]->GRE:decap->DST
+ *       ping replies go DST->SRC directly
+ */
+
[...]

Thanks a lot for porting the test into test_progs! Looks like the BPF CI currently
bails out here:

https://github.com/kernel-patches/bpf/runs/6812283921?check_suite_focus=true

Andrii, looks like we might be missing CONFIG_NET_VRF in vmtest config-latest.*?

[...]
  #98/1    lwt_ip_encap/lwt_ipv4_encap_egress:OK
  #98/2    lwt_ip_encap/lwt_ipv6_encap_egress:OK
  setup_namespaces:PASS:ip netns add ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_3 0 nsec
  lwt_ip_encap_test:PASS:setup namespaces 0 nsec
  setup_links_and_routes:PASS:ip link add veth1 netns ns_lwt_1 type veth peer name veth2 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth3 netns ns_lwt_2 type veth peer name veth4 netns ns_lwt_3 0 nsec
  setup_links_and_routes:PASS:ip link add veth5 netns ns_lwt_1 type veth peer name veth6 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth7 netns ns_lwt_2 type veth peer name veth8 netns ns_lwt_3 0 nsec
  open_netns:PASS:malloc token 0 nsec
  open_netns:PASS:open /proc/self/ns/net 0 nsec
  open_netns:PASS:open netns fd 0 nsec
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  open_netns:PASS:setns_by_fd 0 nsec
  setup_ns:PASS:setns 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  setup_vrf:FAIL:ip link add red type vrf table 1001 unexpected error: 512 (errno 0)
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  close_netns:PASS:setns_by_fd 0 nsec
  lwt_ip_encap_test:FAIL:setup links and routes unexpected error: -1 (errno 0)
  setup_namespaces:PASS:ip netns delete ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_3 0 nsec
  #98/3    lwt_ip_encap/lwt_ipv4_encap_egress_vrf:FAIL
  setup_namespaces:PASS:ip netns add ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_3 0 nsec
  lwt_ip_encap_test:PASS:setup namespaces 0 nsec
  setup_links_and_routes:PASS:ip link add veth1 netns ns_lwt_1 type veth peer name veth2 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth3 netns ns_lwt_2 type veth peer name veth4 netns ns_lwt_3 0 nsec
  setup_links_and_routes:PASS:ip link add veth5 netns ns_lwt_1 type veth peer name veth6 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth7 netns ns_lwt_2 type veth peer name veth8 netns ns_lwt_3 0 nsec
  open_netns:PASS:malloc token 0 nsec
  open_netns:PASS:open /proc/self/ns/net 0 nsec
  open_netns:PASS:open netns fd 0 nsec
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  open_netns:PASS:setns_by_fd 0 nsec
  setup_ns:PASS:setns 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  setup_vrf:FAIL:ip link add red type vrf table 1001 unexpected error: 512 (errno 0)
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  close_netns:PASS:setns_by_fd 0 nsec
  lwt_ip_encap_test:FAIL:setup links and routes unexpected error: -1 (errno 0)
  setup_namespaces:PASS:ip netns delete ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_3 0 nsec
  #98/4    lwt_ip_encap/lwt_ipv6_encap_egress_vrf:FAIL
  #98/5    lwt_ip_encap/lwt_ipv4_encap_ingress:OK
  #98/6    lwt_ip_encap/lwt_ipv6_encap_ingress:OK
  setup_namespaces:PASS:ip netns add ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_3 0 nsec
  lwt_ip_encap_test:PASS:setup namespaces 0 nsec
  setup_links_and_routes:PASS:ip link add veth1 netns ns_lwt_1 type veth peer name veth2 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth3 netns ns_lwt_2 type veth peer name veth4 netns ns_lwt_3 0 nsec
  setup_links_and_routes:PASS:ip link add veth5 netns ns_lwt_1 type veth peer name veth6 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth7 netns ns_lwt_2 type veth peer name veth8 netns ns_lwt_3 0 nsec
  open_netns:PASS:malloc token 0 nsec
  open_netns:PASS:open /proc/self/ns/net 0 nsec
  open_netns:PASS:open netns fd 0 nsec
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  open_netns:PASS:setns_by_fd 0 nsec
  setup_ns:PASS:setns 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  setup_vrf:FAIL:ip link add red type vrf table 1001 unexpected error: 512 (errno 0)
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  close_netns:PASS:setns_by_fd 0 nsec
  lwt_ip_encap_test:FAIL:setup links and routes unexpected error: -1 (errno 0)
  setup_namespaces:PASS:ip netns delete ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_3 0 nsec
  #98/7    lwt_ip_encap/lwt_ipv4_encap_ingress_vrf:FAIL
  setup_namespaces:PASS:ip netns add ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns add ns_lwt_3 0 nsec
  lwt_ip_encap_test:PASS:setup namespaces 0 nsec
  setup_links_and_routes:PASS:ip link add veth1 netns ns_lwt_1 type veth peer name veth2 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth3 netns ns_lwt_2 type veth peer name veth4 netns ns_lwt_3 0 nsec
  setup_links_and_routes:PASS:ip link add veth5 netns ns_lwt_1 type veth peer name veth6 netns ns_lwt_2 0 nsec
  setup_links_and_routes:PASS:ip link add veth7 netns ns_lwt_2 type veth peer name veth8 netns ns_lwt_3 0 nsec
  open_netns:PASS:malloc token 0 nsec
  open_netns:PASS:open /proc/self/ns/net 0 nsec
  open_netns:PASS:open netns fd 0 nsec
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  open_netns:PASS:setns_by_fd 0 nsec
  setup_ns:PASS:setns 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  write_sysctl:PASS:open sysctl 0 nsec
  write_sysctl:PASS:write sysctl 0 nsec
  setup_vrf:FAIL:ip link add red type vrf table 1001 unexpected error: 512 (errno 0)
  setns_by_fd:PASS:setns 0 nsec
  setns_by_fd:PASS:unshare 0 nsec
  setns_by_fd:PASS:remount private /sys 0 nsec
  setns_by_fd:PASS:umount2 /sys 0 nsec
  setns_by_fd:PASS:mount /sys 0 nsec
  setns_by_fd:PASS:mount /sys/fs/bpf 0 nsec
  close_netns:PASS:setns_by_fd 0 nsec
  lwt_ip_encap_test:FAIL:setup links and routes unexpected error: -1 (errno 0)
  setup_namespaces:PASS:ip netns delete ns_lwt_1 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_2 0 nsec
  setup_namespaces:PASS:ip netns delete ns_lwt_3 0 nsec
  #98/8    lwt_ip_encap/lwt_ipv6_encap_ingress_vrf:FAIL
  #98/9    lwt_ip_encap/lwt_ipv4_encap_egress_md:OK
  #98/10   lwt_ip_encap/lwt_ipv6_encap_egress_md:OK
  #98      lwt_ip_encap:FAIL
  #99/1    map_init/pcpu_map_init:OK
  #99/2    map_init/pcpu_lru_map_init:OK
  #99      map_init:OK
[...]






