[PATCH v2 bpf-next 2/2] selftests/bpf: add selftest for bpf_ct_refresh_timeout kfunc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Install a new ct entry in order to perform a successful lookup and
test bpf_ct_refresh_timeout kfunc helper.

Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
---
 .../testing/selftests/bpf/prog_tests/bpf_nf.c | 10 +++++++++
 .../testing/selftests/bpf/progs/test_bpf_nf.c | 22 +++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
index dd30b1e3a67c..285687d2f7b3 100644
--- a/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
+++ b/tools/testing/selftests/bpf/prog_tests/bpf_nf.c
@@ -18,6 +18,13 @@ void test_bpf_nf_ct(int mode)
 		.repeat = 1,
 	);
 
+	/* Flush previous nft ct entries */
+	ASSERT_OK(system("conntrack -F"), "flush ct entries");
+	/* Let's create a nft ct entry to perform lookup */
+	ASSERT_OK(system("conntrack -I -s 1.1.1.1 -d 2.2.2.2 --protonum 6  \
+			  --state ESTABLISHED --timeout 3600 --sport 12345 \
+			  --dport 1000 --zone 0"), "create ct entry");
+
 	skel = test_bpf_nf__open_and_load();
 	if (!ASSERT_OK_PTR(skel, "test_bpf_nf__open_and_load"))
 		return;
@@ -39,6 +46,9 @@ void test_bpf_nf_ct(int mode)
 	ASSERT_EQ(skel->bss->test_enonet_netns_id, -ENONET, "Test ENONET for bad but valid netns_id");
 	ASSERT_EQ(skel->bss->test_enoent_lookup, -ENOENT, "Test ENOENT for failed lookup");
 	ASSERT_EQ(skel->bss->test_eafnosupport, -EAFNOSUPPORT, "Test EAFNOSUPPORT for invalid len__tuple");
+	ASSERT_EQ(skel->bss->test_succ_lookup, 0, "Test for successful lookup");
+	ASSERT_EQ(skel->bss->test_delta_timeout, 10, "Test for ct timeout update");
+
 end:
 	test_bpf_nf__destroy(skel);
 }
diff --git a/tools/testing/selftests/bpf/progs/test_bpf_nf.c b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
index f00a9731930e..3eb36679a0b5 100644
--- a/tools/testing/selftests/bpf/progs/test_bpf_nf.c
+++ b/tools/testing/selftests/bpf/progs/test_bpf_nf.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 #include <vmlinux.h>
 #include <bpf/bpf_helpers.h>
+#include <bpf/bpf_endian.h>
 
 #define EAFNOSUPPORT 97
 #define EPROTO 71
@@ -8,6 +9,8 @@
 #define EINVAL 22
 #define ENOENT 2
 
+extern unsigned long CONFIG_HZ __kconfig;
+
 int test_einval_bpf_tuple = 0;
 int test_einval_reserved = 0;
 int test_einval_netns_id = 0;
@@ -16,6 +19,8 @@ int test_eproto_l4proto = 0;
 int test_enonet_netns_id = 0;
 int test_enoent_lookup = 0;
 int test_eafnosupport = 0;
+int test_succ_lookup = 0;
+u32 test_delta_timeout = 0;
 
 struct nf_conn;
 
@@ -31,6 +36,7 @@ struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *, struct bpf_sock_tuple *, u32,
 struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
 				  struct bpf_ct_opts___local *, u32) __ksym;
 void bpf_ct_release(struct nf_conn *) __ksym;
+void bpf_ct_refresh_timeout(struct nf_conn *, u32) __ksym;
 
 static __always_inline void
 nf_ct_test(struct nf_conn *(*func)(void *, struct bpf_sock_tuple *, u32,
@@ -99,6 +105,22 @@ nf_ct_test(struct nf_conn *(*func)(void *, struct bpf_sock_tuple *, u32,
 		bpf_ct_release(ct);
 	else
 		test_eafnosupport = opts_def.error;
+
+	bpf_tuple.ipv4.saddr = 0x01010101; /* src IP 1.1.1.1 */
+	bpf_tuple.ipv4.daddr = 0x02020202; /* dst IP 2.2.2.2 */
+	bpf_tuple.ipv4.sport = bpf_htons(12345); /* src port */
+	bpf_tuple.ipv4.dport = bpf_htons(1000);  /* dst port */
+	ct = func(ctx, &bpf_tuple, sizeof(bpf_tuple.ipv4), &opts_def,
+		  sizeof(opts_def));
+	if (ct) {
+		/* update ct entry timeout */
+		bpf_ct_refresh_timeout(ct, 10000);
+		test_delta_timeout = ct->timeout - bpf_jiffies64();
+		test_delta_timeout /= CONFIG_HZ;
+		bpf_ct_release(ct);
+	} else {
+		test_succ_lookup = opts_def.error;
+	}
 }
 
 SEC("xdp")
-- 
2.35.3




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux