Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2e3f6c5f authored by John Fastabend's avatar John Fastabend Committed by Daniel Borkmann
Browse files

bpf: sockmap, more BPF_SK_SKB_STREAM_VERDICT tests 



Add BPF_SK_SKB_STREAM_VERDICT tests for ingress hook. While
we do this also bring stream tests in-line with MSG based
testing.

A map for skb options is added for userland to push options
at BPF programs.

Signed-off-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent fa246693

samples/sockmap/sockmap_kern.c

+18 −3
Original line number Diff line number Diff line
@@ -85,6 +85,12 @@ struct bpf_map_def SEC("maps") sock_redir_flags = { 
	.max_entries = 1

};



struct bpf_map_def SEC("maps") sock_skb_opts = {

	.type = BPF_MAP_TYPE_ARRAY,

	.key_size = sizeof(int),

	.value_size = sizeof(int),

	.max_entries = 1

};



SEC("sk_skb1")

int bpf_prog1(struct __sk_buff *skb)
@@ -97,15 +103,24 @@ int bpf_prog2(struct __sk_buff *skb) 
{

	__u32 lport = skb->local_port;

	__u32 rport = skb->remote_port;

	int ret = 0;

	int len, *f, ret, zero = 0;

	__u64 flags = 0;



	if (lport == 10000)

		ret = 10;

	else

		ret = 1;



	bpf_printk("sockmap: %d -> %d @ %d\n", lport, bpf_ntohl(rport), ret);

	return bpf_sk_redirect_map(skb, &sock_map, ret, 0);

	len = (__u32)skb->data_end - (__u32)skb->data;

	f = bpf_map_lookup_elem(&sock_skb_opts, &zero);

	if (f && *f) {

		ret = 3;

		flags = *f;

	}



	bpf_printk("sk_skb2: redirect(%iB) flags=%i\n",

		   len, flags);

	return bpf_sk_redirect_map(skb, &sock_map, ret, flags);

}



SEC("sockops")

samples/sockmap/sockmap_test.sh

+19 −1
Original line number Diff line number Diff line 
#Test a bunch of positive cases to verify basic functionality

for prog in "--txmsg_redir --txmsg_ingress" "--txmsg" "--txmsg_redir" "--txmsg_redir --txmsg_ingress" "--txmsg_drop"; do

for prog in  "--txmsg_redir --txmsg_skb" "--txmsg_redir --txmsg_ingress" "--txmsg" "--txmsg_redir" "--txmsg_redir --txmsg_ingress" "--txmsg_drop"; do

for t in "sendmsg" "sendpage"; do

for r in 1 10 100; do

	for i in 1 10 100; do
@@ -109,6 +109,15 @@ for t in "sendmsg" "sendpage"; do 
	sleep 2

done



prog="--txmsg_redir --txmsg_apply 1 --txmsg_skb"



for t in "sendmsg" "sendpage"; do

	TEST="./sockmap --cgroup /mnt/cgroup2/ -t $t -r $r -i $i -l $l $prog"

	echo $TEST

	$TEST

	sleep 2

done





# Test apply and redirect with larger value than send

r=1
@@ -132,6 +141,15 @@ for t in "sendmsg" "sendpage"; do 
	sleep 2

done



prog="--txmsg_redir --txmsg_apply 2048 --txmsg_skb"



for t in "sendmsg" "sendpage"; do

	TEST="./sockmap --cgroup /mnt/cgroup2/ -t $t -r $r -i $i -l $l $prog"

	echo $TEST

	$TEST

	sleep 2

done





# Test apply and redirect with apply that never reaches limit

r=1024

samples/sockmap/sockmap_user.c

+23 −0
Original line number Diff line number Diff line
@@ -65,6 +65,7 @@ int txmsg_cork; 
int txmsg_start;

int txmsg_end;

int txmsg_ingress;

int txmsg_skb;



static const struct option long_options[] = {

	{"help",	no_argument,		NULL, 'h' },
@@ -85,6 +86,7 @@ static const struct option long_options[] = { 
	{"txmsg_start", required_argument,	NULL, 's'},

	{"txmsg_end",	required_argument,	NULL, 'e'},

	{"txmsg_ingress", no_argument,		&txmsg_ingress, 1 },

	{"txmsg_skb", no_argument,		&txmsg_skb, 1 },

	{0, 0, NULL, 0 }

};
@@ -828,6 +830,27 @@ int main(int argc, char **argv) 
					err, strerror(errno));

			}

		}



		if (txmsg_skb) {

			int skb_fd = (test == SENDMSG || test == SENDPAGE) ? p2 : p1;

			int ingress = BPF_F_INGRESS;



			i = 0;

			err = bpf_map_update_elem(map_fd[7], &i, &ingress, BPF_ANY);

			if (err) {

				fprintf(stderr,

					"ERROR: bpf_map_update_elem (txmsg_ingress): %d (%s)\n",

					err, strerror(errno));

			}



			i = 3;

			err = bpf_map_update_elem(map_fd[0], &i, &skb_fd, BPF_ANY);

			if (err) {

				fprintf(stderr,

					"ERROR: bpf_map_update_elem (c1 sockmap): %d (%s)\n",

					err, strerror(errno));

			}

		}

	}



	if (txmsg_drop)