Commit 90a3a05e authored by Eyal Birger's avatar Eyal Birger Committed by Martin KaFai Lau

selftests/bpf: add xfrm_info tests

Test the xfrm_info kfunc helpers.

The test setup creates three name spaces - NS0, NS1, NS2.

XFRM tunnels are setup between NS0 and the two other NSs.

The kfunc helpers are used to steer traffic from NS0 to the other
NSs based on a userspace populated bpf global variable and validate
that the return traffic had arrived from the desired NS.
Signed-off-by: default avatarEyal Birger <eyal.birger@gmail.com>
Link: https://lore.kernel.org/r/20221203084659.1837829-5-eyal.birger@gmail.comSigned-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
parent 4f4ac4d9
...@@ -85,3 +85,4 @@ xdp_bonding # failed to auto-attach program 'trace_ ...@@ -85,3 +85,4 @@ xdp_bonding # failed to auto-attach program 'trace_
xdp_bpf2bpf # failed to auto-attach program 'trace_on_entry': -524 (trampoline) xdp_bpf2bpf # failed to auto-attach program 'trace_on_entry': -524 (trampoline)
xdp_do_redirect # prog_run_max_size unexpected error: -22 (errno 22) xdp_do_redirect # prog_run_max_size unexpected error: -22 (errno 22)
xdp_synproxy # JIT does not support calling kernel function (kfunc) xdp_synproxy # JIT does not support calling kernel function (kfunc)
xfrm_info # JIT does not support calling kernel function (kfunc)
...@@ -23,6 +23,7 @@ CONFIG_IKCONFIG_PROC=y ...@@ -23,6 +23,7 @@ CONFIG_IKCONFIG_PROC=y
CONFIG_IMA=y CONFIG_IMA=y
CONFIG_IMA_READ_POLICY=y CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_WRITE_POLICY=y CONFIG_IMA_WRITE_POLICY=y
CONFIG_INET_ESP=y
CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_RAW=y CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_TARGET_SYNPROXY=y CONFIG_IP_NF_TARGET_SYNPROXY=y
...@@ -74,3 +75,4 @@ CONFIG_TEST_BPF=y ...@@ -74,3 +75,4 @@ CONFIG_TEST_BPF=y
CONFIG_USERFAULTFD=y CONFIG_USERFAULTFD=y
CONFIG_VXLAN=y CONFIG_VXLAN=y
CONFIG_XDP_SOCKETS=y CONFIG_XDP_SOCKETS=y
CONFIG_XFRM_INTERFACE=y
This diff is collapsed.
...@@ -25,6 +25,9 @@ ...@@ -25,6 +25,9 @@
#define IPV6_TCLASS 67 #define IPV6_TCLASS 67
#define IPV6_AUTOFLOWLABEL 70 #define IPV6_AUTOFLOWLABEL 70
#define TC_ACT_UNSPEC (-1)
#define TC_ACT_SHOT 2
#define SOL_TCP 6 #define SOL_TCP 6
#define TCP_NODELAY 1 #define TCP_NODELAY 1
#define TCP_MAXSEG 2 #define TCP_MAXSEG 2
......
// SPDX-License-Identifier: GPL-2.0
#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
__u32 req_if_id;
__u32 resp_if_id;
int bpf_skb_set_xfrm_info(struct __sk_buff *skb_ctx,
const struct bpf_xfrm_info *from) __ksym;
int bpf_skb_get_xfrm_info(struct __sk_buff *skb_ctx,
struct bpf_xfrm_info *to) __ksym;
SEC("tc")
int set_xfrm_info(struct __sk_buff *skb)
{
struct bpf_xfrm_info info = { .if_id = req_if_id };
return bpf_skb_set_xfrm_info(skb, &info) ? TC_ACT_SHOT : TC_ACT_UNSPEC;
}
SEC("tc")
int get_xfrm_info(struct __sk_buff *skb)
{
struct bpf_xfrm_info info = {};
if (bpf_skb_get_xfrm_info(skb, &info) < 0)
return TC_ACT_SHOT;
resp_if_id = info.if_id;
return TC_ACT_UNSPEC;
}
char _license[] SEC("license") = "GPL";
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment