selftests/bpf: expand bpf tunnel test with decap
authorWillem de Bruijn <willemb@google.com>
Fri, 22 Mar 2019 18:32:50 +0000 (14:32 -0400)
committerAlexei Starovoitov <ast@kernel.org>
Fri, 22 Mar 2019 20:52:44 +0000 (13:52 -0700)
The bpf tunnel test encapsulates using bpf, then decapsulates using
a standard tunnel device to verify correctness.

Once encap is verified, also test decap, by replacing the tunnel
device on decap with another bpf program.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
tools/testing/selftests/bpf/progs/test_tc_tunnel.c
tools/testing/selftests/bpf/test_tc_tunnel.sh

index 8223e4347be8feb9ab9478aca73ad41c60a8cb6e..25db148635ab7fa80d866019ab66e4e0f24be46d 100644 (file)
@@ -80,4 +80,35 @@ int encap_f(struct __sk_buff *skb)
        return TC_ACT_OK;
 }
 
+SEC("decap")
+int decap_f(struct __sk_buff *skb)
+{
+       struct iphdr iph_outer, iph_inner;
+
+       if (skb->protocol != __bpf_constant_htons(ETH_P_IP))
+               return TC_ACT_OK;
+
+       if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph_outer,
+                              sizeof(iph_outer)) < 0)
+               return TC_ACT_OK;
+
+       if (iph_outer.ihl != 5 || iph_outer.protocol != IPPROTO_IPIP)
+               return TC_ACT_OK;
+
+       if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph_outer),
+                              &iph_inner, sizeof(iph_inner)) < 0)
+               return TC_ACT_OK;
+
+       if (bpf_skb_adjust_room(skb, -(int)sizeof(iph_outer),
+                               BPF_ADJ_ROOM_NET, 0))
+               return TC_ACT_SHOT;
+
+       /* bpf_skb_adjust_room has moved outer over inner header: restore */
+       if (bpf_skb_store_bytes(skb, ETH_HLEN, &iph_inner, sizeof(iph_inner),
+                               BPF_F_INVALIDATE_HASH) < 0)
+               return TC_ACT_SHOT;
+
+       return TC_ACT_OK;
+}
+
 char __license[] SEC("license") = "GPL";
index 6ebb288a3afc7f295c98388c48d23bc7f9705b3a..91151d91e5a1b5b35455e1fd4ddd9bb1078e35a9 100755 (executable)
@@ -72,4 +72,13 @@ ip netns exec "${ns2}" ip link set dev testtun0 up
 echo "test bpf encap with tunnel device decap"
 client_connect
 
+# serverside, use BPF for decap
+ip netns exec "${ns2}" ip link del dev testtun0
+ip netns exec "${ns2}" tc qdisc add dev veth2 clsact
+ip netns exec "${ns2}" tc filter add dev veth2 ingress \
+       bpf direct-action object-file ./test_tc_tunnel.o section decap
+server_listen
+echo "test bpf encap with bpf decap"
+client_connect
+
 echo OK