From 8142958954d17a31e0ac9e3a9c91103a1c171179 Mon Sep 17 00:00:00 2001 From: Willem de Bruijn Date: Fri, 22 Mar 2019 14:32:53 -0400 Subject: selftests/bpf: extend bpf tunnel test with tso Segmentation offload takes a longer path. Verify that the feature works with large packets. The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth TSO is permissive. If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on supporting NICs. The feature sets SKB_GSO_DODGY because the caller is untrusted. As a result the packets traverse through the gso stack at least up to TCP. And fail the gso_type validation, such as the skb->encapsulation check in gre_gso_segment and the gso_type checks introduced in commit 418e897e0716 ("gso: validate gso_type on ipip style tunnel"). This will be addressed in a follow-on feature patch. In the meantime, disable the new gso tests. Changes v1->v2: - not all netcat versions support flag '-q', use timeout instead Signed-off-by: Willem de Bruijn Signed-off-by: Alexei Starovoitov --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 60 ++++++++++++++++++++++----- 1 file changed, 49 insertions(+), 11 deletions(-) (limited to 'tools/testing/selftests/bpf/test_tc_tunnel.sh') diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index c78922048610..9e18754f2354 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2 readonly ns1_v6=fd::1 readonly ns2_v6=fd::2 +readonly infile="$(mktemp)" +readonly outfile="$(mktemp)" setup() { ip netns add "${ns1}" @@ -23,6 +25,8 @@ setup() { ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \ peer name veth2 mtu 1500 netns "${ns2}" + ip netns exec "${ns1}" ethtool -K veth1 tso off + ip -netns "${ns1}" link set veth1 up ip -netns "${ns2}" link set veth2 up @@ -32,58 +36,86 @@ setup() { ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad sleep 1 + + dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none } cleanup() { ip netns del "${ns2}" ip netns del "${ns1}" + + if [[ -f "${outfile}" ]]; then + rm "${outfile}" + fi + if [[ -f "${infile}" ]]; then + rm "${infile}" + fi } server_listen() { - ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" & + ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & + server_pid=$! sleep 0.2 } client_connect() { - ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}" + ip netns exec "${ns1}" timeout 2 nc "${netcat_opt}" -w 1 "${addr2}" "${port}" < "${infile}" echo $? } +verify_data() { + wait "${server_pid}" + # sha1sum returns two fields [sha1] [filepath] + # convert to bash array and access first elem + insum=($(sha1sum ${infile})) + outsum=($(sha1sum ${outfile})) + if [[ "${insum[0]}" != "${outsum[0]}" ]]; then + echo "data mismatch" + exit 1 + fi +} + set -e # no arguments: automated test, run all if [[ "$#" -eq "0" ]]; then echo "ipip" - $0 ipv4 ipip + $0 ipv4 ipip 100 echo "ip6ip6" - $0 ipv6 ip6tnl + $0 ipv6 ip6tnl 100 echo "ip gre" - $0 ipv4 gre + $0 ipv4 gre 100 echo "ip6 gre" - $0 ipv6 ip6gre + $0 ipv6 ip6gre 100 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip gre gso" + # $0 ipv4 gre 2000 + + # disabled until passes SKB_GSO_DODGY checks + # echo "ip6 gre gso" + # $0 ipv6 ip6gre 2000 echo "OK. All tests passed" exit 0 fi -if [[ "$#" -ne "2" ]]; then +if [[ "$#" -ne "3" ]]; then echo "Usage: $0" - echo " or: $0 " + echo " or: $0 " exit 1 fi case "$1" in "ipv4") - readonly tuntype=$2 readonly addr1="${ns1_v4}" readonly addr2="${ns2_v4}" readonly netcat_opt=-4 ;; "ipv6") - readonly tuntype=$2 readonly addr1="${ns1_v6}" readonly addr2="${ns2_v6}" readonly netcat_opt=-6 @@ -94,7 +126,10 @@ case "$1" in ;; esac -echo "encap ${addr1} to ${addr2}, type ${tuntype}" +readonly tuntype=$2 +readonly datalen=$3 + +echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}" trap cleanup EXIT @@ -104,6 +139,7 @@ setup echo "test basic connectivity" server_listen client_connect +verify_data # clientside, insert bpf program to encap all TCP to port ${port} # client can no longer connect @@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \ ip netns exec "${ns2}" ip link set dev testtun0 up echo "test bpf encap with tunnel device decap" client_connect +verify_data # serverside, use BPF for decap ip netns exec "${ns2}" ip link del dev testtun0 @@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \ server_listen echo "test bpf encap with bpf decap" client_connect +verify_data echo OK -- cgit v1.2.3-59-g8ed1b