From patchwork Fri Oct 1 21:58:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joanne Koong X-Patchwork-Id: 12531755 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3156AC433EF for ; Fri, 1 Oct 2021 22:03:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 11A4F619F7 for ; Fri, 1 Oct 2021 22:03:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355844AbhJAWFU (ORCPT ); Fri, 1 Oct 2021 18:05:20 -0400 Received: from mx0b-00082601.pphosted.com ([67.231.153.30]:40156 "EHLO mx0b-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355857AbhJAWFR (ORCPT ); Fri, 1 Oct 2021 18:05:17 -0400 Received: from pps.filterd (m0109331.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 191LsfGI002518 for ; Fri, 1 Oct 2021 15:03:32 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=facebook; bh=8ilL2Sp1Sy3MgZLUpbHqtSDa+22yjEC+ytfeIw7aaLo=; b=K+DY/W71xqmR2irzZnpmVbJLKYt3ATb/FsPrggXVnxR/Fnm+86tUDXlcNaqnxzl1ZcR5 qYARBUyXlvwa6eiOm3DpXmV0NyuRFPZVTxOd0ByH4QAXXUFVVQWYV0UPxlsVYYi+FQvp yMZjYTMdZJW/1E9QC21thYIe+LOqQjcAEEI= Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com with ESMTP id 3be8e70y4v-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 01 Oct 2021 15:03:32 -0700 Received: from intmgw001.25.frc3.facebook.com (2620:10d:c085:208::11) by mail.thefacebook.com (2620:10d:c085:11d::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Fri, 1 Oct 2021 15:03:29 -0700 Received: by devbig612.frc2.facebook.com (Postfix, from userid 115148) id 11BC5312DE5E; Fri, 1 Oct 2021 15:03:25 -0700 (PDT) From: Joanne Koong To: CC: , , , Joanne Koong Subject: [PATCH bpf-next v1 3/3] bpf/selftests: Add xdp bpf_load_tcp_hdr_options tests Date: Fri, 1 Oct 2021 14:58:58 -0700 Message-ID: <20211001215858.1132715-4-joannekoong@fb.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211001215858.1132715-1-joannekoong@fb.com> References: <20211001215858.1132715-1-joannekoong@fb.com> MIME-Version: 1.0 X-FB-Internal: Safe X-FB-Source: Intern X-Proofpoint-GUID: 1VRnnXE6N3i7Aylk4bgUJD0ftmkyPdDT X-Proofpoint-ORIG-GUID: 1VRnnXE6N3i7Aylk4bgUJD0ftmkyPdDT X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-10-01_05,2021-10-01_02,2020-04-07_01 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 priorityscore=1501 suspectscore=0 mlxscore=0 impostorscore=0 malwarescore=0 bulkscore=0 adultscore=0 mlxlogscore=999 lowpriorityscore=0 spamscore=0 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110010154 X-FB-Internal: deliver Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net This patch adds tests for bpf_load_tcp_hdr_options used by xdp programs. test_xdp_tcp_hdr_options.c: - Tests ipv4 and ipv6 packets with TCPOPT_EXP and non-TCPOPT_EXP tcp options set. Verify that options can be parsed and loaded successfully. - Tests error paths: TCPOPT_EXP with invalid magic, option with invalid kind_len, non-existent option, invalid flags, option size smaller than kind_len, invalid packet Signed-off-by: Joanne Koong --- .../bpf/prog_tests/xdp_tcp_hdr_options.c | 158 ++++++++++++++ .../bpf/progs/test_xdp_tcp_hdr_options.c | 198 ++++++++++++++++++ 2 files changed, 356 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_tcp_hdr_options.c create mode 100644 tools/testing/selftests/bpf/progs/test_xdp_tcp_hdr_options.c diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_tcp_hdr_options.c b/tools/testing/selftests/bpf/prog_tests/xdp_tcp_hdr_options.c new file mode 100644 index 000000000000..bd77593fb2dd --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/xdp_tcp_hdr_options.c @@ -0,0 +1,158 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2021 Facebook */ + +#include "test_progs.h" +#include "network_helpers.h" +#include "test_tcp_hdr_options.h" +#include "test_xdp_tcp_hdr_options.skel.h" + +struct xdp_exprm_opt { + __u8 kind; + __u8 len; + __u16 magic; + struct bpf_test_option data; +} __packed; + +struct xdp_regular_opt { + __u8 kind; + __u8 len; + struct bpf_test_option data; +} __packed; + +struct xdp_test_opt { + struct xdp_exprm_opt exprm_opt; + struct xdp_regular_opt regular_opt; +} __packed; + +struct xdp_ipv4_packet { + struct ipv4_packet pkt_v4; + struct xdp_test_opt test_opt; +} __packed; + +struct xdp_ipv6_packet { + struct ipv6_packet pkt_v6; + struct xdp_test_opt test_opt; +} __packed; + +static __u8 opt_flags = OPTION_MAX_DELACK_MS | OPTION_RAND; +static __u8 exprm_max_delack_ms = 12; +static __u8 regular_max_delack_ms = 21; +static __u8 exprm_rand = 0xfa; +static __u8 regular_rand = 0xce; + +static void init_test_opt(struct xdp_test_opt *test_opt, + struct test_xdp_tcp_hdr_options *skel) +{ + test_opt->exprm_opt.kind = TCPOPT_EXP; + /* +1 for kind, +1 for kind-len, +2 for magic, +1 for flags, +1 for + * OPTION_MAX_DELACK_MAX, +1 FOR OPTION_RAND + */ + test_opt->exprm_opt.len = 3 + TCP_BPF_EXPOPT_BASE_LEN; + test_opt->exprm_opt.magic = __bpf_htons(skel->rodata->test_magic); + test_opt->exprm_opt.data.flags = opt_flags; + test_opt->exprm_opt.data.max_delack_ms = exprm_max_delack_ms; + test_opt->exprm_opt.data.rand = exprm_rand; + + test_opt->regular_opt.kind = skel->rodata->test_kind; + /* +1 for kind, +1 for kind-len, +1 for flags, +1 FOR + * OPTION_MAX_DELACK_MS, +1 FOR OPTION_RAND + */ + test_opt->regular_opt.len = 5; + test_opt->regular_opt.data.flags = opt_flags; + test_opt->regular_opt.data.max_delack_ms = regular_max_delack_ms; + test_opt->regular_opt.data.rand = regular_rand; +} + +static void check_opt_out(struct test_xdp_tcp_hdr_options *skel) +{ + struct bpf_test_option *opt_out; + __u32 duration = 0; + + opt_out = &skel->bss->exprm_opt_out; + CHECK(opt_out->flags != opt_flags, "exprm flags", + "flags = 0x%x", opt_out->flags); + CHECK(opt_out->max_delack_ms != exprm_max_delack_ms, "exprm max_delack_ms", + "max_delack_ms = 0x%x", opt_out->max_delack_ms); + CHECK(opt_out->rand != exprm_rand, "exprm rand", + "rand = 0x%x", opt_out->rand); + + opt_out = &skel->bss->regular_opt_out; + CHECK(opt_out->flags != opt_flags, "regular flags", + "flags = 0x%x", opt_out->flags); + CHECK(opt_out->max_delack_ms != regular_max_delack_ms, "regular max_delack_ms", + "max_delack_ms = 0x%x", opt_out->max_delack_ms); + CHECK(opt_out->rand != regular_rand, "regular rand", + "rand = 0x%x", opt_out->rand); +} + +void test_xdp_tcp_hdr_options(void) +{ + int err, prog_fd, prog_err_path_fd, prog_invalid_pkt_fd; + struct xdp_ipv6_packet ipv6_pkt, invalid_pkt; + struct test_xdp_tcp_hdr_options *skel; + struct xdp_ipv4_packet ipv4_pkt; + struct xdp_test_opt test_opt; + __u32 duration, retval, size; + char buf[128]; + + /* Load XDP program to introspect */ + skel = test_xdp_tcp_hdr_options__open_and_load(); + if (CHECK(!skel, "skel open and load", + "%s skeleton failed\n", __func__)) + return; + + prog_fd = bpf_program__fd(skel->progs._xdp_load_hdr_opt); + + init_test_opt(&test_opt, skel); + + /* Init the packets */ + ipv4_pkt.pkt_v4 = pkt_v4; + ipv4_pkt.pkt_v4.tcp.doff += 3; + ipv4_pkt.test_opt = test_opt; + + ipv6_pkt.pkt_v6 = pkt_v6; + ipv6_pkt.pkt_v6.tcp.doff += 3; + ipv6_pkt.test_opt = test_opt; + + invalid_pkt.pkt_v6 = pkt_v6; + /* Set to an offset that will exceed the xdp data_end */ + invalid_pkt.pkt_v6.tcp.doff += 4; + invalid_pkt.test_opt = test_opt; + + /* Test on ipv4 packet */ + err = bpf_prog_test_run(prog_fd, 1, &ipv4_pkt, sizeof(ipv4_pkt), + buf, &size, &retval, &duration); + CHECK(err || retval != XDP_PASS, + "xdp_tcp_hdr_options ipv4", "err val %d, retval %d\n", + skel->bss->err_val, retval); + check_opt_out(skel); + + /* Test on ipv6 packet */ + err = bpf_prog_test_run(prog_fd, 1, &ipv6_pkt, sizeof(ipv6_pkt), + buf, &size, &retval, &duration); + CHECK(err || retval != XDP_PASS, + "xdp_tcp_hdr_options ipv6", "err val %d, retval %d\n", + skel->bss->err_val, retval); + check_opt_out(skel); + + /* Test error paths */ + prog_err_path_fd = + bpf_program__fd(skel->progs._xdp_load_hdr_opt_err_paths); + err = bpf_prog_test_run(prog_err_path_fd, 1, &ipv6_pkt, sizeof(ipv6_pkt), + buf, &size, &retval, &duration); + CHECK(err || retval != XDP_PASS, + "xdp_tcp_hdr_options err_path", "err val %d, retval %d\n", + skel->bss->err_val, retval); + + /* Test invalid packet */ + prog_invalid_pkt_fd = + bpf_program__fd(skel->progs._xdp_load_hdr_opt_invalid_pkt); + err = bpf_prog_test_run(prog_invalid_pkt_fd, 1, &invalid_pkt, + sizeof(invalid_pkt), buf, &size, &retval, + &duration); + CHECK(err || retval != XDP_PASS, + "xdp_tcp_hdr_options invalid_pkt", "err val %d, retval %d\n", + skel->bss->err_val, retval); + + test_xdp_tcp_hdr_options__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_xdp_tcp_hdr_options.c b/tools/testing/selftests/bpf/progs/test_xdp_tcp_hdr_options.c new file mode 100644 index 000000000000..3fe6e1ebd78a --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_xdp_tcp_hdr_options.c @@ -0,0 +1,198 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2021 Facebook */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define BPF_PROG_TEST_TCP_HDR_OPTIONS +#include "test_tcp_hdr_options.h" + +struct bpf_test_option regular_opt_out; +struct bpf_test_option exprm_opt_out; + +const __u16 test_magic = 0xeB9F; +const __u8 test_kind = 0xB9; + +int err_val = 0; + +static void copy_opt_to_out(struct bpf_test_option *test_option, __u8 *data) +{ + test_option->flags = data[0]; + test_option->max_delack_ms = data[1]; + test_option->rand = data[2]; +} + +static int parse_xdp(struct xdp_md *xdp, __u64 *out_flags) +{ + void *data_end = (void *)(long)xdp->data_end; + __u64 tcphdr_offset = 0, nh_off; + void *data = (void *)(long)xdp->data; + struct ethhdr *eth = data; + int ret; + + nh_off = sizeof(*eth); + if (data + nh_off > data_end) { + err_val = 1; + return XDP_DROP; + } + + /* Calculate the offset to the tcp hdr */ + if (eth->h_proto == __bpf_constant_htons(ETH_P_IPV6)) { + tcphdr_offset = sizeof(struct ethhdr) + + sizeof(struct ipv6hdr); + } else if (eth->h_proto == bpf_htons(ETH_P_IP)) { + tcphdr_offset = sizeof(struct ethhdr) + + sizeof(struct iphdr); + } else { + err_val = 2; + return XDP_DROP; + } + + *out_flags = tcphdr_offset << BPF_LOAD_HDR_OPT_TCP_OFFSET_SHIFT; + + return XDP_PASS; +} + +SEC("xdp") +int _xdp_load_hdr_opt(struct xdp_md *xdp) +{ + struct tcp_exprm_opt exprm_opt = { 0 }; + struct tcp_opt regular_opt = { 0 }; + __u64 flags = 0; + int ret; + + ret = parse_xdp(xdp, &flags); + if (ret != XDP_PASS) + return ret; + + /* Test TCPOPT_EXP */ + exprm_opt.kind = TCPOPT_EXP; + exprm_opt.len = 4; + exprm_opt.magic = __bpf_htons(test_magic); + ret = bpf_load_hdr_opt(xdp, &exprm_opt, + sizeof(exprm_opt), flags); + if (ret < 0) { + err_val = 3; + return XDP_DROP; + } + + copy_opt_to_out(&exprm_opt_out, exprm_opt.data); + + /* Test non-TCP_OPT_EXP */ + regular_opt.kind = test_kind; + ret = bpf_load_hdr_opt(xdp, ®ular_opt, + sizeof(regular_opt), flags); + if (ret < 0) { + err_val = 4; + return XDP_DROP; + } + + copy_opt_to_out(®ular_opt_out, regular_opt.data); + + return XDP_PASS; +} + +SEC("xdp") +int _xdp_load_hdr_opt_err_paths(struct xdp_md *xdp) +{ + struct tcp_exprm_opt exprm_opt = { 0 }; + struct tcp_opt regular_opt = { 0 }; + __u64 flags = 0; + int ret; + + ret = parse_xdp(xdp, &flags); + if (ret != XDP_PASS) + return ret; + + /* Test TCPOPT_EXP with invalid magic */ + exprm_opt.kind = TCPOPT_EXP; + exprm_opt.len = 4; + exprm_opt.magic = __bpf_htons(test_magic + 1); + ret = bpf_load_hdr_opt(xdp, &exprm_opt, + sizeof(exprm_opt), flags); + if (ret != -ENOMSG) { + err_val = 3; + return XDP_DROP; + } + + /* Test TCPOPT_EXP with 0 magic */ + exprm_opt.magic = 0; + ret = bpf_load_hdr_opt(xdp, &exprm_opt, + sizeof(exprm_opt), flags); + if (ret != -ENOMSG) { + err_val = 4; + return XDP_DROP; + } + + exprm_opt.magic = __bpf_htons(test_magic); + + /* Test TCPOPT_EXP with invalid kind length */ + exprm_opt.len = 5; + ret = bpf_load_hdr_opt(xdp, &exprm_opt, + sizeof(exprm_opt), flags); + if (ret != -EINVAL) { + err_val = 5; + return XDP_DROP; + } + + /* Test that non-existent option is not found */ + regular_opt.kind = test_kind + 1; + ret = bpf_load_hdr_opt(xdp, ®ular_opt, + sizeof(regular_opt), flags); + if (ret != -ENOMSG) { + err_val = 6; + return XDP_DROP; + } + + /* Test invalid flags */ + regular_opt.kind = test_kind; + ret = bpf_load_hdr_opt(xdp, ®ular_opt, sizeof(regular_opt), + flags | BPF_LOAD_HDR_OPT_TCP_SYN); + if (ret != -EINVAL) { + err_val = 7; + return XDP_DROP; + } + + /* Test non-TCP_OPT_EXP with option size smaller than kind len */ + ret = bpf_load_hdr_opt(xdp, ®ular_opt, + sizeof(regular_opt) - 2, flags); + if (ret != -ENOSPC) { + err_val = 8; + return XDP_DROP; + } + + return XDP_PASS; +} + +SEC("xdp") +int _xdp_load_hdr_opt_invalid_pkt(struct xdp_md *xdp) +{ + struct tcp_exprm_opt exprm_opt = { 0 }; + __u64 flags = 0; + int ret; + + ret = parse_xdp(xdp, &flags); + if (ret != XDP_PASS) + return ret; + + exprm_opt.kind = TCPOPT_EXP; + exprm_opt.len = 4; + exprm_opt.magic = __bpf_htons(test_magic); + ret = bpf_load_hdr_opt(xdp, &exprm_opt, + sizeof(exprm_opt), flags); + if (ret != -EINVAL) { + err_val = 3; + return XDP_DROP; + } + + return XDP_PASS; +} + +char _license[] SEC("license") = "GPL";