diff mbox series

[bpf-next,v6,3/6] selftests/bpf: netns_new() and netns_free() helpers.

Message ID 20240807183149.764711-4-thinker.li@gmail.com (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series monitor network traffic for flaky test cases | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-5 success Logs for aarch64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Validate matrix.py
bpf/vmtest-bpf-next-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Unittests
bpf/vmtest-bpf-next-VM_Test-12 success Logs for s390x-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-10 success Logs for aarch64-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-11 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-4 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-17 success Logs for s390x-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-18 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-19 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-20 success Logs for x86_64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-28 success Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-29 success Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
bpf/vmtest-bpf-next-VM_Test-34 success Logs for x86_64-llvm-17 / veristat
bpf/vmtest-bpf-next-VM_Test-35 success Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-36 success Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
bpf/vmtest-bpf-next-VM_Test-37 success Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-41 success Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-42 success Logs for x86_64-llvm-18 / veristat
bpf/vmtest-bpf-next-VM_Test-7 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-13 success Logs for s390x-gcc / test (test_maps, false, 360) / test_maps on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-8 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-6 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-25 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-26 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-30 success Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-31 success Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-32 success Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-33 success Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-38 success Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-39 success Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-40 success Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-22 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-15 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-23 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-27 success Logs for x86_64-gcc / veristat / veristat on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-14 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for bpf-next, async
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 7 this patch: 7
netdev/build_tools success Errors and warnings before: 10 this patch: 10
netdev/cc_maintainers warning 10 maintainers not CCed: kpsingh@kernel.org shuah@kernel.org haoluo@google.com daniel@iogearbox.net john.fastabend@gmail.com jolsa@kernel.org linux-kselftest@vger.kernel.org yonghong.song@linux.dev mykolal@fb.com eddyz87@gmail.com
netdev/build_clang success Errors and warnings before: 7 this patch: 7
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 7 this patch: 7
netdev/checkpatch warning WARNING: line length of 82 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns WARNING: line length of 92 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 2 this patch: 2
netdev/source_inline success Was 0 now: 0

Commit Message

Kui-Feng Lee Aug. 7, 2024, 6:31 p.m. UTC
netns_new()/netns_free() create/delete network namespaces. They support the
option '-m' of test_progs to start/stop traffic monitor for the network
namespace being created for matched tests.

Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com>
---
 tools/testing/selftests/bpf/network_helpers.c | 40 +++++++++
 tools/testing/selftests/bpf/network_helpers.h |  2 +
 tools/testing/selftests/bpf/test_progs.c      | 90 +++++++++++++++++++
 tools/testing/selftests/bpf/test_progs.h      |  4 +
 4 files changed, 136 insertions(+)

Comments

Martin KaFai Lau Aug. 8, 2024, 8:27 p.m. UTC | #1
On 8/7/24 11:31 AM, Kui-Feng Lee wrote:
> +struct netns_obj *netns_new(const char *nsname, bool open)
> +{
> +	struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
> +	const char *test_name, *subtest_name;
> +	int r;
> +
> +	if (!netns_obj)
> +		return NULL;
> +	memset(netns_obj, 0, sizeof(*netns_obj));
> +
> +	netns_obj->nsname = strdup(nsname);
> +	if (!netns_obj->nsname)
> +		goto fail;
> +
> +	/* Create the network namespace */
> +	r = make_netns(nsname);
> +	if (r)
> +		goto fail;
> +
> +	/* Set the network namespace of the current process */
> +	if (open) {
> +		netns_obj->nstoken = open_netns(nsname);
> +		if (!netns_obj->nstoken)
> +			goto fail;
> +	}
> +
> +	/* Start traffic monitor */
> +	if (env.test->should_tmon ||
> +	    (env.subtest_state && env.subtest_state->should_tmon)) {
> +		test_name = env.test->test_name;
> +		subtest_name = env.subtest_state ? env.subtest_state->name : NULL;
> +		netns_obj->tmon = traffic_monitor_start(nsname, test_name, subtest_name);

The traffic_monitor_start() does open/close_netns(). close_netns() will restore 
to the previous netns. Is it better to do traffic_monitor_start() before the 
above open_netns() such that we don't have to worry about the stacking 
open_netns and which netns the close_netns will restore?


> +		if (!netns_obj->tmon)
> +			fprintf(stderr, "Failed to start traffic monitor for %s\n", nsname);
> +	} else {
> +		netns_obj->tmon = NULL;
> +	}
> +
> +	system("ip link set lo up");

The "bool open" could be false here. This command could be acted on the 
init_netns and the intention is to set lo up at the newly created netns.

> +
> +	return netns_obj;
> +fail:
> +	close_netns(netns_obj->nstoken);
> +	remove_netns(nsname);
> +	free(netns_obj->nsname);
> +	free(netns_obj);
> +	return NULL;
> +}
> +
> +/* Delete the network namespace.
> + *
> + * This function should be paired with netns_new() to delete the namespace
> + * created by netns_new().
> + */
> +void netns_free(struct netns_obj *netns_obj)
> +{
> +	if (!netns_obj)
> +		return;
> +	if (netns_obj->tmon)
> +		traffic_monitor_stop(netns_obj->tmon);
> +	close_netns(netns_obj->nstoken);
> +	remove_netns(netns_obj->nsname);
> +	free(netns_obj->nsname);
> +	free(netns_obj);
> +}
> +
>   /* extern declarations for test funcs */
>   #define DEFINE_TEST(name)				\
>   	extern void test_##name(void) __weak;		\
> diff --git a/tools/testing/selftests/bpf/test_progs.h b/tools/testing/selftests/bpf/test_progs.h
> index 966011eb7ec8..3ad131de14c6 100644
> --- a/tools/testing/selftests/bpf/test_progs.h
> +++ b/tools/testing/selftests/bpf/test_progs.h
> @@ -430,6 +430,10 @@ int write_sysctl(const char *sysctl, const char *value);
>   int get_bpf_max_tramp_links_from(struct btf *btf);
>   int get_bpf_max_tramp_links(void);
>   
> +struct netns_obj;
> +struct netns_obj *netns_new(const char *name, bool open);
> +void netns_free(struct netns_obj *netns);
> +
>   #ifdef __x86_64__
>   #define SYS_NANOSLEEP_KPROBE_NAME "__x64_sys_nanosleep"
>   #elif defined(__s390x__)
Kui-Feng Lee Aug. 8, 2024, 8:38 p.m. UTC | #2
On 8/8/24 13:27, Martin KaFai Lau wrote:
> On 8/7/24 11:31 AM, Kui-Feng Lee wrote:
>> +struct netns_obj *netns_new(const char *nsname, bool open)
>> +{
>> +    struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
>> +    const char *test_name, *subtest_name;
>> +    int r;
>> +
>> +    if (!netns_obj)
>> +        return NULL;
>> +    memset(netns_obj, 0, sizeof(*netns_obj));
>> +
>> +    netns_obj->nsname = strdup(nsname);
>> +    if (!netns_obj->nsname)
>> +        goto fail;
>> +
>> +    /* Create the network namespace */
>> +    r = make_netns(nsname);
>> +    if (r)
>> +        goto fail;
>> +
>> +    /* Set the network namespace of the current process */
>> +    if (open) {
>> +        netns_obj->nstoken = open_netns(nsname);
>> +        if (!netns_obj->nstoken)
>> +            goto fail;
>> +    }
>> +
>> +    /* Start traffic monitor */
>> +    if (env.test->should_tmon ||
>> +        (env.subtest_state && env.subtest_state->should_tmon)) {
>> +        test_name = env.test->test_name;
>> +        subtest_name = env.subtest_state ? env.subtest_state->name : 
>> NULL;
>> +        netns_obj->tmon = traffic_monitor_start(nsname, test_name, 
>> subtest_name);
> 
> The traffic_monitor_start() does open/close_netns(). close_netns() will 
> restore to the previous netns. Is it better to do 
> traffic_monitor_start() before the above open_netns() such that we don't 
> have to worry about the stacking open_netns and which netns the 
> close_netns will restore?

Do you mean to open_netns() in another thread at the same time and
interleave with the open_netns()/close_netns() pairs in the current thread?

> 
> 
>> +        if (!netns_obj->tmon)
>> +            fprintf(stderr, "Failed to start traffic monitor for 
>> %s\n", nsname);
>> +    } else {
>> +        netns_obj->tmon = NULL;
>> +    }
>> +
>> +    system("ip link set lo up");
> 
> The "bool open" could be false here. This command could be acted on the > init_netns and the intention is to set lo up at the newly created netns.
> 

You are right! I should enclose this call in-between a pair of
open_netns() & close_netns().

>> +
>> +    return netns_obj;
>> +fail:
>> +    close_netns(netns_obj->nstoken);
>> +    remove_netns(nsname);
>> +    free(netns_obj->nsname);
>> +    free(netns_obj);
>> +    return NULL;
>> +}
>> +
>> +/* Delete the network namespace.
>> + *
>> + * This function should be paired with netns_new() to delete the 
>> namespace
>> + * created by netns_new().
>> + */
>> +void netns_free(struct netns_obj *netns_obj)
>> +{
>> +    if (!netns_obj)
>> +        return;
>> +    if (netns_obj->tmon)
>> +        traffic_monitor_stop(netns_obj->tmon);
>> +    close_netns(netns_obj->nstoken);
>> +    remove_netns(netns_obj->nsname);
>> +    free(netns_obj->nsname);
>> +    free(netns_obj);
>> +}
>> +
>>   /* extern declarations for test funcs */
>>   #define DEFINE_TEST(name)                \
>>       extern void test_##name(void) __weak;        \
>> diff --git a/tools/testing/selftests/bpf/test_progs.h 
>> b/tools/testing/selftests/bpf/test_progs.h
>> index 966011eb7ec8..3ad131de14c6 100644
>> --- a/tools/testing/selftests/bpf/test_progs.h
>> +++ b/tools/testing/selftests/bpf/test_progs.h
>> @@ -430,6 +430,10 @@ int write_sysctl(const char *sysctl, const char 
>> *value);
>>   int get_bpf_max_tramp_links_from(struct btf *btf);
>>   int get_bpf_max_tramp_links(void);
>> +struct netns_obj;
>> +struct netns_obj *netns_new(const char *name, bool open);
>> +void netns_free(struct netns_obj *netns);
>> +
>>   #ifdef __x86_64__
>>   #define SYS_NANOSLEEP_KPROBE_NAME "__x64_sys_nanosleep"
>>   #elif defined(__s390x__)
>
Martin KaFai Lau Aug. 8, 2024, 9:56 p.m. UTC | #3
On 8/8/24 1:38 PM, Kui-Feng Lee wrote:
> 
> 
> On 8/8/24 13:27, Martin KaFai Lau wrote:
>> On 8/7/24 11:31 AM, Kui-Feng Lee wrote:
>>> +struct netns_obj *netns_new(const char *nsname, bool open)
>>> +{
>>> +    struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
>>> +    const char *test_name, *subtest_name;
>>> +    int r;
>>> +
>>> +    if (!netns_obj)
>>> +        return NULL;
>>> +    memset(netns_obj, 0, sizeof(*netns_obj));
>>> +
>>> +    netns_obj->nsname = strdup(nsname);
>>> +    if (!netns_obj->nsname)
>>> +        goto fail;
>>> +
>>> +    /* Create the network namespace */
>>> +    r = make_netns(nsname);
>>> +    if (r)
>>> +        goto fail;
>>> +
>>> +    /* Set the network namespace of the current process */
>>> +    if (open) {
>>> +        netns_obj->nstoken = open_netns(nsname);
>>> +        if (!netns_obj->nstoken)
>>> +            goto fail;
>>> +    }
>>> +
>>> +    /* Start traffic monitor */
>>> +    if (env.test->should_tmon ||
>>> +        (env.subtest_state && env.subtest_state->should_tmon)) {
>>> +        test_name = env.test->test_name;
>>> +        subtest_name = env.subtest_state ? env.subtest_state->name : NULL;
>>> +        netns_obj->tmon = traffic_monitor_start(nsname, test_name, 
>>> subtest_name);
>>
>> The traffic_monitor_start() does open/close_netns(). close_netns() will 
>> restore to the previous netns. Is it better to do traffic_monitor_start() 
>> before the above open_netns() such that we don't have to worry about the 
>> stacking open_netns and which netns the close_netns will restore?
> 
> Do you mean to open_netns() in another thread at the same time and
> interleave with the open_netns()/close_netns() pairs in the current thread?

I didn't mean this case. I don't think there will be a test calling 
open/close_nets() in different threads... but will it be an issue?

I was trying to say having the close_netns() restoring to the init_netns for the 
common case. Easier for the brain to reason without too much unnecessary 
open_netns stacking. Not saying there is an issue in the patch.

> 
>>
>>
>>> +        if (!netns_obj->tmon)
>>> +            fprintf(stderr, "Failed to start traffic monitor for %s\n", 
>>> nsname);
>>> +    } else {
>>> +        netns_obj->tmon = NULL;
>>> +    }
>>> +
>>> +    system("ip link set lo up");
>>
>> The "bool open" could be false here. This command could be acted on the > 
>> init_netns and the intention is to set lo up at the newly created netns.
>>
> 
> You are right! I should enclose this call in-between a pair of
> open_netns() & close_netns().

I would just move it to make_netns() and do "ip -n nsname link set lo up".
Yes, the traffic_monitor_start() is after the lo is up but I think it is fine.
Kui-Feng Lee Aug. 9, 2024, 4:54 p.m. UTC | #4
On 8/8/24 14:56, Martin KaFai Lau wrote:
> On 8/8/24 1:38 PM, Kui-Feng Lee wrote:
>>
>>
>> On 8/8/24 13:27, Martin KaFai Lau wrote:
>>> On 8/7/24 11:31 AM, Kui-Feng Lee wrote:
>>>> +struct netns_obj *netns_new(const char *nsname, bool open)
>>>> +{
>>>> +    struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
>>>> +    const char *test_name, *subtest_name;
>>>> +    int r;
>>>> +
>>>> +    if (!netns_obj)
>>>> +        return NULL;
>>>> +    memset(netns_obj, 0, sizeof(*netns_obj));
>>>> +
>>>> +    netns_obj->nsname = strdup(nsname);
>>>> +    if (!netns_obj->nsname)
>>>> +        goto fail;
>>>> +
>>>> +    /* Create the network namespace */
>>>> +    r = make_netns(nsname);
>>>> +    if (r)
>>>> +        goto fail;
>>>> +
>>>> +    /* Set the network namespace of the current process */
>>>> +    if (open) {
>>>> +        netns_obj->nstoken = open_netns(nsname);
>>>> +        if (!netns_obj->nstoken)
>>>> +            goto fail;
>>>> +    }
>>>> +
>>>> +    /* Start traffic monitor */
>>>> +    if (env.test->should_tmon ||
>>>> +        (env.subtest_state && env.subtest_state->should_tmon)) {
>>>> +        test_name = env.test->test_name;
>>>> +        subtest_name = env.subtest_state ? env.subtest_state->name 
>>>> : NULL;
>>>> +        netns_obj->tmon = traffic_monitor_start(nsname, test_name, 
>>>> subtest_name);
>>>
>>> The traffic_monitor_start() does open/close_netns(). close_netns() 
>>> will restore to the previous netns. Is it better to do 
>>> traffic_monitor_start() before the above open_netns() such that we 
>>> don't have to worry about the stacking open_netns and which netns the 
>>> close_netns will restore?
>>
>> Do you mean to open_netns() in another thread at the same time and
>> interleave with the open_netns()/close_netns() pairs in the current 
>> thread?
> 
> I didn't mean this case. I don't think there will be a test calling 
> open/close_nets() in different threads... but will it be an issue?
> 
> I was trying to say having the close_netns() restoring to the init_netns 
> for the common case. Easier for the brain to reason without too much 
> unnecessary open_netns stacking. Not saying there is an issue in the patch.

Got it!

> 
>>
>>>
>>>
>>>> +        if (!netns_obj->tmon)
>>>> +            fprintf(stderr, "Failed to start traffic monitor for 
>>>> %s\n", nsname);
>>>> +    } else {
>>>> +        netns_obj->tmon = NULL;
>>>> +    }
>>>> +
>>>> +    system("ip link set lo up");
>>>
>>> The "bool open" could be false here. This command could be acted on 
>>> the > init_netns and the intention is to set lo up at the newly 
>>> created netns.
>>>
>>
>> You are right! I should enclose this call in-between a pair of
>> open_netns() & close_netns().
> 
> I would just move it to make_netns() and do "ip -n nsname link set lo up".
> Yes, the traffic_monitor_start() is after the lo is up but I think it is 
> fine.
> 
> 

Ok!
diff mbox series

Patch

diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c
index 462aeadd767e..3611c542241c 100644
--- a/tools/testing/selftests/bpf/network_helpers.c
+++ b/tools/testing/selftests/bpf/network_helpers.c
@@ -445,6 +445,46 @@  char *ping_command(int family)
 	return "ping";
 }
 
+int make_netns(const char *name)
+{
+	char *cmd;
+	int r;
+
+	r = asprintf(&cmd, "ip netns add %s", name);
+	if (r < 0) {
+		log_err("Failed to malloc cmd");
+		return -1;
+	}
+
+	r = system(cmd);
+	if (r > 0)
+		/* exit code */
+		r = -r;
+
+	free(cmd);
+	return r;
+}
+
+int remove_netns(const char *name)
+{
+	char *cmd;
+	int r;
+
+	r = asprintf(&cmd, "ip netns del %s >/dev/null 2>&1", name);
+	if (r < 0) {
+		log_err("Failed to malloc cmd");
+		return -1;
+	}
+
+	r = system(cmd);
+	if (r > 0)
+		/* exit code */
+		r = -r;
+
+	free(cmd);
+	return r;
+}
+
 struct nstoken {
 	int orig_netns_fd;
 };
diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h
index 0d032ae706c6..c72c16e1aff8 100644
--- a/tools/testing/selftests/bpf/network_helpers.h
+++ b/tools/testing/selftests/bpf/network_helpers.h
@@ -93,6 +93,8 @@  struct nstoken;
 struct nstoken *open_netns(const char *name);
 void close_netns(struct nstoken *token);
 int send_recv_data(int lfd, int fd, uint32_t total_bytes);
+int make_netns(const char *name);
+int remove_netns(const char *name);
 
 static __u16 csum_fold(__u32 csum)
 {
diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index fed22e9fd223..3f79ce52aeb0 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -18,6 +18,8 @@ 
 #include <bpf/btf.h>
 #include "json_writer.h"
 
+#include "network_helpers.h"
+
 #ifdef __GLIBC__
 #include <execinfo.h> /* backtrace */
 #endif
@@ -642,6 +644,94 @@  int compare_stack_ips(int smap_fd, int amap_fd, int stack_trace_len)
 	return err;
 }
 
+struct netns_obj {
+	char *nsname;
+	struct tmonitor_ctx *tmon;
+	struct nstoken *nstoken;
+};
+
+/* Create a new network namespace with the given name.
+ *
+ * Create a new network namespace and set the network namespace of the
+ * current process to the new network namespace if the argument "open" is
+ * true. This function should be paired with netns_free() to release the
+ * resource and delete the network namespace.
+ *
+ * It also implements the functionality of the option "-m" by starting
+ * traffic monitor on the background to capture the packets in this network
+ * namespace if the current test or subtest matching the pattern.
+ *
+ * nsname: the name of the network namespace to create.
+ * open: open the network namespace if true.
+ *
+ * Return: the network namespace object on success, NULL on failure.
+ */
+struct netns_obj *netns_new(const char *nsname, bool open)
+{
+	struct netns_obj *netns_obj = malloc(sizeof(*netns_obj));
+	const char *test_name, *subtest_name;
+	int r;
+
+	if (!netns_obj)
+		return NULL;
+	memset(netns_obj, 0, sizeof(*netns_obj));
+
+	netns_obj->nsname = strdup(nsname);
+	if (!netns_obj->nsname)
+		goto fail;
+
+	/* Create the network namespace */
+	r = make_netns(nsname);
+	if (r)
+		goto fail;
+
+	/* Set the network namespace of the current process */
+	if (open) {
+		netns_obj->nstoken = open_netns(nsname);
+		if (!netns_obj->nstoken)
+			goto fail;
+	}
+
+	/* Start traffic monitor */
+	if (env.test->should_tmon ||
+	    (env.subtest_state && env.subtest_state->should_tmon)) {
+		test_name = env.test->test_name;
+		subtest_name = env.subtest_state ? env.subtest_state->name : NULL;
+		netns_obj->tmon = traffic_monitor_start(nsname, test_name, subtest_name);
+		if (!netns_obj->tmon)
+			fprintf(stderr, "Failed to start traffic monitor for %s\n", nsname);
+	} else {
+		netns_obj->tmon = NULL;
+	}
+
+	system("ip link set lo up");
+
+	return netns_obj;
+fail:
+	close_netns(netns_obj->nstoken);
+	remove_netns(nsname);
+	free(netns_obj->nsname);
+	free(netns_obj);
+	return NULL;
+}
+
+/* Delete the network namespace.
+ *
+ * This function should be paired with netns_new() to delete the namespace
+ * created by netns_new().
+ */
+void netns_free(struct netns_obj *netns_obj)
+{
+	if (!netns_obj)
+		return;
+	if (netns_obj->tmon)
+		traffic_monitor_stop(netns_obj->tmon);
+	close_netns(netns_obj->nstoken);
+	remove_netns(netns_obj->nsname);
+	free(netns_obj->nsname);
+	free(netns_obj);
+}
+
 /* extern declarations for test funcs */
 #define DEFINE_TEST(name)				\
 	extern void test_##name(void) __weak;		\
diff --git a/tools/testing/selftests/bpf/test_progs.h b/tools/testing/selftests/bpf/test_progs.h
index 966011eb7ec8..3ad131de14c6 100644
--- a/tools/testing/selftests/bpf/test_progs.h
+++ b/tools/testing/selftests/bpf/test_progs.h
@@ -430,6 +430,10 @@  int write_sysctl(const char *sysctl, const char *value);
 int get_bpf_max_tramp_links_from(struct btf *btf);
 int get_bpf_max_tramp_links(void);
 
+struct netns_obj;
+struct netns_obj *netns_new(const char *name, bool open);
+void netns_free(struct netns_obj *netns);
+
 #ifdef __x86_64__
 #define SYS_NANOSLEEP_KPROBE_NAME "__x64_sys_nanosleep"
 #elif defined(__s390x__)