From patchwork Mon Nov 29 04:55:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 12643651 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0AB82C433FE for ; Mon, 29 Nov 2021 04:58:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232516AbhK2FB3 (ORCPT ); Mon, 29 Nov 2021 00:01:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238207AbhK2E7Y (ORCPT ); Sun, 28 Nov 2021 23:59:24 -0500 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DAD56C061763 for ; Sun, 28 Nov 2021 20:55:15 -0800 (PST) Received: by mail-pj1-x102b.google.com with SMTP id gf14-20020a17090ac7ce00b001a7a2a0b5c3so14535001pjb.5 for ; Sun, 28 Nov 2021 20:55:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LNM8sfQpMLWvuNtmqh46qWd8UWJ7MTXUa8CLFYTumGA=; b=jT4jvsFQSDqsw7A6NLlvDsGVroRQgCJaHU2DlzWOl6AlqF8kZAkWzmMbyX4NmUGxdd vR+AKHeG0UXTU/HaBc59E+liX1AtXMz7ApstY2NoF1wR5yyOHHxxMGV4P6n87CZVhKsz wq8a8l4YN49Cw+yEAPfaZXWx51TJRwLc3y8zLP+e6T8o6ABfPP+Uz9ZbINyX3hnxs0Rq na9Q++jLTcnsqKUmijDzk1xbCxA9qoc38hCbvgIPtyBQ0/oVuS9TP9lDRZVzUYVpBFLY QPdEmxsoll/HYcJh0v7w47dwQX/eWO9JtjQXBwQH0BqxAZfP7IB3wvb+51ZgcXQH/Esh HvQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LNM8sfQpMLWvuNtmqh46qWd8UWJ7MTXUa8CLFYTumGA=; b=Ce68e6q7LFO5gOUL5WobqRgJBKR+FemK6uPPX1yH3XXEvLKpzq940k+wSwoK4jXLmW mk591A/11Xupnn0zNt0wcYRRbK6k/VulG8UrmYqoBLFCncIgi0FRKgDxvvv4TsQjvB5b AZQPD9aXgHJwxDpxcoYpIio9clwzi6Kfewt4EqKgj1ri9Ev+7xvXad3cilNKX6ruFU2b e0ZS0TFzks6/XrsO3K4auE1IrDGFbfQu9qrjh3ep1SIjX4TDy1HSQUZCEV13HxIKL7rc bDpLL69UbiNcHyKpMjERxdZmke0I2WQp0FIgM5HOqff+2qv3Loxb7+UXeVHHUgTz1wm+ 9lXA== X-Gm-Message-State: AOAM533luLvDVJEcG2MXo59T2ohphFbDrZuIZr4dTvWE2lUCOsB06fWS bJRYhPgBqL0QdN0zLY6MVl1FLXvsw2w= X-Google-Smtp-Source: ABdhPJwzVzjq+VxD3YdGR8tzb2kpxE+QhFlNATFcXHyCwLyb9cYnP8kKMG3u90ZvuT+7GJBPRxKbyQ== X-Received: by 2002:a17:90a:e7cc:: with SMTP id kb12mr35596580pjb.172.1638161715170; Sun, 28 Nov 2021 20:55:15 -0800 (PST) Received: from localhost.localdomain ([111.204.182.106]) by smtp.gmail.com with ESMTPSA id p33sm10781329pgm.85.2021.11.28.20.55.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Nov 2021 20:55:14 -0800 (PST) From: xiangxia.m.yue@gmail.com To: netdev@vger.kernel.org Cc: Tonghao Zhang , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski Subject: [net v3 1/3] net: core: set skb useful vars in __bpf_tx_skb Date: Mon, 29 Nov 2021 12:55:01 +0800 Message-Id: <20211129045503.20217-1-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Tonghao Zhang We may use bpf_redirect to redirect the packets to other netdevice (e.g. ifb) in ingress and egress path. The target netdevice may check the *skb_iif, *redirected and *from_ingress, for example, if skb_iif or redirected is 0, ifb will drop the packets. bpf_redirect may be invoked in ingress or egress path, so we set the *skb_iif unconditionally. Fixes: a70b506efe89 ("bpf: enforce recursion limit on redirects") Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: "David S. Miller" Cc: Jakub Kicinski Signed-off-by: Tonghao Zhang --- net/core/filter.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 8271624a19aa..225dc8743863 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2107,9 +2107,19 @@ static inline int __bpf_tx_skb(struct net_device *dev, struct sk_buff *skb) return -ENETDOWN; } - skb->dev = dev; + /* The target netdevice (e.g. ifb) may use the: + * - skb_iif, bpf_redirect may be invoked in ingress or egress path. + * - redirected + * - from_ingress + */ + skb->skb_iif = skb->dev->ifindex; +#ifdef CONFIG_NET_CLS_ACT + skb_set_redirected(skb, skb->tc_at_ingress); +#else skb->tstamp = 0; +#endif + skb->dev = dev; dev_xmit_recursion_inc(); ret = dev_queue_xmit(skb); dev_xmit_recursion_dec(); From patchwork Mon Nov 29 04:55:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 12643647 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80601C433EF for ; Mon, 29 Nov 2021 04:58:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232366AbhK2FB3 (ORCPT ); Mon, 29 Nov 2021 00:01:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238488AbhK2E7Y (ORCPT ); Sun, 28 Nov 2021 23:59:24 -0500 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58776C0613D7 for ; Sun, 28 Nov 2021 20:55:21 -0800 (PST) Received: by mail-pf1-x433.google.com with SMTP id o4so15527917pfp.13 for ; Sun, 28 Nov 2021 20:55:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EqYRUqqd41aXlKA0/ZYdi5FpiIkmQPnY727rVIh/6mk=; b=EQN7scL8XVWVBSaRuNL3dIX9JUw4vUuIAuIDeAxmXtH16BtX2RYCiBjJm5QSxDUzRg ofFio8JK6ZErkFyhJspoCMpHEqKlbF6B9ScrwU2/IddixGSTMXl9tl/Mik3/0kR5v1Lo llCHmPLV/9jpDqcSI2XeVfZ31S/h6JLyIxiVWcYSaMbDR3T69J+GQiVFZWUUZP2IucPx 9kiF9Vh+yIU2CRwfTEPHASmrJIxYr8YdLHGFq0+FTq9PyaLtHXMoosLHKGmkHdG+cpOk hINYWNp/tEhuEdbR+Fto0jBH55VO4a/bRdENcMGm6gi55hVvzY5N2+GaQQcCkoZ7+Kfm GC2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EqYRUqqd41aXlKA0/ZYdi5FpiIkmQPnY727rVIh/6mk=; b=5woSzvxdIu1ia7vwXb0PnJ6EluCahjnSFmRSUxq4MtIXLQ7PoQumuFVs0f/T7ijHmr hKylnOdDUOdyY4utIp5fmsVuLp5zs0QDY6ZusR8rKOCMsho8W8PVH1bM7hAt9vAZBnxr ucRMvZ33H9/FmBY2LClrx4LSWpm05pHEbFitsl5bFfYdme/NUYd5ZQ2PY6Fhem4m1Cub 8PTKJ65f41Lzo4tlq89V5xtGkMdA2+hSScub3NxOe0B7/lHx5t/8A6BJ+PIkOoHzg2L9 yksMVyx+tyqIctKNM17klW8pGWKIo8fbQT1tVIcnHPftxW+ngU8Xq/9pdZEKe3gGCl7x jexQ== X-Gm-Message-State: AOAM532v/5cmFNL06aqimBp6N47qQ55ONa3Ld+cKRDJ6uEmjDWBtELw6 75K827caB1nx5DAnn0Y3fQYfjkU+SqJ/+Q== X-Google-Smtp-Source: ABdhPJzBn0g76xnzIOKtfIGbytb6XmznkyPdo2jIMe4QpxOe82kBW11TQLwGS3NXFzKAh7pb+ZdPPw== X-Received: by 2002:a05:6a00:1909:b0:49f:a0d0:abcf with SMTP id y9-20020a056a00190900b0049fa0d0abcfmr36838056pfi.70.1638161720598; Sun, 28 Nov 2021 20:55:20 -0800 (PST) Received: from localhost.localdomain ([111.204.182.106]) by smtp.gmail.com with ESMTPSA id p33sm10781329pgm.85.2021.11.28.20.55.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Nov 2021 20:55:20 -0800 (PST) From: xiangxia.m.yue@gmail.com To: netdev@vger.kernel.org Cc: Tonghao Zhang , Willem de Bruijn , Cong Wang , Jakub Kicinski , "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Eric Dumazet , Antoine Tenart , Alexander Lobakin , Wei Wang , =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , Arnd Bergmann Subject: [net v3 2/3] net: sched: add check tc_skip_classify in sch egress Date: Mon, 29 Nov 2021 12:55:02 +0800 Message-Id: <20211129045503.20217-2-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20211129045503.20217-1-xiangxia.m.yue@gmail.com> References: <20211129045503.20217-1-xiangxia.m.yue@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Tonghao Zhang Try to resolve the issues as below: * We look up and then check tc_skip_classify flag in net sched layer, even though skb don't want to be classified. That case may consume a lot of cpu cycles. Install the rules as below: $ for id in $(seq 1 100); do $ tc filter add ... egress prio $id ... action mirred egress redirect dev ifb0 $ done netperf: $ taskset -c 1 netperf -t TCP_RR -H ip -- -r 32,32 $ taskset -c 1 netperf -t TCP_STREAM -H ip -- -m 32 Before: 10662.33 tps, 108.95 Mbit/s After: 12434.48 tps, 145.89 Mbit/s For TCP_RR, there are 16.6% improvement, TCP_STREAM 33.9%. * bpf_redirect may be invoked in egress path. if we don't check the flags and then return immediately, the packets will loopback. $ tc filter add dev eth0 egress bpf direct-action obj \ test_tc_redirect_ifb.o sec redirect_ifb Cc: Willem de Bruijn Cc: Cong Wang Cc: Jakub Kicinski Cc: "David S. Miller" Cc: Jakub Kicinski Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: Eric Dumazet Cc: Antoine Tenart Cc: Alexander Lobakin Cc: Wei Wang Cc: "Björn Töpel" Cc: Arnd Bergmann Signed-off-by: Tonghao Zhang --- v2: https://patchwork.kernel.org/project/netdevbpf/patch/20211103143208.41282-1-xiangxia.m.yue@gmail.com/ Willem de Bruijn and Daniel Borkmann, comment this patch, but I think we should fix this, bpf_redirect may also loopback the packets. I hope there are more comments? --- net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 823917de0d2b..4ceb927b1577 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3823,6 +3823,9 @@ sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev) if (!miniq) return skb; + if (skb_skip_tc_classify(skb)) + return skb; + /* qdisc_skb_cb(skb)->pkt_len was already set by the caller. */ qdisc_skb_cb(skb)->mru = 0; qdisc_skb_cb(skb)->post_ct = false; From patchwork Mon Nov 29 04:55:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 12643649 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB653C433F5 for ; Mon, 29 Nov 2021 04:58:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232611AbhK2FBa (ORCPT ); Mon, 29 Nov 2021 00:01:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239218AbhK2E7Y (ORCPT ); Sun, 28 Nov 2021 23:59:24 -0500 Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F977C0613DD for ; Sun, 28 Nov 2021 20:55:26 -0800 (PST) Received: by mail-pj1-x102b.google.com with SMTP id j6-20020a17090a588600b001a78a5ce46aso14591307pji.0 for ; Sun, 28 Nov 2021 20:55:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2tgWJcHuCeT/qGLGpdTorajcshX7da/TcHZxbHFv3C8=; b=O/SaN7LxiPIneVD8135QuHux5XNs5Lj8yywGPXBL48DLLfAt8T6qkfOUna0dCjBkoe xK5AeV6uOTfmLGx5WZeMZyLB1/s4Q/cF/ea+nbFam7lYq7st95ed+M2KO9BXS5TiSIHN GbYjkbaXC8z3EaNWgCxvwXd9yCmhg6BBqpdxNwsFm9jhe2dQtEJJSJeUdAY8sYtgrXGg GUArqNCmlndWz7I2P0ai2+CciEPw+E6X7QkAbWVmUlNfbgQy6lbPoo6Mity9PlZRWeKn KavGl3CxQt0MCBGO7MNGm98b0J5/tLgOVz9sgPt467LJK7E9V0nZB6YZw8MIt2A/v6WE 2xfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2tgWJcHuCeT/qGLGpdTorajcshX7da/TcHZxbHFv3C8=; b=XptD+MiEitAkqwpFsl1Wkhb6Dc98C4lokmPral9ti8PnDCpv1wnzc/5enP4DJSZkkV R+T0+gGURj6Ch1wFSl0ZFCBJbwSO2IDiBcgUBOXXJqPOgKAvB8n20J10NTxrt8USxoFi 4T5bhrgS0BZiMLE65iXAx/2q1fxtU5d0ydi4dnQ7z0/SakGCoEKG89bzEqN+Ry/GFA6y z5hQ09DWqVhCL2Hl1BdFlsUcdcV1Ft76JnCO9RNvtwhZNpGRq/aCb97b8abRhnSU0nf3 lj1vQx/fV+jXNGgoGaxTAVCmLlZdWav3/fiMmq8u79AAEebeYAvBUmOPBLia8vsalzst EJKA== X-Gm-Message-State: AOAM532cdoUUb5w67unS3+PGnUtLIckdCclO+82ihU4YAts/NRIvDgu6 zfD98FSxVARXuSqrktX0r32HfLT/E8iH4g== X-Google-Smtp-Source: ABdhPJyY8wQlR84YHCVha2QjT6V+0E1NmVU+mzo1Ihph9IEdLVXmUALa2RwexsIZvN6j0akLkEivqQ== X-Received: by 2002:a17:903:31d1:b0:141:f14b:6ebd with SMTP id v17-20020a17090331d100b00141f14b6ebdmr56959881ple.75.1638161725599; Sun, 28 Nov 2021 20:55:25 -0800 (PST) Received: from localhost.localdomain ([111.204.182.106]) by smtp.gmail.com with ESMTPSA id p33sm10781329pgm.85.2021.11.28.20.55.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Nov 2021 20:55:25 -0800 (PST) From: xiangxia.m.yue@gmail.com To: netdev@vger.kernel.org Cc: Tonghao Zhang , Willem de Bruijn , Cong Wang , Jakub Kicinski , "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Eric Dumazet , Antoine Tenart , Alexander Lobakin , Wei Wang , =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , Arnd Bergmann Subject: [net v3 3/3] selftests: bpf: add bpf_redirect to ifb Date: Mon, 29 Nov 2021 12:55:03 +0800 Message-Id: <20211129045503.20217-3-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20211129045503.20217-1-xiangxia.m.yue@gmail.com> References: <20211129045503.20217-1-xiangxia.m.yue@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Tonghao Zhang ifb netdev is used for queueing incoming traffic for shaping. we may run bpf progs in tc cls hook(ingress or egress), to redirect the packets to ifb. This patch adds this test, for bpf. Cc: Willem de Bruijn Cc: Cong Wang Cc: Jakub Kicinski Cc: "David S. Miller" Cc: Jakub Kicinski Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Andrii Nakryiko Cc: Martin KaFai Lau Cc: Song Liu Cc: Yonghong Song Cc: John Fastabend Cc: KP Singh Cc: Eric Dumazet Cc: Antoine Tenart Cc: Alexander Lobakin Cc: Wei Wang Cc: "Björn Töpel" Cc: Arnd Bergmann Signed-off-by: Tonghao Zhang --- tools/testing/selftests/bpf/Makefile | 1 + .../bpf/progs/test_bpf_redirect_ifb.c | 10 +++ .../selftests/bpf/test_bpf_redirect_ifb.sh | 73 +++++++++++++++++++ 3 files changed, 84 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/test_bpf_redirect_ifb.c create mode 100755 tools/testing/selftests/bpf/test_bpf_redirect_ifb.sh diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 5d42db2e129a..6ec8b97af0ea 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -65,6 +65,7 @@ TEST_PROGS := test_kmod.sh \ test_xdp_vlan_mode_native.sh \ test_lwt_ip_encap.sh \ test_tcp_check_syncookie.sh \ + test_bpf_redirect_ifb.sh \ test_tc_tunnel.sh \ test_tc_edt.sh \ test_xdping.sh \ diff --git a/tools/testing/selftests/bpf/progs/test_bpf_redirect_ifb.c b/tools/testing/selftests/bpf/progs/test_bpf_redirect_ifb.c new file mode 100644 index 000000000000..d3205ad5e35a --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_bpf_redirect_ifb.c @@ -0,0 +1,10 @@ +#include +#include + +SEC("redirect_ifb") +int redirect(struct __sk_buff *skb) +{ + return bpf_redirect(skb->ifindex + 1 /* ifbX */, 0); +} + +char __license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_bpf_redirect_ifb.sh b/tools/testing/selftests/bpf/test_bpf_redirect_ifb.sh new file mode 100755 index 000000000000..0933439696ab --- /dev/null +++ b/tools/testing/selftests/bpf/test_bpf_redirect_ifb.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# + +# Topology: +# --------- +# n1 namespace | n2 namespace +# | +# ----------- | ---------------- +# | veth0 | --------- | veth1, ifb1 | +# ----------- peer ---------------- +# + +readonly prefix="ns-$$-" +readonly ns1="${prefix}1" +readonly ns2="${prefix}2" +readonly ns1_addr=192.168.1.1 +readonly ns2_addr=192.168.1.2 + +setup() { + echo "Load ifb module" + if ! /sbin/modprobe -q -n ifb; then + echo "test_bpf_redirect ifb: module ifb is not found [SKIP]" + exit 4 + fi + + modprobe -q ifb numifbs=0 + + ip netns add "${ns1}" + ip netns add "${ns2}" + + ip link add dev veth0 mtu 1500 netns "${ns1}" type veth \ + peer name veth1 mtu 1500 netns "${ns2}" + # ifb1 created after veth1 + ip link add dev ifb1 mtu 1500 netns "${ns2}" type ifb + + ip -netns "${ns1}" link set veth0 up + ip -netns "${ns2}" link set veth1 up + ip -netns "${ns2}" link set ifb1 up + ip -netns "${ns1}" -4 addr add "${ns1_addr}/24" dev veth0 + ip -netns "${ns2}" -4 addr add "${ns2_addr}/24" dev veth1 + + ip netns exec "${ns2}" tc qdisc add dev veth1 clsact +} + +cleanup() { + ip netns del "${ns2}" &>/dev/null + ip netns del "${ns1}" &>/dev/null + modprobe -r ifb +} + +trap cleanup EXIT + +setup + +ip netns exec "${ns2}" tc filter add dev veth1 \ + ingress bpf direct-action obj test_bpf_redirect_ifb.o sec redirect_ifb +ip netns exec "${ns1}" ping -W 2 -c 2 -i 0.2 -q "${ns2_addr}" &>/dev/null +if [ $? -ne 0 ]; then + echo "bpf redirect to ifb on ingress path [FAILED]" + exit 1 +fi + +ip netns exec "${ns2}" tc filter del dev veth1 ingress +ip netns exec "${ns2}" tc filter add dev veth1 \ + egress bpf direct-action obj test_bpf_redirect_ifb.o sec redirect_ifb +ip netns exec "${ns1}" ping -W 2 -c 2 -i 0.2 -q "${ns2_addr}" &>/dev/null +if [ $? -ne 0 ]; then + echo "bpf redirect to ifb on egress path [FAILED]" + exit 1 +fi + +echo OK