From patchwork Sat Feb 24 09:04:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570319 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35219179AA for ; Sat, 24 Feb 2024 09:04:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765487; cv=none; b=sWwdJkEe53rOTZ6fV/alxSXA9dCLnytsaXUMdKBJsn7MdJKUCsyV4RWMrWYHFf64covqgQ3RkstvSGVTgwpqeqy8cYtyTQinD1ISwLTpaJnGcmcCFAn4RWx+ANwh9RELQFUOQ6qOERL7vykHNL2ECbSfLmfnEF6vlseBJYU0GgA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765487; c=relaxed/simple; bh=ZnGxdQGJy1ClaaFcPFlryVbb4hGecUZML2DaP2kkzLg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HmngIZmjZb6Lq/wkSRB88RS51lM2HZztHjM10u1KHXAz4tZqWB8dSIa+O69BiyLlgqV6VDLOtG7y53Zv2j6UZfTysvbIpboOCs/nQOg+TdWobPoF6KJ9RU9tM/UTX7u7FWuTsN5gxsryZV4bU0WxbQlM+1qTECuUtX899gogiDU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=eI8XeX+w; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="eI8XeX+w" Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4129ed6f514so644145e9.1 for ; Sat, 24 Feb 2024 01:04:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765483; x=1709370283; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uHrQr/XJfBtNje1BbDqA25SZP6hUvJlYF/SVh1AtKWc=; b=eI8XeX+wRqalUFQitMgR1L6d2VjXQSZ1tPvZas+cPzBwtLoIx+IULGFFduuUVL8fnz zKXLxO5/OIAsQQTMiCHvIa1DFIyQSVTRN3h65jE1DbicXJwmo1YILfNcgK5fmRAcXNef rmhxndqrnOksZLIBBGSxBFVBh0mWueMNxl4QUPcy7uQz70Cuxi1m2NqXpXPmq9va9td0 2NnWd/mAp8BeLSVcrS0PzRtGBzxpwhzMaj3wHib87U8dRZMJwcd0Ixr5VWsrrew39EFy 3PAE5cqX2IyMnj2YH7rwo9lb7jJyF0b5kaTifLDunHjiG+N9vV4E/eG6VoLb0S6TycP8 BMdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765483; x=1709370283; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uHrQr/XJfBtNje1BbDqA25SZP6hUvJlYF/SVh1AtKWc=; b=H5hsjc7CdyGMKbeYoIEglCVgTUECNgecdPu17EqHbRTxDUt+bISNEn8qGLAcx/PZGe pB41ACiO0fGExOX6sVnYiIS+61gsilLjK/C78d1QVsbCsV3Hlei7cn+mvnMIv5UePphs bhR0VAca0Ba4FPpoLmNpBCALET4OroEUui9VNonj6ggSieeUthYw3FFfGYflEeiB6xI2 7BzGOETM6OT1Vs6tmjdpLxZ0Gq5kjWDfgV8wEeezOm5E1jkFdNYg6oTRjbTe7cPzbIP6 K+4YhQ4C5N00CX8RHwfikP14cfVYbC4f58oxEEwJnLH3nt0TWj8rMO0vS8g0WxA9bUmk hL6A== X-Forwarded-Encrypted: i=1; AJvYcCWMOGBmNBB8BF7H9HyR0cfsPIRkYHFrbxY0byg3gYLaS0pXiElYyqjqn/RdQIEFmqwrKWE4vF/Zp8MJnW7IUQYKGK//+bhB X-Gm-Message-State: AOJu0YwyDqJYJep1EoawLXXLKXztKC0SkEAQwO1JL553kde7P4w4X8At aBGNtrMWXNzh5aa4H8dA29IvCG35pFazzP+AqlYakFCek0V4d+eYv2cBzw+xZQ== X-Google-Smtp-Source: AGHT+IHzc6qo+/osCEweqq/ftRcXkWVdH0DBlbOnEDsN3aOfXaqN9RZnuvJwsrGdKEIUTGWViyIiEQ== X-Received: by 2002:a05:600c:5109:b0:412:610f:c2e7 with SMTP id o9-20020a05600c510900b00412610fc2e7mr1544855wms.41.1708765483493; Sat, 24 Feb 2024 01:04:43 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:42 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 01/10] net/tcp: Use static_branch_tcp_{md5,ao} to drop ifdefs Date: Sat, 24 Feb 2024 09:04:09 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-1-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=2366; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=ZnGxdQGJy1ClaaFcPFlryVbb4hGecUZML2DaP2kkzLg=; b=YSWRW5wa+c4zamP9YG0WiY8b3kvQg+Hs5tBhsFDlmGdWW+fFHBs58d2MLzy98VPbD0bMlZuKP 7VdCGuaclWIDZ9N+RulWTS1iDcO0YMqwrD005kHZ5vXbl8FA7sDewrN X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org It's possible to clean-up some ifdefs by hiding that tcp_{md5,ao}_needed static branch is defined and compiled only under related configs, since commit 4c8530dc7d7d ("net/tcp: Only produce AO/MD5 logs if there are any keys"). Signed-off-by: Dmitry Safonov --- include/net/tcp.h | 14 ++++---------- net/ipv4/tcp_ipv4.c | 8 ++------ 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index 33bf92dff0af..c1fff9207e2d 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2369,21 +2369,15 @@ static inline void tcp_get_current_key(const struct sock *sk, static inline bool tcp_key_is_md5(const struct tcp_key *key) { -#ifdef CONFIG_TCP_MD5SIG - if (static_branch_unlikely(&tcp_md5_needed.key) && - key->type == TCP_KEY_MD5) - return true; -#endif + if (static_branch_tcp_md5()) + return key->type == TCP_KEY_MD5; return false; } static inline bool tcp_key_is_ao(const struct tcp_key *key) { -#ifdef CONFIG_TCP_AO - if (static_branch_unlikely(&tcp_ao_needed.key) && - key->type == TCP_KEY_AO) - return true; -#endif + if (static_branch_tcp_ao()) + return key->type == TCP_KEY_AO; return false; } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0c50c5a32b84..56dfae81c671 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1050,12 +1050,10 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb) #else if (0) { #endif -#ifdef CONFIG_TCP_MD5SIG - } else if (static_branch_unlikely(&tcp_md5_needed.key)) { + } else if (static_branch_tcp_md5()) { key.md5_key = tcp_twsk_md5_key(tcptw); if (key.md5_key) key.type = TCP_KEY_MD5; -#endif } tcp_v4_send_ack(sk, skb, @@ -1124,8 +1122,7 @@ static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, #else if (0) { #endif -#ifdef CONFIG_TCP_MD5SIG - } else if (static_branch_unlikely(&tcp_md5_needed.key)) { + } else if (static_branch_tcp_md5()) { const union tcp_md5_addr *addr; int l3index; @@ -1134,7 +1131,6 @@ static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, key.md5_key = tcp_md5_do_lookup(sk, l3index, addr, AF_INET); if (key.md5_key) key.type = TCP_KEY_MD5; -#endif } /* RFC 7323 2.3 From patchwork Sat Feb 24 09:04:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570320 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E4B818EAF for ; Sat, 24 Feb 2024 09:04:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765489; cv=none; b=V4ce28DoOQlpVDiedIN2IDnA7wIX/q5iVAQ4anL/G6uiSfjuFq9zUkTWnt9yHV5WU0jrfL+PsCLpTPbAkvssyvyWWMTIXlejy6Mcs2mkRd3qIBxGnWdhAy6ul7hWrrecGUmCtN0FfiaerZLuDO7p1xtarnm7NAziV7PzhT9oo0M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765489; c=relaxed/simple; bh=MVFcWwkG7n4Gl2hWUwI00JsntCopPDcwfLrApRfCBMw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=W5sB1z+onvIvp6Pr1bdLKcTo1RMAH+VFEnldaekQ2/Ys6PlJQ45SV4rb0M+lbyxSIeEZuQdqv/tGt7uLZC/lB52AsQw4OMYCGH50ygygl5o+Q+sPGypRAAukb5tNMPOjHa+RcW10XNAkD9YumpWMYMD74uxOpdmmlhV+5SO98GE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=JkdJLm/W; arc=none smtp.client-ip=209.85.128.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="JkdJLm/W" Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-4129b4cef3aso1266675e9.1 for ; Sat, 24 Feb 2024 01:04:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765485; x=1709370285; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Juqpa+YmJMwWq9ujgAmWRIwmIrMmMg68TxjW3KTtjMY=; b=JkdJLm/W/2E0JuRaSjNeRaBuvh0Q6nUFzXkuTjEDekShHSYiXMGrAJyzo08+y1FlAq 4s42PdQmLfhcs2HCFUYY1oqDvamI4m6dax5rAfZuUepnswPsOYgrcL5fLrY8L5eB9nYH 3+JsCdtnuGr5E4ZfWnHQVYh2tKQeZ9omPMsSDrzhog/PTKMgQ7PaKO/Ym5zaL+nyepqS K9c2Gs2cEHBryvnZd+aCFq8iyl14r8mEQUJz7cIguLr4EtxAyzSAkT+4HUjXv3zD8v6h r8/23pY3rzQ/D3u8fspW8blhHj4L9bsKNh0U5zLwOuLqVxBiV8tmIfIC9SMd6xW/Utc8 Cekw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765485; x=1709370285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Juqpa+YmJMwWq9ujgAmWRIwmIrMmMg68TxjW3KTtjMY=; b=ofx8eDTloTBJQe2l2mhk77bcV7o52wtaDM7a57ykxTQqh4PiqvMUh0NBd8hnNGqkRf QbJC7ugaxhHu+U+Yxb2LO2v1XAuVYBOPpxExD1jb02rgBPKOJLHiqGGNfb+tVbWkAY0C Rkw8yinpfqky5OnoeKvxLo1ccqeGZlS0gCqSjpT/I5cRCXlen4hkXciMCzbL421MfSVM lWL3dclG425Bjk/OSZOdiy3Pfx/UObqxAs+w/LbNVEZkoLxg0KD/kw6qRZYZQhoxZI5i 80+LLkpkeKhaadahAePYTKroM8+NMijvIiCEj5il7KasA3Wrj145t0U4jJPV7lKsB3ml S1cQ== X-Forwarded-Encrypted: i=1; AJvYcCXDq990umbOQQPFlQdXqkrbT5TBVY2FzeW4xlonQm1IflFfv46KCKJ6jzaGOaQoOU/5VkxvD9slZOnEnxOvj6YUObViuc4q X-Gm-Message-State: AOJu0YyysAA6WsXGK2eTx+VfgcQNLyttPPYKV3D6mA859oPSDmnZX4/P 4oVx2C2AnKsDho8j0S8SYhiVOtW7Gjd9dYuBPUUd+61/90XBELyf0kCjXEiHFg== X-Google-Smtp-Source: AGHT+IE/v4Y77xHfDfwUj7mgt7/JJNZWj546Xq0JHNRXMyVIyZqM5v5JOrhU5whoc/IWfYePwfpQdw== X-Received: by 2002:a05:600c:4708:b0:412:8f3f:bd06 with SMTP id v8-20020a05600c470800b004128f3fbd06mr1948177wmo.8.1708765484836; Sat, 24 Feb 2024 01:04:44 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:44 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 02/10] net/tcp: Add a helper tcp_ao_hdr_maclen() Date: Sat, 24 Feb 2024 09:04:10 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-2-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=1223; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=MVFcWwkG7n4Gl2hWUwI00JsntCopPDcwfLrApRfCBMw=; b=dYV67W6rPZfpE9Z+hOApC8UtuF3cZlqJCdYtSwEPqPdI/XlEslH54K7WXEmeNVQZYPNjTlQfD rproo9nfyO5Ab6uMz3+AcGp19e8cuXGVCR5WBgvfXMlxprRbocWK6P4 X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org It's going to be used more in TCP-AO tracepoints. Signed-off-by: Dmitry Safonov --- include/net/tcp_ao.h | 5 +++++ net/ipv4/tcp_ao.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h index 471e177362b4..6501ed1dfa1e 100644 --- a/include/net/tcp_ao.h +++ b/include/net/tcp_ao.h @@ -19,6 +19,11 @@ struct tcp_ao_hdr { u8 rnext_keyid; }; +static inline u8 tcp_ao_hdr_maclen(const struct tcp_ao_hdr *aoh) +{ + return aoh->length - sizeof(struct tcp_ao_hdr); +} + struct tcp_ao_counters { atomic64_t pkt_good; atomic64_t pkt_bad; diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 3afeeb68e8a7..8726aa58e8b6 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -884,8 +884,8 @@ tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb, const struct tcp_ao_hdr *aoh, struct tcp_ao_key *key, u8 *traffic_key, u8 *phash, u32 sne, int l3index) { - u8 maclen = aoh->length - sizeof(struct tcp_ao_hdr); const struct tcphdr *th = tcp_hdr(skb); + u8 maclen = tcp_ao_hdr_maclen(aoh); void *hash_buf = NULL; if (maclen != tcp_ao_maclen(key)) { From patchwork Sat Feb 24 09:04:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570321 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41AA31B7E8 for ; Sat, 24 Feb 2024 09:04:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765490; cv=none; b=l+TlugMOo80RO+AwZZ1FBx5RmMMny7rh+Sp98o5PFWPeIaMPpCh6O7CjjWaL5V+qbX/tSG0mz/hyjb8yJCcjcdbY1xbSoRWHyhrtX3gC1fnHJuy1wS4Ci56TySX0biNrJRoWNAERl1IP7wyxJr7g6z0TCokgLhseGBcd/2cLyv4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765490; c=relaxed/simple; bh=dkVRlxZapEZPVo1HlQHs8NB5QOOr7LplY2MzBsV+hXk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Qh2AyMYRtGBhtjdkIf8M7GhAHcKb5t4lrjacX8wr7h3eYNazwPfUh4uxyagHjYrPxEIB0VWH6V8JKKXZBL1Roo0D1qnmOwmdzf9U1zspRo3GDbUTSFvYRqIbeGpwt0yqv71X6U+OoxLTYQHDMxWJ4pQY42Gx2Ixay1yeVH8mUEI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=Y1KeiGhY; arc=none smtp.client-ip=209.85.128.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="Y1KeiGhY" Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-41297dc236eso6606415e9.2 for ; Sat, 24 Feb 2024 01:04:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765486; x=1709370286; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GVf8ubtimcYBJcwjV010/pmV64cOLapisaNAn6DWlIA=; b=Y1KeiGhYmUO5yNXYu3tXNBNefWNzgQFKyVISJp771Q8EyXnqK0lgoU9UhWYPBUQrb0 cLkgL1G7x3Fktjkufv5JfYqfPEPjo5lCRYFrz+4xkzRt5JZxGEt+oFKQi9/4m+NcoJeC tfmaKACaswdRybDwXxxdq8I1fmoEHFf0clKHilnZtNldwVWDHE399H757spCU+nnj3tY Y8ML9T9fhjBSDjhhj3RU9Ukl/DKfjg4LQR028cNrrgVz8OSHQ1k5ISqfcYObWDKBW4DB dI8PIHut7hTdVMw039V/qszB/yzk8AZ2ZYhKAsQZP42wabxjtic3N6GN9nXMU9mEBbE1 bqKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765486; x=1709370286; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GVf8ubtimcYBJcwjV010/pmV64cOLapisaNAn6DWlIA=; b=gGOA4jYQV6ft2Q3XAEJ2VLb481X7EX5XHcTpHiI4pH/5o+kO68TP/Wrt7D1xMQymAM 0LTUGe5MDCUXfIj6aksWvQcjOf7t9dsqOlKFobbR7zQZ/WxHbfdLK8joJrvd5gBFsYKD Py1ejePHwPAriYQ4TW6+a5108xSOIqVRnVpBGW2ryTB5BaMx4VVSJNka6nnx8HiReFna 1hKwN4WXBP6R6K3NXvlco6EkFELp/qf4TCJpoc+U450+pGfdbXpwkMNDjz3RaH+Tjc0X 3h+bTlVnKMjbUBdyWDkXrGkZK/zPs2gDODsXPa8Eu5dXaamhP2ziuyBRt+FOwx84bMJm +r7Q== X-Forwarded-Encrypted: i=1; AJvYcCU1rokDNwwAfMgwl8QM604nRIdlqx0sWqDoqFTuySAEAxvZYpBQD5DRSBiBgeZaCWWfG7NCfeglEsEmNRswV5G1iJ1aZc4Z X-Gm-Message-State: AOJu0YzJvT3c/3k+xuJt4e+cbqkei0YSOAZMmVqSUP0/6zD9/Q3TmY3W Y5dVv4lLnAsnnFV5sf8miiXbmZrUx4r687FKR9r6VPaWKPZBgWnVO+7IJWWx3SirH81arUm0YgQ = X-Google-Smtp-Source: AGHT+IE1zA2oVwN2wokBEqB14i6tIB2v07fTO+K5sVNBjM85YT4nUiMZu0rdoJDc0VuSJtpUaYXfAA== X-Received: by 2002:a05:600c:384e:b0:412:7585:bea7 with SMTP id s14-20020a05600c384e00b004127585bea7mr1283665wmr.5.1708765486647; Sat, 24 Feb 2024 01:04:46 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:45 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 03/10] net/tcp: Move tcp_inbound_hash() from headers Date: Sat, 24 Feb 2024 09:04:11 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-3-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=5609; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=dkVRlxZapEZPVo1HlQHs8NB5QOOr7LplY2MzBsV+hXk=; b=HzEYB6ULcdQGce14J2gKFfRi/qiy0saSFeVJiAIyNQYfdgJYh26AS2kS5GQd2tsYsFbfJlDkt lVKpB4nMSWxC0MKnXOuOAu7E1YHjZ5/TdYZz3PxiEU+/cpbB4dzQ3YG X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Two reasons: 1. It's grown up enough 2. In order to not do header spaghetti by including , which is necessary for TCP tracepoints. Signed-off-by: Dmitry Safonov --- include/net/tcp.h | 65 ++++--------------------------------------------- net/ipv4/tcp.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 61 deletions(-) diff --git a/include/net/tcp.h b/include/net/tcp.h index c1fff9207e2d..c80bdfb5efe5 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2789,66 +2789,9 @@ static inline bool tcp_ao_required(struct sock *sk, const void *saddr, return false; } -/* Called with rcu_read_lock() */ -static inline enum skb_drop_reason -tcp_inbound_hash(struct sock *sk, const struct request_sock *req, - const struct sk_buff *skb, - const void *saddr, const void *daddr, - int family, int dif, int sdif) -{ - const struct tcphdr *th = tcp_hdr(skb); - const struct tcp_ao_hdr *aoh; - const __u8 *md5_location; - int l3index; - - /* Invalid option or two times meet any of auth options */ - if (tcp_parse_auth_options(th, &md5_location, &aoh)) { - tcp_hash_fail("TCP segment has incorrect auth options set", - family, skb, ""); - return SKB_DROP_REASON_TCP_AUTH_HDR; - } - - if (req) { - if (tcp_rsk_used_ao(req) != !!aoh) { - NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD); - tcp_hash_fail("TCP connection can't start/end using TCP-AO", - family, skb, "%s", - !aoh ? "missing AO" : "AO signed"); - return SKB_DROP_REASON_TCP_AOFAILURE; - } - } - - /* sdif set, means packet ingressed via a device - * in an L3 domain and dif is set to the l3mdev - */ - l3index = sdif ? dif : 0; - - /* Fast path: unsigned segments */ - if (likely(!md5_location && !aoh)) { - /* Drop if there's TCP-MD5 or TCP-AO key with any rcvid/sndid - * for the remote peer. On TCP-AO established connection - * the last key is impossible to remove, so there's - * always at least one current_key. - */ - if (tcp_ao_required(sk, saddr, family, l3index, true)) { - tcp_hash_fail("AO hash is required, but not found", - family, skb, "L3 index %d", l3index); - return SKB_DROP_REASON_TCP_AONOTFOUND; - } - if (unlikely(tcp_md5_do_lookup(sk, l3index, saddr, family))) { - NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); - tcp_hash_fail("MD5 Hash not found", - family, skb, "L3 index %d", l3index); - return SKB_DROP_REASON_TCP_MD5NOTFOUND; - } - return SKB_NOT_DROPPED_YET; - } - - if (aoh) - return tcp_inbound_ao_hash(sk, skb, family, req, l3index, aoh); - - return tcp_inbound_md5_hash(sk, skb, saddr, daddr, family, - l3index, md5_location); -} +enum skb_drop_reason tcp_inbound_hash(struct sock *sk, + const struct request_sock *req, const struct sk_buff *skb, + const void *saddr, const void *daddr, + int family, int dif, int sdif); #endif /* _TCP_H */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index c82dc42f57c6..5fd61ae6bcc9 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4485,6 +4485,78 @@ EXPORT_SYMBOL(tcp_inbound_md5_hash); #endif +/* Called with rcu_read_lock() */ +enum skb_drop_reason +tcp_inbound_hash(struct sock *sk, const struct request_sock *req, + const struct sk_buff *skb, + const void *saddr, const void *daddr, + int family, int dif, int sdif) +{ + const struct tcphdr *th = tcp_hdr(skb); + const struct tcp_ao_hdr *aoh; + const __u8 *md5_location; + int l3index; + + /* Invalid option or two times meet any of auth options */ + if (tcp_parse_auth_options(th, &md5_location, &aoh)) { + tcp_hash_fail("TCP segment has incorrect auth options set", + family, skb, ""); + return SKB_DROP_REASON_TCP_AUTH_HDR; + } + + if (req) { + if (tcp_rsk_used_ao(req) != !!aoh) { + u8 keyid, rnext, maclen; + + if (aoh) { + keyid = aoh->keyid; + rnext = aoh->rnext_keyid; + maclen = tcp_ao_hdr_maclen(aoh); + } else { + keyid = rnext = maclen = 0; + } + + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD); + tcp_hash_fail("TCP connection can't start/end using TCP-AO", + family, skb, "%s", + !aoh ? "missing AO" : "AO signed"); + return SKB_DROP_REASON_TCP_AOFAILURE; + } + } + + /* sdif set, means packet ingressed via a device + * in an L3 domain and dif is set to the l3mdev + */ + l3index = sdif ? dif : 0; + + /* Fast path: unsigned segments */ + if (likely(!md5_location && !aoh)) { + /* Drop if there's TCP-MD5 or TCP-AO key with any rcvid/sndid + * for the remote peer. On TCP-AO established connection + * the last key is impossible to remove, so there's + * always at least one current_key. + */ + if (tcp_ao_required(sk, saddr, family, l3index, true)) { + tcp_hash_fail("AO hash is required, but not found", + family, skb, "L3 index %d", l3index); + return SKB_DROP_REASON_TCP_AONOTFOUND; + } + if (unlikely(tcp_md5_do_lookup(sk, l3index, saddr, family))) { + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); + tcp_hash_fail("MD5 Hash not found", + family, skb, "L3 index %d", l3index); + return SKB_DROP_REASON_TCP_MD5NOTFOUND; + } + return SKB_NOT_DROPPED_YET; + } + + if (aoh) + return tcp_inbound_ao_hash(sk, skb, family, req, l3index, aoh); + + return tcp_inbound_md5_hash(sk, skb, saddr, daddr, family, + l3index, md5_location); +} + void tcp_done(struct sock *sk) { struct request_sock *req; From patchwork Sat Feb 24 09:04:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570322 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 691C7241E5 for ; Sat, 24 Feb 2024 09:04:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765493; cv=none; b=Wn9tgIxof9E3PTHLq/kF3ebyHf49wFGdMQr8pnEi2KpBH/7cE71Jkmq3WY9SUI9vAKdk1ypZ7KvcodNKRAvIQBr29kezyWo/kwKZpKvjiVFTsKlUUQ2FbcWn3i0mB2A1MTGk0Dkf6sgRKm1IsldJiFNfKi3h7zCZjsKyYXgFwd4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765493; c=relaxed/simple; bh=c9aqMhav4KaCgJElWHCUEBVRnJ5cadEhjI/bL0vm03I=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DLxWzGI+mioO+UpDZYf6AHGjIGar9X1lMTd8vH0r3QeYw8+77WaNNxr5RWWbJA3yCnqFMvS/lXfLR32OhdxgCsZAS6Fy7Q+BOvCYGDvVw+Vaj6UJTdvkO8IvWFULsIEeX91tdCoSg4sKTBnfZahYYskmowhzGJvm8tNnnnFwkrc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=D3J89XkI; arc=none smtp.client-ip=209.85.128.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="D3J89XkI" Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-412985ba594so4985475e9.3 for ; Sat, 24 Feb 2024 01:04:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765489; x=1709370289; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I/kjGHctWC0Cj09lJisIMBFHNypYEYqrv5pxutZK96A=; b=D3J89XkI/UXWg0eXD6YVVehTuVO8qUhosE21oCx3YLyEHTCChGFMnbFOYylKBud0Uk E9cBNMbc4qH6iA7LaqE8SHmh4GicLRWpAcd859uBADUoXRH81fZOTINIHzpBvw2C5Cde q573aGmzXDF+ShQbTwsxRt43TItEQFdZXwU8uueSWF42t+KQK6JYBop/3JI2RCA6lu31 3J2ozyRwgJb5dQmbJfuufSSV47jVHgNMJFz5qhNcAJGKN8sRARaLl2hFjuU1O1iF/8Ne gqpAqRxXdIoXmTd81NG3a6jcw4WhCG4uZjwPTVyobgohiB/rN+/v05QazVeNsJ/2p5gZ 6k+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765489; x=1709370289; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I/kjGHctWC0Cj09lJisIMBFHNypYEYqrv5pxutZK96A=; b=cjDfuDcZc5B/R+KUr+u08thvEFDVcL0Smauv4z/kPrQtPfo3dTKahGA0GTCrDHizME UJyXFW3gsEzjhJh0x/BRgu91MfOoW5ywRfklsSpo6Xqsbae98C+widOY9dFaAFnX1Xwp 40AXF4B3e5Le8vz6G+nVf5CElWn8BqrYI4+IBh4s2hZc0oacmQz/PpUZ6w0NwOrjnkS5 3xDzoMj5jnzobTvmuEHVZ1YbKARynrvUJV2wyLWRQWTIDkHMvN/uJYQU2smhxo42hfbL zuO/7H7iNThq/BkC7N7SuY6vJftSUm7aF1TBy75hn3+VDMT/bEGwxsVjvPNeyCZSaSTB byLw== X-Forwarded-Encrypted: i=1; AJvYcCXHSjNldMC8x2mt8BB/hxmrHRkK5I7u0qo4+2Bf10K3SBAkoOcygx5e4RPnnfJR6LJA2JJV089taR8upgueYwFuMBAD+svt X-Gm-Message-State: AOJu0YwT5tH2Ob3t5CBuk5cDTnpnlPp7ryf3fP1BZbhKI++/FUJV5PRS +dBpsS3ok+pQjp5Yn9jan+5deWDfH6vYO+YDSXKHQRc8IFakpsfoK0kSkBp92A== X-Google-Smtp-Source: AGHT+IHC9EDd0aNctjl1KomHFBi0eOUcuyEsCPJ9GK6ABQgNCDbG9AfofEWrqzq9pkarx60vbRB0RA== X-Received: by 2002:a05:600c:5114:b0:412:90ad:2cd4 with SMTP id o20-20020a05600c511400b0041290ad2cd4mr1463620wms.36.1708765488783; Sat, 24 Feb 2024 01:04:48 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:47 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 04/10] net/tcp: Add tcp-md5 and tcp-ao tracepoints Date: Sat, 24 Feb 2024 09:04:12 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-4-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=17170; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=c9aqMhav4KaCgJElWHCUEBVRnJ5cadEhjI/bL0vm03I=; b=flCvV/0RM9XwbyalViJHwSnrsXbQcR35PrcyN+gmMXZtMsvul2h+9kEElnUdAVxYOAO4EP7fA +3El6tFZlWAAY3TkobZstPQEiWqPc+NSn2uwMMAQ8PjvtW7XDO2hT4V X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Instead of forcing userspace to parse dmesg (that's what currently is happening, at least in codebase of my current company), provide a better way, that can be enabled/disabled in runtime. Currently, there are already tcp events, add hashing related ones there, too. Rasdaemon currently exercises net_dev_xmit_timeout, devlink_health_report, but it'll be trivial to teach it to deal with failed hashes. Otherwise, BGP may trace/log them itself. Especially exciting for possible investigations is key rotation (RNext_key requests). Suggested-by: Jakub Kicinski Signed-off-by: Dmitry Safonov --- include/trace/events/tcp.h | 317 +++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/tcp.c | 7 + net/ipv4/tcp_ao.c | 13 ++ net/ipv4/tcp_input.c | 8 +- net/ipv4/tcp_output.c | 2 + 5 files changed, 345 insertions(+), 2 deletions(-) diff --git a/include/trace/events/tcp.h b/include/trace/events/tcp.h index 7b1ddffa3dfc..5065000aad93 100644 --- a/include/trace/events/tcp.h +++ b/include/trace/events/tcp.h @@ -419,6 +419,323 @@ TRACE_EVENT(tcp_cong_state_set, __entry->cong_state) ); +DECLARE_EVENT_CLASS(tcp_hash_event, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + + TP_ARGS(sk, skb), + + TP_STRUCT__entry( + __field(__u64, net_cookie) + __field(const void *, skbaddr) + __field(const void *, skaddr) + __field(int, state) + + /* sockaddr_in6 is always bigger than sockaddr_in */ + __array(__u8, saddr, sizeof(struct sockaddr_in6)) + __array(__u8, daddr, sizeof(struct sockaddr_in6)) + __field(int, l3index) + + __field(__u16, sport) + __field(__u16, dport) + __field(__u16, family) + + __field(bool, fin) + __field(bool, syn) + __field(bool, rst) + __field(bool, psh) + __field(bool, ack) + ), + + TP_fast_assign( + const struct tcphdr *th = (const struct tcphdr *)skb->data; + + __entry->net_cookie = sock_net(sk)->net_cookie; + __entry->skbaddr = skb; + __entry->skaddr = sk; + __entry->state = sk->sk_state; + + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); + TP_STORE_ADDR_PORTS_SKB(__entry, skb); + __entry->l3index = inet_sdif(skb) ? inet_iif(skb) : 0; + + /* For filtering use */ + __entry->sport = ntohs(th->source); + __entry->dport = ntohs(th->dest); + __entry->family = sk->sk_family; + + __entry->fin = th->fin; + __entry->syn = th->syn; + __entry->rst = th->rst; + __entry->psh = th->psh; + __entry->ack = th->ack; + ), + + TP_printk("net=%llu state=%s family=%s src=%pISpc dest=%pISpc L3index=%d [%c%c%c%c%c]", + __entry->net_cookie, + show_tcp_state_name(__entry->state), + show_family_name(__entry->family), + __entry->saddr, __entry->daddr, + __entry->l3index, + __entry->fin ? 'F' : ' ', + __entry->syn ? 'S' : ' ', + __entry->rst ? 'R' : ' ', + __entry->psh ? 'P' : ' ', + __entry->ack ? '.' : ' ') +); + +DEFINE_EVENT(tcp_hash_event, tcp_hash_bad_header, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + TP_ARGS(sk, skb) +); + +DEFINE_EVENT(tcp_hash_event, tcp_hash_md5_required, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + TP_ARGS(sk, skb) +); + +DEFINE_EVENT(tcp_hash_event, tcp_hash_md5_unexpected, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + TP_ARGS(sk, skb) +); + +DEFINE_EVENT(tcp_hash_event, tcp_hash_md5_mismatch, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + TP_ARGS(sk, skb) +); + +DEFINE_EVENT(tcp_hash_event, tcp_hash_ao_required, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb), + TP_ARGS(sk, skb) +); + +DECLARE_EVENT_CLASS(tcp_ao_event, + + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + + TP_ARGS(sk, skb, keyid, rnext, maclen), + + TP_STRUCT__entry( + __field(__u64, net_cookie) + __field(const void *, skbaddr) + __field(const void *, skaddr) + __field(int, state) + + /* sockaddr_in6 is always bigger than sockaddr_in */ + __array(__u8, saddr, sizeof(struct sockaddr_in6)) + __array(__u8, daddr, sizeof(struct sockaddr_in6)) + __field(int, l3index) + + __field(__u16, sport) + __field(__u16, dport) + __field(__u16, family) + + __field(bool, fin) + __field(bool, syn) + __field(bool, rst) + __field(bool, psh) + __field(bool, ack) + + __field(__u8, keyid) + __field(__u8, rnext) + __field(__u8, maclen) + ), + + TP_fast_assign( + const struct tcphdr *th = (const struct tcphdr *)skb->data; + + __entry->net_cookie = sock_net(sk)->net_cookie; + __entry->skbaddr = skb; + __entry->skaddr = sk; + __entry->state = sk->sk_state; + + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); + TP_STORE_ADDR_PORTS_SKB(__entry, skb); + __entry->l3index = inet_sdif(skb) ? inet_iif(skb) : 0; + + /* For filtering use */ + __entry->sport = ntohs(th->source); + __entry->dport = ntohs(th->dest); + __entry->family = sk->sk_family; + + __entry->fin = th->fin; + __entry->syn = th->syn; + __entry->rst = th->rst; + __entry->psh = th->psh; + __entry->ack = th->ack; + + __entry->keyid = keyid; + __entry->rnext = rnext; + __entry->maclen = maclen; + ), + + TP_printk("net=%llu state=%s family=%s src=%pISpc dest=%pISpc L3index=%d [%c%c%c%c%c] keyid=%u rnext=%u maclen=%u", + __entry->net_cookie, + show_tcp_state_name(__entry->state), + show_family_name(__entry->family), + __entry->saddr, __entry->daddr, + __entry->l3index, + __entry->fin ? 'F' : ' ', + __entry->syn ? 'S' : ' ', + __entry->rst ? 'R' : ' ', + __entry->psh ? 'P' : ' ', + __entry->ack ? '.' : ' ', + __entry->keyid, __entry->rnext, __entry->maclen) +); + +DEFINE_EVENT(tcp_ao_event, tcp_ao_handshake_failure, + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + TP_ARGS(sk, skb, keyid, rnext, maclen) +); + +DEFINE_EVENT(tcp_ao_event, tcp_ao_wrong_maclen, + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + TP_ARGS(sk, skb, keyid, rnext, maclen) +); + +DEFINE_EVENT(tcp_ao_event, tcp_ao_mismatch, + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + TP_ARGS(sk, skb, keyid, rnext, maclen) +); + +DEFINE_EVENT(tcp_ao_event, tcp_ao_key_not_found, + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + TP_ARGS(sk, skb, keyid, rnext, maclen) +); + +DEFINE_EVENT(tcp_ao_event, tcp_ao_rnext_request, + TP_PROTO(const struct sock *sk, const struct sk_buff *skb, + const __u8 keyid, const __u8 rnext, const __u8 maclen), + TP_ARGS(sk, skb, keyid, rnext, maclen) +); + +DECLARE_EVENT_CLASS(tcp_ao_event_sk, + + TP_PROTO(const struct sock *sk, const __u8 keyid, const __u8 rnext), + + TP_ARGS(sk, keyid, rnext), + + TP_STRUCT__entry( + __field(__u64, net_cookie) + __field(const void *, skaddr) + __field(int, state) + + /* sockaddr_in6 is always bigger than sockaddr_in */ + __array(__u8, saddr, sizeof(struct sockaddr_in6)) + __array(__u8, daddr, sizeof(struct sockaddr_in6)) + + __field(__u16, sport) + __field(__u16, dport) + __field(__u16, family) + + __field(__u8, keyid) + __field(__u8, rnext) + ), + + TP_fast_assign( + const struct inet_sock *inet = inet_sk(sk); + + __entry->net_cookie = sock_net(sk)->net_cookie; + __entry->skaddr = sk; + __entry->state = sk->sk_state; + + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); + TP_STORE_ADDR_PORTS(__entry, inet, sk); + + /* For filtering use */ + __entry->sport = ntohs(inet->inet_sport); + __entry->dport = ntohs(inet->inet_dport); + __entry->family = sk->sk_family; + + __entry->keyid = keyid; + __entry->rnext = rnext; + ), + + TP_printk("net=%llu state=%s family=%s src=%pISpc dest=%pISpc keyid=%u rnext=%u", + __entry->net_cookie, + show_tcp_state_name(__entry->state), + show_family_name(__entry->family), + __entry->saddr, __entry->daddr, + __entry->keyid, __entry->rnext) +); + +DEFINE_EVENT(tcp_ao_event_sk, tcp_ao_synack_no_key, + TP_PROTO(const struct sock *sk, const __u8 keyid, const __u8 rnext), + TP_ARGS(sk, keyid, rnext) +); + +DECLARE_EVENT_CLASS(tcp_ao_event_sne, + + TP_PROTO(const struct sock *sk, __u32 new_sne), + + TP_ARGS(sk, new_sne), + + TP_STRUCT__entry( + __field(__u64, net_cookie) + __field(const void *, skaddr) + __field(int, state) + + /* sockaddr_in6 is always bigger than sockaddr_in */ + __array(__u8, saddr, sizeof(struct sockaddr_in6)) + __array(__u8, daddr, sizeof(struct sockaddr_in6)) + + __field(__u16, sport) + __field(__u16, dport) + __field(__u16, family) + + __field(__u32, new_sne) + ), + + TP_fast_assign( + const struct inet_sock *inet = inet_sk(sk); + + __entry->net_cookie = sock_net(sk)->net_cookie; + __entry->skaddr = sk; + __entry->state = sk->sk_state; + + memset(__entry->saddr, 0, sizeof(struct sockaddr_in6)); + memset(__entry->daddr, 0, sizeof(struct sockaddr_in6)); + TP_STORE_ADDR_PORTS(__entry, inet, sk); + + /* For filtering use */ + __entry->sport = ntohs(inet->inet_sport); + __entry->dport = ntohs(inet->inet_dport); + __entry->family = sk->sk_family; + + __entry->new_sne = new_sne; + ), + + TP_printk("net=%llu state=%s family=%s src=%pISpc dest=%pISpc sne=%u", + __entry->net_cookie, + show_tcp_state_name(__entry->state), + show_family_name(__entry->family), + __entry->saddr, __entry->daddr, + __entry->new_sne) +); + +DEFINE_EVENT(tcp_ao_event_sne, tcp_ao_snd_sne_update, + TP_PROTO(const struct sock *sk, __u32 new_sne), + TP_ARGS(sk, new_sne) +); + +DEFINE_EVENT(tcp_ao_event_sne, tcp_ao_rcv_sne_update, + TP_PROTO(const struct sock *sk, __u32 new_sne), + TP_ARGS(sk, new_sne) +); + #endif /* _TRACE_TCP_H */ /* This part must be outside protection */ diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 5fd61ae6bcc9..81f22d6afe4a 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -279,6 +279,7 @@ #include #include #include +#include /* Track pending CMSGs. */ enum { @@ -4448,6 +4449,7 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, if (!key && hash_location) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); tcp_hash_fail("Unexpected MD5 Hash found", family, skb, ""); + trace_tcp_hash_md5_unexpected(sk, skb); return SKB_DROP_REASON_TCP_MD5UNEXPECTED; } @@ -4477,6 +4479,7 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, l3index); } } + trace_tcp_hash_md5_mismatch(sk, skb); return SKB_DROP_REASON_TCP_MD5FAILURE; } return SKB_NOT_DROPPED_YET; @@ -4501,6 +4504,7 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, if (tcp_parse_auth_options(th, &md5_location, &aoh)) { tcp_hash_fail("TCP segment has incorrect auth options set", family, skb, ""); + trace_tcp_hash_bad_header(sk, skb); return SKB_DROP_REASON_TCP_AUTH_HDR; } @@ -4520,6 +4524,7 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, tcp_hash_fail("TCP connection can't start/end using TCP-AO", family, skb, "%s", !aoh ? "missing AO" : "AO signed"); + trace_tcp_ao_handshake_failure(sk, skb, keyid, rnext, maclen); return SKB_DROP_REASON_TCP_AOFAILURE; } } @@ -4539,12 +4544,14 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, if (tcp_ao_required(sk, saddr, family, l3index, true)) { tcp_hash_fail("AO hash is required, but not found", family, skb, "L3 index %d", l3index); + trace_tcp_hash_ao_required(sk, skb); return SKB_DROP_REASON_TCP_AONOTFOUND; } if (unlikely(tcp_md5_do_lookup(sk, l3index, saddr, family))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); tcp_hash_fail("MD5 Hash not found", family, skb, "L3 index %d", l3index); + trace_tcp_hash_md5_required(sk, skb); return SKB_DROP_REASON_TCP_MD5NOTFOUND; } return SKB_NOT_DROPPED_YET; diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 8726aa58e8b6..416cdeaccd07 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -16,6 +16,7 @@ #include #include #include +#include DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ); @@ -895,6 +896,8 @@ tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb, tcp_hash_fail("AO hash wrong length", family, skb, "%u != %d L3index: %d", maclen, tcp_ao_maclen(key), l3index); + trace_tcp_ao_wrong_maclen(sk, skb, aoh->keyid, + aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOFAILURE; } @@ -911,6 +914,8 @@ tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb, atomic64_inc(&key->pkt_bad); tcp_hash_fail("AO hash mismatch", family, skb, "L3index: %d", l3index); + trace_tcp_ao_mismatch(sk, skb, aoh->keyid, + aoh->rnext_keyid, maclen); kfree(hash_buf); return SKB_DROP_REASON_TCP_AOFAILURE; } @@ -927,6 +932,7 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, int l3index, const struct tcp_ao_hdr *aoh) { const struct tcphdr *th = tcp_hdr(skb); + u8 maclen = tcp_ao_hdr_maclen(aoh); u8 *phash = (u8 *)(aoh + 1); /* hash goes just after the header */ struct tcp_ao_info *info; enum skb_drop_reason ret; @@ -940,6 +946,8 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOKEYNOTFOUND); tcp_hash_fail("AO key not found", family, skb, "keyid: %u L3index: %d", aoh->keyid, l3index); + trace_tcp_ao_key_not_found(sk, skb, aoh->keyid, + aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOUNEXPECTED; } @@ -979,6 +987,9 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, current_key = READ_ONCE(info->current_key); /* Key rotation: the peer asks us to use new key (RNext) */ if (unlikely(aoh->rnext_keyid != current_key->sndid)) { + trace_tcp_ao_rnext_request(sk, skb, current_key->sndid, + aoh->rnext_keyid, + tcp_ao_hdr_maclen(aoh)); /* If the key is not found we do nothing. */ key = tcp_ao_established_key(info, aoh->rnext_keyid, -1); if (key) @@ -1043,6 +1054,8 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, atomic64_inc(&info->counters.key_not_found); tcp_hash_fail("Requested by the peer AO key id not found", family, skb, "L3index: %d", l3index); + trace_tcp_ao_key_not_found(sk, skb, aoh->keyid, + aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOKEYNOTFOUND; } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 74c03f0a6c0c..11f4da3aa827 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -3575,8 +3575,10 @@ static void tcp_snd_sne_update(struct tcp_sock *tp, u32 ack) ao = rcu_dereference_protected(tp->ao_info, lockdep_sock_is_held((struct sock *)tp)); - if (ao && ack < tp->snd_una) + if (ao && ack < tp->snd_una) { ao->snd_sne++; + trace_tcp_ao_snd_sne_update((struct sock *)tp, ao->snd_sne); + } #endif } @@ -3601,8 +3603,10 @@ static void tcp_rcv_sne_update(struct tcp_sock *tp, u32 seq) ao = rcu_dereference_protected(tp->ao_info, lockdep_sock_is_held((struct sock *)tp)); - if (ao && seq < tp->rcv_nxt) + if (ao && seq < tp->rcv_nxt) { ao->rcv_sne++; + trace_tcp_ao_rcv_sne_update((struct sock *)tp, ao->rcv_sne); + } #endif } diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index e3167ad96567..dcdaf3229de9 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -3727,6 +3727,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, #ifdef CONFIG_TCP_AO struct tcp_ao_key *ao_key = NULL; u8 keyid = tcp_rsk(req)->ao_keyid; + u8 rnext = tcp_rsk(req)->ao_rcv_next; ao_key = tcp_sk(sk)->af_specific->ao_lookup(sk, req_to_sk(req), keyid, -1); @@ -3736,6 +3737,7 @@ struct sk_buff *tcp_make_synack(const struct sock *sk, struct dst_entry *dst, * ao_keyid (RFC5925 RNextKeyID), so let's keep it simple here. */ if (unlikely(!ao_key)) { + trace_tcp_ao_synack_no_key(sk, keyid, rnext); rcu_read_unlock(); kfree_skb(skb); net_warn_ratelimited("TCP-AO: the keyid %u from SYN packet is not present - not sending SYNACK\n", From patchwork Sat Feb 24 09:04:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570323 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com [209.85.208.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E25525760 for ; Sat, 24 Feb 2024 09:04:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765494; cv=none; b=EZMEvKzavCYesFHq1bzJwmeXXL+U40a/LdZRF/3NMFeml3a+kjU/fW8oQPuUleK1jBJOWiO/stkd4i9+qSR4Nzjm65LXW01jPb+dPF6biplSdbMoR1X1tqE8rIN0jooOnhXzYuz7Y0qgBabkFeaaKqu+K1aYw4ZhCyDqIo3gqY8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765494; c=relaxed/simple; bh=102HRfrUAQjjWH58WHrrD12WSyo7oflbFvQouUtSetI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=u2Gph8PpBgCOCHGAUyOtJk7p+SLngAcfXGbMza9B7I+StHvZyenIsVp74OkdVcuxlvWoHsAFxnLJod/J0iKwTNJ/9BQDV0b2Bq3ef5Ei7+uhPHlrO2K8cL0wOmgAH0BNAnAbbl7pQoMUCrj2o6iI3Wu+yK6zGLbd4/l9xHZnL+g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=kecxXJsk; arc=none smtp.client-ip=209.85.208.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="kecxXJsk" Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-2d228a132acso15816581fa.0 for ; Sat, 24 Feb 2024 01:04:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765491; x=1709370291; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/WCWN7oYoEuG7HunFuhQOorajxoQi/eLk6qQ00vzKmA=; b=kecxXJskS/VPkcy2d6pLkwy1enjie9s6ZsZCz/Eho52RjQ0R2jXMzFF9veb/QJ1fEW PDByytLsa+TSxFiV6r6+j/Fy8Xy8qkKKAixiElXU3mVFPQ+XC2S9iYm7FZVXEoMacGnq a0u8tcnK7E26RYEjV04CIp+wkIwugPbptA++fRRVy1Ay2iftrJoQlWwRGndWL7AUe38t juGI0B0dxLHOP1sE6Kqmic64r//4C+ZjjW4fvxPsVnOJQndHj7UvyKML+rnCixb4fgvX 2TPv3pLGGO+lJEcRgXVhI7BliN0I0zQ7qpkBWyDJa1XkzLGjEdrWdWbGryw26xcqDwn4 e6Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765491; x=1709370291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/WCWN7oYoEuG7HunFuhQOorajxoQi/eLk6qQ00vzKmA=; b=c/WniSjZAqhssGQxl4r0WaXwnJ9eIkq1vBpqZQ/r/IgpdQyU5IZCfysPi4uTzBBWi+ BdVKtIv9IxdBa+PTT+oTtPGM05SPoKUL939uh58w12FiixvPpYH86LM1Or9Fce1OGJq0 6QQLloeQDNFSDeYhWcNEDpwRFCUheIsmWSpVeaBRu0f0n3bIcpzLe112qaCXHCvkhgY/ 7P43IksP5YPv6XqKCJIhlb38pjk8TqR/+durJg5zmxyrPSeYs4IxcsiGtuZXiQU5ak1m D+3kaqK/ZAcwyyAjXpVltquuqGI+2GLwu6grYhUoivfDR+PpV6EI0UPK0QXDxufSw8uN cNwQ== X-Forwarded-Encrypted: i=1; AJvYcCXF5DUSu6k+Ugy9iOKVY6yjKsg3x83UyhpJrGZUGgL4gz3jMeVpqSZNgWCei8pCw8Y1Ll9q2EW+xpyc5ugV8POxAsVZhOyO X-Gm-Message-State: AOJu0YxmCWUKJkNbg4+CVjB8txYEol3fE+5vg8vebcBFQzrWLmN4j46c DmqnHGiOOwQJmOwnez6kYMzTV0v5IukPxyzcKF2jY7y8RUmFVAGPYYnHZvqfgg== X-Google-Smtp-Source: AGHT+IGItgi/S4aXwX6jxP3G6/HGuR+v4MqB1yQa+1g5JY9Fgv3f2PE1a1lH+3q5kBYjs21MPuEybA== X-Received: by 2002:a2e:8410:0:b0:2d1:1de5:3c42 with SMTP id z16-20020a2e8410000000b002d11de53c42mr751193ljg.24.1708765490647; Sat, 24 Feb 2024 01:04:50 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:49 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 05/10] net/tcp: Remove tcp_hash_fail() Date: Sat, 24 Feb 2024 09:04:13 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-5-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=6825; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=102HRfrUAQjjWH58WHrrD12WSyo7oflbFvQouUtSetI=; b=KuzFXrwGm/QiXWsQtc0Vn6P92cAYtnXKfXYserYzReUDAUFuXH+EUeP0KbUmC6fAtLJAdtW0c jt0POjVpiFoDOqY9QA2u49RZDcJ/hc0Ifew/MAFXfSaqbi/CS7HiMtj X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Now there are tracepoints, that cover all functionality of tcp_hash_fail(), but also wire up missing places They are also faster, can be disabled and provide filtering. This potentially may create a regression if a userspace depends on dmesg logs. Fingers crossed, let's see if anyone complains in reality. Signed-off-by: Dmitry Safonov --- include/net/tcp_ao.h | 37 ------------------------------------- net/ipv4/tcp.c | 25 ------------------------- net/ipv4/tcp_ao.c | 9 --------- 3 files changed, 71 deletions(-) diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h index 6501ed1dfa1e..ebc6d4e3c073 100644 --- a/include/net/tcp_ao.h +++ b/include/net/tcp_ao.h @@ -148,43 +148,6 @@ extern struct static_key_false_deferred tcp_ao_needed; #define static_branch_tcp_ao() false #endif -static inline bool tcp_hash_should_produce_warnings(void) -{ - return static_branch_tcp_md5() || static_branch_tcp_ao(); -} - -#define tcp_hash_fail(msg, family, skb, fmt, ...) \ -do { \ - const struct tcphdr *th = tcp_hdr(skb); \ - char hdr_flags[6]; \ - char *f = hdr_flags; \ - \ - if (!tcp_hash_should_produce_warnings()) \ - break; \ - if (th->fin) \ - *f++ = 'F'; \ - if (th->syn) \ - *f++ = 'S'; \ - if (th->rst) \ - *f++ = 'R'; \ - if (th->psh) \ - *f++ = 'P'; \ - if (th->ack) \ - *f++ = '.'; \ - *f = 0; \ - if ((family) == AF_INET) { \ - net_info_ratelimited("%s for %pI4.%d->%pI4.%d [%s] " fmt "\n", \ - msg, &ip_hdr(skb)->saddr, ntohs(th->source), \ - &ip_hdr(skb)->daddr, ntohs(th->dest), \ - hdr_flags, ##__VA_ARGS__); \ - } else { \ - net_info_ratelimited("%s for [%pI6c].%d->[%pI6c].%d [%s]" fmt "\n", \ - msg, &ipv6_hdr(skb)->saddr, ntohs(th->source), \ - &ipv6_hdr(skb)->daddr, ntohs(th->dest), \ - hdr_flags, ##__VA_ARGS__); \ - } \ -} while (0) - #ifdef CONFIG_TCP_AO /* TCP-AO structures and functions */ struct tcp4_ao_context { diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 81f22d6afe4a..e83fdce91554 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -4448,7 +4448,6 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, if (!key && hash_location) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); - tcp_hash_fail("Unexpected MD5 Hash found", family, skb, ""); trace_tcp_hash_md5_unexpected(sk, skb); return SKB_DROP_REASON_TCP_MD5UNEXPECTED; } @@ -4464,21 +4463,6 @@ tcp_inbound_md5_hash(const struct sock *sk, const struct sk_buff *skb, NULL, skb); if (genhash || memcmp(hash_location, newhash, 16) != 0) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE); - if (family == AF_INET) { - tcp_hash_fail("MD5 Hash failed", AF_INET, skb, "%s L3 index %d", - genhash ? "tcp_v4_calc_md5_hash failed" - : "", l3index); - } else { - if (genhash) { - tcp_hash_fail("MD5 Hash failed", - AF_INET6, skb, "L3 index %d", - l3index); - } else { - tcp_hash_fail("MD5 Hash mismatch", - AF_INET6, skb, "L3 index %d", - l3index); - } - } trace_tcp_hash_md5_mismatch(sk, skb); return SKB_DROP_REASON_TCP_MD5FAILURE; } @@ -4502,8 +4486,6 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, /* Invalid option or two times meet any of auth options */ if (tcp_parse_auth_options(th, &md5_location, &aoh)) { - tcp_hash_fail("TCP segment has incorrect auth options set", - family, skb, ""); trace_tcp_hash_bad_header(sk, skb); return SKB_DROP_REASON_TCP_AUTH_HDR; } @@ -4521,9 +4503,6 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, } NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD); - tcp_hash_fail("TCP connection can't start/end using TCP-AO", - family, skb, "%s", - !aoh ? "missing AO" : "AO signed"); trace_tcp_ao_handshake_failure(sk, skb, keyid, rnext, maclen); return SKB_DROP_REASON_TCP_AOFAILURE; } @@ -4542,15 +4521,11 @@ tcp_inbound_hash(struct sock *sk, const struct request_sock *req, * always at least one current_key. */ if (tcp_ao_required(sk, saddr, family, l3index, true)) { - tcp_hash_fail("AO hash is required, but not found", - family, skb, "L3 index %d", l3index); trace_tcp_hash_ao_required(sk, skb); return SKB_DROP_REASON_TCP_AONOTFOUND; } if (unlikely(tcp_md5_do_lookup(sk, l3index, saddr, family))) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); - tcp_hash_fail("MD5 Hash not found", - family, skb, "L3 index %d", l3index); trace_tcp_hash_md5_required(sk, skb); return SKB_DROP_REASON_TCP_MD5NOTFOUND; } diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 416cdeaccd07..e99bf734d070 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -893,9 +893,6 @@ tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb, NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD); atomic64_inc(&info->counters.pkt_bad); atomic64_inc(&key->pkt_bad); - tcp_hash_fail("AO hash wrong length", family, skb, - "%u != %d L3index: %d", maclen, - tcp_ao_maclen(key), l3index); trace_tcp_ao_wrong_maclen(sk, skb, aoh->keyid, aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOFAILURE; @@ -912,8 +909,6 @@ tcp_ao_verify_hash(const struct sock *sk, const struct sk_buff *skb, NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOBAD); atomic64_inc(&info->counters.pkt_bad); atomic64_inc(&key->pkt_bad); - tcp_hash_fail("AO hash mismatch", family, skb, - "L3index: %d", l3index); trace_tcp_ao_mismatch(sk, skb, aoh->keyid, aoh->rnext_keyid, maclen); kfree(hash_buf); @@ -944,8 +939,6 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, info = rcu_dereference(tcp_sk(sk)->ao_info); if (!info) { NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOKEYNOTFOUND); - tcp_hash_fail("AO key not found", family, skb, - "keyid: %u L3index: %d", aoh->keyid, l3index); trace_tcp_ao_key_not_found(sk, skb, aoh->keyid, aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOUNEXPECTED; @@ -1052,8 +1045,6 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, key_not_found: NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPAOKEYNOTFOUND); atomic64_inc(&info->counters.key_not_found); - tcp_hash_fail("Requested by the peer AO key id not found", - family, skb, "L3index: %d", l3index); trace_tcp_ao_key_not_found(sk, skb, aoh->keyid, aoh->rnext_keyid, maclen); return SKB_DROP_REASON_TCP_AOKEYNOTFOUND; From patchwork Sat Feb 24 09:04:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570324 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3902F364CF for ; Sat, 24 Feb 2024 09:04:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765495; cv=none; b=Pr2keFSM4osJMou5VrQ6rMdabqP6QG1Ptlotc9yMThmSdGep1eax+dUpZRpdpGvfqY/klVRK1JbSEIc4gb+rpjqL+NOhLgbfyxAtELQYUMcYik6NePqe7GuBXb5szJXOwAhwClFJJJOnUkVexKGwg/K9302lU2M9ex/JM7AM5tM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765495; c=relaxed/simple; bh=ONxj7Z5bQEyPpk/sK690IPfrd/nKeK9bQ4FibvhzH/w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MjTua+IWweDA3D2039XjtfAKyjsiKBR1Z8mRwD9H+Yas7yj/I602jeoikw+hjRLflQhtUvP8VQ5hNcMfNWuCWDfMq8F9v6pCTrRVxCkF0Y7M74t+sXDATaSbddrmKyZX1nS/PwhbltcsgVDvLtv9IIl7pjzwnE71AgkOFcwvbxI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=b5O5EhPW; arc=none smtp.client-ip=209.85.128.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="b5O5EhPW" Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-41282f05409so7819155e9.0 for ; Sat, 24 Feb 2024 01:04:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765492; x=1709370292; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DfQPvdG/1knhuB2wdxd38i85RMYhhb/ulQhTX77Xabw=; b=b5O5EhPWnVR2ykOEHHgrIzkS5V1Hb1ov8m+Q52/l9GxGNsmJtCRf+OLbnTnVUcnjQi pNBPOBlDXd5rLeGJ1qfwE9K/47IsQPJ3gGlJgG+EAB7OAXHyB+l+pSUJCNKY13wOKwQj 8wwPuiMqkaWsdiEsG5g0mxWTBvgzItSNXpcHjA0cahQvc7y2Ic9EDCOazDXJ+axfEsFj iUKmHijJ/hTGm99RpDMZI9KQKNOZb7iZxF00h1ztBJvgKQazM8AQ2OqwRpacjOA879qE 8y9rDtlmavThdfEnisdz3uMMrocE48fJGzdLyQuCGw29CB5kdrzoiQ/Ax8beHMGQybbb LEBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765492; x=1709370292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DfQPvdG/1knhuB2wdxd38i85RMYhhb/ulQhTX77Xabw=; b=wA2XVOyMbbz6W8l6shYsPPqCjFH7dI07tI0RYd4S47gMcVIonSdWoBUwwHwQ1Irvp6 rkYPhbC8C4Oq9MN7P9N1WN4MLeggtmEB3IbqVcH7IcE2AyghhQdtZsffp+twVIf4Wil0 Ekiek9jUzKMnwwi0jahJL+7Y/yryocWhX0yLft5IXnAoaKjT/Em4DOyCiN8lUKwsc6lB I61e4teMwRVdlsqcQoUA/sUY+7/CyxOjHrmxIHWsut3I0rWDmQro7J7qQ6D3IqI/TjtQ Nyiu0dJMTc7hti8/hx05CxOLRJA6gdSSc7kVqaHHPihf2mtUGC6cdy8BwMsesz+0Ti8X TEuQ== X-Forwarded-Encrypted: i=1; AJvYcCUHW65FAdtf4igT0fPkoD+ga3EZ4CYlUZAENl+uKI4E/FVVUMSa8JUZLuUh7hkZI8PUVvP654172ONLpkK3pZLuHvRTYV90 X-Gm-Message-State: AOJu0YyCtSmm2QkloKqKtySOpF2EATxVvqFKWMpfxxT4RoKP4c03PUy4 KSsS28Mw+cSL7skb3MoERIRqEbrJtbRAT4RGF4j3haDwJAzOlFVFFJk2Mw/V+g== X-Google-Smtp-Source: AGHT+IFSkxATvfxvoXpDJxSlMvUknkklMdh5OB6Hod5HFKIXcAkHG5kSo9ueF/pxNq6xZIhvsXOYyg== X-Received: by 2002:a05:600c:1d9c:b0:412:99a9:efa3 with SMTP id p28-20020a05600c1d9c00b0041299a9efa3mr1038094wms.2.1708765492693; Sat, 24 Feb 2024 01:04:52 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:51 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, "Nassiri, Mohammad" Subject: [PATCH net-next 06/10] selftests/net: Clean-up double assignment Date: Sat, 24 Feb 2024 09:04:14 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-6-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=887; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=ONxj7Z5bQEyPpk/sK690IPfrd/nKeK9bQ4FibvhzH/w=; b=ApyCZf2dRuD/UzWSTFlquW9P+8yF76Z2re53ax/cuKzDykILrZj070hC8QcMGoC4IwTtCZu8w C1GlruS6OfTBeWvbTf2OlH7qHOZ+wdNLNRJO1kOLmqM21rYvr8mhC+V X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Yeah, copy'n'paste typo. Reported-by: Nassiri, Mohammad Closes: https://lore.kernel.org/all/DM6PR04MB4202BC58A9FD5BDD24A16E8EC56F2@DM6PR04MB4202.namprd04.prod.outlook.com/ Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/tcp_ao/lib/sock.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/net/tcp_ao/lib/sock.c b/tools/testing/selftests/net/tcp_ao/lib/sock.c index 15aeb0963058..0ffda966c677 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/sock.c +++ b/tools/testing/selftests/net/tcp_ao/lib/sock.c @@ -379,7 +379,6 @@ int test_get_tcp_ao_counters(int sk, struct tcp_ao_counters *out) key_dump[0].nkeys = nr_keys; key_dump[0].get_all = 1; - key_dump[0].get_all = 1; err = getsockopt(sk, IPPROTO_TCP, TCP_AO_GET_KEYS, key_dump, &key_dump_sz); if (err) { From patchwork Sat Feb 24 09:04:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570325 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 927AC3A1B5 for ; Sat, 24 Feb 2024 09:04:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765497; cv=none; b=YXZlW0GZyXeh1e/vWQUdsiArFbZlUCVJ2kGXUtZ/2RIUwE46T1gocYh0du05sg3jbAuD6/Q5iJb+KtYq0DGT3fH05Bd/qFLCsc/ueNpae3T75Tv/3ZcW8Fx5v1WExYfVjjtY44M0VVyb70j4a/jskSEtPFuSfIwR3sPL23mE6OA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765497; c=relaxed/simple; bh=ekmIBLlaWKu+GWzGOa6EvRs4/d/ZpqSM2Pqyjmg1O/Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kbJmZE6LSTdu7pdFROGl7Tes1MwJN8D01j/RJRuvZAAMwUeq/dD3p7hM5koB1qLiNwrCf1GKus56oYMm9lAIZfkpHk0trllvZl/hltxmgIL2daN8SMCxgjizc7ddhI2Lh4VIxHqHw8u4mHX3B389pm55UDarmv/z6a2NNqPKp/Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=Jx4GLIgY; arc=none smtp.client-ip=209.85.128.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="Jx4GLIgY" Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4129f33d2e8so292155e9.1 for ; Sat, 24 Feb 2024 01:04:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765494; x=1709370294; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FuTwnbzDtMh7F3yHVkzWlgR2wGNYW8RXz1s/mbtmpWk=; b=Jx4GLIgYHXyqmSu+OLh3pBMYkyFh05gOApUjpjYqiq3SMBmdZtwStujpVvwYpgXj46 vTJ1XNFWAKUTxLG7ObcnOkUHrOKGNQ+WNNnRF1xRm2u3kl1l1u0L0wwt2nsQgyA0yl4X 8QF4JLmr+zmywRCPfaybQw8sa+D9vdHV0EzaIjc6AV4nV/EStm2BikHDa2V4DO0UWKP2 V6P3MOnQMF6kTZLdr4szK6JuRVknVxNNRVTvzUbpYqmsg1d9M0fCjZVoJFtUIYYY0UIX XY5CT7iO22ZBDCkwooaiH8Hvooz2geCtZPfAQIl1U2IknKg/v2U5Lmt+UtGb3D+Bv+gs MbEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765494; x=1709370294; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FuTwnbzDtMh7F3yHVkzWlgR2wGNYW8RXz1s/mbtmpWk=; b=xIn2x6azeLNPu7Jj4qGg1niwx3c/LjIMfF2YpnkFLi1pYyHDW2S8lbwQR7m9BrEgj0 z6DPacA7Sf48MsjTg13uBjqyqwBfA9LbNof/3gZgTqZGJ/G+fqmSEN9MoGKD1xp0SykH MK4Y0LaE0QKATssmGVmMJmpXNWg8kGM5mzr4iSrziq1xHxHkaWtfT/Y7g4dJ92qjbK+w jNYc+POVlbVF+2hmemZGTlGBWs3uv8hAUCNmpydRfSOr/cE3PsXPTFn9iKwXxY9i4Njk DlPaJsYRcrWAkl4b2NhXkQmPiLXMBO/bbuZMNkpSUQj6Qi7nWJJwwKhKNZwcoRaV8aHC n9tQ== X-Forwarded-Encrypted: i=1; AJvYcCXxX9DMiJWzcnyeFHuNbySkYuJBpZ5T+5N+7He5eK08H0cu2XQEyft/+QLq+usK76ikyk8X5cdDRucjseX9Jy0qeyhJWb2t X-Gm-Message-State: AOJu0YysXX7c97cONH1yNAgcSoGJdWmLyQVKLa19J9u41rDNmrjodVBr CfFJmeqxdJ+M+J0wwt54l7t2bUidIkrkJNfbFnzBnJo6oAdZrXnv/BFp9NHYIA== X-Google-Smtp-Source: AGHT+IFjmi7saCM/UfHVyR0TQt+nRXG9hiKhS1Hy2SCvXp/ltJpiumI8VzAUgAFN+AtiuS5NZuYetw== X-Received: by 2002:a05:600c:3b90:b0:412:6488:bbff with SMTP id n16-20020a05600c3b9000b004126488bbffmr1332546wms.30.1708765494014; Sat, 24 Feb 2024 01:04:54 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:53 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 07/10] selftests/net: Provide test_snprintf() helper Date: Sat, 24 Feb 2024 09:04:15 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-7-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=1992; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=ekmIBLlaWKu+GWzGOa6EvRs4/d/ZpqSM2Pqyjmg1O/Q=; b=SGrLpjSzyoyJAX0/GI418io3uNbysLNAQ/zBPgtrgvHzRmp5sbt/Fl6o4nB0s9pLOE0EsixHB WIzmgkJA7qtATuXNnV7O0XD+Jk0vg11taa5p18BPXzBk167YiCxddP+ X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Re-invented std::stringstream :-) No need for buffer array - malloc() it. It's going to be helpful of path concat printings. Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/tcp_ao/lib/aolib.h | 56 ++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/net/tcp_ao/lib/aolib.h b/tools/testing/selftests/net/tcp_ao/lib/aolib.h index fbc7f6111815..fdf44d176e0b 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/aolib.h +++ b/tools/testing/selftests/net/tcp_ao/lib/aolib.h @@ -37,17 +37,59 @@ extern void __test_xfail(const char *buf); extern void __test_error(const char *buf); extern void __test_skip(const char *buf); +static inline char *test_snprintf(const char *fmt, va_list vargs) +{ + char *ret = NULL; + size_t size = 0; + va_list tmp; + int n = 0; + + va_copy(tmp, vargs); + n = vsnprintf(ret, size, fmt, tmp); + if (n < 0) + return NULL; + + size = (size_t) n + 1; + ret = malloc(size); + if (ret == NULL) + return NULL; + + n = vsnprintf(ret, size, fmt, vargs); + if (n < 0 || n > size - 1) { + free(ret); + return NULL; + } + return ret; +} + +__attribute__((__format__(__printf__, 1, 2))) +static inline char *test_sprintf(const char *fmt, ...) +{ + va_list vargs; + char *ret; + + va_start(vargs, fmt); + ret = test_snprintf(fmt, vargs); + va_end(vargs); + + return ret; +} + __attribute__((__format__(__printf__, 2, 3))) static inline void __test_print(void (*fn)(const char *), const char *fmt, ...) { -#define TEST_MSG_BUFFER_SIZE 4096 - char buf[TEST_MSG_BUFFER_SIZE]; - va_list arg; + va_list vargs; + char *msg; - va_start(arg, fmt); - vsnprintf(buf, sizeof(buf), fmt, arg); - va_end(arg); - fn(buf); + va_start(vargs, fmt); + msg = test_snprintf(fmt, vargs); + va_end(vargs); + + if (!msg) + return; + + fn(msg); + free(msg); } #define test_print(fmt, ...) \ From patchwork Sat Feb 24 09:04:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570326 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD2FF2CCA0 for ; Sat, 24 Feb 2024 09:04:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765498; cv=none; b=R5C07huxYQifV4QvAbiLurdN+RIKGgZN1n5OyRRwfxUDSYLPAOeP7nXBR0Oy39wQYwMIRSmIZHqeP54jA0Ui4XOoZgtgczi1z1u0mF2TpTbFj8WLl90Rc55gBzf2fnSZyrzt/q4clionKRYea3sdM1m7/UwtA9J5rzmHH3ecPrk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765498; c=relaxed/simple; bh=4jErwg55G7DEzjwCRCrWJtVME975m5guzjG380jeS9k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JxAiknRUd8Cw+u3M44qBfKZP6v3hUFeH7kaukI4T8Q2YblW8QEvSb10SgiN4jJEYXX2WRpnUp31EnsNke5eqXcj4UftXmkGUDPWbOxfbFMgIkJSUeve8nCMg9wB8eHUKNo+LDu9qWN6MhsvScdpBO89TKeqV2V1yQAb4Zbb99sg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=A9oEuHl6; arc=none smtp.client-ip=209.85.128.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="A9oEuHl6" Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4128fe4b8c8so11978345e9.1 for ; Sat, 24 Feb 2024 01:04:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765495; x=1709370295; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rRIDgmvdBuy4FEMojsFBGRvXRNCtma2xryE9RPsDnfQ=; b=A9oEuHl6sjxlDeml6V8i/R62ztS4OWgUMKsJepuxR51nisyApnBYf9G+8kVEGU2pOf azqCend3/dTMws3379Zkgt7K7Ww0akbyABF5XffOUo0S1vxgC69JTSEaDqormuRexh5e XD3azSuERnJoLlWKygy3aVWyDxpFvlLHzEnAK1H9UoUmtXa6P1oKXwESPpWD5JiikbMQ GPMpjCtTNoVzmkNDfNwNv/gPvaq+mXhs92AI1cIoXqU745hLpqi1vdzagH6D5QkO3dcJ cnTpa5IqoytEWpJnUGoEhiU5UoHMBIWCQBW/QLQtqMGG7MhpHaOTIimtK4d3n4mOYzOc qLag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765495; x=1709370295; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rRIDgmvdBuy4FEMojsFBGRvXRNCtma2xryE9RPsDnfQ=; b=I3aVlcTqC3uBHn1oB2TNdgOl0w3sms0hoyOpTXSTJ3fdsyFWvpalVfJgq4CJz0uFSQ updVLYMUyTCnRqA94cESQZDjRPbGLD8RiR73ODp54iyCz6BGMiinEM6z+Bv/qk2RdLe3 vknChfpTLufFmVIG7/cm9aqJd7CBTDUvQeD2N0lGzaQHFSM7AqFcwzf21sZcOa5gm5cn KV7BFOI9cChPiLPrNRFRP4T/2dI4XUYC5c+uoW9W+BwOPTKvd/NtaBMWbZ7bKAz+DXCp oAmpLvicP7DdZYla49Gq3rNa7x79qcKWqW9Q6A2YfRRMrj+vYonAavKCpVyIDrdoUCVp kGog== X-Forwarded-Encrypted: i=1; AJvYcCWeixQ/HMqjMoRaHQ7gxvZ5k6wMXTsgyX40N0uNXkTB/uMyrSAYM/tmcGAuvHOvKwrdBtVnJbFEaxMMobqGj1Wp5YvSgxPZ X-Gm-Message-State: AOJu0YxPnKY7YwKS0r7wYhIW7SViB91NgjAfp8DsiA7c4kAAy31vUNXc C8IYr6480HRE30d6GILsEirpPgU2TNFE5wUR/w6rxxOJB312T3WJZnx12ocwzQ== X-Google-Smtp-Source: AGHT+IFSjDUOo1EgIt8K5PVSqhLCRMxukx8XXQRsDPkwIrrfKNDL4fqMJiZ+mpwLKC5uDF/T8yNpUg== X-Received: by 2002:a05:600c:2e04:b0:410:a039:ed5d with SMTP id o4-20020a05600c2e0400b00410a039ed5dmr1673611wmf.33.1708765495316; Sat, 24 Feb 2024 01:04:55 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:54 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 08/10] selftests/net: Be consistnat in kconfig checks Date: Sat, 24 Feb 2024 09:04:16 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-8-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=2695; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=4jErwg55G7DEzjwCRCrWJtVME975m5guzjG380jeS9k=; b=afMpsCOt6xNpXARvG8bjI9wO61Dv76Tvjx05gMcpY6lZY365igt8bIUOsSzqko7QzMKAYLvny 2rTLQQQC9xyAQ3Viq8xdsZkk+BnMO5EjWEgG53r6fqakvaQFtEiZlQz X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Most of the functions in tcp-ao lib/ return negative errno or -1 in case of a failure. That creates inconsistencies in lib/kconfig, which saves what was the error code. As well as the uninitialized kconfig value is -1, which also may be the result of a check. Define KCONFIG_UNKNOWN and save negative return code, rather than libc-style errno. Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/tcp_ao/lib/kconfig.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/net/tcp_ao/lib/kconfig.c b/tools/testing/selftests/net/tcp_ao/lib/kconfig.c index f279ffc3843b..3bf4a7e4b3c9 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/kconfig.c +++ b/tools/testing/selftests/net/tcp_ao/lib/kconfig.c @@ -6,7 +6,7 @@ #include "aolib.h" struct kconfig_t { - int _errno; /* the returned error if not supported */ + int _error; /* negative errno if not supported */ int (*check_kconfig)(int *error); }; @@ -62,7 +62,7 @@ static int has_tcp_ao(int *err) memcpy(&tmp.addr, &addr, sizeof(addr)); *err = 0; if (setsockopt(sk, IPPROTO_TCP, TCP_AO_ADD_KEY, &tmp, sizeof(tmp)) < 0) { - *err = errno; + *err = -errno; if (errno != ENOPROTOOPT) ret = -errno; } @@ -87,7 +87,7 @@ static int has_tcp_md5(int *err) */ *err = 0; if (test_set_md5(sk, addr_any, 0, -1, DEFAULT_TEST_PASSWORD)) { - *err = errno; + *err = -errno; if (errno != ENOPROTOOPT && errno == ENOMEM) { test_print("setsockopt(TCP_MD5SIG_EXT): %m"); ret = -errno; @@ -116,13 +116,14 @@ static int has_vrfs(int *err) return ret; } +#define KCONFIG_UNKNOWN 1 static pthread_mutex_t kconfig_lock = PTHREAD_MUTEX_INITIALIZER; static struct kconfig_t kconfig[__KCONFIG_LAST__] = { - { -1, has_net_ns }, - { -1, has_veth }, - { -1, has_tcp_ao }, - { -1, has_tcp_md5 }, - { -1, has_vrfs }, + { KCONFIG_UNKNOWN, has_net_ns }, + { KCONFIG_UNKNOWN, has_veth }, + { KCONFIG_UNKNOWN, has_tcp_ao }, + { KCONFIG_UNKNOWN, has_tcp_md5 }, + { KCONFIG_UNKNOWN, has_vrfs }, }; const char *tests_skip_reason[__KCONFIG_LAST__] = { @@ -138,11 +139,11 @@ bool kernel_config_has(enum test_needs_kconfig k) bool ret; pthread_mutex_lock(&kconfig_lock); - if (kconfig[k]._errno == -1) { - if (kconfig[k].check_kconfig(&kconfig[k]._errno)) + if (kconfig[k]._error == KCONFIG_UNKNOWN) { + if (kconfig[k].check_kconfig(&kconfig[k]._error)) test_error("Failed to initialize kconfig %u", k); } - ret = kconfig[k]._errno == 0; + ret = kconfig[k]._error == 0; pthread_mutex_unlock(&kconfig_lock); return ret; } From patchwork Sat Feb 24 09:04:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570327 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E29313F9EF for ; Sat, 24 Feb 2024 09:04:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.44 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765500; cv=none; b=SeDqZohpYSao/w4s5SIsItlLKFzaupChUYFQx5LTF3oOxzfzhq+yYoOdXRQisBfsu0wK0rVK965mjCSq8yFH70nro06UfBwcVwEAs5bxjCHvr6jxGu3qe7YpZxT0352rzHePfG1E6hqr8yMOqhkdlNpnWrQ1KQpVKhSzJcDQ5+A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765500; c=relaxed/simple; bh=W2t1gDt0S4a1/HW/6/kG7xzEKfo9X9H0YdqgUGLKJyM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ESU2mUt7gxTqB31dAC3F8cIEnl0U5HE529/z0fR/KMg1MPpDaabs2T72+n6fSr2rRGSG+9CSKYAYqeyMlJ5Gym9ASMmUmcE3dCzf/tpOrr4yBq5Mh/K8UaQZBvqfy0W5SmeTasTrR8G3E/NDQxx/fORdIe2yr5zR0OF1Uxy+lCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=fVAsJOCx; arc=none smtp.client-ip=209.85.128.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="fVAsJOCx" Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4129ed3d15aso796785e9.0 for ; Sat, 24 Feb 2024 01:04:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765497; x=1709370297; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x86i2bLvLQ8s2ekOK4n+eRSdBkIkaafdJNLN4ekEok0=; b=fVAsJOCxmCUI1Kxw29LiXfG+xui/HzyYCAVQpMHLm5MC0zVM88loKBF6sVav42jEwt o8NUDMVCz4AiHIblhZE3AulVB1kXI34JlvY+v32TitlwKxnjN+E13eUXZzWXGdyBF6V2 m1OaGm3Fc1XoK+V8F6t8F1lcLRsJD5cO9wco/Yi3KUq54yBBKpEukTkCWNGYh80Exfim mrCifyxfaSfmbzBlUMMkFqNNxk/br5T6fCct5AL/VIK60RWNvqRwWBRMn8pOq+XQ8hhv d1E9mgOXkpVeY2pT8XFLSv/v50O3gphVy2lxtgxTSzssbJNhU8u6rdfgwbKkXicEUHFA CVgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765497; x=1709370297; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x86i2bLvLQ8s2ekOK4n+eRSdBkIkaafdJNLN4ekEok0=; b=A/MN8hsLk/ThMNVOfsjIFVSR9BwiqVN5rp3n91zreOgDPnUeA0hPzE2e/ucoraL/4J Vz0EGB4kG+DIc6IeQj19JMWrCEwNyILbnQhQzRw+hyf4z6b6iK9ygPEk8y5JHAATVGuW IjlWjR9TQyinw5NkV2x2bnFMiDHvYRryKIyXGXkfK5KppaT/IhriG9U6hZRqECqXkgsv LCf+hwjaHtso0HsMbxUrti0LEctRPPstjlhJXPc8GYXER7O6SC0fBowbY4PueF/tMMI4 nMm2JzI7Jg2VK3ulCoaW7Eb7S+LrVUSwuGAsSTu256XAAXG3vAIsswlJqPvSFT1un/OJ j9rQ== X-Forwarded-Encrypted: i=1; AJvYcCUlB8HXR4RlJV0mhIwNGu92Bm+pNqEvAVZweadGGyjC0jeHvaCJaGnvKXQU3xeLh1ZcPqeHFcc3VTOPQhSdYiYYivs3LNXs X-Gm-Message-State: AOJu0YxyOunTKZdN6Xh2laG/FOBvvkoVKYaiY1KgTsFaCycZ5LdXcUTq fHIYK2GbqfXV2BIhUPFBMN59h4X3fR+t6jiCK+7imRPACgPKI6x83QFrDqBLFA== X-Google-Smtp-Source: AGHT+IFYZFhVl1THeVUMtDtrUqkTWkBH8i6j7z/8R1v79GFRQA5Oh7V1BKlSbHwyMZa1VzUzVFhfWQ== X-Received: by 2002:a05:600c:4f52:b0:412:8872:e8f4 with SMTP id m18-20020a05600c4f5200b004128872e8f4mr1491142wmq.1.1708765497395; Sat, 24 Feb 2024 01:04:57 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:56 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 09/10] selftests/net: Don't forget to close nsfd after switch_save_ns() Date: Sat, 24 Feb 2024 09:04:17 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-9-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=1645; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=W2t1gDt0S4a1/HW/6/kG7xzEKfo9X9H0YdqgUGLKJyM=; b=HrtiK7tVw/bjSYWfjeueAiyqfvuMn5IWHQgF7i/oeeqthLP8sDdHMXQ2ky8sLEotB7YM5TdU3 8MnzdiddrQEDEnm5kK5GLfccXOWIvziIgaef9UzqhAamDJrH9nnxroF X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org The switch_save_ns() helper suppose to help switching to another namespace for some action and to return back to original namespace. The fd should be closed. Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/tcp_ao/lib/setup.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/net/tcp_ao/lib/setup.c b/tools/testing/selftests/net/tcp_ao/lib/setup.c index 92276f916f2f..f80120bef3dc 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/setup.c +++ b/tools/testing/selftests/net/tcp_ao/lib/setup.c @@ -142,6 +142,13 @@ int switch_save_ns(int new_ns) return ret; } +void switch_close_ns(int fd) +{ + if (setns(fd, CLONE_NEWNET)) + test_error("setns()"); + close(fd); +} + static int nsfd_outside = -1; static int nsfd_parent = -1; static int nsfd_child = -1; @@ -296,7 +303,7 @@ static bool is_optmem_namespaced(void) int old_ns = switch_save_ns(nsfd_child); optmem_ns = !access(optmem_file, F_OK); - switch_ns(old_ns); + switch_close_ns(old_ns); } return !!optmem_ns; } @@ -317,7 +324,7 @@ size_t test_get_optmem(void) test_error("can't read from %s", optmem_file); fclose(foptmem); if (!is_optmem_namespaced()) - switch_ns(old_ns); + switch_close_ns(old_ns); return ret; } @@ -339,7 +346,7 @@ static void __test_set_optmem(size_t new, size_t *old) test_error("can't write %zu to %s", new, optmem_file); fclose(foptmem); if (!is_optmem_namespaced()) - switch_ns(old_ns); + switch_close_ns(old_ns); } static void test_revert_optmem(void) From patchwork Sat Feb 24 09:04:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dmitry Safonov X-Patchwork-Id: 13570328 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4AAC43ABF for ; Sat, 24 Feb 2024 09:05:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765504; cv=none; b=p6cHWsy/HRemP5eLz1eO2+ylwViFG+1CR94SnKKOQBZrD/hx22cVakLOgHEdX6T7zyRQh73sJoXZwQ0JwCpUhep9wY2cKvtMCI6UpFWJKVGmWr/BTOETxH2DVAJM1ecvyLg3VgW9kobHmWXOkMvaOGyqw5o66WVVmf840BSLbjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708765504; c=relaxed/simple; bh=8AUpEOT88u/8zRD9q6ic9a6ef0BcUKnt4ik9VKTAhE4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RG27VnW1nLVAYDUcVljQyXhrHb6hxL5Yjjvb54oCbRunLHozOZJfkJrZBWmKkfogXi6nff7Wt9bapG2G/RThkgeDwsZZWbTNSYJfoqZDOkFqpi7u+Lms4KHTB72LchJNtMSSWXtX4znNk8gFpGtTFl2zTFLdT6l+RLxOLEuggMU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com; spf=pass smtp.mailfrom=arista.com; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b=YVaBz+RL; arc=none smtp.client-ip=209.85.128.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=arista.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arista.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=arista.com header.i=@arista.com header.b="YVaBz+RL" Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-41298159608so4365255e9.0 for ; Sat, 24 Feb 2024 01:05:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=google; t=1708765499; x=1709370299; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IcJhh022VDfxpiDKm7FqqnzrMHW/udPkKTDf9bA9ocg=; b=YVaBz+RLySZjTCd6rciPb52K1JcSqKX/AieRSjC/6QHGj7J6LmhJvejiTONKho4xEA nAbfMsWEaIo0CTtI4hDXS+7VkjSmm+YK0WbKC4HAZpDrmizPhOYml0aYTRKo+8ImqnrL vhuzRSqOLheUyCJ8UmXAiyCeFqFwuhV3e3mC9OSX0WhmYhSvzuz5ehy4yVFGxmK3m/Yu kzxgxLthTjdPqxQL6aOiQPeCts76ZHP/rnbRaWCEb7Q87Mvd180omPk8ouiS8Zfz9aqF ZY2kdEqRjIm49qIgxtBK2KafEcHHNRTbr1p6JS6Dv6VQL2LeQQ1hEnoMRjvobwa8CU1B 9V+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708765499; x=1709370299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IcJhh022VDfxpiDKm7FqqnzrMHW/udPkKTDf9bA9ocg=; b=AoVe81Bqh2ZpkdydAS8t2Kbe9N99CQV5zrWFhY7v6XZcCFcOYBZfSKxJNdI8jOWrqa HS4wlqm8bF1u0LNeHjh+twEVH9f2DNIsYmq8S6AAO+4sZqycLtcCyeMS+y+WqVnn9vVu P0UXREkBK8P4qi6eNYyCwZAbVsVK6KiK3HEdy9MtsSSY94VpHETHxLgjAaia17W2LGBc GN24h+JbGh7vktBFcLWbonJTMQfeHwsXut5kAEb48ALGUnlLh9N1ENZMCJl+amOnDkkL og+2hmpzR5n310r9zvUmv02aRcwZkaZ0Vl5ojCHZjOcAGW+7/X7I19Z2+uIPcppNGRao ShYw== X-Forwarded-Encrypted: i=1; AJvYcCV0NTXoUhfPbjK0dbGjHPuDO0NV3MQqQMHBzLF2Q47rq7rHdVykWFQ8SvCgJD8RuyxfnMAm3NVZULTaXxaLL2czOe8xRf6q X-Gm-Message-State: AOJu0YzlS9ojc8Es/eYDjfZt2jO9PoKC1GPR/obuvwWgDkgGvE7TmbCm MiFIcGvdPQZJUlK1b1dKk0RecFNQSL3E82bxTpqWA2m5Y6DtH4BmMOZKV/xZXw== X-Google-Smtp-Source: AGHT+IHt1rprcHHpmFeXPeNc/wCHRlA6KUWRllUypQdOgWrHMYxT1v0jfoSLSMRQ65oZnChyI5SXjQ== X-Received: by 2002:a05:600c:1992:b0:412:9c2a:7622 with SMTP id t18-20020a05600c199200b004129c2a7622mr802476wmq.8.1708765498917; Sat, 24 Feb 2024 01:04:58 -0800 (PST) Received: from Mindolluin.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id m6-20020a7bce06000000b00410bca333b7sm5320593wmc.27.2024.02.24.01.04.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 24 Feb 2024 01:04:58 -0800 (PST) From: Dmitry Safonov To: Eric Dumazet , "David S. Miller" , Jakub Kicinski , Paolo Abeni , David Ahern , Shuah Khan , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers Cc: Dmitry Safonov , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com> Subject: [PATCH net-next 10/10] selftest/net: Add trace events matching to tcp_ao Date: Sat, 24 Feb 2024 09:04:18 +0000 Message-ID: <20240224-tcp-ao-tracepoints-v1-10-15f31b7f30a7@arista.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> References: <20240224-tcp-ao-tracepoints-v1-0-15f31b7f30a7@arista.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Mailer: b4 0.13-dev-b6b4b X-Developer-Signature: v=1; a=ed25519-sha256; t=1708765347; l=47733; i=dima@arista.com; s=20231212; h=from:subject:message-id; bh=8AUpEOT88u/8zRD9q6ic9a6ef0BcUKnt4ik9VKTAhE4=; b=JPfTlnGbkTJiMQsclOIwor9e9YUve7lHfH48SzSE64v0+3JRWz6FN3DX1AvasUnHOBGKKDyIH MYu+qgrutP2DvCoVkWhkvvkWD1JAPES1Gk5h9n1VcG+oOKb5ESFTQEX X-Developer-Key: i=dima@arista.com; a=ed25519; pk=hXINUhX25b0D/zWBKvd6zkvH7W2rcwh/CH6cjEa3OTk= X-Patchwork-Delegate: kuba@kernel.org Setup trace points, add a new ftrace instance in order to not interfere with the rest of the system, filtering by net namespace cookies. Raise a new background thread that parses trace_pipe, matches them with the list of expected events. Wiring up trace events to selftests provides another insight if there is anything unexpected happining in the tcp-ao code (i.e. key rotation when it's not expected). Note: in real programs libtraceevent should be used instead of this manual labor of setting ftrace up and parsing. I'm not using it here as I don't want to have an .so library dependency that one would have to bring into VM or DUT (Device Under Test). Please, don't copy it over into any real world programs, that aren't tests. Signed-off-by: Dmitry Safonov --- tools/testing/selftests/net/tcp_ao/Makefile | 2 +- tools/testing/selftests/net/tcp_ao/bench-lookups.c | 2 +- tools/testing/selftests/net/tcp_ao/connect-deny.c | 18 +- tools/testing/selftests/net/tcp_ao/connect.c | 2 +- tools/testing/selftests/net/tcp_ao/icmps-discard.c | 2 +- .../testing/selftests/net/tcp_ao/key-management.c | 18 +- tools/testing/selftests/net/tcp_ao/lib/aolib.h | 94 +++ tools/testing/selftests/net/tcp_ao/lib/ftrace.c | 846 +++++++++++++++++++++ tools/testing/selftests/net/tcp_ao/lib/kconfig.c | 8 + tools/testing/selftests/net/tcp_ao/lib/setup.c | 2 +- tools/testing/selftests/net/tcp_ao/lib/utils.c | 26 + tools/testing/selftests/net/tcp_ao/restore.c | 18 +- tools/testing/selftests/net/tcp_ao/rst.c | 2 +- tools/testing/selftests/net/tcp_ao/self-connect.c | 19 +- tools/testing/selftests/net/tcp_ao/seq-ext.c | 10 +- .../selftests/net/tcp_ao/setsockopt-closed.c | 2 +- tools/testing/selftests/net/tcp_ao/unsigned-md5.c | 28 +- 17 files changed, 1081 insertions(+), 18 deletions(-) diff --git a/tools/testing/selftests/net/tcp_ao/Makefile b/tools/testing/selftests/net/tcp_ao/Makefile index 522d991e310e..2df0e4607ae5 100644 --- a/tools/testing/selftests/net/tcp_ao/Makefile +++ b/tools/testing/selftests/net/tcp_ao/Makefile @@ -31,7 +31,7 @@ CFLAGS += $(KHDR_INCLUDES) CFLAGS += -iquote ./lib/ -I ../../../../include/ # Library -LIBSRC := kconfig.c netlink.c proc.c repair.c setup.c sock.c utils.c +LIBSRC := ftrace.c kconfig.c netlink.c proc.c repair.c setup.c sock.c utils.c LIBOBJ := $(LIBSRC:%.c=$(LIBDIR)/%.o) EXTRA_CLEAN += $(LIBOBJ) $(LIB) diff --git a/tools/testing/selftests/net/tcp_ao/bench-lookups.c b/tools/testing/selftests/net/tcp_ao/bench-lookups.c index a1e6e007c291..6736484996a3 100644 --- a/tools/testing/selftests/net/tcp_ao/bench-lookups.c +++ b/tools/testing/selftests/net/tcp_ao/bench-lookups.c @@ -355,6 +355,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(30, server_fn, client_fn); + test_init(31, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/connect-deny.c b/tools/testing/selftests/net/tcp_ao/connect-deny.c index 185a2f6e5ff3..cfe2501c0dfe 100644 --- a/tools/testing/selftests/net/tcp_ao/connect-deny.c +++ b/tools/testing/selftests/net/tcp_ao/connect-deny.c @@ -212,30 +212,44 @@ static void try_connect(const char *tst_name, unsigned int port, static void *client_fn(void *arg) { - union tcp_addr wrong_addr, network_addr; + union tcp_addr wrong_addr, network_addr, addr_any = {}; unsigned int port = test_server_port; if (inet_pton(TEST_FAMILY, TEST_WRONG_IP, &wrong_addr) != 1) test_error("Can't convert ip address %s", TEST_WRONG_IP); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("Non-AO server + AO client", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_hash_event_expect(TCP_HASH_AO_REQUIRED, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server + Non-AO client", port++, NULL, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("Wrong password", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("Wrong rcv id", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_ao_event_sk_expect(TCP_AO_SYNACK_NO_KEY, this_ip_dest, addr_any, + port, 0, 100, 100); try_connect("Wrong snd id", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_ao_event_expect(TCP_AO_WRONG_MACLEN, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("Different maclen", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("Server: Wrong addr", port++, DEFAULT_TEST_PASSWORD, this_ip_dest, -1, 100, 100, 0, FAULT_TIMEOUT); @@ -259,6 +273,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(21, server_fn, client_fn); + test_init(22, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/connect.c b/tools/testing/selftests/net/tcp_ao/connect.c index 81653b47f303..05dc5efc37c1 100644 --- a/tools/testing/selftests/net/tcp_ao/connect.c +++ b/tools/testing/selftests/net/tcp_ao/connect.c @@ -85,6 +85,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(1, server_fn, client_fn); + test_init(2, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/icmps-discard.c b/tools/testing/selftests/net/tcp_ao/icmps-discard.c index d69bcba3c929..a1614f0d8c44 100644 --- a/tools/testing/selftests/net/tcp_ao/icmps-discard.c +++ b/tools/testing/selftests/net/tcp_ao/icmps-discard.c @@ -444,6 +444,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(3, server_fn, client_fn); + test_init(4, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/key-management.c b/tools/testing/selftests/net/tcp_ao/key-management.c index 24e62120b792..d4385b52c10b 100644 --- a/tools/testing/selftests/net/tcp_ao/key-management.c +++ b/tools/testing/selftests/net/tcp_ao/key-management.c @@ -965,7 +965,7 @@ static void end_client(const char *tst_name, int sk, unsigned int nr_keys, synchronize_threads(); /* 5: counters */ } -static void try_unmatched_keys(int sk, int *rnext_index) +static void try_unmatched_keys(int sk, int *rnext_index, unsigned int port) { struct test_key *key; unsigned int i = 0; @@ -1013,6 +1013,9 @@ static void try_unmatched_keys(int sk, int *rnext_index) test_error("all keys on server match the client"); if (test_set_key(sk, -1, key->server_keyid)) test_error("Can't change the current key"); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, + -1, key->server_keyid, -1); if (test_client_verify(sk, msg_len, nr_packets, TEST_TIMEOUT_SEC)) test_fail("verify failed"); *rnext_index = i; @@ -1054,6 +1057,10 @@ static void check_current_back(const char *tst_name, unsigned int port, return; if (test_set_key(sk, collection.keys[rotate_to_index].client_keyid, -1)) test_error("Can't change the current key"); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, this_ip_dest, this_ip_addr, + port, -1, 0, -1, -1, -1, -1, -1, + collection.keys[rotate_to_index].client_keyid, + collection.keys[current_index].client_keyid, -1); if (test_client_verify(sk, msg_len, nr_packets, TEST_TIMEOUT_SEC)) test_fail("verify failed"); /* There is a race here: between setting the current_key with @@ -1085,6 +1092,11 @@ static void roll_over_keys(const char *tst_name, unsigned int port, for (i = rnext_index + 1; rotations > 0; i++, rotations--) { if (i >= collection.nr_keys) i = 0; + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, + this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, + i == 0 ? -1 : collection.keys[i - 1].server_keyid, + collection.keys[i].server_keyid, -1); if (test_set_key(sk, -1, collection.keys[i].server_keyid)) test_error("Can't change the Rnext key"); if (test_client_verify(sk, msg_len, nr_packets, TEST_TIMEOUT_SEC)) { @@ -1124,7 +1136,7 @@ static void try_client_match(const char *tst_name, unsigned int port, rnext_index, msg_len, nr_packets); if (sk < 0) return; - try_unmatched_keys(sk, &rnext_index); + try_unmatched_keys(sk, &rnext_index, port); end_client(tst_name, sk, nr_keys, current_index, rnext_index, NULL); } @@ -1181,6 +1193,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(120, server_fn, client_fn); + test_init(121, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/lib/aolib.h b/tools/testing/selftests/net/tcp_ao/lib/aolib.h index fdf44d176e0b..e19974df3193 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/aolib.h +++ b/tools/testing/selftests/net/tcp_ao/lib/aolib.h @@ -145,6 +145,7 @@ enum test_needs_kconfig { KCONFIG_TCP_AO, /* required */ KCONFIG_TCP_MD5, /* optional, for TCP-MD5 features */ KCONFIG_NET_VRF, /* optional, for L3/VRF testing */ + KCONFIG_FTRACE, /* optional, for tracepoints checks */ __KCONFIG_LAST__ }; extern bool kernel_config_has(enum test_needs_kconfig k); @@ -184,6 +185,8 @@ static inline void test_init2(unsigned int ntests, __test_init(ntests, family, prefix, taddr1, taddr2, peer1, peer2); } extern void test_add_destructor(void (*d)(void)); +extern void test_init_ftrace(int nsfd1, int nsfd2); +extern int test_setup_tracing(void); /* To adjust optmem socket limit, approximately estimate a number, * that is bigger than sizeof(struct tcp_ao_key). @@ -258,12 +261,17 @@ static inline void test_init(unsigned int ntests, } extern void synchronize_threads(void); extern void switch_ns(int fd); +extern int switch_save_ns(int fd); +extern void switch_close_ns(int fd); extern __thread union tcp_addr this_ip_addr; extern __thread union tcp_addr this_ip_dest; extern int test_family; extern void randomize_buffer(void *buf, size_t buflen); +__attribute__((__format__(__printf__, 3, 4))) +extern int test_echo(const char *fname, bool append, const char *fmt, ...); + extern int open_netns(void); extern int unshare_open_netns(void); extern const char veth_name[]; @@ -644,4 +652,90 @@ static inline int test_add_repaired_key(int sk, return test_verify_socket_key(sk, &tmp); } +enum trace_events { + /* TCP_HASH_EVENT */ + TCP_HASH_BAD_HEADER = 0, + TCP_HASH_MD5_REQUIRED, + TCP_HASH_MD5_UNEXPECTED, + TCP_HASH_MD5_MISMATCH, + TCP_HASH_AO_REQUIRED, + /* TCP_AO_EVENT */ + TCP_AO_HANDSHAKE_FAILURE, + TCP_AO_WRONG_MACLEN, + TCP_AO_MISMATCH, + TCP_AO_KEY_NOT_FOUND, + TCP_AO_RNEXT_REQUEST, + /* TCP_AO_EVENT_SK */ + TCP_AO_SYNACK_NO_KEY, + /* TCP_AO_EVENT_SNE */ + TCP_AO_SND_SNE_UPDATE, + TCP_AO_RCV_SNE_UPDATE, + __MAX_TRACE_EVENTS +}; +extern int __trace_event_expect(enum trace_events type, int family, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, int L3index, + int fin, int syn, int rst, int psh, int ack, + int keyid, int rnext, int maclen, int sne); + +static inline void trace_hash_event_expect(enum trace_events type, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, int L3index, + int fin, int syn, int rst, int psh, int ack) +{ + int err; + + err = __trace_event_expect(type, TEST_FAMILY, src, dst, + src_port, dst_port, L3index, + fin, syn, rst, psh, ack, + -1, -1, -1, -1); + if (err) + test_error("Couldn't add a trace event: %d", err); +} + +static inline void trace_ao_event_expect(enum trace_events type, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, int L3index, + int fin, int syn, int rst, int psh, int ack, + int keyid, int rnext, int maclen) +{ + int err; + + err = __trace_event_expect(type, TEST_FAMILY, src, dst, + src_port, dst_port, L3index, + fin, syn, rst, psh, ack, + keyid, rnext, maclen, -1); + if (err) + test_error("Couldn't add a trace event: %d", err); +} + +static inline void trace_ao_event_sk_expect(enum trace_events type, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, + int keyid, int rnext) +{ + int err; + + err = __trace_event_expect(type, TEST_FAMILY, src, dst, + src_port, dst_port, -1, + -1, -1, -1, -1, -1, + keyid, rnext, -1, -1); + if (err) + test_error("Couldn't add a trace event: %d", err); +} + +static inline void trace_ao_event_sne_expect(enum trace_events type, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, int sne) +{ + int err; + + err = __trace_event_expect(type, TEST_FAMILY, src, dst, + src_port, dst_port, -1, + -1, -1, -1, -1, -1, + -1, -1, -1, sne); + if (err) + test_error("Couldn't add a trace event: %d", err); +} + #endif /* _AOLIB_H_ */ diff --git a/tools/testing/selftests/net/tcp_ao/lib/ftrace.c b/tools/testing/selftests/net/tcp_ao/lib/ftrace.c new file mode 100644 index 000000000000..67cb3849ad0e --- /dev/null +++ b/tools/testing/selftests/net/tcp_ao/lib/ftrace.c @@ -0,0 +1,846 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include +#include "../../../../../include/linux/kernel.h" +#include "aolib.h" + +static const size_t buffer_size_kb = 10000; +static char ftrace_path_fmt[] = "ksft-ftrace-XXXXXX"; +static char instance_path_fmt[] = "ksft-XXXXXX"; +static char *ftrace_path, *instance_path; +static bool ftrace_mounted; +static uint64_t ns_cookie1, ns_cookie2; +static pthread_t tracer_thread; +static bool tracer_thread_created; +static bool tracing_was_dead; + +static const char *trace_event_names[__MAX_TRACE_EVENTS] = { + /* TCP_HASH_EVENT */ + "tcp_hash_bad_header", + "tcp_hash_md5_required", + "tcp_hash_md5_unexpected", + "tcp_hash_md5_mismatch", + "tcp_hash_ao_required", + /* TCP_AO_EVENT */ + "tcp_ao_handshake_failure", + "tcp_ao_wrong_maclen", + "tcp_ao_mismatch", + "tcp_ao_key_not_found", + "tcp_ao_rnext_request", + /* TCP_AO_EVENT_SK */ + "tcp_ao_synack_no_key", + /* TCP_AO_EVENT_SNE */ + "tcp_ao_snd_sne_update", + "tcp_ao_rcv_sne_update" +}; + +struct expected_trace_point { + /* required */ + enum trace_events type; + int family; + union tcp_addr src; + union tcp_addr dst; + + /* optional */ + int src_port; + int dst_port; + int L3index; + + int fin; + int syn; + int rst; + int psh; + int ack; + + int keyid; + int rnext; + int maclen; + int sne; + + size_t matched; +}; + +static struct expected_trace_point *exp_tps; +static size_t exp_tps_nr; +static size_t exp_tps_size; +static pthread_mutex_t exp_tps_mutex = PTHREAD_MUTEX_INITIALIZER; + +int __trace_event_expect(enum trace_events type, int family, + union tcp_addr src, union tcp_addr dst, + int src_port, int dst_port, int L3index, + int fin, int syn, int rst, int psh, int ack, + int keyid, int rnext, int maclen, int sne) +{ + struct expected_trace_point new_tp = { + .type = type, + .family = family, + .src = src, + .dst = dst, + .src_port = src_port, + .dst_port = dst_port, + .L3index = L3index, + .fin = fin, + .syn = syn, + .rst = rst, + .psh = psh, + .ack = ack, + .keyid = keyid, + .rnext = rnext, + .maclen = maclen, + .sne = sne, + .matched = 0, + }; + int ret = 0; + + if (!kernel_config_has(KCONFIG_FTRACE)) + return 0; + + pthread_mutex_lock(&exp_tps_mutex); + if (exp_tps_nr == exp_tps_size) { + struct expected_trace_point *tmp; + + if (exp_tps_size == 0) + exp_tps_size = 10; + else + exp_tps_size = exp_tps_size * 1.6; + + tmp = reallocarray(exp_tps, exp_tps_size, sizeof(exp_tps[0])); + if (!tmp) { + ret = -ENOMEM; + goto out; + } + exp_tps = tmp; + } + exp_tps[exp_tps_nr] = new_tp; + exp_tps_nr++; +out: + pthread_mutex_unlock(&exp_tps_mutex); + return ret; +} + +static size_t how_many_matched(void) +{ + size_t i, ret = 0; + + /* We're from the process destructor - not taking the mutex */ + for (i = 0; i < exp_tps_nr; i++) + ret += exp_tps[i].matched; + return ret; +} + +static void free_expected_events(void) +{ + /* We're from the process destructor - not taking the mutex */ + exp_tps_size = 0; + exp_tps = NULL; + free(exp_tps); +} + +struct trace_point { + int family; + union tcp_addr src; + union tcp_addr dst; + unsigned int src_port; + unsigned int dst_port; + int L3index; + unsigned int fin:1, + syn:1, + rst:1, + psh:1, + ack:1; + + unsigned keyid; + unsigned rnext; + unsigned maclen; + + unsigned sne; +}; + +static bool lookup_expected_event(int event_type, struct trace_point *e) +{ + size_t i; + + pthread_mutex_lock(&exp_tps_mutex); + for (i = 0; i < exp_tps_nr; i++) { + struct expected_trace_point *p = &exp_tps[i]; + size_t sk_size; + + if (p->type != event_type) + continue; + if (p->family != e->family) + continue; + if (p->family == AF_INET) + sk_size = sizeof(p->src.a4); + else + sk_size = sizeof(p->src.a6); + if (memcmp(&p->src, &e->src, sk_size)) + continue; + if (memcmp(&p->dst, &e->dst, sk_size)) + continue; + if (p->src_port >= 0 && p->src_port != e->src_port) + continue; + if (p->dst_port >= 0 && p->dst_port != e->dst_port) + continue; + if (p->L3index >= 0 && p->L3index != e->L3index) + continue; + + if (p->fin >= 0 && p->fin != e->fin) + continue; + if (p->syn >= 0 && p->syn != e->syn) + continue; + if (p->rst >= 0 && p->rst != e->rst) + continue; + if (p->psh >= 0 && p->psh != e->psh) + continue; + if (p->ack >= 0 && p->ack != e->ack) + continue; + + if (p->keyid >= 0 && p->keyid != e->keyid) + continue; + if (p->rnext >= 0 && p->rnext != e->rnext) + continue; + if (p->maclen >= 0 && p->maclen != e->maclen) + continue; + if (p->sne >= 0 && p->sne != e->sne) + continue; + p->matched++; + pthread_mutex_unlock(&exp_tps_mutex); + return true; + } + pthread_mutex_unlock(&exp_tps_mutex); + return false; +} + +static int mount_ftrace(void) +{ + ftrace_path = mkdtemp(ftrace_path_fmt); + if (!ftrace_path) + test_error("Can't create temp dir"); + + if (mount("tracefs", ftrace_path, "tracefs", 0, "rw")) + return -errno; + + ftrace_mounted = true; + + return 0; +} + +static void unmount_ftrace(void) +{ + if (!ftrace_path) + return; + + if (ftrace_mounted && umount(ftrace_path)) + test_print("Failed on cleanup: can't unmount tracefs: %m"); + + if (rmdir(ftrace_path)) + test_error("Failed on cleanup: can't remove ftrace dir %s", + ftrace_path); +} + +struct opts_list_t { + char *opt_name; + struct opts_list_t *next; +}; + +static int adjust_trace_options(const char *ftrace_path) +{ + struct opts_list_t *opts_list = NULL; + char *fopts, *line = NULL; + size_t buf_len = 0; + ssize_t line_len; + int ret = 0; + FILE *opts; + + fopts = test_sprintf("%s/%s", ftrace_path, "trace_options"); + if (!fopts) + return -ENOMEM; + + opts = fopen(fopts, "r+"); + if (opts == NULL) { + ret = -errno; + goto out_free; + } + + while ((line_len = getline(&line, &buf_len, opts)) != -1) { + struct opts_list_t *tmp; + + if (!strncmp(line, "no", 2)) + continue; + + /* XXX: fix show_tcp_state_name() with "nohash-ptr" */ + if (!strncmp(line, "hash-ptr", 8)) + continue; + + tmp = malloc(sizeof(*tmp)); + if (!tmp) { + ret = -ENOMEM; + goto out_free_opts_list; + } + tmp->next = opts_list; + tmp->opt_name = test_sprintf("no%s", line); + if (!tmp->opt_name) { + ret = -ENOMEM; + free(tmp); + goto out_free_opts_list; + } + opts_list = tmp; + } + + while (opts_list) { + struct opts_list_t *tmp = opts_list; + + fseek(opts, 0, SEEK_SET); + fwrite(tmp->opt_name, 1, strlen(tmp->opt_name), opts); + + opts_list = opts_list->next; + free(tmp->opt_name); + free(tmp); + } + +out_free_opts_list: + while (opts_list) { + struct opts_list_t *tmp = opts_list; + + opts_list = opts_list->next; + free(tmp->opt_name); + free(tmp); + } + free(line); + fclose(opts); +out_free: + free(fopts); + return ret; +} + +static int setup_buffer_size(const char *ftrace_path, size_t sz) +{ + char *fbuf_size = test_sprintf("%s/buffer_size_kb", ftrace_path); + int ret; + + if (!fbuf_size) + return -1; + + ret = test_echo(fbuf_size, 0, "%zu", sz); + free(fbuf_size); + return ret; +} + +static int setup_ftrace_instance(void) +{ + char *tmp; + + tmp = test_sprintf("%s/instances/%s", ftrace_path, instance_path_fmt); + if (!tmp) + return -ENOMEM; + + instance_path = mkdtemp(tmp); + if (!instance_path) { + free(tmp); + return -errno; + } + + adjust_trace_options(instance_path); + setup_buffer_size(instance_path, buffer_size_kb); + + /* instance_path has tmp and gets freed in remove_ftrace_instance() */ + return 0; +} + +static void remove_ftrace_instance(void) +{ + if (!instance_path) + return; + if (rmdir(instance_path)) + test_print("Failed on cleanup: can't remove ftrace instance %s", + instance_path); + free(instance_path); +} + +struct trace_events_list { + char *line; + struct trace_events_list *next; +}; +static struct trace_events_list *unexpected_events; + +static int check_event_type(const char *line) +{ + size_t i; + + /* + * This should have been a set or hashmap, but it's a selftest, + * so... KISS. + */ + for (i = 0; i < __MAX_TRACE_EVENTS; i++) { + if (!strncmp(trace_event_names[i], line, strlen(trace_event_names[i]))) + return i; + } + return -1; +} + +static bool event_has_flags(enum trace_events event) +{ + switch (event) { + case TCP_HASH_BAD_HEADER: + case TCP_HASH_MD5_REQUIRED: + case TCP_HASH_MD5_UNEXPECTED: + case TCP_HASH_MD5_MISMATCH: + case TCP_HASH_AO_REQUIRED: + case TCP_AO_HANDSHAKE_FAILURE: + case TCP_AO_WRONG_MACLEN: + case TCP_AO_MISMATCH: + case TCP_AO_KEY_NOT_FOUND: + case TCP_AO_RNEXT_REQUEST: + return true; + default: + return false; + } +} + +static int tracer_ip_split(int family, char *src, char **addr, char **port) +{ + char *p; + + if (family == AF_INET) { + /* fomat is :port, i.e.: 10.0.254.1:7015 */ + *addr = src; + p = strchr(src, ':'); + if (p == NULL) { + test_print("Couldn't parse trace event addr:port %s", src); + return -EINVAL; + } + *p++ = '\0'; + *port = p; + return 0; + } + if (family != AF_INET6) + return -EAFNOSUPPORT; + + /* format is []:port, i.e.: [2001:db8:254::1]:7013 */ + *addr = strchr(src, '['); + p = strchr(src, ']'); + + if (p == NULL || *addr == NULL) { + test_print("Couldn't parse trace event [addr]:port %s", src); + return -EINVAL; + } + + *addr = *addr + 1; /* '[' */ + *p++ = '\0'; /* ']' */ + if (*p != ':') { + test_print("Couldn't parse trace event :port %s", p); + return -EINVAL; + } + *p++ = '\0'; /* ':' */ + *port = p; + return 0; +} + +static int tracer_scan_address(int family, char *src, + union tcp_addr *dst, unsigned int *port) +{ + char *addr, *port_str; + int ret; + + ret = tracer_ip_split(family, src, &addr, &port_str); + if (ret) + return ret; + + if (inet_pton(family, addr, dst) != 1) { + test_print("Couldn't parse trace event addr %s", addr); + return -EINVAL; + } + errno = 0; + *port = (unsigned int)strtoul(port_str, NULL, 10); + if (errno != 0) { + test_print("Couldn't parse trace event port %s", port_str); + return -errno; + } + return 0; +} + +static int tracer_scan_event(const char *line, enum trace_events event, + struct trace_point *out) +{ + char *src = NULL, *dst = NULL, *family = NULL; + char fin, syn, rst, psh, ack; + int nr_matched, ret = 0; + uint64_t netns_cookie; + + switch (event) { + case TCP_HASH_BAD_HEADER: + case TCP_HASH_MD5_REQUIRED: + case TCP_HASH_MD5_UNEXPECTED: + case TCP_HASH_MD5_MISMATCH: + case TCP_HASH_AO_REQUIRED: { + nr_matched = sscanf(line, "%*s net=%" PRIu64 " state=%*s family=%ms src=%ms dest=%ms L3index=%d [%c%c%c%c%c]", + &netns_cookie, &family, + &src, &dst, &out->L3index, + &fin, &syn, &rst, &psh, &ack); + if (nr_matched != 10) + test_print("Couldn't parse trace event, matched = %d/10", + nr_matched); + break; + } + case TCP_AO_HANDSHAKE_FAILURE: + case TCP_AO_WRONG_MACLEN: + case TCP_AO_MISMATCH: + case TCP_AO_KEY_NOT_FOUND: + case TCP_AO_RNEXT_REQUEST: { + nr_matched = sscanf(line, "%*s net=%" PRIu64 " state=%*s family=%ms src=%ms dest=%ms L3index=%d [%c%c%c%c%c] keyid=%u rnext=%u maclen=%u", + &netns_cookie, &family, + &src, &dst, &out->L3index, + &fin, &syn, &rst, &psh, &ack, + &out->keyid, &out->rnext, &out->maclen); + if (nr_matched != 13) + test_print("Couldn't parse trace event, matched = %d/13", + nr_matched); + break; + } + case TCP_AO_SYNACK_NO_KEY: { + nr_matched = sscanf(line, "%*s net=%" PRIu64 " state=%*s family=%ms src=%ms dest=%ms keyid=%u rnext=%u", + &netns_cookie, &family, + &src, &dst, &out->keyid, &out->rnext); + if (nr_matched != 6) + test_print("Couldn't parse trace event, matched = %d/6", + nr_matched); + break; + } + case TCP_AO_SND_SNE_UPDATE: + case TCP_AO_RCV_SNE_UPDATE: { + nr_matched = sscanf(line, "%*s net=%" PRIu64 " state=%*s family=%ms src=%ms dest=%ms sne=%u", + &netns_cookie, &family, + &src, &dst, &out->sne); + if (nr_matched != 5) + test_print("Couldn't parse trace event, matched = %d/5", + nr_matched); + break; + } + default: + return -1; + } + + if (family) { + if (!strcmp(family, "AF_INET")) { + out->family = AF_INET; + } else if (!strcmp(family, "AF_INET6")) { + out->family = AF_INET6; + } else { + test_print("Couldn't parse trace event family %s", family); + ret = -EINVAL; + goto out_free; + } + } + + if (event_has_flags(event)) { + out->fin = (fin == 'F'); + out->syn = (syn == 'S'); + out->rst = (rst == 'R'); + out->psh = (psh == '.'); + out->ack = (ack == 'A'); + + if ((fin != 'F' && fin != ' ') || + (syn != 'S' && syn != ' ') || + (rst != 'R' && rst != ' ') || + (psh != 'P' && psh != ' ') || + (ack != '.' && ack != ' ')) { + test_print("Couldn't parse trace event flags %c%c%c%c%c", + fin, syn, rst, psh, ack); + ret = -EINVAL; + goto out_free; + } + } + + if (src && tracer_scan_address(out->family, src, &out->src, &out->src_port)) { + ret = -EINVAL; + goto out_free; + } + + if (dst && tracer_scan_address(out->family, dst, &out->dst, &out->dst_port)) { + ret = -EINVAL; + goto out_free; + } + + if (netns_cookie != ns_cookie1 && netns_cookie != ns_cookie2) { + test_print("Net namespace filter for trace event didn't work: %" PRIu64 " != %" PRIu64 " OR %" PRIu64, + netns_cookie, ns_cookie1, ns_cookie2); + ret = -EINVAL; + } + +out_free: + free(src); + free(dst); + free(family); + return ret; +} + +static bool tracer_expected_event(const char *line) +{ + int event_type = check_event_type(line); + struct trace_point tmp = {}; + + if (event_type < 0) + return false; + + if (tracer_scan_event(line, event_type, &tmp)) + return false; + + return lookup_expected_event(event_type, &tmp); +} + +struct tracer_cleanup_t { + FILE *pipe; + char **line; +}; + +static void tracer_cleanup(void *arg) +{ + struct tracer_cleanup_t *t = arg; + + fclose(t->pipe); + free(*(t->line)); +} + +static void *tracer_thread_func(void *arg) +{ + FILE *trace_pipe = arg; + size_t buf_len = 0; + char *line = NULL; + ssize_t line_len; + struct tracer_cleanup_t tmp = { + .pipe = trace_pipe, + .line = &line, + }; + + pthread_cleanup_push(tracer_cleanup, (void *)&tmp); + + while ((line_len = getline(&line, &buf_len, trace_pipe)) != -1) { + struct trace_events_list *t; + bool expected_event; + + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + expected_event = tracer_expected_event(line); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); + + if (expected_event) + continue; + + t = malloc(sizeof(*t)); + if (!t) + test_error("malloc()"); + t->line = line; + t->next = unexpected_events; + unexpected_events = t; + line = NULL; + buf_len = 0; + } + + pthread_cleanup_pop(1); + return NULL; +} + +static void setup_trace_thread(void) +{ + FILE *trace_pipe; + char *path; + + path = test_sprintf("%s/trace_pipe", instance_path); + if (!path) + test_error("Not enough memory"); + + trace_pipe = fopen(path, "r"); + if (!trace_pipe) + test_error("fopen()"); + + if (pthread_create(&tracer_thread, NULL, + tracer_thread_func, (void *)trace_pipe)) + test_error("Failed pthread_create()"); + free(path); + tracer_thread_created = true; +} + +static void stop_trace_thread(void) +{ + void *res; + + if (!tracer_thread_created) + return; + + if (pthread_cancel(tracer_thread)) { + test_fail("Can't stop tracer pthread: %m"); + tracing_was_dead = true; + } + if (pthread_join(tracer_thread, &res)) + test_print("Can't join tracer pthread: %m"); + if (res != PTHREAD_CANCELED) { + test_fail("Tracer thread wasn't canceled"); + tracing_was_dead = true; + } +} + +#define dump_events(fmt, ...) \ + __test_print(__test_msg, fmt, ##__VA_ARGS__) +static void check_free_events(void) +{ + struct trace_events_list *tmp; + size_t nr; + + if (!kernel_config_has(KCONFIG_FTRACE)) { + test_skip("kernel config doesn't have ftrace - no checks"); + return; + } + + if (!unexpected_events) { + if (tracing_was_dead) + return; + + nr = how_many_matched(); + if (nr) + test_ok("Trace events matched expectations: %zu", nr); + else + test_ok("No unexpected trace events during the test run"); + return; + } + + tmp = unexpected_events; + for (nr = 0; tmp; nr++) + tmp = tmp->next; + + errno = 0; + test_fail("Trace events [%zu] were not expected:", nr); + while (unexpected_events) { + tmp = unexpected_events; + unexpected_events = tmp->next; + dump_events("\t%s", tmp->line); + free(tmp->line); + free(tmp); + } +} + +static void test_unset_tracing(void) +{ + stop_trace_thread(); + remove_ftrace_instance(); + unmount_ftrace(); + check_free_events(); + free_expected_events(); +} + +static int setup_trace_tcp_event(const char *path, const char *name, + const char *filter) +{ + char *enable_path, *filter_path; + int ret; + + enable_path = test_sprintf("%s/events/tcp/%s/enable", path, name); + if (!enable_path) + return -ENOMEM; + + filter_path = test_sprintf("%s/events/tcp/%s/filter", path, name); + if (!filter_path) { + ret = -ENOMEM; + goto out_free; + } + + ret = test_echo(filter_path, 0, "%s", filter); + if (!ret) + ret = test_echo(enable_path, 0, "1"); + +out_free: + free(filter_path); + free(enable_path); + return ret; +} + +static int setup_trace_events(void) +{ + char *filter; + size_t i; + int ret; + + filter = test_sprintf("net_cookie == %zu || net_cookie == %zu", + ns_cookie1, ns_cookie2); + if (!filter) + return -ENOMEM; + + for (i = 0; i < __MAX_TRACE_EVENTS; i++) { + ret = setup_trace_tcp_event(instance_path, trace_event_names[i], + filter); + if (ret) + break; + } + + free(filter); + return ret; +} + +int test_setup_tracing(void) +{ + /* + * Just a basic protection - this should be called only once from + * lib/kconfig. Not thread safe, which is fine as it's early, before + * threads are created. + */ + static int already_set = 0; + int err; + + /* Needs net-namespace cookies for filters */ + if (ns_cookie1 == ns_cookie2) + return -1; + + if (already_set) + return -1; + already_set = 1; + + test_add_destructor(test_unset_tracing); + err = mount_ftrace(); + if (err) + return err; + + err = setup_ftrace_instance(); + if (err) + return err; + + err = setup_trace_events(); + if (err) + return err; + setup_trace_thread(); + + return 0; +} + +static int get_ns_cookie(int nsfd, uint64_t *out) +{ + int old_ns = switch_save_ns(nsfd); + socklen_t size = sizeof(*out); + int sk; + + sk = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (sk < 0) { + test_print("socket(): %m"); + return -errno; + } + + if (getsockopt(sk, SOL_SOCKET, SO_NETNS_COOKIE, out, &size)) { + test_print("getsockopt(SO_NETNS_COOKIE): %m"); + close(sk); + return -errno; + } + + close(sk); + switch_close_ns(old_ns); + return 0; +} + +void test_init_ftrace(int nsfd1, int nsfd2) +{ + get_ns_cookie(nsfd1, &ns_cookie1); + get_ns_cookie(nsfd2, &ns_cookie2); + /* Populate kernel config state */ + kernel_config_has(KCONFIG_FTRACE); +} diff --git a/tools/testing/selftests/net/tcp_ao/lib/kconfig.c b/tools/testing/selftests/net/tcp_ao/lib/kconfig.c index 3bf4a7e4b3c9..9f1c175846f8 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/kconfig.c +++ b/tools/testing/selftests/net/tcp_ao/lib/kconfig.c @@ -116,6 +116,12 @@ static int has_vrfs(int *err) return ret; } +static int has_ftrace(int *err) +{ + *err = test_setup_tracing(); + return 0; +} + #define KCONFIG_UNKNOWN 1 static pthread_mutex_t kconfig_lock = PTHREAD_MUTEX_INITIALIZER; static struct kconfig_t kconfig[__KCONFIG_LAST__] = { @@ -124,6 +130,7 @@ static struct kconfig_t kconfig[__KCONFIG_LAST__] = { { KCONFIG_UNKNOWN, has_tcp_ao }, { KCONFIG_UNKNOWN, has_tcp_md5 }, { KCONFIG_UNKNOWN, has_vrfs }, + { KCONFIG_UNKNOWN, has_ftrace }, }; const char *tests_skip_reason[__KCONFIG_LAST__] = { @@ -132,6 +139,7 @@ const char *tests_skip_reason[__KCONFIG_LAST__] = { "Tests require TCP-AO support (CONFIG_TCP_AO)", "setsockopt(TCP_MD5SIG_EXT) is not supported (CONFIG_TCP_MD5)", "VRFs are not supported (CONFIG_NET_VRF)", + "Ftrace points are not supported (CONFIG_TRACEPOINTS)", }; bool kernel_config_has(enum test_needs_kconfig k) diff --git a/tools/testing/selftests/net/tcp_ao/lib/setup.c b/tools/testing/selftests/net/tcp_ao/lib/setup.c index f80120bef3dc..bd5620cc6d86 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/setup.c +++ b/tools/testing/selftests/net/tcp_ao/lib/setup.c @@ -250,9 +250,9 @@ void __test_init(unsigned int ntests, int family, unsigned int prefix, test_print("rand seed %u", (unsigned int)seed); srand(seed); - ksft_print_header(); init_namespaces(); + test_init_ftrace(nsfd_parent, nsfd_child); if (add_veth(veth_name, nsfd_parent, nsfd_child)) test_error("Failed to add veth"); diff --git a/tools/testing/selftests/net/tcp_ao/lib/utils.c b/tools/testing/selftests/net/tcp_ao/lib/utils.c index 372daca525f5..60eeb9157b20 100644 --- a/tools/testing/selftests/net/tcp_ao/lib/utils.c +++ b/tools/testing/selftests/net/tcp_ao/lib/utils.c @@ -21,6 +21,32 @@ void randomize_buffer(void *buf, size_t buflen) } } +__attribute__((__format__(__printf__, 3, 4))) +int test_echo(const char *fname, bool append, const char *fmt, ...) +{ + size_t len, written; + va_list vargs; + char *msg; + FILE *f; + + f = fopen(fname, append ? "a" : "w"); + if (!f) + return -errno; + + va_start(vargs, fmt); + msg = test_snprintf(fmt, vargs); + va_end(vargs); + if (!msg) { + fclose(f); + return -1; + } + len = strlen(msg); + written = fwrite(msg, 1, len, f); + fclose(f); + free(msg); + return written == len ? 0 : -1; +} + const struct sockaddr_in6 addr_any6 = { .sin6_family = AF_INET6, }; diff --git a/tools/testing/selftests/net/tcp_ao/restore.c b/tools/testing/selftests/net/tcp_ao/restore.c index 8fdc808df325..472b7781f989 100644 --- a/tools/testing/selftests/net/tcp_ao/restore.c +++ b/tools/testing/selftests/net/tcp_ao/restore.c @@ -206,22 +206,38 @@ static void *client_fn(void *arg) test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); ao_img.snt_isn += 1; + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, + port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); test_sk_restore("TCP-AO with wrong send ISN", port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD); test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); ao_img.rcv_isn += 1; + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, + port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); test_sk_restore("TCP-AO with wrong receive ISN", port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_BAD); test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); ao_img.snd_sne += 1; + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, + port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); test_sk_restore("TCP-AO with wrong send SEQ ext number", port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_NS_BAD | TEST_CNT_GOOD); test_get_sk_checkpoint(port, &saddr, &tcp_img, &ao_img); ao_img.rcv_sne += 1; + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_addr, this_ip_dest, + -1, port, 0, -1, -1, -1, -1, -1, 100, 100, -1); + trace_ao_event_expect(TCP_AO_MISMATCH, this_ip_dest, this_ip_addr, + port, -1, 0, -1, -1, -1, -1, -1, 100, 100, -1); test_sk_restore("TCP-AO with wrong receive SEQ ext number", port++, &saddr, &tcp_img, &ao_img, FAULT_TIMEOUT, TEST_CNT_NS_GOOD | TEST_CNT_BAD); @@ -231,6 +247,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(20, server_fn, client_fn); + test_init(21, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/rst.c b/tools/testing/selftests/net/tcp_ao/rst.c index 7df8b8700e39..0d16d59ee432 100644 --- a/tools/testing/selftests/net/tcp_ao/rst.c +++ b/tools/testing/selftests/net/tcp_ao/rst.c @@ -452,6 +452,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(14, server_fn, client_fn); + test_init(15, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/self-connect.c b/tools/testing/selftests/net/tcp_ao/self-connect.c index e154d9e198a9..98eb436d023a 100644 --- a/tools/testing/selftests/net/tcp_ao/self-connect.c +++ b/tools/testing/selftests/net/tcp_ao/self-connect.c @@ -181,17 +181,30 @@ static void *client_fn(void *arg) setup_lo_intf("lo"); tcp_self_connect("self-connect(same keyids)", port++, false, false); + + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port, port, 0, -1, -1, -1, -1, -1, 5, 7, -1); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port, port, 0, -1, -1, -1, -1, -1, 7, 5, -1); tcp_self_connect("self-connect(different keyids)", port++, true, false); tcp_self_connect("self-connect(restore)", port, false, true); - port += 2; + port += 2; /* restore test restores over different port */ + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port, port, 0, -1, -1, -1, -1, -1, 5, 7, -1); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port, port, 0, -1, -1, -1, -1, -1, 7, 5, -1); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port + 1, port + 1, 0, -1, -1, -1, -1, -1, 5, 7, -1); + trace_ao_event_expect(TCP_AO_RNEXT_REQUEST, local_addr, local_addr, + port + 1, port + 1, 0, -1, -1, -1, -1, -1, 7, 5, -1); tcp_self_connect("self-connect(restore, different keyids)", port, true, true); - port += 2; + port += 2; /* restore test restores over different port */ return NULL; } int main(int argc, char *argv[]) { - test_init(4, client_fn, NULL); + test_init(5, client_fn, NULL); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/seq-ext.c b/tools/testing/selftests/net/tcp_ao/seq-ext.c index ad4e77d6823e..aac2f335ca46 100644 --- a/tools/testing/selftests/net/tcp_ao/seq-ext.c +++ b/tools/testing/selftests/net/tcp_ao/seq-ext.c @@ -116,6 +116,14 @@ static void *server_fn(void *arg) sk = test_sk_restore(&img, &ao_img, &saddr, this_ip_dest, client_new_port, &ao1); + trace_ao_event_sne_expect(TCP_AO_SND_SNE_UPDATE, this_ip_addr, + this_ip_dest, test_server_port + 1, client_new_port, 1); + trace_ao_event_sne_expect(TCP_AO_SND_SNE_UPDATE, this_ip_dest, + this_ip_addr, client_new_port, test_server_port + 1, 1); + trace_ao_event_sne_expect(TCP_AO_RCV_SNE_UPDATE, this_ip_addr, + this_ip_dest, test_server_port + 1, client_new_port, 1); + trace_ao_event_sne_expect(TCP_AO_RCV_SNE_UPDATE, this_ip_dest, + this_ip_addr, client_new_port, test_server_port + 1, 1); synchronize_threads(); /* 5: verify counters during SEQ-number rollover */ bytes = test_server_run(sk, quota, TEST_TIMEOUT_SEC); if (bytes != quota) { @@ -240,6 +248,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(7, server_fn, client_fn); + test_init(8, server_fn, client_fn); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c b/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c index 452de131fa3a..2646be5b0c82 100644 --- a/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c +++ b/tools/testing/selftests/net/tcp_ao/setsockopt-closed.c @@ -830,6 +830,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(120, client_fn, NULL); + test_init(121, client_fn, NULL); return 0; } diff --git a/tools/testing/selftests/net/tcp_ao/unsigned-md5.c b/tools/testing/selftests/net/tcp_ao/unsigned-md5.c index 6b59a652159f..8bc383cf7374 100644 --- a/tools/testing/selftests/net/tcp_ao/unsigned-md5.c +++ b/tools/testing/selftests/net/tcp_ao/unsigned-md5.c @@ -671,24 +671,38 @@ static void *client_fn(void *arg) try_connect("AO server (INADDR_ANY): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 0, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, this_ip_addr, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (INADDR_ANY): MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_AO_REQUIRED, this_ip_addr, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (INADDR_ANY): unsigned client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &this_ip_addr); try_connect("AO server (AO_REQUIRED): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 0, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_AO_REQUIRED, client2, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO server (AO_REQUIRED): unsigned client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &client2); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("MD5 server (INADDR_ANY): AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); try_connect("MD5 server (INADDR_ANY): MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, 0, 1, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_MD5_REQUIRED, this_ip_addr, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("MD5 server (INADDR_ANY): no sign client", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("no sign server: AO client", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 0, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, this_ip_addr, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("no sign server: MD5 client", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); try_connect("no sign server: no sign client", port++, NULL, 0, @@ -696,25 +710,37 @@ static void *client_fn(void *arg) try_connect("AO+MD5 server: AO client (matching)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, 0, 1, &client2); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, this_ip_addr, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("AO+MD5 server: AO client (misconfig, matching MD5)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); + trace_ao_event_expect(TCP_AO_KEY_NOT_FOUND, client3, this_ip_dest, + -1, port, 0, 0, 1, 0, 0, 0, 100, 100, -1); try_connect("AO+MD5 server: AO client (misconfig, non-matching)", port++, NULL, 0, &addr_any, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client3); try_connect("AO+MD5 server: MD5 client (matching)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, 0, 1, &this_ip_addr); + trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, client2, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: MD5 client (misconfig, matching AO)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client2); + trace_hash_event_expect(TCP_HASH_MD5_UNEXPECTED, client3, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: MD5 client (misconfig, non-matching)", port++, &addr_any, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client3); try_connect("AO+MD5 server: no sign client (unmatched)", port++, NULL, 0, NULL, 0, 100, 100, 0, 0, 1, &client3); + trace_hash_event_expect(TCP_HASH_AO_REQUIRED, client2, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: no sign client (misconfig, matching AO)", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &client2); + trace_hash_event_expect(TCP_HASH_MD5_REQUIRED, this_ip_addr, + this_ip_dest, -1, port, 0, 0, 1, 0, 0, 0); try_connect("AO+MD5 server: no sign client (misconfig, matching MD5)", port++, NULL, 0, NULL, 0, 100, 100, 0, FAULT_TIMEOUT, 1, &this_ip_addr); @@ -736,6 +762,6 @@ static void *client_fn(void *arg) int main(int argc, char *argv[]) { - test_init(72, server_fn, client_fn); + test_init(73, server_fn, client_fn); return 0; }