From patchwork Thu Dec 19 17:39:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13915432 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B97B81A42D8; Thu, 19 Dec 2024 17:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629976; cv=none; b=cebLJBuljTFMI5xaJmiTUf0vcKt65Pb6nIr9NQkriYikubTnnOM4yOpBD88af7O4ccYZyEAQhL9JvfFRb5EQ2XuOm6H/+ENMvi+3cEs0Fjn2LOW+1jcw58MD6gHKAldtmigescK0NFojDFw3Gj7DKAVBVhV0CWKXZlLfEIw8BFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629976; c=relaxed/simple; bh=nMtNF8jgMV12hHMHxmoGPD7EdBlEfeZcMkMpfEqDSwU=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=T+ir6+QB75LNmuGQmc7Khuo314HZZE+Oaz1rc6pLofnkfWSoZaCUDF7RBMQYnWOMrJKchUHnJ8SIuuWQ2Zj15DWGV+zr0lG2dxfxwoSzD/EpqimeBPJwADbemmwdrl67YWaBrJBm89Urg/MwwhCmoIBXnXWi728uq+KOu/0GA14= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=YztEenBW; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="YztEenBW" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References; bh=faeUG6yKFS2gk3F1aCroSJO9YLzCZLggD/KHRlKDqdU=; b=YztEenBW9vUwI7ZOHTTE1eQPoK kAqsldKMD972BepQD8ZR+Knux9gChJVXQrI7NpBT1Ob/2MVzWDxnl+H6Ec1LrkvtFir5KaeUai1f/ ZalEC9WKz4Xe2niyzXx6LDO5KT0LFbXxKgEw7mBX0qBSPj62A6ttwF1prDvetbSJTVv9mbyCA0qYN 8Ngvk9GLKPk+lFNSaYyTeRY4+j/8PrzC8oss0aLWDMfUcfwJcpOhTXViEcwjeeXnVQDxbAWBDKNi6 woNdAFMKNh1tQvCgRf2nfj7P1F0QSXRcWiNK0lnrZRFPjdB+3rNLNU37KN+96tPftaeXzQdGbu8Pu dpPNJhqw==; Received: from 226.206.1.85.dynamic.cust.swisscom.net ([85.1.206.226] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOKUj-000MmT-03; Thu, 19 Dec 2024 18:39:29 +0100 From: Daniel Borkmann To: martin.lau@linux.dev Cc: razor@blackwall.org, pabeni@redhat.com, bpf@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH bpf-next 1/3] netkit: Allow for configuring needed_{head,tail}room Date: Thu, 19 Dec 2024 18:39:26 +0100 Message-ID: <20241219173928.464437-1-daniel@iogearbox.net> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 1.0.7/27492/Thu Dec 19 10:44:32 2024) X-Patchwork-Delegate: bpf@iogearbox.net Allow the user to configure needed_{head,tail}room for both netkit devices. The idea is similar to 163e529200af ("veth: implement ndo_set_rx_headroom") with the difference that the two parameters can be specified upon device creation. By default the current behavior stays as is which is needed_{head,tail}room is 0. In case of Cilium, for example, the netkit devices are not enslaved into a bridge or openvswitch device (rather, BPF-based redirection is used out of tcx), and as such these parameters are not propagated into the Pod's netns via peer device. Given Cilium can run in vxlan/geneve tunneling mode (needed_headroom) and/or be used in combination with WireGuard (needed_{head,tail}room), allow the Cilium CNI plugin to specify these two upon netkit device creation. Signed-off-by: Daniel Borkmann Cc: Paolo Abeni Cc: Nikolay Aleksandrov Acked-by: Nikolay Aleksandrov --- drivers/net/netkit.c | 66 +++++++++++++++++++----------- include/uapi/linux/if_link.h | 2 + tools/include/uapi/linux/if_link.h | 2 + 3 files changed, 47 insertions(+), 23 deletions(-) diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c index c1d881dc6409..fb290dcfbc96 100644 --- a/drivers/net/netkit.c +++ b/drivers/net/netkit.c @@ -338,6 +338,7 @@ static int netkit_new_link(struct net *peer_net, struct net_device *dev, enum netkit_scrub scrub_peer = NETKIT_SCRUB_DEFAULT; enum netkit_mode mode = NETKIT_L3; unsigned char ifname_assign_type; + u16 headroom = 0, tailroom = 0; struct ifinfomsg *ifmp = NULL; struct net_device *peer; char ifname[IFNAMSIZ]; @@ -371,6 +372,10 @@ static int netkit_new_link(struct net *peer_net, struct net_device *dev, if (err < 0) return err; } + if (data[IFLA_NETKIT_HEADROOM]) + headroom = nla_get_u16(data[IFLA_NETKIT_HEADROOM]); + if (data[IFLA_NETKIT_TAILROOM]) + tailroom = nla_get_u16(data[IFLA_NETKIT_TAILROOM]); } if (ifmp && tbp[IFLA_IFNAME]) { @@ -390,6 +395,14 @@ static int netkit_new_link(struct net *peer_net, struct net_device *dev, return PTR_ERR(peer); netif_inherit_tso_max(peer, dev); + if (headroom) { + peer->needed_headroom = headroom; + dev->needed_headroom = headroom; + } + if (tailroom) { + peer->needed_tailroom = tailroom; + dev->needed_tailroom = tailroom; + } if (mode == NETKIT_L2 && !(ifmp && tbp[IFLA_ADDRESS])) eth_hw_addr_random(peer); @@ -401,6 +414,7 @@ static int netkit_new_link(struct net *peer_net, struct net_device *dev, nk->policy = policy_peer; nk->scrub = scrub_peer; nk->mode = mode; + nk->headroom = headroom; bpf_mprog_bundle_init(&nk->bundle); err = register_netdevice(peer); @@ -426,6 +440,7 @@ static int netkit_new_link(struct net *peer_net, struct net_device *dev, nk->policy = policy_prim; nk->scrub = scrub_prim; nk->mode = mode; + nk->headroom = headroom; bpf_mprog_bundle_init(&nk->bundle); err = register_netdevice(dev); @@ -850,7 +865,18 @@ static int netkit_change_link(struct net_device *dev, struct nlattr *tb[], struct net_device *peer = rtnl_dereference(nk->peer); enum netkit_action policy; struct nlattr *attr; - int err; + int err, i; + struct { + u32 attr; + char *name; + } fixed_params[] = { + { IFLA_NETKIT_MODE, "operating mode" }, + { IFLA_NETKIT_SCRUB, "scrubbing" }, + { IFLA_NETKIT_PEER_SCRUB, "peer scrubbing" }, + { IFLA_NETKIT_PEER_INFO, "peer info" }, + { IFLA_NETKIT_HEADROOM, "headroom" }, + { IFLA_NETKIT_TAILROOM, "tailroom" }, + }; if (!nk->primary) { NL_SET_ERR_MSG(extack, @@ -858,28 +884,14 @@ static int netkit_change_link(struct net_device *dev, struct nlattr *tb[], return -EACCES; } - if (data[IFLA_NETKIT_MODE]) { - NL_SET_ERR_MSG_ATTR(extack, data[IFLA_NETKIT_MODE], - "netkit link operating mode cannot be changed after device creation"); - return -EACCES; - } - - if (data[IFLA_NETKIT_SCRUB]) { - NL_SET_ERR_MSG_ATTR(extack, data[IFLA_NETKIT_SCRUB], - "netkit scrubbing cannot be changed after device creation"); - return -EACCES; - } - - if (data[IFLA_NETKIT_PEER_SCRUB]) { - NL_SET_ERR_MSG_ATTR(extack, data[IFLA_NETKIT_PEER_SCRUB], - "netkit scrubbing cannot be changed after device creation"); - return -EACCES; - } - - if (data[IFLA_NETKIT_PEER_INFO]) { - NL_SET_ERR_MSG_ATTR(extack, data[IFLA_NETKIT_PEER_INFO], - "netkit peer info cannot be changed after device creation"); - return -EINVAL; + for (i = 0; i < ARRAY_SIZE(fixed_params); i++) { + attr = data[fixed_params[i].attr]; + if (attr) { + NL_SET_ERR_MSG_ATTR_FMT(extack, attr, + "netkit link %s cannot be changed after device creation", + fixed_params[i].name); + return -EACCES; + } } if (data[IFLA_NETKIT_POLICY]) { @@ -914,6 +926,8 @@ static size_t netkit_get_size(const struct net_device *dev) nla_total_size(sizeof(u32)) + /* IFLA_NETKIT_PEER_SCRUB */ nla_total_size(sizeof(u32)) + /* IFLA_NETKIT_MODE */ nla_total_size(sizeof(u8)) + /* IFLA_NETKIT_PRIMARY */ + nla_total_size(sizeof(u16)) + /* IFLA_NETKIT_HEADROOM */ + nla_total_size(sizeof(u16)) + /* IFLA_NETKIT_TAILROOM */ 0; } @@ -930,6 +944,10 @@ static int netkit_fill_info(struct sk_buff *skb, const struct net_device *dev) return -EMSGSIZE; if (nla_put_u32(skb, IFLA_NETKIT_SCRUB, nk->scrub)) return -EMSGSIZE; + if (nla_put_u16(skb, IFLA_NETKIT_HEADROOM, dev->needed_headroom)) + return -EMSGSIZE; + if (nla_put_u16(skb, IFLA_NETKIT_TAILROOM, dev->needed_tailroom)) + return -EMSGSIZE; if (peer) { nk = netkit_priv(peer); @@ -947,6 +965,8 @@ static const struct nla_policy netkit_policy[IFLA_NETKIT_MAX + 1] = { [IFLA_NETKIT_MODE] = NLA_POLICY_MAX(NLA_U32, NETKIT_L3), [IFLA_NETKIT_POLICY] = { .type = NLA_U32 }, [IFLA_NETKIT_PEER_POLICY] = { .type = NLA_U32 }, + [IFLA_NETKIT_HEADROOM] = { .type = NLA_U16 }, + [IFLA_NETKIT_TAILROOM] = { .type = NLA_U16 }, [IFLA_NETKIT_SCRUB] = NLA_POLICY_MAX(NLA_U32, NETKIT_SCRUB_DEFAULT), [IFLA_NETKIT_PEER_SCRUB] = NLA_POLICY_MAX(NLA_U32, NETKIT_SCRUB_DEFAULT), [IFLA_NETKIT_PRIMARY] = { .type = NLA_REJECT, diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 2575e0cd9b48..2fa2c265dcba 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -1315,6 +1315,8 @@ enum { IFLA_NETKIT_MODE, IFLA_NETKIT_SCRUB, IFLA_NETKIT_PEER_SCRUB, + IFLA_NETKIT_HEADROOM, + IFLA_NETKIT_TAILROOM, __IFLA_NETKIT_MAX, }; #define IFLA_NETKIT_MAX (__IFLA_NETKIT_MAX - 1) diff --git a/tools/include/uapi/linux/if_link.h b/tools/include/uapi/linux/if_link.h index 8516c1ccd57a..7e46ca4cd31b 100644 --- a/tools/include/uapi/linux/if_link.h +++ b/tools/include/uapi/linux/if_link.h @@ -1315,6 +1315,8 @@ enum { IFLA_NETKIT_MODE, IFLA_NETKIT_SCRUB, IFLA_NETKIT_PEER_SCRUB, + IFLA_NETKIT_HEADROOM, + IFLA_NETKIT_TAILROOM, __IFLA_NETKIT_MAX, }; #define IFLA_NETKIT_MAX (__IFLA_NETKIT_MAX - 1) From patchwork Thu Dec 19 17:39:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13915430 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B980C1A4E77; Thu, 19 Dec 2024 17:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629975; cv=none; b=MntpaFRfRstfCG+leHcBLz45s/uJCcqVY5XdnkOnHa44oVW8D3pX7z0FaQUUxzcYHj1zfBqXpvTZA3nlJZ7i4RWzo1hVxL6FIVOHpq7d/v1ZYqE49I3wkdUyfyvftyU206towPlPEnZpanxzQM56/GCg5u73Nw15rUmudCcjEEM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629975; c=relaxed/simple; bh=Ne4AeeqZNqy6Z9M50Jp3t7u/bBE6pTUzohf9Mzl5oEk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VDioWp2vCLC99wMv+oNjaVggNq/fL0V8sQxxk1CxcyJZPDuKLAyzgVehDooRNLPaMG6RAVkOb8auxWLteIe11f8+/u9J6HTa6CvPaSUrkszS8d3S1FnM1ZlzP9VkpCLnYjbISOWpPhsgHPZzxzqBSERtIMUCET9lIg5j+vDGFbg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=UUFJLiaE; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="UUFJLiaE" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=bl2hUXNORFJOodMqxSAVtdUGgLb/T+639DMJenOGEK4=; b=UUFJLiaEpXyhja6TBmY0oMxfR1 yNIoDsjLvBsYgDCGHjdvzSiAkxzgALerRkLZjVQJ5AWYDx0OBe39EGfhV46rdp3nv1aZM2qD3HzCD IaRA7UcRBj5FckquJq0TVPxj8VUff/bqNl5El0DraQpMUgIt3VMl3hrkD3LyGhY5GZihwmLOl9Wiy e7mv6cpBiTe/PtxxhtKiXnaUj4YneMDTaIfPxLIhPlH0XBxE55jDmaBW8u7n78ntJHcCECol1VGI+ b1pqRK5P9a2xA8xIjBGroNPvcGTG9eWP84juxuVOYjRC9noEj2KvFmJGuvbmHnidmzOJDrOlf+GZ/ 8vIV/55Q==; Received: from 226.206.1.85.dynamic.cust.swisscom.net ([85.1.206.226] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOKUj-000Mmb-Hp; Thu, 19 Dec 2024 18:39:29 +0100 From: Daniel Borkmann To: martin.lau@linux.dev Cc: razor@blackwall.org, pabeni@redhat.com, bpf@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH bpf-next 2/3] netkit: Add add netkit {head,tail}room to rt_link.yaml Date: Thu, 19 Dec 2024 18:39:27 +0100 Message-ID: <20241219173928.464437-2-daniel@iogearbox.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241219173928.464437-1-daniel@iogearbox.net> References: <20241219173928.464437-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 1.0.7/27492/Thu Dec 19 10:44:32 2024) X-Patchwork-Delegate: bpf@iogearbox.net Add netkit {head,tail}room attribute support to the rt_link.yaml spec file. Example: # ./tools/net/ynl/cli.py --spec Documentation/netlink/specs/rt_link.yaml \ --do getlink --json '{"ifname": "nk0"}' --output-json | jq [...] "linkinfo": { "kind": "netkit", "data": { } }, [...] Signed-off-by: Daniel Borkmann Cc: Nikolay Aleksandrov Acked-by: Nikolay Aleksandrov --- Documentation/netlink/specs/rt_link.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Documentation/netlink/specs/rt_link.yaml b/Documentation/netlink/specs/rt_link.yaml index 9ffa13b77dcf..dbeae6b1c548 100644 --- a/Documentation/netlink/specs/rt_link.yaml +++ b/Documentation/netlink/specs/rt_link.yaml @@ -2166,6 +2166,12 @@ attribute-sets: name: peer-scrub type: u32 enum: netkit-scrub + - + name: headroom + type: u16 + - + name: tailroom + type: u16 sub-messages: - From patchwork Thu Dec 19 17:39:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13915431 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B975E1A2554; Thu, 19 Dec 2024 17:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629976; cv=none; b=Qk8bQT3gjJru31dzuGnrAdwnJ0CLvodnAcIFS0P1nqUxHRvp1fVY+b/tEJR6gE/uvqqoxoEo/BXAHukDj+edYwp8++ZDp55GL6GHh0mDXMgiy2ECpRR1avACyiudayFInojcIO0xr2Bfxe7DPyY/GdxqbqATVr4eBpprhPsYop4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734629976; c=relaxed/simple; bh=GTwTjq+Rcg8H1Cyt8wDmYfDvEDLYXMb8MQFPdfldwcQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GB+BsUwFcBOaRtxjBS3Vxf7BOv1+qOi9YTR2+nTaYzBi20UFW1cDKUKvWDmQvAwaGn3GL8yhgI/3qC/4iCKfC8vRJ44JpEGM2IXtXdk/a9w/sELUZkMofdLMX8CWT5Wd+v+rfmCiyY/uccl0i+BMcJbgtaqeaO+xC62nR5jry40= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=oJT6giPc; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="oJT6giPc" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=GO/j2yTqmecGSELJFipHLBGIAXhymxnpJSLXDsM+W6k=; b=oJT6giPc2C55Q8OlWSjq6OWk9o 6UXReRhTS1jlH9Z/csFdekksB51UgUM21zMGHEMI6dn7+2ixAobZ96F0kDVJ2hjLbPYXT+ynkMZK3 Wle1W6SxxEQt3TTQuxVxD4m0BcwsihH4t8hRphAc7utBeU8qFheYIdsNTC9awS9lHycG1nbFV7oCy i67JYfAXpHKgF8abd/l6fNYC3z7Tv0KbFNhNsYN5/7Eal4cxz93MDzhDAQXTHLi5sClSOuKdIQMu6 ptkptykM4Jmv5yr9qHh+QusUzI6jeVGF9WYegYhiI/3azOV2ERKf4PRgdQiu2GgW7MkHmOJnpjSt9 3LHPeGWg==; Received: from 226.206.1.85.dynamic.cust.swisscom.net ([85.1.206.226] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tOKUk-000Mmk-35; Thu, 19 Dec 2024 18:39:30 +0100 From: Daniel Borkmann To: martin.lau@linux.dev Cc: razor@blackwall.org, pabeni@redhat.com, bpf@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH bpf-next 3/3] selftests/bpf: Extend netkit tests to validate set {head,tail}room Date: Thu, 19 Dec 2024 18:39:28 +0100 Message-ID: <20241219173928.464437-3-daniel@iogearbox.net> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241219173928.464437-1-daniel@iogearbox.net> References: <20241219173928.464437-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 1.0.7/27492/Thu Dec 19 10:44:32 2024) X-Patchwork-Delegate: bpf@iogearbox.net Extend the netkit selftests to specify and validate the {head,tail}room on the netdevice: # ./vmtest.sh -- ./test_progs -t netkit [...] ./test_progs -t netkit [ 1.174147] bpf_testmod: loading out-of-tree module taints kernel. [ 1.174585] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel [ 1.422307] tsc: Refined TSC clocksource calibration: 3407.983 MHz [ 1.424511] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fc3e5084, max_idle_ns: 440795359833 ns [ 1.428092] clocksource: Switched to clocksource tsc #363 tc_netkit_basic:OK #364 tc_netkit_device:OK #365 tc_netkit_multi_links:OK #366 tc_netkit_multi_opts:OK #367 tc_netkit_neigh_links:OK #368 tc_netkit_pkt_type:OK #369 tc_netkit_scrub:OK Summary: 7/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann Cc: Nikolay Aleksandrov Acked-by: Nikolay Aleksandrov --- .../selftests/bpf/prog_tests/tc_netkit.c | 31 ++++++++++++------- .../selftests/bpf/progs/test_tc_link.c | 15 +++++++++ 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/tc_netkit.c b/tools/testing/selftests/bpf/prog_tests/tc_netkit.c index 151a4210028f..7e41dceec58d 100644 --- a/tools/testing/selftests/bpf/prog_tests/tc_netkit.c +++ b/tools/testing/selftests/bpf/prog_tests/tc_netkit.c @@ -14,6 +14,9 @@ #include "netlink_helpers.h" #include "tc_helpers.h" +#define NETKIT_HEADROOM 32 +#define NETKIT_TAILROOM 8 + #define MARK 42 #define PRIO 0xeb9f #define ICMP_ECHO 8 @@ -35,7 +38,7 @@ struct iplink_req { }; static int create_netkit(int mode, int policy, int peer_policy, int *ifindex, - bool same_netns, int scrub, int peer_scrub) + bool same_netns, int scrub, int peer_scrub, bool room) { struct rtnl_handle rth = { .fd = -1 }; struct iplink_req req = {}; @@ -63,6 +66,10 @@ static int create_netkit(int mode, int policy, int peer_policy, int *ifindex, addattr32(&req.n, sizeof(req), IFLA_NETKIT_SCRUB, scrub); addattr32(&req.n, sizeof(req), IFLA_NETKIT_PEER_SCRUB, peer_scrub); addattr32(&req.n, sizeof(req), IFLA_NETKIT_MODE, mode); + if (room) { + addattr16(&req.n, sizeof(req), IFLA_NETKIT_HEADROOM, NETKIT_HEADROOM); + addattr16(&req.n, sizeof(req), IFLA_NETKIT_TAILROOM, NETKIT_TAILROOM); + } addattr_nest_end(&req.n, data); addattr_nest_end(&req.n, linkinfo); @@ -185,7 +192,7 @@ void serial_test_tc_netkit_basic(void) err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS, &ifindex, false, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -300,7 +307,7 @@ static void serial_test_tc_netkit_multi_links_target(int mode, int target) err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS, &ifindex, false, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -429,7 +436,7 @@ static void serial_test_tc_netkit_multi_opts_target(int mode, int target) err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS, &ifindex, false, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -544,7 +551,7 @@ void serial_test_tc_netkit_device(void) err = create_netkit(NETKIT_L3, NETKIT_PASS, NETKIT_PASS, &ifindex, true, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -656,7 +663,7 @@ static void serial_test_tc_netkit_neigh_links_target(int mode, int target) err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS, &ifindex, false, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -734,7 +741,7 @@ static void serial_test_tc_netkit_pkt_type_mode(int mode) err = create_netkit(mode, NETKIT_PASS, NETKIT_PASS, &ifindex, true, NETKIT_SCRUB_DEFAULT, - NETKIT_SCRUB_DEFAULT); + NETKIT_SCRUB_DEFAULT, false); if (err) return; @@ -799,7 +806,7 @@ void serial_test_tc_netkit_pkt_type(void) serial_test_tc_netkit_pkt_type_mode(NETKIT_L3); } -static void serial_test_tc_netkit_scrub_type(int scrub) +static void serial_test_tc_netkit_scrub_type(int scrub, bool room) { LIBBPF_OPTS(bpf_netkit_opts, optl); struct test_tc_link *skel; @@ -807,7 +814,7 @@ static void serial_test_tc_netkit_scrub_type(int scrub) int err, ifindex; err = create_netkit(NETKIT_L2, NETKIT_PASS, NETKIT_PASS, - &ifindex, false, scrub, scrub); + &ifindex, false, scrub, scrub, room); if (err) return; @@ -842,6 +849,8 @@ static void serial_test_tc_netkit_scrub_type(int scrub) ASSERT_EQ(skel->bss->seen_tc8, true, "seen_tc8"); ASSERT_EQ(skel->bss->mark, scrub == NETKIT_SCRUB_NONE ? MARK : 0, "mark"); ASSERT_EQ(skel->bss->prio, scrub == NETKIT_SCRUB_NONE ? PRIO : 0, "prio"); + ASSERT_EQ(skel->bss->headroom, room ? NETKIT_HEADROOM : 0, "headroom"); + ASSERT_EQ(skel->bss->tailroom, room ? NETKIT_TAILROOM : 0, "tailroom"); cleanup: test_tc_link__destroy(skel); @@ -852,6 +861,6 @@ static void serial_test_tc_netkit_scrub_type(int scrub) void serial_test_tc_netkit_scrub(void) { - serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_DEFAULT); - serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_NONE); + serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_DEFAULT, false); + serial_test_tc_netkit_scrub_type(NETKIT_SCRUB_NONE, true); } diff --git a/tools/testing/selftests/bpf/progs/test_tc_link.c b/tools/testing/selftests/bpf/progs/test_tc_link.c index 10d825928499..630f12e51b07 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_link.c +++ b/tools/testing/selftests/bpf/progs/test_tc_link.c @@ -8,6 +8,7 @@ #include #include #include +#include char LICENSE[] SEC("license") = "GPL"; @@ -27,6 +28,7 @@ bool seen_host; bool seen_mcast; int mark, prio; +unsigned short headroom, tailroom; SEC("tc/ingress") int tc1(struct __sk_buff *skb) @@ -104,11 +106,24 @@ int tc7(struct __sk_buff *skb) return TCX_PASS; } +struct sk_buff { + struct net_device *dev; +}; + +struct net_device { + unsigned short needed_headroom; + unsigned short needed_tailroom; +}; + SEC("tc/egress") int tc8(struct __sk_buff *skb) { + struct net_device *dev = BPF_CORE_READ((struct sk_buff *)skb, dev); + seen_tc8 = true; mark = skb->mark; prio = skb->priority; + headroom = BPF_CORE_READ(dev, needed_headroom); + tailroom = BPF_CORE_READ(dev, needed_tailroom); return TCX_PASS; }