Loading...
1// SPDX-License-Identifier: GPL-2.0
2#include <test_progs.h>
3#include <network_helpers.h>
4#include <net/if.h>
5#include "empty_skb.skel.h"
6
7void test_empty_skb(void)
8{
9 LIBBPF_OPTS(bpf_test_run_opts, tattr);
10 struct empty_skb *bpf_obj = NULL;
11 struct nstoken *tok = NULL;
12 struct bpf_program *prog;
13 char eth_hlen_pp[15];
14 char eth_hlen[14];
15 int veth_ifindex;
16 int ipip_ifindex;
17 int err;
18 int i;
19
20 struct {
21 const char *msg;
22 const void *data_in;
23 __u32 data_size_in;
24 int *ifindex;
25 int err;
26 int ret;
27 int lwt_egress_ret; /* expected retval at lwt/egress */
28 bool success_on_tc;
29 } tests[] = {
30 /* Empty packets are always rejected. */
31
32 {
33 /* BPF_PROG_RUN ETH_HLEN size check */
34 .msg = "veth empty ingress packet",
35 .data_in = NULL,
36 .data_size_in = 0,
37 .ifindex = &veth_ifindex,
38 .err = -EINVAL,
39 },
40 {
41 /* BPF_PROG_RUN ETH_HLEN size check */
42 .msg = "ipip empty ingress packet",
43 .data_in = NULL,
44 .data_size_in = 0,
45 .ifindex = &ipip_ifindex,
46 .err = -EINVAL,
47 },
48
49 /* ETH_HLEN-sized packets:
50 * - can not be redirected at LWT_XMIT
51 * - can be redirected at TC to non-tunneling dest
52 */
53
54 {
55 /* __bpf_redirect_common */
56 .msg = "veth ETH_HLEN packet ingress",
57 .data_in = eth_hlen,
58 .data_size_in = sizeof(eth_hlen),
59 .ifindex = &veth_ifindex,
60 .ret = -ERANGE,
61 .lwt_egress_ret = -ERANGE,
62 .success_on_tc = true,
63 },
64 {
65 /* __bpf_redirect_no_mac
66 *
67 * lwt: skb->len=0 <= skb_network_offset=0
68 * tc: skb->len=14 <= skb_network_offset=14
69 */
70 .msg = "ipip ETH_HLEN packet ingress",
71 .data_in = eth_hlen,
72 .data_size_in = sizeof(eth_hlen),
73 .ifindex = &ipip_ifindex,
74 .ret = -ERANGE,
75 .lwt_egress_ret = -ERANGE,
76 },
77
78 /* ETH_HLEN+1-sized packet should be redirected. */
79
80 {
81 .msg = "veth ETH_HLEN+1 packet ingress",
82 .data_in = eth_hlen_pp,
83 .data_size_in = sizeof(eth_hlen_pp),
84 .ifindex = &veth_ifindex,
85 .lwt_egress_ret = 1, /* veth_xmit NET_XMIT_DROP */
86 },
87 {
88 .msg = "ipip ETH_HLEN+1 packet ingress",
89 .data_in = eth_hlen_pp,
90 .data_size_in = sizeof(eth_hlen_pp),
91 .ifindex = &ipip_ifindex,
92 },
93 };
94
95 SYS(out, "ip netns add empty_skb");
96 tok = open_netns("empty_skb");
97 if (!ASSERT_OK_PTR(tok, "setns"))
98 goto out;
99 SYS(out, "ip link add veth0 type veth peer veth1");
100 SYS(out, "ip link set dev veth0 up");
101 SYS(out, "ip link set dev veth1 up");
102 SYS(out, "ip addr add 10.0.0.1/8 dev veth0");
103 SYS(out, "ip addr add 10.0.0.2/8 dev veth1");
104 veth_ifindex = if_nametoindex("veth0");
105
106 SYS(out, "ip link add ipip0 type ipip local 10.0.0.1 remote 10.0.0.2");
107 SYS(out, "ip link set ipip0 up");
108 SYS(out, "ip addr add 192.168.1.1/16 dev ipip0");
109 ipip_ifindex = if_nametoindex("ipip0");
110
111 bpf_obj = empty_skb__open_and_load();
112 if (!ASSERT_OK_PTR(bpf_obj, "open skeleton"))
113 goto out;
114
115 for (i = 0; i < ARRAY_SIZE(tests); i++) {
116 bpf_object__for_each_program(prog, bpf_obj->obj) {
117 bool at_egress = strstr(bpf_program__name(prog), "egress") != NULL;
118 bool at_tc = !strncmp(bpf_program__section_name(prog), "tc", 2);
119 int expected_ret;
120 char buf[128];
121
122 expected_ret = at_egress && !at_tc ? tests[i].lwt_egress_ret : tests[i].ret;
123
124 tattr.data_in = tests[i].data_in;
125 tattr.data_size_in = tests[i].data_size_in;
126
127 tattr.data_size_out = 0;
128 bpf_obj->bss->ifindex = *tests[i].ifindex;
129 bpf_obj->bss->ret = 0;
130 err = bpf_prog_test_run_opts(bpf_program__fd(prog), &tattr);
131 sprintf(buf, "err: %s [%s]", tests[i].msg, bpf_program__name(prog));
132
133 if (at_tc && tests[i].success_on_tc)
134 ASSERT_GE(err, 0, buf);
135 else
136 ASSERT_EQ(err, tests[i].err, buf);
137 sprintf(buf, "ret: %s [%s]", tests[i].msg, bpf_program__name(prog));
138 if (at_tc && tests[i].success_on_tc)
139 ASSERT_GE(bpf_obj->bss->ret, 0, buf);
140 else
141 ASSERT_EQ(bpf_obj->bss->ret, expected_ret, buf);
142 }
143 }
144
145out:
146 if (bpf_obj)
147 empty_skb__destroy(bpf_obj);
148 if (tok)
149 close_netns(tok);
150 SYS_NOFAIL("ip netns del empty_skb");
151}
1// SPDX-License-Identifier: GPL-2.0
2#include <test_progs.h>
3#include <network_helpers.h>
4#include <net/if.h>
5#include "empty_skb.skel.h"
6
7#define SYS(cmd) ({ \
8 if (!ASSERT_OK(system(cmd), (cmd))) \
9 goto out; \
10})
11
12void test_empty_skb(void)
13{
14 LIBBPF_OPTS(bpf_test_run_opts, tattr);
15 struct empty_skb *bpf_obj = NULL;
16 struct nstoken *tok = NULL;
17 struct bpf_program *prog;
18 char eth_hlen_pp[15];
19 char eth_hlen[14];
20 int veth_ifindex;
21 int ipip_ifindex;
22 int err;
23 int i;
24
25 struct {
26 const char *msg;
27 const void *data_in;
28 __u32 data_size_in;
29 int *ifindex;
30 int err;
31 int ret;
32 bool success_on_tc;
33 } tests[] = {
34 /* Empty packets are always rejected. */
35
36 {
37 /* BPF_PROG_RUN ETH_HLEN size check */
38 .msg = "veth empty ingress packet",
39 .data_in = NULL,
40 .data_size_in = 0,
41 .ifindex = &veth_ifindex,
42 .err = -EINVAL,
43 },
44 {
45 /* BPF_PROG_RUN ETH_HLEN size check */
46 .msg = "ipip empty ingress packet",
47 .data_in = NULL,
48 .data_size_in = 0,
49 .ifindex = &ipip_ifindex,
50 .err = -EINVAL,
51 },
52
53 /* ETH_HLEN-sized packets:
54 * - can not be redirected at LWT_XMIT
55 * - can be redirected at TC to non-tunneling dest
56 */
57
58 {
59 /* __bpf_redirect_common */
60 .msg = "veth ETH_HLEN packet ingress",
61 .data_in = eth_hlen,
62 .data_size_in = sizeof(eth_hlen),
63 .ifindex = &veth_ifindex,
64 .ret = -ERANGE,
65 .success_on_tc = true,
66 },
67 {
68 /* __bpf_redirect_no_mac
69 *
70 * lwt: skb->len=0 <= skb_network_offset=0
71 * tc: skb->len=14 <= skb_network_offset=14
72 */
73 .msg = "ipip ETH_HLEN packet ingress",
74 .data_in = eth_hlen,
75 .data_size_in = sizeof(eth_hlen),
76 .ifindex = &ipip_ifindex,
77 .ret = -ERANGE,
78 },
79
80 /* ETH_HLEN+1-sized packet should be redirected. */
81
82 {
83 .msg = "veth ETH_HLEN+1 packet ingress",
84 .data_in = eth_hlen_pp,
85 .data_size_in = sizeof(eth_hlen_pp),
86 .ifindex = &veth_ifindex,
87 },
88 {
89 .msg = "ipip ETH_HLEN+1 packet ingress",
90 .data_in = eth_hlen_pp,
91 .data_size_in = sizeof(eth_hlen_pp),
92 .ifindex = &ipip_ifindex,
93 },
94 };
95
96 SYS("ip netns add empty_skb");
97 tok = open_netns("empty_skb");
98 SYS("ip link add veth0 type veth peer veth1");
99 SYS("ip link set dev veth0 up");
100 SYS("ip link set dev veth1 up");
101 SYS("ip addr add 10.0.0.1/8 dev veth0");
102 SYS("ip addr add 10.0.0.2/8 dev veth1");
103 veth_ifindex = if_nametoindex("veth0");
104
105 SYS("ip link add ipip0 type ipip local 10.0.0.1 remote 10.0.0.2");
106 SYS("ip link set ipip0 up");
107 SYS("ip addr add 192.168.1.1/16 dev ipip0");
108 ipip_ifindex = if_nametoindex("ipip0");
109
110 bpf_obj = empty_skb__open_and_load();
111 if (!ASSERT_OK_PTR(bpf_obj, "open skeleton"))
112 goto out;
113
114 for (i = 0; i < ARRAY_SIZE(tests); i++) {
115 bpf_object__for_each_program(prog, bpf_obj->obj) {
116 char buf[128];
117 bool at_tc = !strncmp(bpf_program__section_name(prog), "tc", 2);
118
119 tattr.data_in = tests[i].data_in;
120 tattr.data_size_in = tests[i].data_size_in;
121
122 tattr.data_size_out = 0;
123 bpf_obj->bss->ifindex = *tests[i].ifindex;
124 bpf_obj->bss->ret = 0;
125 err = bpf_prog_test_run_opts(bpf_program__fd(prog), &tattr);
126 sprintf(buf, "err: %s [%s]", tests[i].msg, bpf_program__name(prog));
127
128 if (at_tc && tests[i].success_on_tc)
129 ASSERT_GE(err, 0, buf);
130 else
131 ASSERT_EQ(err, tests[i].err, buf);
132 sprintf(buf, "ret: %s [%s]", tests[i].msg, bpf_program__name(prog));
133 if (at_tc && tests[i].success_on_tc)
134 ASSERT_GE(bpf_obj->bss->ret, 0, buf);
135 else
136 ASSERT_EQ(bpf_obj->bss->ret, tests[i].ret, buf);
137 }
138 }
139
140out:
141 if (bpf_obj)
142 empty_skb__destroy(bpf_obj);
143 if (tok)
144 close_netns(tok);
145 system("ip netns del empty_skb");
146}