From patchwork Sun Dec 18 05:17:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Ehrig X-Patchwork-Id: 34298 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp1806048wrn; Sat, 17 Dec 2022 22:23:31 -0800 (PST) X-Google-Smtp-Source: AA0mqf6a+GsJ/xUdFy/aJSsd/bg3wwD4amNbuMmrfFe2aNjBnmPUd7DEzYapS9ExP1xPL33j3oId X-Received: by 2002:a05:6a00:72f:b0:56b:e159:4d3b with SMTP id 15-20020a056a00072f00b0056be1594d3bmr34969539pfm.30.1671344611308; Sat, 17 Dec 2022 22:23:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671344611; cv=none; d=google.com; s=arc-20160816; b=Rn7bKuEv7Nfp07JYqjtsyEqgHYbVJ14soE0V1IOeYb591W+ZUehm2uhdz8SDWDOSET AP/Px67NcpH1ZyACUrGt6nQOv9IeZFLMhwnWIjJQnKzyIpvHQURrok389e8+eRwM2cyZ hADfikxNMu2IvRD/gvswbkrnCCNYyJGssKxvLfeSHocMYlPy33JY0PlYH4BUqOCS89dC LQYhe10155GQgTjvBuP6GFnvRdk49miMrc+P0WsqwrHEVDm51yL7wRi6rLOhONaUSMSx y7K6Z+JQ6yRvaeNKWJL+Ditd1zdXzXFizooHSgi861Z8/EWcDo8j2yQTFNUE+4tPOGMX J4Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=OKPkOEQY7zOz0QOKMu3IK2pVB1gYNrcFW/XQicj/J2I=; b=I9ORATZqpxWqo0zrxdjReBw9VOxGv4otI55EHIqG7RpiblNbwfPzLhb+CvKy3tzX1f P41QpMqtRub6jx62Le31gN187LMIJbVEeaQiueUiqRGLtNJlS4RttdU5QAFAU+PzDS1h wGYcJHOd12BXpZm9hDze/4QlIZm4Rnz73KCjEZbhLOEosoNYcMFOvUMeGbqRGYLXYm1a aUAPHa2QiYjZShodKu3LfZDk5ewSSvVInNG8vedDsV+stMrY5bdLd2AcUdQdkvMd285L iNk3SM+20fK46aGTLIkjak4v7WGDHBiDmzctjTLr4sSrh120KUa9FASMnI3e7ImyQ/B5 wjCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=mvVqW+ef; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a20-20020aa794b4000000b00575deb1844asi6747638pfl.381.2022.12.17.22.23.19; Sat, 17 Dec 2022 22:23:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=mvVqW+ef; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230195AbiLRFSM (ORCPT + 99 others); Sun, 18 Dec 2022 00:18:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230115AbiLRFSH (ORCPT ); Sun, 18 Dec 2022 00:18:07 -0500 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E93C025FB for ; Sat, 17 Dec 2022 21:18:05 -0800 (PST) Received: by mail-wm1-x32b.google.com with SMTP id b24-20020a05600c4a9800b003d21efdd61dso4329270wmp.3 for ; Sat, 17 Dec 2022 21:18:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=OKPkOEQY7zOz0QOKMu3IK2pVB1gYNrcFW/XQicj/J2I=; b=mvVqW+ef0eI3J0Fc0iAQp6DV5ao5lZTHuLxRbfI/nYL2Ek2LSimLVU4j6WUtvyiXBg 52YBBn7nP2yQ7NYmrgip+ETLepVEH2qyurmU3lG201ImN6bSwkDiBJi0HtAvSM9iTvYu uIdJchWd1q3WKTdJnHADVME5bw/1tcbrLNKcY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OKPkOEQY7zOz0QOKMu3IK2pVB1gYNrcFW/XQicj/J2I=; b=NklZ4nzaDSc5nrDbFrX13PQ6bhZj5x5Mg0MMv1c/ahwOGCG4hGcu/LeaIYw8vk3GWW 4fUWxF5J3WfFeUBXbZQdlMoE97GSlw15EnDucc9esHvZNzICOwfOT8uh8edfVZntxwD1 F0MEuBMbljx+kEa9qLv5Vdhh9ob3KjbPtETbKj2r3quGe1Ij0g8gjowIvGSgFFUzgwal qfgd3wcU5xPhFkHQu3c3nwTfEnLQQwmY+3iVDrMHcIqqpNVSDh0tFoKQa512P6UIWLVZ /ZkVI5LRNnG3GFbanFCR+Itt26v9VoyqJ3SOZ+zUeXPnH87OOY+9a7mcKzUKPY5Hj/a9 VZYA== X-Gm-Message-State: ANoB5pmuSsEKPVOJxVXGuRIQU4NY0rCNS1Tb+qtTH90/WXNqAY2hAprf IpWOuzUozzMObGoEo6gkguf1VA== X-Received: by 2002:a05:600c:4fc8:b0:3cf:614e:b587 with SMTP id o8-20020a05600c4fc800b003cf614eb587mr29465855wmq.26.1671340684350; Sat, 17 Dec 2022 21:18:04 -0800 (PST) Received: from workstation.ehrig.io (tmo-122-74.customers.d1-online.com. [80.187.122.74]) by smtp.gmail.com with ESMTPSA id k62-20020a1ca141000000b003cf894dbc4fsm7805231wme.25.2022.12.17.21.18.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 17 Dec 2022 21:18:03 -0800 (PST) From: Christian Ehrig To: bpf@vger.kernel.org Cc: cehrig@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Mykola Lysenko , Shuah Khan , Joanne Koong , Kui-Feng Lee , Maxim Mikityanskiy , Kaixi Fan , Shmulik Ladkani , Paul Chaignon , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH bpf-next 1/2] bpf: Add flag BPF_F_NO_TUNNEL_KEY to bpf_skb_set_tunnel_key() Date: Sun, 18 Dec 2022 06:17:31 +0100 Message-Id: <20221218051734.31411-1-cehrig@cloudflare.com> X-Mailer: git-send-email 2.37.4 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752531847027773845?= X-GMAIL-MSGID: =?utf-8?q?1752531847027773845?= This patch allows to remove TUNNEL_KEY from the tunnel flags bitmap when using bpf_skb_set_tunnel_key by providing a BPF_F_NO_TUNNEL_KEY flag. On egress, the resulting tunnel header will not contain a tunnel key if the protocol and implementation supports it. At the moment bpf_tunnel_key wants a user to specify a numeric tunnel key. This will wrap the inner packet into a tunnel header with the key bit and value set accordingly. This is problematic when using a tunnel protocol that supports optional tunnel keys and a receiving tunnel device that is not expecting packets with the key bit set. The receiver won't decapsulate and drop the packet. RFC 2890 and RFC 2784 GRE tunnels are examples where this flag is useful. It allows for generating packets, that can be decapsulated by a GRE tunnel device not operating in collect metadata mode or not expecting the key bit set. Signed-off-by: Christian Ehrig Acked-by: Stanislav Fomichev Reviewed-by: Jakub Sitnicki --- include/uapi/linux/bpf.h | 4 ++++ net/core/filter.c | 5 ++++- tools/include/uapi/linux/bpf.h | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 464ca3f01fe7..bc1a3d232ae4 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -2001,6 +2001,9 @@ union bpf_attr { * sending the packet. This flag was added for GRE * encapsulation, but might be used with other protocols * as well in the future. + * **BPF_F_NO_TUNNEL_KEY** + * Add a flag to tunnel metadata indicating that no tunnel + * key should be set in the resulting tunnel header. * * Here is a typical usage on the transmit path: * @@ -5764,6 +5767,7 @@ enum { BPF_F_ZERO_CSUM_TX = (1ULL << 1), BPF_F_DONT_FRAGMENT = (1ULL << 2), BPF_F_SEQ_NUMBER = (1ULL << 3), + BPF_F_NO_TUNNEL_KEY = (1ULL << 4), }; /* BPF_FUNC_skb_get_tunnel_key flags. */ diff --git a/net/core/filter.c b/net/core/filter.c index 929358677183..c746e4d77214 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4615,7 +4615,8 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb, struct ip_tunnel_info *info; if (unlikely(flags & ~(BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX | - BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER))) + BPF_F_DONT_FRAGMENT | BPF_F_SEQ_NUMBER | + BPF_F_NO_TUNNEL_KEY))) return -EINVAL; if (unlikely(size != sizeof(struct bpf_tunnel_key))) { switch (size) { @@ -4653,6 +4654,8 @@ BPF_CALL_4(bpf_skb_set_tunnel_key, struct sk_buff *, skb, info->key.tun_flags &= ~TUNNEL_CSUM; if (flags & BPF_F_SEQ_NUMBER) info->key.tun_flags |= TUNNEL_SEQ; + if (flags & BPF_F_NO_TUNNEL_KEY) + info->key.tun_flags &= ~TUNNEL_KEY; info->key.tun_id = cpu_to_be64(from->tunnel_id); info->key.tos = from->tunnel_tos; diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 464ca3f01fe7..bc1a3d232ae4 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -2001,6 +2001,9 @@ union bpf_attr { * sending the packet. This flag was added for GRE * encapsulation, but might be used with other protocols * as well in the future. + * **BPF_F_NO_TUNNEL_KEY** + * Add a flag to tunnel metadata indicating that no tunnel + * key should be set in the resulting tunnel header. * * Here is a typical usage on the transmit path: * @@ -5764,6 +5767,7 @@ enum { BPF_F_ZERO_CSUM_TX = (1ULL << 1), BPF_F_DONT_FRAGMENT = (1ULL << 2), BPF_F_SEQ_NUMBER = (1ULL << 3), + BPF_F_NO_TUNNEL_KEY = (1ULL << 4), }; /* BPF_FUNC_skb_get_tunnel_key flags. */ From patchwork Sun Dec 18 05:17:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Ehrig X-Patchwork-Id: 34297 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:e747:0:0:0:0:0 with SMTP id c7csp1805801wrn; Sat, 17 Dec 2022 22:22:21 -0800 (PST) X-Google-Smtp-Source: AA0mqf7waQE1K0XsJYAMSWhDL3/A8ZuundqPVKOJv0L6FISJDO/ECpHGR8fBoGLDrl/cAl92I9UJ X-Received: by 2002:a17:902:ea11:b0:189:adf6:7713 with SMTP id s17-20020a170902ea1100b00189adf67713mr50773169plg.65.1671344541101; Sat, 17 Dec 2022 22:22:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671344541; cv=none; d=google.com; s=arc-20160816; b=S0pQxPOzqi6nuhzR9l4C9oqcgUOZF5xDt9PKkjd+GxHONJywcnMGMg2LMi4Q2Uyt3X vLZdWTkJ3KU0PNVkCpJNuE6kt0RuqRsnW3bm3gfwxJt3bMzM2gLsIWZABcDXGKJCMpYq sh4lSqb493zof55K2IrU08PvOhq00jxx0uEhB/7L844wtq4FsJpZR3M0Aza84Z5ZyWhR 6HGV2bEaq/l3/5mZikCXHEstDiPK00SS/MV02yNLmzQ0lHu1m0/mX606Sq5EdB7kYRoO mWvqbOFaQZkRF9FkVVoc2WN3qVriniNS8WcdvB2RBsHQ7fRUhu0hxRTKVanI4NkyPQZd ybTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VZjrql4GzJFHQJkJaKmcf2NkEXsxLrfG96nTce813zM=; b=FfviLNfVmxlEfYreIjTgg8zGVkuur5eHuiFamlIUQ6U/D6M6cPH0Lihv3+Zcr9ySEm OKJpERBsga+59F6M9JpbDJvOIBSiyvQynF249BYfnolIiR0GRjzHkDW3yU99XYUxHsZ/ Dv6sWplbzncR1bcZeEfnjdv2a3zI7L29xRSWupoAlYpJMMaDlb77nDFNP4ga+hG/5Z8U Lp6UWpAxKGa/OBzz8MmLJ796SGhY16N3G9Atdi52QtLdbC0/eTmEGRWMUtWgZ7Q5xCpN 73d/W5EnHzLxsBNRosK1E2riKO6DE765s4ToTcOJgkXYvB0XmaNFwPWYBhr0Z3ZRXzou YEhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=q9j+E6sC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t19-20020a170902d15300b0018965245cbesi6725225plt.339.2022.12.17.22.22.08; Sat, 17 Dec 2022 22:22:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=q9j+E6sC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230388AbiLRFSb (ORCPT + 99 others); Sun, 18 Dec 2022 00:18:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230252AbiLRFSO (ORCPT ); Sun, 18 Dec 2022 00:18:14 -0500 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE229F31 for ; Sat, 17 Dec 2022 21:18:12 -0800 (PST) Received: by mail-wm1-x32f.google.com with SMTP id bi26-20020a05600c3d9a00b003d3404a89faso3144475wmb.1 for ; Sat, 17 Dec 2022 21:18:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VZjrql4GzJFHQJkJaKmcf2NkEXsxLrfG96nTce813zM=; b=q9j+E6sC/Mv5x8/TehXbtRXdQiQqqENXX7LLpqFkYiBa55+8Ym66+zW4pq4VTXeHWl XZr7HRd5XthTvqPx42b23iS0OD7LaAtKz2N0BA+hLNO8iCmYfCxo2bGU3/dePc/hYCAo zv5jSj5r3eaI8nCWSLh179yoY1FpO9pdnwRNU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VZjrql4GzJFHQJkJaKmcf2NkEXsxLrfG96nTce813zM=; b=cVgbTCQfNZEYfbDLAX9JM8iYmykzd23r3ZtGr91X/CkXeQT2rDky6ALinSReVShvWX cIHbJjffOVuzesj1OUGWmM5GarWUu7fwsI+LE+oncMrKExWjHc/F71la2twmCQBjbGyL QLePnOWBHTxdkjUP50WLNXgqYz5n0X6oY7DXV6pkEVDwfwe4F+1HJUKb4gOXf+8352AR Cyx0X18eDOL+v/B/GXTFCVmVuTdMWF/5qTUMWKZTrU6IJ3VMPj9Xz8R/XtUyABvfmO/9 oftt4Ba20gAvZwCdGduX4HPNSs/hxpYxrTlbglQFEr3g8KOoHtAy4zaFjWLb6l/J6yOK 0HuA== X-Gm-Message-State: ANoB5plbJLtHZVYu/krIrCrI44WtTLsaQeMllcbbJ0ezpNBy31O2xm4G wQpw5nu3x5P5WaOFHIhK6qlYAQ== X-Received: by 2002:a7b:cbd1:0:b0:3d1:ed41:57c0 with SMTP id n17-20020a7bcbd1000000b003d1ed4157c0mr28766562wmi.30.1671340691305; Sat, 17 Dec 2022 21:18:11 -0800 (PST) Received: from workstation.ehrig.io (tmo-122-74.customers.d1-online.com. [80.187.122.74]) by smtp.gmail.com with ESMTPSA id k62-20020a1ca141000000b003cf894dbc4fsm7805231wme.25.2022.12.17.21.18.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 17 Dec 2022 21:18:10 -0800 (PST) From: Christian Ehrig To: bpf@vger.kernel.org Cc: cehrig@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Mykola Lysenko , Shuah Khan , Joanne Koong , Kui-Feng Lee , Kumar Kartikeya Dwivedi , Maxim Mikityanskiy , Kaixi Fan , Paul Chaignon , Shmulik Ladkani , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH bpf-next 2/2] selftests/bpf: Add BPF_F_NO_TUNNEL_KEY test Date: Sun, 18 Dec 2022 06:17:32 +0100 Message-Id: <20221218051734.31411-2-cehrig@cloudflare.com> X-Mailer: git-send-email 2.37.4 In-Reply-To: <20221218051734.31411-1-cehrig@cloudflare.com> References: <20221218051734.31411-1-cehrig@cloudflare.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1752531773259051568?= X-GMAIL-MSGID: =?utf-8?q?1752531773259051568?= This patch adds a selftest simulating a GRE sender and receiver using tunnel headers without tunnel keys. It validates if packets encapsulated using BPF_F_NO_TUNNEL_KEY are decapsulated by a GRE receiver not configured with tunnel keys. Signed-off-by: Christian Ehrig Acked-by: Stanislav Fomichev Reviewed-by: Jakub Sitnicki --- .../selftests/bpf/progs/test_tunnel_kern.c | 21 ++++++++++ tools/testing/selftests/bpf/test_tunnel.sh | 40 +++++++++++++++++-- 2 files changed, 58 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index 98af55f0bcd3..508da4a23c4f 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -81,6 +81,27 @@ int gre_set_tunnel(struct __sk_buff *skb) return TC_ACT_OK; } +SEC("tc") +int gre_set_tunnel_no_key(struct __sk_buff *skb) +{ + int ret; + struct bpf_tunnel_key key; + + __builtin_memset(&key, 0x0, sizeof(key)); + key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */ + key.tunnel_ttl = 64; + + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), + BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER | + BPF_F_NO_TUNNEL_KEY); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + return TC_ACT_OK; +} + SEC("tc") int gre_get_tunnel(struct __sk_buff *skb) { diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh index 2eaedc1d9ed3..06857b689c11 100755 --- a/tools/testing/selftests/bpf/test_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tunnel.sh @@ -66,15 +66,20 @@ config_device() add_gre_tunnel() { + tun_key= + if [ -n "$1" ]; then + tun_key="key $1" + fi + # at_ns0 namespace ip netns exec at_ns0 \ - ip link add dev $DEV_NS type $TYPE seq key 2 \ + ip link add dev $DEV_NS type $TYPE seq $tun_key \ local 172.16.1.100 remote 172.16.1.200 ip netns exec at_ns0 ip link set dev $DEV_NS up ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 # root namespace - ip link add dev $DEV type $TYPE key 2 external + ip link add dev $DEV type $TYPE $tun_key external ip link set dev $DEV up ip addr add dev $DEV 10.1.1.200/24 } @@ -238,7 +243,7 @@ test_gre() check $TYPE config_device - add_gre_tunnel + add_gre_tunnel 2 attach_bpf $DEV gre_set_tunnel gre_get_tunnel ping $PING_ARG 10.1.1.100 check_err $? @@ -253,6 +258,30 @@ test_gre() echo -e ${GREEN}"PASS: $TYPE"${NC} } +test_gre_no_tunnel_key() +{ + TYPE=gre + DEV_NS=gre00 + DEV=gre11 + ret=0 + + check $TYPE + config_device + add_gre_tunnel + attach_bpf $DEV gre_set_tunnel_no_key gre_get_tunnel + ping $PING_ARG 10.1.1.100 + check_err $? + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 + check_err $? + cleanup + + if [ $ret -ne 0 ]; then + echo -e ${RED}"FAIL: $TYPE"${NC} + return 1 + fi + echo -e ${GREEN}"PASS: $TYPE"${NC} +} + test_ip6gre() { TYPE=ip6gre @@ -589,6 +618,7 @@ cleanup() ip link del ipip6tnl11 2> /dev/null ip link del ip6ip6tnl11 2> /dev/null ip link del gretap11 2> /dev/null + ip link del gre11 2> /dev/null ip link del ip6gre11 2> /dev/null ip link del ip6gretap11 2> /dev/null ip link del geneve11 2> /dev/null @@ -641,6 +671,10 @@ bpf_tunnel_test() test_gre errors=$(( $errors + $? )) + echo "Testing GRE tunnel (without tunnel keys)..." + test_gre_no_tunnel_key + errors=$(( $errors + $? )) + echo "Testing IP6GRE tunnel..." test_ip6gre errors=$(( $errors + $? ))