From patchwork Mon Apr 3 12:12:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Ehrig X-Patchwork-Id: 78504 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2224946vqo; Mon, 3 Apr 2023 04:24:27 -0700 (PDT) X-Google-Smtp-Source: AKy350bf8tugxSbUKo0ZK2CCmSHOTa5RrVVlwJvag+pFWCNr6xc3hu4huu+OuCZwbzZ7WB31jvXr X-Received: by 2002:a17:90a:ab01:b0:237:b4c0:e15b with SMTP id m1-20020a17090aab0100b00237b4c0e15bmr38950431pjq.44.1680521067379; Mon, 03 Apr 2023 04:24:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680521067; cv=none; d=google.com; s=arc-20160816; b=YVbdKGaTJ+h74L6A/EyeozPM8NARVW8xfzkpXGE9mB7W8MDEQWFqF1eSNJxd91kUjS 1+WS/3kz0CiR0MKpZqbAhq6HWGlWb9GhKAt3N+sGDvTqgPI8cPnYDOcW7TTPgNW2s8yk 0ZvOyYW7sv8xIGSoP4uHuum+5ggcqQPQLpkvX/DuzGtgKdbr7dPePBio+W2pnA1ZS57t FCUBPb8hmu/3gtulR0jYZMs2Yg/Twab0ewDY6kfaRw9fKFV7gdtt7IjEIILiaz+9Pw/k W6EnxFJd84bqraK1LKqBvCl7YFcHc/cmcvXF9lQDKnPe++iBZZrAicimeUl+QGg8O9SC ldJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=iUBwfYQK6nNehUVYqNgpHoXy2st+RjBCDaSOraeR1MA=; b=DUP/6nrN/n2XUZ/QHn+gKRmc8F64Jwq6HoPfR//pYVJnJjxlpBQyZviWh9PCWOyhva dUEADtCLK4uiQjUiZV2vvJXPABkAJMQRvBiV5mzvE/IcLUIDX/8tf6QFP35L53BNBCJg Trsy/q5wfVlsQt4J039czqegArJMXj447gFFYx0/cIbs/LpY8zqLb0qqbB03b/DrH40z qM1GQShnBTSn3ZGqI4XJFq7uuHHNcvhrepQRu7dNbtgHuNfVwqjOoyn5A3XeaAZydR/i 1AJmw2qI0EVFdD4XiVvlUafdmmHBQWvJ9jg/HqbC7StATsFwzW/EHX4K1mVNjYGPi1BU 4RoQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=tG9yTZ9q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h189-20020a6383c6000000b005138fff7984si3861296pge.38.2023.04.03.04.24.15; Mon, 03 Apr 2023 04:24:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=tG9yTZ9q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232277AbjDCLNX (ORCPT + 99 others); Mon, 3 Apr 2023 07:13:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232256AbjDCLNJ (ORCPT ); Mon, 3 Apr 2023 07:13:09 -0400 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 158AE12BE4 for ; Mon, 3 Apr 2023 04:12:38 -0700 (PDT) Received: by mail-wr1-x436.google.com with SMTP id h17so28915070wrt.8 for ; Mon, 03 Apr 2023 04:12:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1680520354; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iUBwfYQK6nNehUVYqNgpHoXy2st+RjBCDaSOraeR1MA=; b=tG9yTZ9q1pBQrfTomOZ97lwSs8wXAOQo9nVQPQUN7de3ask4yNTYIaCDO8aVPxXvf5 06CgPiqLxCes9CxQoWPCBfIKe+YV0/hQU+XfABOspRFFPbN3h7w+S1kLTnHGAhindVOt fKTvFptopgwxRb0FWYK8mMl3s4rEVsEGBgxp0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680520354; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iUBwfYQK6nNehUVYqNgpHoXy2st+RjBCDaSOraeR1MA=; b=qwzX95UtEPTBvXSje/IHW9Pa3HuQ+DEWgrFoRusgEs8clV5x+qaMYKklDZK+CZjDOE UL1zjcX+VkXOMn9IzqiW9HKiLGr9s/VUbAP9Nm0362JtyBOqnn5Fh0EJxRTvnVsuCvLT f9ItL497O9q984tk4FqCNeqfn+bcK8xfNcoisjq9VzLfHsNSqbwL8d14Vux/6OVjEU/C 3hfSeHRprKYqsUyKge+L7umZgNdmTV0xikbFnzUnvZRMVXhILSqrS9yB8KoJ6BTbuPdn i3UllWu9VVuJ8zwvm9N5xAZfrmLcWCLIOf58hyKXFeNF5Jqlxd2j24OL8R8Mxiebx4R7 +xZg== X-Gm-Message-State: AAQBX9dLm6vhbcj3wRkfwADHjALyLZMOWMrmV0W/g+gWxaMaLfXMwZuH xFjJfbKYLeQBZd6bF6pvaZDUGg== X-Received: by 2002:a5d:5445:0:b0:2c9:23c4:8f93 with SMTP id w5-20020a5d5445000000b002c923c48f93mr25203010wrv.57.1680520353618; Mon, 03 Apr 2023 04:12:33 -0700 (PDT) Received: from workstation.ehrig.io (tmo-066-125.customers.d1-online.com. [80.187.66.125]) by smtp.gmail.com with ESMTPSA id y11-20020adffa4b000000b002c7066a6f77sm9505517wrr.31.2023.04.03.04.12.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Apr 2023 04:12:33 -0700 (PDT) From: Christian Ehrig To: bpf@vger.kernel.org Cc: cehrig@cloudflare.com, kernel-team@cloudflare.com, "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH bpf-next v2 1/3] ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip devices Date: Mon, 3 Apr 2023 14:12:07 +0200 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1762154058598963959?= X-GMAIL-MSGID: =?utf-8?q?1762154058598963959?= Today ipip devices in collect-metadata mode don't allow for sending FOU or GUE encapsulated packets. This patch lifts the restriction by adding a struct ip_tunnel_encap to the tunnel metadata. On the egress path, the members of this struct can be set by the bpf_skb_set_fou_encap kfunc via a BPF tc-hook. Instead of dropping packets wishing to use additional UDP encapsulation, ip_md_tunnel_xmit now evaluates the contents of this struct and adds the corresponding FOU or GUE header. Furthermore, it is making sure that additional header bytes are taken into account for PMTU discovery. On the ingress path, an ipip device in collect-metadata mode will fill this struct and a BPF tc-hook can obtain the information via a call to the bpf_skb_get_fou_encap kfunc. The minor change to ip_tunnel_encap, which now takes a pointer to struct ip_tunnel_encap instead of struct ip_tunnel, allows us to control FOU encap type and parameters on a per packet-level. Signed-off-by: Christian Ehrig --- include/net/ip_tunnels.h | 28 +++++++++++++++------------- net/ipv4/ip_tunnel.c | 22 ++++++++++++++++++++-- net/ipv4/ipip.c | 1 + net/ipv6/sit.c | 2 +- 4 files changed, 37 insertions(+), 16 deletions(-) diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h index fca357679816..7912f53caae0 100644 --- a/include/net/ip_tunnels.h +++ b/include/net/ip_tunnels.h @@ -57,6 +57,13 @@ struct ip_tunnel_key { __u8 flow_flags; }; +struct ip_tunnel_encap { + u16 type; + u16 flags; + __be16 sport; + __be16 dport; +}; + /* Flags for ip_tunnel_info mode. */ #define IP_TUNNEL_INFO_TX 0x01 /* represents tx tunnel parameters */ #define IP_TUNNEL_INFO_IPV6 0x02 /* key contains IPv6 addresses */ @@ -66,9 +73,9 @@ struct ip_tunnel_key { #define IP_TUNNEL_OPTS_MAX \ GENMASK((sizeof_field(struct ip_tunnel_info, \ options_len) * BITS_PER_BYTE) - 1, 0) - struct ip_tunnel_info { struct ip_tunnel_key key; + struct ip_tunnel_encap encap; #ifdef CONFIG_DST_CACHE struct dst_cache dst_cache; #endif @@ -86,13 +93,6 @@ struct ip_tunnel_6rd_parm { }; #endif -struct ip_tunnel_encap { - u16 type; - u16 flags; - __be16 sport; - __be16 dport; -}; - struct ip_tunnel_prl_entry { struct ip_tunnel_prl_entry __rcu *next; __be32 addr; @@ -293,6 +293,7 @@ struct ip_tunnel *ip_tunnel_lookup(struct ip_tunnel_net *itn, __be32 remote, __be32 local, __be32 key); +void ip_tunnel_md_udp_encap(struct sk_buff *skb, struct ip_tunnel_info *info); int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb, const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst, bool log_ecn_error); @@ -371,22 +372,23 @@ static inline int ip_encap_hlen(struct ip_tunnel_encap *e) return hlen; } -static inline int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, +static inline int ip_tunnel_encap(struct sk_buff *skb, + struct ip_tunnel_encap *e, u8 *protocol, struct flowi4 *fl4) { const struct ip_tunnel_encap_ops *ops; int ret = -EINVAL; - if (t->encap.type == TUNNEL_ENCAP_NONE) + if (e->type == TUNNEL_ENCAP_NONE) return 0; - if (t->encap.type >= MAX_IPTUN_ENCAP_OPS) + if (e->type >= MAX_IPTUN_ENCAP_OPS) return -EINVAL; rcu_read_lock(); - ops = rcu_dereference(iptun_encaps[t->encap.type]); + ops = rcu_dereference(iptun_encaps[e->type]); if (likely(ops && ops->build_header)) - ret = ops->build_header(skb, &t->encap, protocol, fl4); + ret = ops->build_header(skb, e, protocol, fl4); rcu_read_unlock(); return ret; diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index de90b09dfe78..add437f710fc 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -359,6 +359,20 @@ static struct ip_tunnel *ip_tunnel_create(struct net *net, return ERR_PTR(err); } +void ip_tunnel_md_udp_encap(struct sk_buff *skb, struct ip_tunnel_info *info) +{ + const struct iphdr *iph = ip_hdr(skb); + const struct udphdr *udph; + + if (iph->protocol != IPPROTO_UDP) + return; + + udph = (struct udphdr *)((__u8 *)iph + (iph->ihl << 2)); + info->encap.sport = udph->source; + info->encap.dport = udph->dest; +} +EXPORT_SYMBOL(ip_tunnel_md_udp_encap); + int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb, const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst, bool log_ecn_error) @@ -572,7 +586,11 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, tunnel_id_to_key32(key->tun_id), RT_TOS(tos), dev_net(dev), 0, skb->mark, skb_get_hash(skb), key->flow_flags); - if (tunnel->encap.type != TUNNEL_ENCAP_NONE) + + if (!tunnel_hlen) + tunnel_hlen = ip_encap_hlen(&tun_info->encap); + + if (ip_tunnel_encap(skb, &tun_info->encap, &proto, &fl4) < 0) goto tx_error; use_cache = ip_tunnel_dst_cache_usable(skb, tun_info); @@ -732,7 +750,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, dev_net(dev), tunnel->parms.link, tunnel->fwmark, skb_get_hash(skb), 0); - if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0) + if (ip_tunnel_encap(skb, &tunnel->encap, &protocol, &fl4) < 0) goto tx_error; if (connected && md) { diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c index abea77759b7e..27b8f83c6ea2 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c @@ -241,6 +241,7 @@ static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto) tun_dst = ip_tun_rx_dst(skb, 0, 0, 0); if (!tun_dst) return 0; + ip_tunnel_md_udp_encap(skb, &tun_dst->u.tun_info); } skb_reset_mac_header(skb); diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 70d81bba5093..063560e2cb1a 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -1024,7 +1024,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb, ttl = iph6->hop_limit; tos = INET_ECN_encapsulate(tos, ipv6_get_dsfield(iph6)); - if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0) { + if (ip_tunnel_encap(skb, &tunnel->encap, &protocol, &fl4) < 0) { ip_rt_put(rt); goto tx_error; } From patchwork Mon Apr 3 12:12:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Ehrig X-Patchwork-Id: 78498 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2219924vqo; Mon, 3 Apr 2023 04:15:56 -0700 (PDT) X-Google-Smtp-Source: AKy350Zzyag+nAmeib+kjd8H2GKF9J6qAlsjj5bVT8bEsfZXcWdNtcMrFwFB46g3ye6KXXdHDQY6 X-Received: by 2002:a17:906:c20e:b0:920:388c:5c60 with SMTP id d14-20020a170906c20e00b00920388c5c60mr37819122ejz.41.1680520555981; Mon, 03 Apr 2023 04:15:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680520555; cv=none; d=google.com; s=arc-20160816; b=I7m4jM7ijWOjjOtR3H/3vwYV+h4MUwLRPmNSH8eGd/Py34RzR0iOhquzDaGpJzLsCS GFWjFhmr4kqjOaBxs/iF8GuuYGTLJhMIGo88ig2bUZX1H3CbOEIAR3rjm1Od4CAqmatT 9a67mg+EmSyRUe3b5Ef7vwqwIqYRAw967LZwvKvj3X2BeHk2eahCnhFVed+z/mq79TR7 BMNKECE9xpEAkUsc4COdGNdJMeYtq5J+MZ3uWzdxRPLQrCLcr3D9PvuZofWCAMuzNi0d 9FxsTfHYJMI0kFi5aaXc/TDmFntcNWTPfBILzIKuuSBAvJM5QgaqWduH3Y99+ZKcYw/+ XZIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PZLNuzKtLWlgs6Y6X1IWZZsYIByhDy9cqzVY3QztvD8=; b=wPR3+sAfghG0RVAhqM2xm932p4Tfa8C29+Rs8O5Q0HfbjjRjU27dCMF0T2OYoagmMf FVli+Te3Ja87ioTrQQB7fnkY5fsD0rjnqtI921eiW8+fLr5XEGpyWMkMKZ9CHwsT1QW6 p0mbKpRqmdNdbul6l0HkHNr9/B4ug8+OBbaJjTbcnMobIoEMmqeOpCR/aYGBZJ/CqklS hnPzBHjQ9S/UhcomScP6ivdnp8IW/K4uFFk2c0ow2+A/RM7svSV5r07vNcNH68ZgYgZy L4ATXOR06U/dwfJqv2+XiQkpg0SN8Nrf0B00pY6I7XOh9sfNc97pnmygUM1V26DZ1P1e JAmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=jy4FFCj4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id qo12-20020a170907212c00b0093460eefb1csi6693105ejb.659.2023.04.03.04.15.31; Mon, 03 Apr 2023 04:15:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=jy4FFCj4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232117AbjDCLN2 (ORCPT + 99 others); Mon, 3 Apr 2023 07:13:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232263AbjDCLNK (ORCPT ); Mon, 3 Apr 2023 07:13:10 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 521A71A956 for ; Mon, 3 Apr 2023 04:12:40 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id e18so28916519wra.9 for ; Mon, 03 Apr 2023 04:12:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1680520358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PZLNuzKtLWlgs6Y6X1IWZZsYIByhDy9cqzVY3QztvD8=; b=jy4FFCj4W1GPd4u8mxyCmg4yJi77U4RIvAPJDqPUF6xM2iipbQVCdxInK0RyZQL1jC YNCS9mjeGD+40sd3I2njZqs0B0FrJL+6HH4/5l5Fhu7r3F+yESzWaovZ5i35jvNq/BcZ RMqREAWTYHZX6CDc5Gq7Wv9BzcwemCDUcYkc0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680520358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PZLNuzKtLWlgs6Y6X1IWZZsYIByhDy9cqzVY3QztvD8=; b=331dqxgaS1XxyidgWUQ+GYoJt71jtnqi8bQ8suVztw1xQYb/Y9tNxbsZlEg0B7lJuu h2cOd29RJWBYfPHxHcM0UyapHhaWG14zWk2Ymn3hFIxq+ITs1zjztd5O5VLKd0m216NT wDuWgghpRnjCqLwmhUlWMXF2k42iz+L4BsUheDOmi8+SRt/MOPp8OQU2NKpAXotVJYkG pXIouLw1L2BZWvmNx3hae8D8Bo1u3aLNV93ydaBvLTzrX2oX18T4gqtnFFSbzsc9FBHE e52YFlBksQSUkGUcb55GjJH9CawUJ9DcoNoyTQalZDr6Oao2sdBmPCIKFdzDCYi4424F Z5/w== X-Gm-Message-State: AAQBX9dwDzDgz8GlZf5Ig8/87UZWi940tRKFqgtPn2GJgbvXIKiZx5YX w91pTp1vQzklbBBD5U7GPZMadQ== X-Received: by 2002:a5d:4ecc:0:b0:2d1:9ce9:2b99 with SMTP id s12-20020a5d4ecc000000b002d19ce92b99mr25187273wrv.18.1680520358383; Mon, 03 Apr 2023 04:12:38 -0700 (PDT) Received: from workstation.ehrig.io (tmo-066-125.customers.d1-online.com. [80.187.66.125]) by smtp.gmail.com with ESMTPSA id y11-20020adffa4b000000b002c7066a6f77sm9505517wrr.31.2023.04.03.04.12.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Apr 2023 04:12:37 -0700 (PDT) From: Christian Ehrig To: bpf@vger.kernel.org Cc: cehrig@cloudflare.com, kernel-team@cloudflare.com, kernel test robot , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , David Ahern , linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH bpf-next v2 2/3] bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs Date: Mon, 3 Apr 2023 14:12:08 +0200 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1762153522128586227?= X-GMAIL-MSGID: =?utf-8?q?1762153522128586227?= Add two new kfuncs that allow a BPF tc-hook, installed on an ipip device in collect-metadata mode, to control FOU encap parameters on a per-packet level. The set of kfuncs is registered with the fou module. The bpf_skb_set_fou_encap kfunc is supposed to be used in tandem and after a successful call to the bpf_skb_set_tunnel_key bpf-helper. UDP source and destination ports can be controlled by passing a struct bpf_fou_encap. A source port of zero will auto-assign a source port. enum bpf_fou_encap_type is used to specify if the egress path should FOU or GUE encap the packet. On the ingress path bpf_skb_get_fou_encap can be used to read UDP source and destination ports from the receiver's point of view and allows for packet multiplexing across different destination ports within a single BPF program and ipip device. Reported-by: kernel test robot Link: https://lore.kernel.org/oe-kbuild-all/202304020425.L8MwfV5h-lkp@intel.com/ Signed-off-by: Christian Ehrig --- include/net/fou.h | 2 + net/ipv4/Makefile | 2 +- net/ipv4/fou_bpf.c | 119 ++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/fou_core.c | 5 ++ 4 files changed, 127 insertions(+), 1 deletion(-) create mode 100644 net/ipv4/fou_bpf.c diff --git a/include/net/fou.h b/include/net/fou.h index 80f56e275b08..824eb4b231fd 100644 --- a/include/net/fou.h +++ b/include/net/fou.h @@ -17,4 +17,6 @@ int __fou_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e, int __gue_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e, u8 *protocol, __be16 *sport, int type); +int register_fou_bpf(void); + #endif diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index 880277c9fd07..b18ba8ef93ad 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile @@ -26,7 +26,7 @@ obj-$(CONFIG_IP_MROUTE) += ipmr.o obj-$(CONFIG_IP_MROUTE_COMMON) += ipmr_base.o obj-$(CONFIG_NET_IPIP) += ipip.o gre-y := gre_demux.o -fou-y := fou_core.o fou_nl.o +fou-y := fou_core.o fou_nl.o fou_bpf.o obj-$(CONFIG_NET_FOU) += fou.o obj-$(CONFIG_NET_IPGRE_DEMUX) += gre.o obj-$(CONFIG_NET_IPGRE) += ip_gre.o diff --git a/net/ipv4/fou_bpf.c b/net/ipv4/fou_bpf.c new file mode 100644 index 000000000000..3760a14b6b57 --- /dev/null +++ b/net/ipv4/fou_bpf.c @@ -0,0 +1,119 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Unstable Fou Helpers for TC-BPF hook + * + * These are called from SCHED_CLS BPF programs. Note that it is + * allowed to break compatibility for these functions since the interface they + * are exposed through to BPF programs is explicitly unstable. + */ + +#include +#include + +#include +#include + +struct bpf_fou_encap { + __be16 sport; + __be16 dport; +}; + +enum bpf_fou_encap_type { + FOU_BPF_ENCAP_FOU, + FOU_BPF_ENCAP_GUE, +}; + +__diag_push(); +__diag_ignore_all("-Wmissing-prototypes", + "Global functions as their definitions will be in BTF"); + +/* bpf_skb_set_fou_encap - Set FOU encap parameters + * + * This function allows for using GUE or FOU encapsulation together with an + * ipip device in collect-metadata mode. + * + * It is meant to be used in BPF tc-hooks and after a call to the + * bpf_skb_set_tunnel_key helper, responsible for setting IP addresses. + * + * Parameters: + * @skb_ctx Pointer to ctx (__sk_buff) in TC program. Cannot be NULL + * @encap Pointer to a `struct bpf_fou_encap` storing UDP src and + * dst ports. If sport is set to 0 the kernel will auto-assign a + * port. This is similar to using `encap-sport auto`. + * Cannot be NULL + * @type Encapsulation type for the packet. Their definitions are + * specified in `enum bpf_fou_encap_type` + */ +__bpf_kfunc int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx, + struct bpf_fou_encap *encap, int type) +{ + struct sk_buff *skb = (struct sk_buff *)skb_ctx; + struct ip_tunnel_info *info = skb_tunnel_info(skb); + + if (unlikely(!encap)) + return -EINVAL; + + if (unlikely(!info || !(info->mode & IP_TUNNEL_INFO_TX))) + return -EINVAL; + + switch (type) { + case FOU_BPF_ENCAP_FOU: + info->encap.type = TUNNEL_ENCAP_FOU; + break; + case FOU_BPF_ENCAP_GUE: + info->encap.type = TUNNEL_ENCAP_GUE; + break; + default: + info->encap.type = TUNNEL_ENCAP_NONE; + } + + if (info->key.tun_flags & TUNNEL_CSUM) + info->encap.flags |= TUNNEL_ENCAP_FLAG_CSUM; + + info->encap.sport = encap->sport; + info->encap.dport = encap->dport; + + return 0; +} + +/* bpf_skb_get_fou_encap - Get FOU encap parameters + * + * This function allows for reading encap metadata from a packet received + * on an ipip device in collect-metadata mode. + * + * Parameters: + * @skb_ctx Pointer to ctx (__sk_buff) in TC program. Cannot be NULL + * @encap Pointer to a struct bpf_fou_encap storing UDP source and + * destination port. Cannot be NULL + */ +__bpf_kfunc int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx, + struct bpf_fou_encap *encap) +{ + struct sk_buff *skb = (struct sk_buff *)skb_ctx; + struct ip_tunnel_info *info = skb_tunnel_info(skb); + + if (unlikely(!info)) + return -EINVAL; + + encap->sport = info->encap.sport; + encap->dport = info->encap.dport; + + return 0; +} + +__diag_pop() + +BTF_SET8_START(fou_kfunc_set) +BTF_ID_FLAGS(func, bpf_skb_set_fou_encap) +BTF_ID_FLAGS(func, bpf_skb_get_fou_encap) +BTF_SET8_END(fou_kfunc_set) + +static const struct btf_kfunc_id_set fou_bpf_kfunc_set = { + .owner = THIS_MODULE, + .set = &fou_kfunc_set, +}; + +int register_fou_bpf(void) +{ + return register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, + &fou_bpf_kfunc_set); +} diff --git a/net/ipv4/fou_core.c b/net/ipv4/fou_core.c index cafec9b4eee0..0c41076e31ed 100644 --- a/net/ipv4/fou_core.c +++ b/net/ipv4/fou_core.c @@ -1236,10 +1236,15 @@ static int __init fou_init(void) if (ret < 0) goto unregister; + ret = register_fou_bpf(); + if (ret < 0) + goto kfunc_failed; + ret = ip_tunnel_encap_add_fou_ops(); if (ret == 0) return 0; +kfunc_failed: genl_unregister_family(&fou_nl_family); unregister: unregister_pernet_device(&fou_net_ops); From patchwork Mon Apr 3 12:12:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Ehrig X-Patchwork-Id: 78502 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp2224347vqo; Mon, 3 Apr 2023 04:23:21 -0700 (PDT) X-Google-Smtp-Source: AKy350b1YOu2nz/azAUrsAX+c78dLh6U0dVRKDGq0JpqI26sFeAl0nb7Eo45OScBL09FPIC1QiEt X-Received: by 2002:a17:90b:1c08:b0:23f:2d2c:abcf with SMTP id oc8-20020a17090b1c0800b0023f2d2cabcfmr39716191pjb.7.1680521001164; Mon, 03 Apr 2023 04:23:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680521001; cv=none; d=google.com; s=arc-20160816; b=HtdrSZqizvN8HoxhJFoRSNG3MoW8nyWyJEZpiYOlX1pvZ0WuCkGdGAzIE31oe84spj eB8oi/Smav/padnbK0TzDnNKZL889KcPckUc/+MH/OZcGsc8AxCGBBw3ULlrsYuMOlhp vJi17TWNW0NzUxoEGyYuGjlwRUSuw/Sq8Ex0/6YAS3lpOBwfUJCvHjsjok08gBkFyZzb mYBnHJ26bI0WIU0Py5+8Vqbp8K6Xlngxc4AbbJd7P+qQHqtzvAk6hdTuZd064FHWCPWR SnDmNxEg40fes8NVcrUIZ2KZzWgzlyvQ9pyiEEXlBSHXuAhYEaJlGYV67Fx4ns5sLL5P mKRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JJGK6+z2A0j3BXRQbw4triQYURy3/oqOBEOPJiYTwI4=; b=LLU4fqn19C/2L4bGdtKTG0vdR9NzNljqpU7MzggNxuV7XdkVyQ/5SgF/LmURzebqmQ GOx1iZRrcY/ND8PXgGB291VyrXNVNHY5VZkbNHOCiWriLZHQrddUJ6LrfDi51XWFQdt8 gg3Pt/YS8Y/b5Gf+cu0Sh0BcxOPkBM08VEqrcKIDgo8OMYoR7q53MJN4GbvQPBoImeFe Ag2D1sv1rm6HFgaYvSKtEYY1jTxrS82j1kfkbdH3EVT0hIM37sLywHT5F5F19BVMQWNv qkOOqzzlClhnI3KCVKKjNZDcMz4fzB1+nGrIzHKT6G+I/PgTIA6b8AjkML/iPm01EbJ9 1dxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=tpFFS4Un; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b15-20020a17090a488f00b0023cfd288a09si7440668pjh.157.2023.04.03.04.23.09; Mon, 03 Apr 2023 04:23:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=tpFFS4Un; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232370AbjDCLNb (ORCPT + 99 others); Mon, 3 Apr 2023 07:13:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232291AbjDCLNM (ORCPT ); Mon, 3 Apr 2023 07:13:12 -0400 Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEBE911147 for ; Mon, 3 Apr 2023 04:12:44 -0700 (PDT) Received: by mail-wr1-x42c.google.com with SMTP id j24so28972204wrd.0 for ; Mon, 03 Apr 2023 04:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1680520363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JJGK6+z2A0j3BXRQbw4triQYURy3/oqOBEOPJiYTwI4=; b=tpFFS4UnM3prfzvnWok4lKRG4k267cw8oCzicAYmRl1H6CB6VSOmte/empqxGvcWy7 Moqy9a1QyOZJ+XDWTAYRrDqM8ZZJZSxJG2WHAKEPIcRN2W2/t0mIggTKqDNFn6iAhKUd khD3w7P4NcOnjfp3u7S5/YNSB+jEavbx+NV+Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680520363; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JJGK6+z2A0j3BXRQbw4triQYURy3/oqOBEOPJiYTwI4=; b=NWQv2cUjNOsWYM5+hx0V9WwQcThCCZM3win4kfvGRRK1a8p3xkKztm9VswQjccEL4p EskDC+v0iM+Won+2JQ/vQsopyAkQrwSiQztlyrrS0bIQt1aT0nNWPSkRwWQOnHtKsCtp SVTZsHmALZiEZvLZ+iO/bkRJvpiBO+YJ2X+zruo/tKsORfVzkEVni9Mjyqm/f1UCQabc Y/pba0h7YMKIv3xgP5irLqY1yzkeCtp0TAgvCy+mYuDnb07mU5Agxyq3bSX0/hom4Ui9 i5p/8myf+9d7PGcxjy9YS6eTjcWwIHzN+2ETV6RKdw63KXCUN7nSQ2yVzWwG1Wuly+cu HlBQ== X-Gm-Message-State: AAQBX9dbR5cFe6sUilpO9j7clPGjPtf5MysSJMQa1QoEOVyoS2ZX7jSb cOSlggC5UzVW8zak7zAR/48XZA== X-Received: by 2002:adf:fccc:0:b0:2cf:e868:f789 with SMTP id f12-20020adffccc000000b002cfe868f789mr25909194wrs.48.1680520362592; Mon, 03 Apr 2023 04:12:42 -0700 (PDT) Received: from workstation.ehrig.io (tmo-066-125.customers.d1-online.com. [80.187.66.125]) by smtp.gmail.com with ESMTPSA id y11-20020adffa4b000000b002c7066a6f77sm9505517wrr.31.2023.04.03.04.12.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Apr 2023 04:12:42 -0700 (PDT) From: Christian Ehrig To: bpf@vger.kernel.org Cc: cehrig@cloudflare.com, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Kaixi Fan , Paul Chaignon , Dave Marchevsky , linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH bpf-next v2 3/3] selftests/bpf: Test FOU kfuncs for externally controlled ipip devices Date: Mon, 3 Apr 2023 14:12:09 +0200 Message-Id: <528a824713c1545839d870eaad84d87749a23371.1680520500.git.cehrig@cloudflare.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1762153989115275378?= X-GMAIL-MSGID: =?utf-8?q?1762153989115275378?= Add tests for FOU and GUE encapsulation via the bpf_skb_{set,get}_fou_encap kfuncs, using ipip devices in collect-metadata mode. These tests make sure that we can successfully set and obtain FOU and GUE encap parameters using ingress / egress BPF tc-hooks. Signed-off-by: Christian Ehrig --- .../selftests/bpf/progs/test_tunnel_kern.c | 117 ++++++++++++++++++ tools/testing/selftests/bpf/test_tunnel.sh | 81 ++++++++++++ 2 files changed, 198 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index 9ab2d55ab7c0..f66af753bbbb 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -52,6 +52,21 @@ struct vxlan_metadata { __u32 gbp; }; +struct bpf_fou_encap { + __be16 sport; + __be16 dport; +}; + +enum bpf_fou_encap_type { + FOU_BPF_ENCAP_FOU, + FOU_BPF_ENCAP_GUE, +}; + +int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx, + struct bpf_fou_encap *encap, int type) __ksym; +int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx, + struct bpf_fou_encap *encap) __ksym; + struct { __uint(type, BPF_MAP_TYPE_ARRAY); __uint(max_entries, 1); @@ -749,6 +764,108 @@ int ipip_get_tunnel(struct __sk_buff *skb) return TC_ACT_OK; } +SEC("tc") +int ipip_gue_set_tunnel(struct __sk_buff *skb) +{ + struct bpf_tunnel_key key = {}; + struct bpf_fou_encap encap = {}; + void *data = (void *)(long)skb->data; + struct iphdr *iph = data; + void *data_end = (void *)(long)skb->data_end; + int ret; + + if (data + sizeof(*iph) > data_end) { + log_err(1); + return TC_ACT_SHOT; + } + + key.tunnel_ttl = 64; + if (iph->protocol == IPPROTO_ICMP) + key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */ + + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + encap.sport = 0; + encap.dport = bpf_htons(5555); + + ret = bpf_skb_set_fou_encap(skb, &encap, FOU_BPF_ENCAP_GUE); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + return TC_ACT_OK; +} + +SEC("tc") +int ipip_fou_set_tunnel(struct __sk_buff *skb) +{ + struct bpf_tunnel_key key = {}; + struct bpf_fou_encap encap = {}; + void *data = (void *)(long)skb->data; + struct iphdr *iph = data; + void *data_end = (void *)(long)skb->data_end; + int ret; + + if (data + sizeof(*iph) > data_end) { + log_err(1); + return TC_ACT_SHOT; + } + + key.tunnel_ttl = 64; + if (iph->protocol == IPPROTO_ICMP) + key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */ + + ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + encap.sport = 0; + encap.dport = bpf_htons(5555); + + ret = bpf_skb_set_fou_encap(skb, &encap, FOU_BPF_ENCAP_FOU); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + return TC_ACT_OK; +} + +SEC("tc") +int ipip_encap_get_tunnel(struct __sk_buff *skb) +{ + int ret; + struct bpf_tunnel_key key = {}; + struct bpf_fou_encap encap = {}; + + ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + ret = bpf_skb_get_fou_encap(skb, &encap); + if (ret < 0) { + log_err(ret); + return TC_ACT_SHOT; + } + + if (bpf_ntohs(encap.dport) != 5555) + return TC_ACT_SHOT; + + bpf_printk("%d remote ip 0x%x, sport %d, dport %d\n", ret, + key.remote_ipv4, bpf_ntohs(encap.sport), + bpf_ntohs(encap.dport)); + return TC_ACT_OK; +} + SEC("tc") int ipip6_set_tunnel(struct __sk_buff *skb) { diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh index 2dec7dbf29a2..f2379414a887 100755 --- a/tools/testing/selftests/bpf/test_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tunnel.sh @@ -212,6 +212,24 @@ add_ipip_tunnel() ip addr add dev $DEV 10.1.1.200/24 } +add_ipip_encap_tunnel() +{ + # at_ns0 namespace + ip netns exec at_ns0 ip fou add port 5555 $IPPROTO + ip netns exec at_ns0 \ + ip link add dev $DEV_NS type $TYPE \ + local 172.16.1.100 remote 172.16.1.200 \ + encap $ENCAP encap-sport auto encap-dport 5555 noencap-csum + ip netns exec at_ns0 ip link set dev $DEV_NS up + ip netns exec at_ns0 ip addr add dev $DEV_NS 10.1.1.100/24 + + # root namespace + ip fou add port 5555 $IPPROTO + ip link add dev $DEV type $TYPE external + ip link set dev $DEV up + ip addr add dev $DEV 10.1.1.200/24 +} + add_ip6tnl_tunnel() { ip netns exec at_ns0 ip addr add ::11/96 dev veth0 @@ -461,6 +479,60 @@ test_ipip() echo -e ${GREEN}"PASS: $TYPE"${NC} } +test_ipip_gue() +{ + TYPE=ipip + DEV_NS=ipip00 + DEV=ipip11 + ret=0 + ENCAP=gue + IPPROTO=$ENCAP + + check $TYPE + config_device + add_ipip_encap_tunnel + ip link set dev veth1 mtu 1500 + attach_bpf $DEV ipip_gue_set_tunnel ipip_encap_get_tunnel + ping $PING_ARG 10.1.1.100 + check_err $? + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 + check_err $? + cleanup + + if [ $ret -ne 0 ]; then + echo -e ${RED}"FAIL: $TYPE (GUE)"${NC} + return 1 + fi + echo -e ${GREEN}"PASS: $TYPE (GUE)"${NC} +} + +test_ipip_fou() +{ + TYPE=ipip + DEV_NS=ipip00 + DEV=ipip11 + ret=0 + ENCAP=fou + IPPROTO="ipproto 4" + + check $TYPE + config_device + add_ipip_encap_tunnel + ip link set dev veth1 mtu 1500 + attach_bpf $DEV ipip_fou_set_tunnel ipip_encap_get_tunnel + ping $PING_ARG 10.1.1.100 + check_err $? + ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 + check_err $? + cleanup + + if [ $ret -ne 0 ]; then + echo -e ${RED}"FAIL: $TYPE (FOU)"${NC} + return 1 + fi + echo -e ${GREEN}"PASS: $TYPE (FOU)"${NC} +} + test_ipip6() { TYPE=ip6tnl @@ -634,6 +706,7 @@ cleanup() ip xfrm policy delete dir in src 10.1.1.100/32 dst 10.1.1.200/32 2> /dev/null ip xfrm state delete src 172.16.1.100 dst 172.16.1.200 proto esp spi 0x1 2> /dev/null ip xfrm state delete src 172.16.1.200 dst 172.16.1.100 proto esp spi 0x2 2> /dev/null + ip fou del port 5555 gue 2> /dev/null } cleanup_exit() @@ -708,6 +781,14 @@ bpf_tunnel_test() test_ipip errors=$(( $errors + $? )) + echo "Testing IPIP (GUE) tunnel..." + test_ipip_gue + errors=$(( $errors + $? )) + + echo "Testing IPIP (FOU) tunnel..." + test_ipip_fou + errors=$(( $errors + $? )) + echo "Testing IPIP6 tunnel..." test_ipip6 errors=$(( $errors + $? ))