Commit e6e10c51 authored by Alexis Lothoré (eBPF Foundation)'s avatar Alexis Lothoré (eBPF Foundation) Committed by Martin KaFai Lau
Browse files

selftests/bpf: Add checks in tc_tunnel when entering net namespaces 



test_tc_tunnel is missing checks on any open_netns. Add those checks
anytime we try to enter a net namespace, and skip the related operations
if we fail. While at it, reduce the number of open_netns/close_netns for
cases involving operations in two distinct namespaces: the test
currently does the following:

  nstoken = open_netns("foo")
  do_operation();
  close(nstoken);
  nstoken = open_netns("bar")
  do_another_operation();
  close(nstoken);

As already stated in reviews for the initial test, we don't need to go
back to the root net namespace to enter a second namespace, so just do:

  ntoken_client = open_netns("foo")
  do_operation();
  nstoken_server = open_netns("bar")
  do_another_operation();
  close(nstoken_server);
  close(nstoken_client);

Signed-off-by: default avatarAlexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20251031-tc_tunnel_improv-v1-2-0ffe44d27eda@bootlin.com
parent c076fd5b

tools/testing/selftests/bpf/prog_tests/test_tc_tunnel.c

+88 −46
Original line number Diff line number Diff line
@@ -133,8 +133,12 @@ static void set_subtest_addresses(struct subtest_cfg *cfg) 


static int run_server(struct subtest_cfg *cfg)

{

	struct nstoken *nstoken = open_netns(SERVER_NS);

	int family = cfg->ipproto == 6 ? AF_INET6 : AF_INET;

	struct nstoken *nstoken;



	nstoken = open_netns(SERVER_NS);

	if (!ASSERT_OK_PTR(nstoken, "open server ns"))

		return -1;



	cfg->server_fd = start_reuseport_server(family, SOCK_STREAM,

						cfg->server_addr, TEST_PORT,
@@ -319,6 +323,10 @@ static int configure_encapsulation(struct subtest_cfg *cfg) 
static int configure_kernel_decapsulation(struct subtest_cfg *cfg)

{

	struct nstoken *nstoken = open_netns(SERVER_NS);

	int ret = -1;



	if (!ASSERT_OK_PTR(nstoken, "open server ns"))

		return ret;



	if (cfg->configure_fou_rx_port &&

	    !ASSERT_OK(add_fou_rx_port(cfg), "configure FOU RX port"))
@@ -337,11 +345,11 @@ static int configure_kernel_decapsulation(struct subtest_cfg *cfg) 
	SYS(fail, "sysctl -qw net.ipv4.conf.all.rp_filter=0");

	SYS(fail, "sysctl -qw net.ipv4.conf.testtun0.rp_filter=0");

	SYS(fail, "ip link set dev testtun0 up");

	close_netns(nstoken);

	return 0;



	ret = 0;

fail:

	close_netns(nstoken);

	return -1;

	return ret;

}



static void remove_kernel_decapsulation(struct subtest_cfg *cfg)
@@ -356,6 +364,10 @@ static void remove_kernel_decapsulation(struct subtest_cfg *cfg) 
static int configure_ebpf_decapsulation(struct subtest_cfg *cfg)

{

	struct nstoken *nstoken = open_netns(SERVER_NS);

	int ret = -1;



	if (!ASSERT_OK_PTR(nstoken, "open server ns"))

		return ret;



	if (!cfg->expect_kern_decap_failure)

		SYS(fail, "ip link del testtun0");
@@ -363,17 +375,20 @@ static int configure_ebpf_decapsulation(struct subtest_cfg *cfg) 
	if (!ASSERT_OK(tc_prog_attach("veth2", cfg->server_ingress_prog_fd, -1),

		       "attach_program"))

		goto fail;

	close_netns(nstoken);

	return 0;



	ret = 0;

fail:

	close_netns(nstoken);

	return -1;

	return ret;

}



static void run_test(struct subtest_cfg *cfg)

{

	struct nstoken *nstoken = open_netns(CLIENT_NS);



	if (!ASSERT_OK_PTR(nstoken, "open client ns"))

		return;



	if (!ASSERT_OK(run_server(cfg), "run server"))

		goto fail;
@@ -407,7 +422,7 @@ static void run_test(struct subtest_cfg *cfg) 


static int setup(void)

{

	struct nstoken *nstoken = NULL;

	struct nstoken *nstoken_client, *nstoken_server;

	int fd, err;



	fd = open("/dev/urandom", O_RDONLY);
@@ -424,52 +439,75 @@ static int setup(void) 
	    !ASSERT_OK(make_netns(SERVER_NS), "create server ns"))

		goto fail;



	nstoken = open_netns(CLIENT_NS);

	SYS(fail, "ip link add %s type veth peer name %s",

	nstoken_client = open_netns(CLIENT_NS);

	if (!ASSERT_OK_PTR(nstoken_client, "open client ns"))

		goto fail_delete_ns;

	SYS(fail_close_ns_client, "ip link add %s type veth peer name %s",

	    "veth1 mtu 1500 netns " CLIENT_NS " address " MAC_ADDR_VETH1,

	    "veth2 mtu 1500 netns " SERVER_NS " address " MAC_ADDR_VETH2);

	SYS(fail, "ethtool -K veth1 tso off");

	SYS(fail, "ip link set veth1 up");

	close_netns(nstoken);

	nstoken = open_netns(SERVER_NS);

	SYS(fail, "ip link set veth2 up");

	close_netns(nstoken);



	SYS(fail_close_ns_client, "ethtool -K veth1 tso off");

	SYS(fail_close_ns_client, "ip link set veth1 up");

	nstoken_server = open_netns(SERVER_NS);

	if (!ASSERT_OK_PTR(nstoken_server, "open server ns"))

		goto fail_close_ns_client;

	SYS(fail_close_ns_server, "ip link set veth2 up");



	close_netns(nstoken_server);

	close_netns(nstoken_client);

	return 0;



fail_close_ns_server:

	close_netns(nstoken_server);

fail_close_ns_client:

	close_netns(nstoken_client);

fail_delete_ns:

	SYS_NOFAIL("ip netns del " CLIENT_NS);

	SYS_NOFAIL("ip netns del " SERVER_NS);

fail:

	close_netns(nstoken);

	return 1;

	return -1;

}



static int subtest_setup(struct test_tc_tunnel *skel, struct subtest_cfg *cfg)

{

	struct nstoken *nstoken;

	struct nstoken *nstoken_client, *nstoken_server;

	int ret = -1;



	set_subtest_addresses(cfg);

	if (!ASSERT_OK(set_subtest_progs(cfg, skel),

		       "find subtest progs"))

		return -1;

		goto fail;

	if (cfg->extra_decap_mod_args_cb)

		cfg->extra_decap_mod_args_cb(cfg, cfg->extra_decap_mod_args);



	nstoken = open_netns(CLIENT_NS);

	SYS(fail, "ip -4 addr add " IP4_ADDR_VETH1 "/24 dev veth1");

	SYS(fail, "ip -4 route flush table main");

	SYS(fail, "ip -4 route add " IP4_ADDR_VETH2 " mtu 1450 dev veth1");

	SYS(fail, "ip -6 addr add " IP6_ADDR_VETH1 "/64 dev veth1 nodad");

	SYS(fail, "ip -6 route flush table main");

	SYS(fail, "ip -6 route add " IP6_ADDR_VETH2 " mtu 1430 dev veth1");

	close_netns(nstoken);



	nstoken = open_netns(SERVER_NS);

	SYS(fail, "ip -4 addr add " IP4_ADDR_VETH2 "/24 dev veth2");

	SYS(fail, "ip -6 addr add " IP6_ADDR_VETH2 "/64 dev veth2 nodad");

	close_netns(nstoken);



	return 0;

	nstoken_client = open_netns(CLIENT_NS);

	if (!ASSERT_OK_PTR(nstoken_client, "open client ns"))

		goto fail;

	SYS(fail_close_client_ns,

	    "ip -4 addr add " IP4_ADDR_VETH1 "/24 dev veth1");

	SYS(fail_close_client_ns, "ip -4 route flush table main");

	SYS(fail_close_client_ns,

	    "ip -4 route add " IP4_ADDR_VETH2 " mtu 1450 dev veth1");

	SYS(fail_close_client_ns,

	    "ip -6 addr add " IP6_ADDR_VETH1 "/64 dev veth1 nodad");

	SYS(fail_close_client_ns, "ip -6 route flush table main");

	SYS(fail_close_client_ns,

	    "ip -6 route add " IP6_ADDR_VETH2 " mtu 1430 dev veth1");

	nstoken_server = open_netns(SERVER_NS);

	if (!ASSERT_OK_PTR(nstoken_server, "open server ns"))

		goto fail_close_client_ns;

	SYS(fail_close_server_ns,

	    "ip -4 addr add " IP4_ADDR_VETH2 "/24 dev veth2");

	SYS(fail_close_server_ns,

	    "ip -6 addr add " IP6_ADDR_VETH2 "/64 dev veth2 nodad");



	ret = 0;



fail_close_server_ns:

	close_netns(nstoken_server);

fail_close_client_ns:

	close_netns(nstoken_client);

fail:

	close_netns(nstoken);

	return -1;

	return ret;

}
@@ -478,16 +516,20 @@ static void subtest_cleanup(struct subtest_cfg *cfg) 
	struct nstoken *nstoken;



	nstoken = open_netns(CLIENT_NS);

	if (ASSERT_OK_PTR(nstoken, "open clien ns")) {

		SYS_NOFAIL("tc qdisc delete dev veth1 parent ffff:fff1");

		SYS_NOFAIL("ip a flush veth1");

		close_netns(nstoken);

	}

	nstoken = open_netns(SERVER_NS);

	if (ASSERT_OK_PTR(nstoken, "open clien ns")) {

		SYS_NOFAIL("tc qdisc delete dev veth2 parent ffff:fff1");

		SYS_NOFAIL("ip a flush veth2");

		if (!cfg->expect_kern_decap_failure)

			remove_kernel_decapsulation(cfg);

		close_netns(nstoken);

	}

}



static void cleanup(void)

{