summaryrefslogtreecommitdiffstats
path: root/tools/testing/selftests/bpf/test_tc_tunnel.sh
diff options
context:
space:
mode:
authorWillem de Bruijn <willemb@google.com>2019-03-22 19:32:53 +0100
committerAlexei Starovoitov <ast@kernel.org>2019-03-22 21:52:44 +0100
commit8142958954d17a31e0ac9e3a9c91103a1c171179 (patch)
treebf5124afef654cef89cdbfa723703dfff72ff1db /tools/testing/selftests/bpf/test_tc_tunnel.sh
parentselftests/bpf: extend bpf tunnel test with gre (diff)
downloadlinux-8142958954d17a31e0ac9e3a9c91103a1c171179.tar.xz
linux-8142958954d17a31e0ac9e3a9c91103a1c171179.zip
selftests/bpf: extend bpf tunnel test with tso
Segmentation offload takes a longer path. Verify that the feature works with large packets. The test succeeds if not setting dodgy in bpf_skb_adjust_room, as veth TSO is permissive. If not setting SKB_GSO_DODGY, this enables tunneled TSO offload on supporting NICs. The feature sets SKB_GSO_DODGY because the caller is untrusted. As a result the packets traverse through the gso stack at least up to TCP. And fail the gso_type validation, such as the skb->encapsulation check in gre_gso_segment and the gso_type checks introduced in commit 418e897e0716 ("gso: validate gso_type on ipip style tunnel"). This will be addressed in a follow-on feature patch. In the meantime, disable the new gso tests. Changes v1->v2: - not all netcat versions support flag '-q', use timeout instead Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'tools/testing/selftests/bpf/test_tc_tunnel.sh')
-rwxr-xr-xtools/testing/selftests/bpf/test_tc_tunnel.sh60
1 files changed, 49 insertions, 11 deletions
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index c78922048610..9e18754f2354 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -15,6 +15,8 @@ readonly ns2_v4=192.168.1.2
readonly ns1_v6=fd::1
readonly ns2_v6=fd::2
+readonly infile="$(mktemp)"
+readonly outfile="$(mktemp)"
setup() {
ip netns add "${ns1}"
@@ -23,6 +25,8 @@ setup() {
ip link add dev veth1 mtu 1500 netns "${ns1}" type veth \
peer name veth2 mtu 1500 netns "${ns2}"
+ ip netns exec "${ns1}" ethtool -K veth1 tso off
+
ip -netns "${ns1}" link set veth1 up
ip -netns "${ns2}" link set veth2 up
@@ -32,58 +36,86 @@ setup() {
ip -netns "${ns2}" -6 addr add "${ns2_v6}/64" dev veth2 nodad
sleep 1
+
+ dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 status=none
}
cleanup() {
ip netns del "${ns2}"
ip netns del "${ns1}"
+
+ if [[ -f "${outfile}" ]]; then
+ rm "${outfile}"
+ fi
+ if [[ -f "${infile}" ]]; then
+ rm "${infile}"
+ fi
}
server_listen() {
- ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" &
+ ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" &
+ server_pid=$!
sleep 0.2
}
client_connect() {
- ip netns exec "${ns1}" nc "${netcat_opt}" -z -w 1 "${addr2}" "${port}"
+ ip netns exec "${ns1}" timeout 2 nc "${netcat_opt}" -w 1 "${addr2}" "${port}" < "${infile}"
echo $?
}
+verify_data() {
+ wait "${server_pid}"
+ # sha1sum returns two fields [sha1] [filepath]
+ # convert to bash array and access first elem
+ insum=($(sha1sum ${infile}))
+ outsum=($(sha1sum ${outfile}))
+ if [[ "${insum[0]}" != "${outsum[0]}" ]]; then
+ echo "data mismatch"
+ exit 1
+ fi
+}
+
set -e
# no arguments: automated test, run all
if [[ "$#" -eq "0" ]]; then
echo "ipip"
- $0 ipv4 ipip
+ $0 ipv4 ipip 100
echo "ip6ip6"
- $0 ipv6 ip6tnl
+ $0 ipv6 ip6tnl 100
echo "ip gre"
- $0 ipv4 gre
+ $0 ipv4 gre 100
echo "ip6 gre"
- $0 ipv6 ip6gre
+ $0 ipv6 ip6gre 100
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip gre gso"
+ # $0 ipv4 gre 2000
+
+ # disabled until passes SKB_GSO_DODGY checks
+ # echo "ip6 gre gso"
+ # $0 ipv6 ip6gre 2000
echo "OK. All tests passed"
exit 0
fi
-if [[ "$#" -ne "2" ]]; then
+if [[ "$#" -ne "3" ]]; then
echo "Usage: $0"
- echo " or: $0 <ipv4|ipv6> <tuntype>"
+ echo " or: $0 <ipv4|ipv6> <tuntype> <data_len>"
exit 1
fi
case "$1" in
"ipv4")
- readonly tuntype=$2
readonly addr1="${ns1_v4}"
readonly addr2="${ns2_v4}"
readonly netcat_opt=-4
;;
"ipv6")
- readonly tuntype=$2
readonly addr1="${ns1_v6}"
readonly addr2="${ns2_v6}"
readonly netcat_opt=-6
@@ -94,7 +126,10 @@ case "$1" in
;;
esac
-echo "encap ${addr1} to ${addr2}, type ${tuntype}"
+readonly tuntype=$2
+readonly datalen=$3
+
+echo "encap ${addr1} to ${addr2}, type ${tuntype}, len ${datalen}"
trap cleanup EXIT
@@ -104,6 +139,7 @@ setup
echo "test basic connectivity"
server_listen
client_connect
+verify_data
# clientside, insert bpf program to encap all TCP to port ${port}
# client can no longer connect
@@ -123,6 +159,7 @@ ip netns exec "${ns2}" ip link add dev testtun0 type "${tuntype}" \
ip netns exec "${ns2}" ip link set dev testtun0 up
echo "test bpf encap with tunnel device decap"
client_connect
+verify_data
# serverside, use BPF for decap
ip netns exec "${ns2}" ip link del dev testtun0
@@ -132,5 +169,6 @@ ip netns exec "${ns2}" tc filter add dev veth2 ingress \
server_listen
echo "test bpf encap with bpf decap"
client_connect
+verify_data
echo OK