selftests/bpf: Test FOU kfuncs for externally controlled ipip devices

#define IP6VXLAN_TUNL_DEV0 "ip6vxlan00"

#define IP6VXLAN_TUNL_DEV1 "ip6vxlan11"

#define IPIP_TUNL_DEV0 "ipip00"

#define IPIP_TUNL_DEV1 "ipip11"

#define PING_ARGS "-i 0.01 -c 3 -w 10 -q"

static int config_device(void)

	SYS_NOFAIL("ip link delete dev %s", IP6VXLAN_TUNL_DEV1);

}

enum ipip_encap {

	NONE	= 0,

	FOU	= 1,

	GUE	= 2,

};

static int set_ipip_encap(const char *ipproto, const char *type)

{

	SYS(fail, "ip -n at_ns0 fou add port 5555 %s", ipproto);

	SYS(fail, "ip -n at_ns0 link set dev %s type ipip encap %s",

	    IPIP_TUNL_DEV0, type);

	SYS(fail, "ip -n at_ns0 link set dev %s type ipip encap-dport 5555",

	    IPIP_TUNL_DEV0);

	return 0;

fail:

	return -1;

}

static int add_ipip_tunnel(enum ipip_encap encap)

{

	int err;

	const char *ipproto, *type;

	switch (encap) {

	case FOU:

		ipproto = "ipproto 4";

		type = "fou";

		break;

	case GUE:

		ipproto = "gue";

		type = ipproto;

		break;

	default:

		ipproto = NULL;

		type = ipproto;

	}

	/* at_ns0 namespace */

	SYS(fail, "ip -n at_ns0 link add dev %s type ipip local %s remote %s",

	    IPIP_TUNL_DEV0, IP4_ADDR_VETH0, IP4_ADDR1_VETH1);

	if (type && ipproto) {

		err = set_ipip_encap(ipproto, type);

		if (!ASSERT_OK(err, "set_ipip_encap"))

			goto fail;

	}

	SYS(fail, "ip -n at_ns0 link set dev %s up", IPIP_TUNL_DEV0);

	SYS(fail, "ip -n at_ns0 addr add dev %s %s/24",

	    IPIP_TUNL_DEV0, IP4_ADDR_TUNL_DEV0);

	/* root namespace */

	if (type && ipproto)

		SYS(fail, "ip fou add port 5555 %s", ipproto);

	SYS(fail, "ip link add dev %s type ipip external", IPIP_TUNL_DEV1);

	SYS(fail, "ip link set dev %s up", IPIP_TUNL_DEV1);

	SYS(fail, "ip addr add dev %s %s/24", IPIP_TUNL_DEV1,

	    IP4_ADDR_TUNL_DEV1);

	return 0;

fail:

	return -1;

}

static void delete_ipip_tunnel(void)

{

	SYS_NOFAIL("ip -n at_ns0 link delete dev %s", IPIP_TUNL_DEV0);

	SYS_NOFAIL("ip -n at_ns0 fou del port 5555 2> /dev/null");

	SYS_NOFAIL("ip link delete dev %s", IPIP_TUNL_DEV1);

	SYS_NOFAIL("ip fou del port 5555 2> /dev/null");

}

static int test_ping(int family, const char *addr)

{

	SYS(fail, "%s %s %s > /dev/null", ping_command(family), PING_ARGS, addr);

		test_tunnel_kern__destroy(skel);

}

#define RUN_TEST(name)							\

static void test_ipip_tunnel(enum ipip_encap encap)

{

	struct test_tunnel_kern *skel = NULL;

	struct nstoken *nstoken;

	int set_src_prog_fd, get_src_prog_fd;

	int ifindex = -1;

	int err;

	DECLARE_LIBBPF_OPTS(bpf_tc_hook, tc_hook,

			    .attach_point = BPF_TC_INGRESS);

	/* add ipip tunnel */

	err = add_ipip_tunnel(encap);

	if (!ASSERT_OK(err, "add_ipip_tunnel"))

		goto done;

	/* load and attach bpf prog to tunnel dev tc hook point */

	skel = test_tunnel_kern__open_and_load();

	if (!ASSERT_OK_PTR(skel, "test_tunnel_kern__open_and_load"))

		goto done;

	ifindex = if_nametoindex(IPIP_TUNL_DEV1);

	if (!ASSERT_NEQ(ifindex, 0, "ipip11 ifindex"))

		goto done;

	tc_hook.ifindex = ifindex;

	switch (encap) {

	case FOU:

		get_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_encap_get_tunnel);

		set_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_fou_set_tunnel);

		break;

	case GUE:

		get_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_encap_get_tunnel);

		set_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_gue_set_tunnel);

		break;

	default:

		get_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_get_tunnel);

		set_src_prog_fd = bpf_program__fd(

			skel->progs.ipip_set_tunnel);

	}

	if (!ASSERT_GE(set_src_prog_fd, 0, "bpf_program__fd"))

		goto done;

	if (!ASSERT_GE(get_src_prog_fd, 0, "bpf_program__fd"))

		goto done;

	if (attach_tc_prog(&tc_hook, get_src_prog_fd, set_src_prog_fd))

		goto done;

	/* ping from root namespace test */

	err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV0);

	if (!ASSERT_OK(err, "test_ping"))

		goto done;

	/* ping from at_ns0 namespace test */

	nstoken = open_netns("at_ns0");

	err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV1);

	if (!ASSERT_OK(err, "test_ping"))

		goto done;

	close_netns(nstoken);

done:

	/* delete ipip tunnel */

	delete_ipip_tunnel();

	if (skel)

		test_tunnel_kern__destroy(skel);

}

#define RUN_TEST(name, ...)						\

	({								\

		if (test__start_subtest(#name)) {			\

			test_ ## name();				\

			test_ ## name(__VA_ARGS__);			\

		}							\

	})

	RUN_TEST(vxlan_tunnel);

	RUN_TEST(ip6vxlan_tunnel);

	RUN_TEST(ipip_tunnel, NONE);

	RUN_TEST(ipip_tunnel, FOU);

	RUN_TEST(ipip_tunnel, GUE);

	cleanup();

	__u32     gbp;

};

struct bpf_fou_encap {

	__be16 sport;

	__be16 dport;

};

enum bpf_fou_encap_type {

	FOU_BPF_ENCAP_FOU,

	FOU_BPF_ENCAP_GUE,

};

int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx,

			  struct bpf_fou_encap *encap, int type) __ksym;

int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx,

			  struct bpf_fou_encap *encap) __ksym;

struct {

	__uint(type, BPF_MAP_TYPE_ARRAY);

	__uint(max_entries, 1);

	return TC_ACT_OK;

}

SEC("tc")

int ipip_gue_set_tunnel(struct __sk_buff *skb)

{

	struct bpf_tunnel_key key = {};

	struct bpf_fou_encap encap = {};

	void *data = (void *)(long)skb->data;

	struct iphdr *iph = data;

	void *data_end = (void *)(long)skb->data_end;

	int ret;

	if (data + sizeof(*iph) > data_end) {

		log_err(1);

		return TC_ACT_SHOT;

	}

	key.tunnel_ttl = 64;

	if (iph->protocol == IPPROTO_ICMP)

		key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */

	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	encap.sport = 0;

	encap.dport = bpf_htons(5555);

	ret = bpf_skb_set_fou_encap(skb, &encap, FOU_BPF_ENCAP_GUE);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	return TC_ACT_OK;

}

SEC("tc")

int ipip_fou_set_tunnel(struct __sk_buff *skb)

{

	struct bpf_tunnel_key key = {};

	struct bpf_fou_encap encap = {};

	void *data = (void *)(long)skb->data;

	struct iphdr *iph = data;

	void *data_end = (void *)(long)skb->data_end;

	int ret;

	if (data + sizeof(*iph) > data_end) {

		log_err(1);

		return TC_ACT_SHOT;

	}

	key.tunnel_ttl = 64;

	if (iph->protocol == IPPROTO_ICMP)

		key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */

	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	encap.sport = 0;

	encap.dport = bpf_htons(5555);

	ret = bpf_skb_set_fou_encap(skb, &encap, FOU_BPF_ENCAP_FOU);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	return TC_ACT_OK;

}

SEC("tc")

int ipip_encap_get_tunnel(struct __sk_buff *skb)

{

	int ret;

	struct bpf_tunnel_key key = {};

	struct bpf_fou_encap encap = {};

	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	ret = bpf_skb_get_fou_encap(skb, &encap);

	if (ret < 0) {

		log_err(ret);

		return TC_ACT_SHOT;

	}

	if (bpf_ntohs(encap.dport) != 5555)

		return TC_ACT_SHOT;

	bpf_printk("%d remote ip 0x%x, sport %d, dport %d\n", ret,

		   key.remote_ipv4, bpf_ntohs(encap.sport),

		   bpf_ntohs(encap.dport));

	return TC_ACT_OK;

}

SEC("tc")

int ipip6_set_tunnel(struct __sk_buff *skb)

{