Commit e2d75e95 authored by Daniel Xu's avatar Daniel Xu Committed by Alexei Starovoitov
Browse files

selftests/bpf: Add tests for writing to nf_conn:mark 



Add a simple extension to the existing selftest to write to
nf_conn:mark. Also add a failure test for writing to unsupported field.

Signed-off-by: default avatarDaniel Xu <dxu@dxuuu.xyz>
Link: https://lore.kernel.org/r/f78966b81b9349d2b8ebb4cee2caf15cb6b38ee2.1662568410.git.dxu@dxuuu.xyz


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 864b656f

tools/testing/selftests/bpf/prog_tests/bpf_nf.c

+2 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ struct { 
	{ "set_status_after_insert", "kernel function bpf_ct_set_status args#0 expected pointer to STRUCT nf_conn___init but" },

	{ "change_timeout_after_alloc", "kernel function bpf_ct_change_timeout args#0 expected pointer to STRUCT nf_conn but" },

	{ "change_status_after_alloc", "kernel function bpf_ct_change_status args#0 expected pointer to STRUCT nf_conn but" },

	{ "write_not_allowlisted_field", "no write support to nf_conn at off" },

};



enum {
@@ -113,6 +114,7 @@ static void test_bpf_nf_ct(int mode) 
	ASSERT_LE(skel->bss->test_delta_timeout, 10, "Test for max ct timeout update");

	/* expected status is IPS_SEEN_REPLY */

	ASSERT_EQ(skel->bss->test_status, 2, "Test for ct status update ");

	ASSERT_EQ(skel->bss->test_insert_lookup_mark, 77, "Test for insert and lookup mark value");

	ASSERT_EQ(skel->data->test_exist_lookup, 0, "Test existing connection lookup");

	ASSERT_EQ(skel->bss->test_exist_lookup_mark, 43, "Test existing connection lookup ctmark");

end:

tools/testing/selftests/bpf/progs/test_bpf_nf.c

+7 −2
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ int test_insert_entry = -EAFNOSUPPORT; 
int test_succ_lookup = -ENOENT;

u32 test_delta_timeout = 0;

u32 test_status = 0;

u32 test_insert_lookup_mark = 0;

__be32 saddr = 0;

__be16 sport = 0;

__be32 daddr = 0;
@@ -144,6 +145,7 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32, 


		bpf_ct_set_timeout(ct, 10000);

		bpf_ct_set_status(ct, IPS_CONFIRMED);

		ct->mark = 77;



		ct_ins = bpf_ct_insert_entry(ct);

		if (ct_ins) {
@@ -157,6 +159,7 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32, 
				test_delta_timeout = ct_lk->timeout - bpf_jiffies64();

				test_delta_timeout /= CONFIG_HZ;

				test_status = IPS_SEEN_REPLY;

				test_insert_lookup_mark = ct_lk->mark;

				bpf_ct_change_status(ct_lk, IPS_SEEN_REPLY);

				bpf_ct_release(ct_lk);

				test_succ_lookup = 0;
@@ -175,8 +178,10 @@ nf_ct_test(struct nf_conn *(*lookup_fn)(void *, struct bpf_sock_tuple *, u32, 
		       sizeof(opts_def));

	if (ct) {

		test_exist_lookup = 0;

		if (ct->mark == 42)

			test_exist_lookup_mark = 43;

		if (ct->mark == 42) {

			ct->mark++;

			test_exist_lookup_mark = ct->mark;

		}

		bpf_ct_release(ct);

	} else {

		test_exist_lookup = opts_def.error;

tools/testing/selftests/bpf/progs/test_bpf_nf_fail.c

+14 −0
Original line number Diff line number Diff line
@@ -69,6 +69,20 @@ int lookup_insert(struct __sk_buff *ctx) 
	return 0;

}



SEC("?tc")

int write_not_allowlisted_field(struct __sk_buff *ctx)

{

	struct bpf_ct_opts___local opts = {};

	struct bpf_sock_tuple tup = {};

	struct nf_conn *ct;



	ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));

	if (!ct)

		return 0;

	ct->status = 0xF00;

	return 0;

}



SEC("?tc")

int set_timeout_after_insert(struct __sk_buff *ctx)

{