1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */ 3 4 #include <linux/rtnetlink.h> 5 #include <sys/types.h> 6 #include <net/if.h> 7 8 #include "test_progs.h" 9 #include "network_helpers.h" 10 #include "fib_lookup.skel.h" 11 12 #define NS_TEST "fib_lookup_ns" 13 #define IPV6_IFACE_ADDR "face::face" 14 #define IPV6_NUD_FAILED_ADDR "face::1" 15 #define IPV6_NUD_STALE_ADDR "face::2" 16 #define IPV4_IFACE_ADDR "10.0.0.254" 17 #define IPV4_NUD_FAILED_ADDR "10.0.0.1" 18 #define IPV4_NUD_STALE_ADDR "10.0.0.2" 19 #define IPV4_TBID_ADDR "172.0.0.254" 20 #define IPV4_TBID_NET "172.0.0.0" 21 #define IPV4_TBID_DST "172.0.0.2" 22 #define IPV6_TBID_ADDR "fd00::FFFF" 23 #define IPV6_TBID_NET "fd00::" 24 #define IPV6_TBID_DST "fd00::2" 25 #define DMAC "11:11:11:11:11:11" 26 #define DMAC_INIT { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, } 27 #define DMAC2 "01:01:01:01:01:01" 28 #define DMAC_INIT2 { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, } 29 30 struct fib_lookup_test { 31 const char *desc; 32 const char *daddr; 33 int expected_ret; 34 int lookup_flags; 35 __u32 tbid; 36 __u8 dmac[6]; 37 }; 38 39 static const struct fib_lookup_test tests[] = { 40 { .desc = "IPv6 failed neigh", 41 .daddr = IPV6_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_NO_NEIGH, }, 42 { .desc = "IPv6 stale neigh", 43 .daddr = IPV6_NUD_STALE_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 44 .dmac = DMAC_INIT, }, 45 { .desc = "IPv6 skip neigh", 46 .daddr = IPV6_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 47 .lookup_flags = BPF_FIB_LOOKUP_SKIP_NEIGH, }, 48 { .desc = "IPv4 failed neigh", 49 .daddr = IPV4_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_NO_NEIGH, }, 50 { .desc = "IPv4 stale neigh", 51 .daddr = IPV4_NUD_STALE_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 52 .dmac = DMAC_INIT, }, 53 { .desc = "IPv4 skip neigh", 54 .daddr = IPV4_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 55 .lookup_flags = BPF_FIB_LOOKUP_SKIP_NEIGH, }, 56 { .desc = "IPv4 TBID lookup failure", 57 .daddr = IPV4_TBID_DST, .expected_ret = BPF_FIB_LKUP_RET_NOT_FWDED, 58 .lookup_flags = BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_TBID, 59 .tbid = RT_TABLE_MAIN, }, 60 { .desc = "IPv4 TBID lookup success", 61 .daddr = IPV4_TBID_DST, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 62 .lookup_flags = BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_TBID, .tbid = 100, 63 .dmac = DMAC_INIT2, }, 64 { .desc = "IPv6 TBID lookup failure", 65 .daddr = IPV6_TBID_DST, .expected_ret = BPF_FIB_LKUP_RET_NOT_FWDED, 66 .lookup_flags = BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_TBID, 67 .tbid = RT_TABLE_MAIN, }, 68 { .desc = "IPv6 TBID lookup success", 69 .daddr = IPV6_TBID_DST, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 70 .lookup_flags = BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_TBID, .tbid = 100, 71 .dmac = DMAC_INIT2, }, 72 }; 73 74 static int ifindex; 75 76 static int setup_netns(void) 77 { 78 int err; 79 80 SYS(fail, "ip link add veth1 type veth peer name veth2"); 81 SYS(fail, "ip link set dev veth1 up"); 82 SYS(fail, "ip link set dev veth2 up"); 83 84 err = write_sysctl("/proc/sys/net/ipv4/neigh/veth1/gc_stale_time", "900"); 85 if (!ASSERT_OK(err, "write_sysctl(net.ipv4.neigh.veth1.gc_stale_time)")) 86 goto fail; 87 88 err = write_sysctl("/proc/sys/net/ipv6/neigh/veth1/gc_stale_time", "900"); 89 if (!ASSERT_OK(err, "write_sysctl(net.ipv6.neigh.veth1.gc_stale_time)")) 90 goto fail; 91 92 SYS(fail, "ip addr add %s/64 dev veth1 nodad", IPV6_IFACE_ADDR); 93 SYS(fail, "ip neigh add %s dev veth1 nud failed", IPV6_NUD_FAILED_ADDR); 94 SYS(fail, "ip neigh add %s dev veth1 lladdr %s nud stale", IPV6_NUD_STALE_ADDR, DMAC); 95 96 SYS(fail, "ip addr add %s/24 dev veth1", IPV4_IFACE_ADDR); 97 SYS(fail, "ip neigh add %s dev veth1 nud failed", IPV4_NUD_FAILED_ADDR); 98 SYS(fail, "ip neigh add %s dev veth1 lladdr %s nud stale", IPV4_NUD_STALE_ADDR, DMAC); 99 100 /* Setup for tbid lookup tests */ 101 SYS(fail, "ip addr add %s/24 dev veth2", IPV4_TBID_ADDR); 102 SYS(fail, "ip route del %s/24 dev veth2", IPV4_TBID_NET); 103 SYS(fail, "ip route add table 100 %s/24 dev veth2", IPV4_TBID_NET); 104 SYS(fail, "ip neigh add %s dev veth2 lladdr %s nud stale", IPV4_TBID_DST, DMAC2); 105 106 SYS(fail, "ip addr add %s/64 dev veth2", IPV6_TBID_ADDR); 107 SYS(fail, "ip -6 route del %s/64 dev veth2", IPV6_TBID_NET); 108 SYS(fail, "ip -6 route add table 100 %s/64 dev veth2", IPV6_TBID_NET); 109 SYS(fail, "ip neigh add %s dev veth2 lladdr %s nud stale", IPV6_TBID_DST, DMAC2); 110 111 err = write_sysctl("/proc/sys/net/ipv4/conf/veth1/forwarding", "1"); 112 if (!ASSERT_OK(err, "write_sysctl(net.ipv4.conf.veth1.forwarding)")) 113 goto fail; 114 115 err = write_sysctl("/proc/sys/net/ipv6/conf/veth1/forwarding", "1"); 116 if (!ASSERT_OK(err, "write_sysctl(net.ipv6.conf.veth1.forwarding)")) 117 goto fail; 118 119 return 0; 120 fail: 121 return -1; 122 } 123 124 static int set_lookup_params(struct bpf_fib_lookup *params, const struct fib_lookup_test *test) 125 { 126 int ret; 127 128 memset(params, 0, sizeof(*params)); 129 130 params->l4_protocol = IPPROTO_TCP; 131 params->ifindex = ifindex; 132 params->tbid = test->tbid; 133 134 if (inet_pton(AF_INET6, test->daddr, params->ipv6_dst) == 1) { 135 params->family = AF_INET6; 136 ret = inet_pton(AF_INET6, IPV6_IFACE_ADDR, params->ipv6_src); 137 if (!ASSERT_EQ(ret, 1, "inet_pton(IPV6_IFACE_ADDR)")) 138 return -1; 139 return 0; 140 } 141 142 ret = inet_pton(AF_INET, test->daddr, ¶ms->ipv4_dst); 143 if (!ASSERT_EQ(ret, 1, "convert IP[46] address")) 144 return -1; 145 params->family = AF_INET; 146 ret = inet_pton(AF_INET, IPV4_IFACE_ADDR, ¶ms->ipv4_src); 147 if (!ASSERT_EQ(ret, 1, "inet_pton(IPV4_IFACE_ADDR)")) 148 return -1; 149 150 return 0; 151 } 152 153 static void mac_str(char *b, const __u8 *mac) 154 { 155 sprintf(b, "%02X:%02X:%02X:%02X:%02X:%02X", 156 mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); 157 } 158 159 void test_fib_lookup(void) 160 { 161 struct bpf_fib_lookup *fib_params; 162 struct nstoken *nstoken = NULL; 163 struct __sk_buff skb = { }; 164 struct fib_lookup *skel; 165 int prog_fd, err, ret, i; 166 167 /* The test does not use the skb->data, so 168 * use pkt_v6 for both v6 and v4 test. 169 */ 170 LIBBPF_OPTS(bpf_test_run_opts, run_opts, 171 .data_in = &pkt_v6, 172 .data_size_in = sizeof(pkt_v6), 173 .ctx_in = &skb, 174 .ctx_size_in = sizeof(skb), 175 ); 176 177 skel = fib_lookup__open_and_load(); 178 if (!ASSERT_OK_PTR(skel, "skel open_and_load")) 179 return; 180 prog_fd = bpf_program__fd(skel->progs.fib_lookup); 181 182 SYS(fail, "ip netns add %s", NS_TEST); 183 184 nstoken = open_netns(NS_TEST); 185 if (!ASSERT_OK_PTR(nstoken, "open_netns")) 186 goto fail; 187 188 if (setup_netns()) 189 goto fail; 190 191 ifindex = if_nametoindex("veth1"); 192 skb.ifindex = ifindex; 193 fib_params = &skel->bss->fib_params; 194 195 for (i = 0; i < ARRAY_SIZE(tests); i++) { 196 printf("Testing %s ", tests[i].desc); 197 198 if (set_lookup_params(fib_params, &tests[i])) 199 continue; 200 skel->bss->fib_lookup_ret = -1; 201 skel->bss->lookup_flags = tests[i].lookup_flags; 202 203 err = bpf_prog_test_run_opts(prog_fd, &run_opts); 204 if (!ASSERT_OK(err, "bpf_prog_test_run_opts")) 205 continue; 206 207 ASSERT_EQ(skel->bss->fib_lookup_ret, tests[i].expected_ret, 208 "fib_lookup_ret"); 209 210 ret = memcmp(tests[i].dmac, fib_params->dmac, sizeof(tests[i].dmac)); 211 if (!ASSERT_EQ(ret, 0, "dmac not match")) { 212 char expected[18], actual[18]; 213 214 mac_str(expected, tests[i].dmac); 215 mac_str(actual, fib_params->dmac); 216 printf("dmac expected %s actual %s ", expected, actual); 217 } 218 219 // ensure tbid is zero'd out after fib lookup. 220 if (tests[i].lookup_flags & BPF_FIB_LOOKUP_DIRECT) { 221 if (!ASSERT_EQ(skel->bss->fib_params.tbid, 0, 222 "expected fib_params.tbid to be zero")) 223 goto fail; 224 } 225 } 226 227 fail: 228 if (nstoken) 229 close_netns(nstoken); 230 SYS_NOFAIL("ip netns del " NS_TEST " &> /dev/null"); 231 fib_lookup__destroy(skel); 232 } 233