1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */ 3 4 #include <sys/types.h> 5 #include <net/if.h> 6 7 #include "test_progs.h" 8 #include "network_helpers.h" 9 #include "fib_lookup.skel.h" 10 11 #define NS_TEST "fib_lookup_ns" 12 #define IPV6_IFACE_ADDR "face::face" 13 #define IPV6_NUD_FAILED_ADDR "face::1" 14 #define IPV6_NUD_STALE_ADDR "face::2" 15 #define IPV4_IFACE_ADDR "10.0.0.254" 16 #define IPV4_NUD_FAILED_ADDR "10.0.0.1" 17 #define IPV4_NUD_STALE_ADDR "10.0.0.2" 18 #define DMAC "11:11:11:11:11:11" 19 #define DMAC_INIT { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, } 20 21 struct fib_lookup_test { 22 const char *desc; 23 const char *daddr; 24 int expected_ret; 25 int lookup_flags; 26 __u8 dmac[6]; 27 }; 28 29 static const struct fib_lookup_test tests[] = { 30 { .desc = "IPv6 failed neigh", 31 .daddr = IPV6_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_NO_NEIGH, }, 32 { .desc = "IPv6 stale neigh", 33 .daddr = IPV6_NUD_STALE_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 34 .dmac = DMAC_INIT, }, 35 { .desc = "IPv6 skip neigh", 36 .daddr = IPV6_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 37 .lookup_flags = BPF_FIB_LOOKUP_SKIP_NEIGH, }, 38 { .desc = "IPv4 failed neigh", 39 .daddr = IPV4_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_NO_NEIGH, }, 40 { .desc = "IPv4 stale neigh", 41 .daddr = IPV4_NUD_STALE_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 42 .dmac = DMAC_INIT, }, 43 { .desc = "IPv4 skip neigh", 44 .daddr = IPV4_NUD_FAILED_ADDR, .expected_ret = BPF_FIB_LKUP_RET_SUCCESS, 45 .lookup_flags = BPF_FIB_LOOKUP_SKIP_NEIGH, }, 46 }; 47 48 static int ifindex; 49 50 static int setup_netns(void) 51 { 52 int err; 53 54 SYS(fail, "ip link add veth1 type veth peer name veth2"); 55 SYS(fail, "ip link set dev veth1 up"); 56 57 err = write_sysctl("/proc/sys/net/ipv4/neigh/veth1/gc_stale_time", "900"); 58 if (!ASSERT_OK(err, "write_sysctl(net.ipv4.neigh.veth1.gc_stale_time)")) 59 goto fail; 60 61 err = write_sysctl("/proc/sys/net/ipv6/neigh/veth1/gc_stale_time", "900"); 62 if (!ASSERT_OK(err, "write_sysctl(net.ipv6.neigh.veth1.gc_stale_time)")) 63 goto fail; 64 65 SYS(fail, "ip addr add %s/64 dev veth1 nodad", IPV6_IFACE_ADDR); 66 SYS(fail, "ip neigh add %s dev veth1 nud failed", IPV6_NUD_FAILED_ADDR); 67 SYS(fail, "ip neigh add %s dev veth1 lladdr %s nud stale", IPV6_NUD_STALE_ADDR, DMAC); 68 69 SYS(fail, "ip addr add %s/24 dev veth1", IPV4_IFACE_ADDR); 70 SYS(fail, "ip neigh add %s dev veth1 nud failed", IPV4_NUD_FAILED_ADDR); 71 SYS(fail, "ip neigh add %s dev veth1 lladdr %s nud stale", IPV4_NUD_STALE_ADDR, DMAC); 72 73 err = write_sysctl("/proc/sys/net/ipv4/conf/veth1/forwarding", "1"); 74 if (!ASSERT_OK(err, "write_sysctl(net.ipv4.conf.veth1.forwarding)")) 75 goto fail; 76 77 err = write_sysctl("/proc/sys/net/ipv6/conf/veth1/forwarding", "1"); 78 if (!ASSERT_OK(err, "write_sysctl(net.ipv6.conf.veth1.forwarding)")) 79 goto fail; 80 81 return 0; 82 fail: 83 return -1; 84 } 85 86 static int set_lookup_params(struct bpf_fib_lookup *params, const char *daddr) 87 { 88 int ret; 89 90 memset(params, 0, sizeof(*params)); 91 92 params->l4_protocol = IPPROTO_TCP; 93 params->ifindex = ifindex; 94 95 if (inet_pton(AF_INET6, daddr, params->ipv6_dst) == 1) { 96 params->family = AF_INET6; 97 ret = inet_pton(AF_INET6, IPV6_IFACE_ADDR, params->ipv6_src); 98 if (!ASSERT_EQ(ret, 1, "inet_pton(IPV6_IFACE_ADDR)")) 99 return -1; 100 return 0; 101 } 102 103 ret = inet_pton(AF_INET, daddr, ¶ms->ipv4_dst); 104 if (!ASSERT_EQ(ret, 1, "convert IP[46] address")) 105 return -1; 106 params->family = AF_INET; 107 ret = inet_pton(AF_INET, IPV4_IFACE_ADDR, ¶ms->ipv4_src); 108 if (!ASSERT_EQ(ret, 1, "inet_pton(IPV4_IFACE_ADDR)")) 109 return -1; 110 111 return 0; 112 } 113 114 static void mac_str(char *b, const __u8 *mac) 115 { 116 sprintf(b, "%02X:%02X:%02X:%02X:%02X:%02X", 117 mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]); 118 } 119 120 void test_fib_lookup(void) 121 { 122 struct bpf_fib_lookup *fib_params; 123 struct nstoken *nstoken = NULL; 124 struct __sk_buff skb = { }; 125 struct fib_lookup *skel; 126 int prog_fd, err, ret, i; 127 128 /* The test does not use the skb->data, so 129 * use pkt_v6 for both v6 and v4 test. 130 */ 131 LIBBPF_OPTS(bpf_test_run_opts, run_opts, 132 .data_in = &pkt_v6, 133 .data_size_in = sizeof(pkt_v6), 134 .ctx_in = &skb, 135 .ctx_size_in = sizeof(skb), 136 ); 137 138 skel = fib_lookup__open_and_load(); 139 if (!ASSERT_OK_PTR(skel, "skel open_and_load")) 140 return; 141 prog_fd = bpf_program__fd(skel->progs.fib_lookup); 142 143 SYS(fail, "ip netns add %s", NS_TEST); 144 145 nstoken = open_netns(NS_TEST); 146 if (!ASSERT_OK_PTR(nstoken, "open_netns")) 147 goto fail; 148 149 if (setup_netns()) 150 goto fail; 151 152 ifindex = if_nametoindex("veth1"); 153 skb.ifindex = ifindex; 154 fib_params = &skel->bss->fib_params; 155 156 for (i = 0; i < ARRAY_SIZE(tests); i++) { 157 printf("Testing %s\n", tests[i].desc); 158 159 if (set_lookup_params(fib_params, tests[i].daddr)) 160 continue; 161 skel->bss->fib_lookup_ret = -1; 162 skel->bss->lookup_flags = BPF_FIB_LOOKUP_OUTPUT | 163 tests[i].lookup_flags; 164 165 err = bpf_prog_test_run_opts(prog_fd, &run_opts); 166 if (!ASSERT_OK(err, "bpf_prog_test_run_opts")) 167 continue; 168 169 ASSERT_EQ(skel->bss->fib_lookup_ret, tests[i].expected_ret, 170 "fib_lookup_ret"); 171 172 ret = memcmp(tests[i].dmac, fib_params->dmac, sizeof(tests[i].dmac)); 173 if (!ASSERT_EQ(ret, 0, "dmac not match")) { 174 char expected[18], actual[18]; 175 176 mac_str(expected, tests[i].dmac); 177 mac_str(actual, fib_params->dmac); 178 printf("dmac expected %s actual %s\n", expected, actual); 179 } 180 } 181 182 fail: 183 if (nstoken) 184 close_netns(nstoken); 185 SYS_NOFAIL("ip netns del " NS_TEST " &> /dev/null"); 186 fib_lookup__destroy(skel); 187 } 188