1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 3 /* 4 * End-to-end eBPF tunnel test suite 5 * The file tests BPF network tunnel implementation. 6 * 7 * Topology: 8 * --------- 9 * root namespace | at_ns0 namespace 10 * | 11 * ----------- | ----------- 12 * | tnl dev | | | tnl dev | (overlay network) 13 * ----------- | ----------- 14 * metadata-mode | metadata-mode 15 * with bpf | with bpf 16 * | 17 * ---------- | ---------- 18 * | veth1 | --------- | veth0 | (underlay network) 19 * ---------- peer ---------- 20 * 21 * 22 * Device Configuration 23 * -------------------- 24 * root namespace with metadata-mode tunnel + BPF 25 * Device names and addresses: 26 * veth1 IP 1: 172.16.1.200, IPv6: 00::22 (underlay) 27 * IP 2: 172.16.1.20, IPv6: 00::bb (underlay) 28 * tunnel dev <type>11, ex: gre11, IPv4: 10.1.1.200, IPv6: 1::22 (overlay) 29 * 30 * Namespace at_ns0 with native tunnel 31 * Device names and addresses: 32 * veth0 IPv4: 172.16.1.100, IPv6: 00::11 (underlay) 33 * tunnel dev <type>00, ex: gre00, IPv4: 10.1.1.100, IPv6: 1::11 (overlay) 34 * 35 * 36 * End-to-end ping packet flow 37 * --------------------------- 38 * Most of the tests start by namespace creation, device configuration, 39 * then ping the underlay and overlay network. When doing 'ping 10.1.1.100' 40 * from root namespace, the following operations happen: 41 * 1) Route lookup shows 10.1.1.100/24 belongs to tnl dev, fwd to tnl dev. 42 * 2) Tnl device's egress BPF program is triggered and set the tunnel metadata, 43 * with local_ip=172.16.1.200, remote_ip=172.16.1.100. BPF program choose 44 * the primary or secondary ip of veth1 as the local ip of tunnel. The 45 * choice is made based on the value of bpf map local_ip_map. 46 * 3) Outer tunnel header is prepended and route the packet to veth1's egress. 47 * 4) veth0's ingress queue receive the tunneled packet at namespace at_ns0. 48 * 5) Tunnel protocol handler, ex: vxlan_rcv, decap the packet. 49 * 6) Forward the packet to the overlay tnl dev. 50 */ 51 52 #include <arpa/inet.h> 53 #include <linux/if_tun.h> 54 #include <linux/limits.h> 55 #include <linux/sysctl.h> 56 #include <linux/time_types.h> 57 #include <linux/net_tstamp.h> 58 #include <net/if.h> 59 #include <stdbool.h> 60 #include <stdio.h> 61 #include <sys/stat.h> 62 #include <unistd.h> 63 64 #include "test_progs.h" 65 #include "network_helpers.h" 66 #include "test_tunnel_kern.skel.h" 67 68 #define IP4_ADDR_VETH0 "172.16.1.100" 69 #define IP4_ADDR1_VETH1 "172.16.1.200" 70 #define IP4_ADDR2_VETH1 "172.16.1.20" 71 #define IP4_ADDR_TUNL_DEV0 "10.1.1.100" 72 #define IP4_ADDR_TUNL_DEV1 "10.1.1.200" 73 74 #define IP6_ADDR_VETH0 "::11" 75 #define IP6_ADDR1_VETH1 "::22" 76 #define IP6_ADDR2_VETH1 "::bb" 77 78 #define IP4_ADDR1_HEX_VETH1 0xac1001c8 79 #define IP4_ADDR2_HEX_VETH1 0xac100114 80 #define IP6_ADDR1_HEX_VETH1 0x22 81 #define IP6_ADDR2_HEX_VETH1 0xbb 82 83 #define MAC_TUNL_DEV0 "52:54:00:d9:01:00" 84 #define MAC_TUNL_DEV1 "52:54:00:d9:02:00" 85 86 #define VXLAN_TUNL_DEV0 "vxlan00" 87 #define VXLAN_TUNL_DEV1 "vxlan11" 88 #define IP6VXLAN_TUNL_DEV0 "ip6vxlan00" 89 #define IP6VXLAN_TUNL_DEV1 "ip6vxlan11" 90 91 #define PING_ARGS "-i 0.01 -c 3 -w 10 -q" 92 93 #define SYS(fmt, ...) \ 94 ({ \ 95 char cmd[1024]; \ 96 snprintf(cmd, sizeof(cmd), fmt, ##__VA_ARGS__); \ 97 if (!ASSERT_OK(system(cmd), cmd)) \ 98 goto fail; \ 99 }) 100 101 #define SYS_NOFAIL(fmt, ...) \ 102 ({ \ 103 char cmd[1024]; \ 104 snprintf(cmd, sizeof(cmd), fmt, ##__VA_ARGS__); \ 105 system(cmd); \ 106 }) 107 108 static int config_device(void) 109 { 110 SYS("ip netns add at_ns0"); 111 SYS("ip link add veth0 type veth peer name veth1"); 112 SYS("ip link set veth0 netns at_ns0"); 113 SYS("ip addr add " IP4_ADDR1_VETH1 "/24 dev veth1"); 114 SYS("ip addr add " IP4_ADDR2_VETH1 "/24 dev veth1"); 115 SYS("ip link set dev veth1 up mtu 1500"); 116 SYS("ip netns exec at_ns0 ip addr add " IP4_ADDR_VETH0 "/24 dev veth0"); 117 SYS("ip netns exec at_ns0 ip link set dev veth0 up mtu 1500"); 118 119 return 0; 120 fail: 121 return -1; 122 } 123 124 static void cleanup(void) 125 { 126 SYS_NOFAIL("test -f /var/run/netns/at_ns0 && ip netns delete at_ns0"); 127 SYS_NOFAIL("ip link del veth1 2> /dev/null"); 128 SYS_NOFAIL("ip link del %s 2> /dev/null", VXLAN_TUNL_DEV1); 129 SYS_NOFAIL("ip link del %s 2> /dev/null", IP6VXLAN_TUNL_DEV1); 130 } 131 132 static int add_vxlan_tunnel(void) 133 { 134 /* at_ns0 namespace */ 135 SYS("ip netns exec at_ns0 ip link add dev %s type vxlan external gbp dstport 4789", 136 VXLAN_TUNL_DEV0); 137 SYS("ip netns exec at_ns0 ip link set dev %s address %s up", 138 VXLAN_TUNL_DEV0, MAC_TUNL_DEV0); 139 SYS("ip netns exec at_ns0 ip addr add dev %s %s/24", 140 VXLAN_TUNL_DEV0, IP4_ADDR_TUNL_DEV0); 141 SYS("ip netns exec at_ns0 ip neigh add %s lladdr %s dev %s", 142 IP4_ADDR_TUNL_DEV1, MAC_TUNL_DEV1, VXLAN_TUNL_DEV0); 143 144 /* root namespace */ 145 SYS("ip link add dev %s type vxlan external gbp dstport 4789", 146 VXLAN_TUNL_DEV1); 147 SYS("ip link set dev %s address %s up", VXLAN_TUNL_DEV1, MAC_TUNL_DEV1); 148 SYS("ip addr add dev %s %s/24", VXLAN_TUNL_DEV1, IP4_ADDR_TUNL_DEV1); 149 SYS("ip neigh add %s lladdr %s dev %s", 150 IP4_ADDR_TUNL_DEV0, MAC_TUNL_DEV0, VXLAN_TUNL_DEV1); 151 152 return 0; 153 fail: 154 return -1; 155 } 156 157 static void delete_vxlan_tunnel(void) 158 { 159 SYS_NOFAIL("ip netns exec at_ns0 ip link delete dev %s", 160 VXLAN_TUNL_DEV0); 161 SYS_NOFAIL("ip link delete dev %s", VXLAN_TUNL_DEV1); 162 } 163 164 static int add_ip6vxlan_tunnel(void) 165 { 166 SYS("ip netns exec at_ns0 ip -6 addr add %s/96 dev veth0", 167 IP6_ADDR_VETH0); 168 SYS("ip netns exec at_ns0 ip link set dev veth0 up"); 169 SYS("ip -6 addr add %s/96 dev veth1", IP6_ADDR1_VETH1); 170 SYS("ip -6 addr add %s/96 dev veth1", IP6_ADDR2_VETH1); 171 SYS("ip link set dev veth1 up"); 172 173 /* at_ns0 namespace */ 174 SYS("ip netns exec at_ns0 ip link add dev %s type vxlan external dstport 4789", 175 IP6VXLAN_TUNL_DEV0); 176 SYS("ip netns exec at_ns0 ip addr add dev %s %s/24", 177 IP6VXLAN_TUNL_DEV0, IP4_ADDR_TUNL_DEV0); 178 SYS("ip netns exec at_ns0 ip link set dev %s address %s up", 179 IP6VXLAN_TUNL_DEV0, MAC_TUNL_DEV0); 180 181 /* root namespace */ 182 SYS("ip link add dev %s type vxlan external dstport 4789", 183 IP6VXLAN_TUNL_DEV1); 184 SYS("ip addr add dev %s %s/24", IP6VXLAN_TUNL_DEV1, IP4_ADDR_TUNL_DEV1); 185 SYS("ip link set dev %s address %s up", 186 IP6VXLAN_TUNL_DEV1, MAC_TUNL_DEV1); 187 188 return 0; 189 fail: 190 return -1; 191 } 192 193 static void delete_ip6vxlan_tunnel(void) 194 { 195 SYS_NOFAIL("ip netns exec at_ns0 ip -6 addr delete %s/96 dev veth0", 196 IP6_ADDR_VETH0); 197 SYS_NOFAIL("ip -6 addr delete %s/96 dev veth1", IP6_ADDR1_VETH1); 198 SYS_NOFAIL("ip -6 addr delete %s/96 dev veth1", IP6_ADDR2_VETH1); 199 SYS_NOFAIL("ip netns exec at_ns0 ip link delete dev %s", 200 IP6VXLAN_TUNL_DEV0); 201 SYS_NOFAIL("ip link delete dev %s", IP6VXLAN_TUNL_DEV1); 202 } 203 204 static int test_ping(int family, const char *addr) 205 { 206 SYS("%s %s %s > /dev/null", ping_command(family), PING_ARGS, addr); 207 return 0; 208 fail: 209 return -1; 210 } 211 212 static int attach_tc_prog(struct bpf_tc_hook *hook, int igr_fd, int egr_fd) 213 { 214 DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts1, .handle = 1, 215 .priority = 1, .prog_fd = igr_fd); 216 DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts2, .handle = 1, 217 .priority = 1, .prog_fd = egr_fd); 218 int ret; 219 220 ret = bpf_tc_hook_create(hook); 221 if (!ASSERT_OK(ret, "create tc hook")) 222 return ret; 223 224 if (igr_fd >= 0) { 225 hook->attach_point = BPF_TC_INGRESS; 226 ret = bpf_tc_attach(hook, &opts1); 227 if (!ASSERT_OK(ret, "bpf_tc_attach")) { 228 bpf_tc_hook_destroy(hook); 229 return ret; 230 } 231 } 232 233 if (egr_fd >= 0) { 234 hook->attach_point = BPF_TC_EGRESS; 235 ret = bpf_tc_attach(hook, &opts2); 236 if (!ASSERT_OK(ret, "bpf_tc_attach")) { 237 bpf_tc_hook_destroy(hook); 238 return ret; 239 } 240 } 241 242 return 0; 243 } 244 245 static void test_vxlan_tunnel(void) 246 { 247 struct test_tunnel_kern *skel = NULL; 248 struct nstoken *nstoken; 249 int local_ip_map_fd = -1; 250 int set_src_prog_fd, get_src_prog_fd; 251 int set_dst_prog_fd; 252 int key = 0, ifindex = -1; 253 uint local_ip; 254 int err; 255 DECLARE_LIBBPF_OPTS(bpf_tc_hook, tc_hook, 256 .attach_point = BPF_TC_INGRESS); 257 258 /* add vxlan tunnel */ 259 err = add_vxlan_tunnel(); 260 if (!ASSERT_OK(err, "add vxlan tunnel")) 261 goto done; 262 263 /* load and attach bpf prog to tunnel dev tc hook point */ 264 skel = test_tunnel_kern__open_and_load(); 265 if (!ASSERT_OK_PTR(skel, "test_tunnel_kern__open_and_load")) 266 goto done; 267 ifindex = if_nametoindex(VXLAN_TUNL_DEV1); 268 if (!ASSERT_NEQ(ifindex, 0, "vxlan11 ifindex")) 269 goto done; 270 tc_hook.ifindex = ifindex; 271 get_src_prog_fd = bpf_program__fd(skel->progs.vxlan_get_tunnel_src); 272 set_src_prog_fd = bpf_program__fd(skel->progs.vxlan_set_tunnel_src); 273 if (!ASSERT_GE(get_src_prog_fd, 0, "bpf_program__fd")) 274 goto done; 275 if (!ASSERT_GE(set_src_prog_fd, 0, "bpf_program__fd")) 276 goto done; 277 if (attach_tc_prog(&tc_hook, get_src_prog_fd, set_src_prog_fd)) 278 goto done; 279 280 /* load and attach prog set_md to tunnel dev tc hook point at_ns0 */ 281 nstoken = open_netns("at_ns0"); 282 if (!ASSERT_OK_PTR(nstoken, "setns src")) 283 goto done; 284 ifindex = if_nametoindex(VXLAN_TUNL_DEV0); 285 if (!ASSERT_NEQ(ifindex, 0, "vxlan00 ifindex")) 286 goto done; 287 tc_hook.ifindex = ifindex; 288 set_dst_prog_fd = bpf_program__fd(skel->progs.vxlan_set_tunnel_dst); 289 if (!ASSERT_GE(set_dst_prog_fd, 0, "bpf_program__fd")) 290 goto done; 291 if (attach_tc_prog(&tc_hook, -1, set_dst_prog_fd)) 292 goto done; 293 close_netns(nstoken); 294 295 /* use veth1 ip 2 as tunnel source ip */ 296 local_ip_map_fd = bpf_map__fd(skel->maps.local_ip_map); 297 if (!ASSERT_GE(local_ip_map_fd, 0, "bpf_map__fd")) 298 goto done; 299 local_ip = IP4_ADDR2_HEX_VETH1; 300 err = bpf_map_update_elem(local_ip_map_fd, &key, &local_ip, BPF_ANY); 301 if (!ASSERT_OK(err, "update bpf local_ip_map")) 302 goto done; 303 304 /* ping test */ 305 err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV0); 306 if (!ASSERT_OK(err, "test_ping")) 307 goto done; 308 309 done: 310 /* delete vxlan tunnel */ 311 delete_vxlan_tunnel(); 312 if (local_ip_map_fd >= 0) 313 close(local_ip_map_fd); 314 if (skel) 315 test_tunnel_kern__destroy(skel); 316 } 317 318 static void test_ip6vxlan_tunnel(void) 319 { 320 struct test_tunnel_kern *skel = NULL; 321 struct nstoken *nstoken; 322 int local_ip_map_fd = -1; 323 int set_src_prog_fd, get_src_prog_fd; 324 int set_dst_prog_fd; 325 int key = 0, ifindex = -1; 326 uint local_ip; 327 int err; 328 DECLARE_LIBBPF_OPTS(bpf_tc_hook, tc_hook, 329 .attach_point = BPF_TC_INGRESS); 330 331 /* add vxlan tunnel */ 332 err = add_ip6vxlan_tunnel(); 333 if (!ASSERT_OK(err, "add_ip6vxlan_tunnel")) 334 goto done; 335 336 /* load and attach bpf prog to tunnel dev tc hook point */ 337 skel = test_tunnel_kern__open_and_load(); 338 if (!ASSERT_OK_PTR(skel, "test_tunnel_kern__open_and_load")) 339 goto done; 340 ifindex = if_nametoindex(IP6VXLAN_TUNL_DEV1); 341 if (!ASSERT_NEQ(ifindex, 0, "ip6vxlan11 ifindex")) 342 goto done; 343 tc_hook.ifindex = ifindex; 344 get_src_prog_fd = bpf_program__fd(skel->progs.ip6vxlan_get_tunnel_src); 345 set_src_prog_fd = bpf_program__fd(skel->progs.ip6vxlan_set_tunnel_src); 346 if (!ASSERT_GE(set_src_prog_fd, 0, "bpf_program__fd")) 347 goto done; 348 if (!ASSERT_GE(get_src_prog_fd, 0, "bpf_program__fd")) 349 goto done; 350 if (attach_tc_prog(&tc_hook, get_src_prog_fd, set_src_prog_fd)) 351 goto done; 352 353 /* load and attach prog set_md to tunnel dev tc hook point at_ns0 */ 354 nstoken = open_netns("at_ns0"); 355 if (!ASSERT_OK_PTR(nstoken, "setns src")) 356 goto done; 357 ifindex = if_nametoindex(IP6VXLAN_TUNL_DEV0); 358 if (!ASSERT_NEQ(ifindex, 0, "ip6vxlan00 ifindex")) 359 goto done; 360 tc_hook.ifindex = ifindex; 361 set_dst_prog_fd = bpf_program__fd(skel->progs.ip6vxlan_set_tunnel_dst); 362 if (!ASSERT_GE(set_dst_prog_fd, 0, "bpf_program__fd")) 363 goto done; 364 if (attach_tc_prog(&tc_hook, -1, set_dst_prog_fd)) 365 goto done; 366 close_netns(nstoken); 367 368 /* use veth1 ip 2 as tunnel source ip */ 369 local_ip_map_fd = bpf_map__fd(skel->maps.local_ip_map); 370 if (!ASSERT_GE(local_ip_map_fd, 0, "get local_ip_map fd")) 371 goto done; 372 local_ip = IP6_ADDR2_HEX_VETH1; 373 err = bpf_map_update_elem(local_ip_map_fd, &key, &local_ip, BPF_ANY); 374 if (!ASSERT_OK(err, "update bpf local_ip_map")) 375 goto done; 376 377 /* ping test */ 378 err = test_ping(AF_INET, IP4_ADDR_TUNL_DEV0); 379 if (!ASSERT_OK(err, "test_ping")) 380 goto done; 381 382 done: 383 /* delete ipv6 vxlan tunnel */ 384 delete_ip6vxlan_tunnel(); 385 if (local_ip_map_fd >= 0) 386 close(local_ip_map_fd); 387 if (skel) 388 test_tunnel_kern__destroy(skel); 389 } 390 391 #define RUN_TEST(name) \ 392 ({ \ 393 if (test__start_subtest(#name)) { \ 394 test_ ## name(); \ 395 } \ 396 }) 397 398 static void *test_tunnel_run_tests(void *arg) 399 { 400 cleanup(); 401 config_device(); 402 403 RUN_TEST(vxlan_tunnel); 404 RUN_TEST(ip6vxlan_tunnel); 405 406 cleanup(); 407 408 return NULL; 409 } 410 411 void serial_test_tunnel(void) 412 { 413 pthread_t test_thread; 414 int err; 415 416 /* Run the tests in their own thread to isolate the namespace changes 417 * so they do not affect the environment of other tests. 418 * (specifically needed because of unshare(CLONE_NEWNS) in open_netns()) 419 */ 420 err = pthread_create(&test_thread, NULL, &test_tunnel_run_tests, NULL); 421 if (ASSERT_OK(err, "pthread_create")) 422 ASSERT_OK(pthread_join(test_thread, NULL), "pthread_join"); 423 } 424