1 // SPDX-License-Identifier: GPL-2.0
2 #include <test_progs.h>
3 #include <network_helpers.h>
4 #include <net/if.h>
5 #include "empty_skb.skel.h"
6 
test_empty_skb(void)7 void test_empty_skb(void)
8 {
9 	LIBBPF_OPTS(bpf_test_run_opts, tattr);
10 	struct empty_skb *bpf_obj = NULL;
11 	struct nstoken *tok = NULL;
12 	struct bpf_program *prog;
13 	char eth_hlen_pp[15];
14 	char eth_hlen[14];
15 	int veth_ifindex;
16 	int ipip_ifindex;
17 	int err;
18 	int i;
19 
20 	struct {
21 		const char *msg;
22 		const void *data_in;
23 		__u32 data_size_in;
24 		int *ifindex;
25 		int err;
26 		int ret;
27 		int lwt_egress_ret; /* expected retval at lwt/egress */
28 		bool success_on_tc;
29 	} tests[] = {
30 		/* Empty packets are always rejected. */
31 
32 		{
33 			/* BPF_PROG_RUN ETH_HLEN size check */
34 			.msg = "veth empty ingress packet",
35 			.data_in = NULL,
36 			.data_size_in = 0,
37 			.ifindex = &veth_ifindex,
38 			.err = -EINVAL,
39 		},
40 		{
41 			/* BPF_PROG_RUN ETH_HLEN size check */
42 			.msg = "ipip empty ingress packet",
43 			.data_in = NULL,
44 			.data_size_in = 0,
45 			.ifindex = &ipip_ifindex,
46 			.err = -EINVAL,
47 		},
48 
49 		/* ETH_HLEN-sized packets:
50 		 * - can not be redirected at LWT_XMIT
51 		 * - can be redirected at TC to non-tunneling dest
52 		 */
53 
54 		{
55 			/* __bpf_redirect_common */
56 			.msg = "veth ETH_HLEN packet ingress",
57 			.data_in = eth_hlen,
58 			.data_size_in = sizeof(eth_hlen),
59 			.ifindex = &veth_ifindex,
60 			.ret = -ERANGE,
61 			.lwt_egress_ret = -ERANGE,
62 			.success_on_tc = true,
63 		},
64 		{
65 			/* __bpf_redirect_no_mac
66 			 *
67 			 * lwt: skb->len=0 <= skb_network_offset=0
68 			 * tc: skb->len=14 <= skb_network_offset=14
69 			 */
70 			.msg = "ipip ETH_HLEN packet ingress",
71 			.data_in = eth_hlen,
72 			.data_size_in = sizeof(eth_hlen),
73 			.ifindex = &ipip_ifindex,
74 			.ret = -ERANGE,
75 			.lwt_egress_ret = -ERANGE,
76 		},
77 
78 		/* ETH_HLEN+1-sized packet should be redirected. */
79 
80 		{
81 			.msg = "veth ETH_HLEN+1 packet ingress",
82 			.data_in = eth_hlen_pp,
83 			.data_size_in = sizeof(eth_hlen_pp),
84 			.ifindex = &veth_ifindex,
85 			.lwt_egress_ret = 1, /* veth_xmit NET_XMIT_DROP */
86 		},
87 		{
88 			.msg = "ipip ETH_HLEN+1 packet ingress",
89 			.data_in = eth_hlen_pp,
90 			.data_size_in = sizeof(eth_hlen_pp),
91 			.ifindex = &ipip_ifindex,
92 		},
93 	};
94 
95 	SYS(out, "ip netns add empty_skb");
96 	tok = open_netns("empty_skb");
97 	if (!ASSERT_OK_PTR(tok, "setns"))
98 		goto out;
99 	SYS(out, "ip link add veth0 type veth peer veth1");
100 	SYS(out, "ip link set dev veth0 up");
101 	SYS(out, "ip link set dev veth1 up");
102 	SYS(out, "ip addr add 10.0.0.1/8 dev veth0");
103 	SYS(out, "ip addr add 10.0.0.2/8 dev veth1");
104 	veth_ifindex = if_nametoindex("veth0");
105 
106 	SYS(out, "ip link add ipip0 type ipip local 10.0.0.1 remote 10.0.0.2");
107 	SYS(out, "ip link set ipip0 up");
108 	SYS(out, "ip addr add 192.168.1.1/16 dev ipip0");
109 	ipip_ifindex = if_nametoindex("ipip0");
110 
111 	bpf_obj = empty_skb__open_and_load();
112 	if (!ASSERT_OK_PTR(bpf_obj, "open skeleton"))
113 		goto out;
114 
115 	for (i = 0; i < ARRAY_SIZE(tests); i++) {
116 		bpf_object__for_each_program(prog, bpf_obj->obj) {
117 			bool at_egress = strstr(bpf_program__name(prog), "egress") != NULL;
118 			bool at_tc = !strncmp(bpf_program__section_name(prog), "tc", 2);
119 			int expected_ret;
120 			char buf[128];
121 
122 			expected_ret = at_egress && !at_tc ? tests[i].lwt_egress_ret : tests[i].ret;
123 
124 			tattr.data_in = tests[i].data_in;
125 			tattr.data_size_in = tests[i].data_size_in;
126 
127 			tattr.data_size_out = 0;
128 			bpf_obj->bss->ifindex = *tests[i].ifindex;
129 			bpf_obj->bss->ret = 0;
130 			err = bpf_prog_test_run_opts(bpf_program__fd(prog), &tattr);
131 			sprintf(buf, "err: %s [%s]", tests[i].msg, bpf_program__name(prog));
132 
133 			if (at_tc && tests[i].success_on_tc)
134 				ASSERT_GE(err, 0, buf);
135 			else
136 				ASSERT_EQ(err, tests[i].err, buf);
137 			sprintf(buf, "ret: %s [%s]", tests[i].msg, bpf_program__name(prog));
138 			if (at_tc && tests[i].success_on_tc)
139 				ASSERT_GE(bpf_obj->bss->ret, 0, buf);
140 			else
141 				ASSERT_EQ(bpf_obj->bss->ret, expected_ret, buf);
142 		}
143 	}
144 
145 out:
146 	if (bpf_obj)
147 		empty_skb__destroy(bpf_obj);
148 	if (tok)
149 		close_netns(tok);
150 	SYS_NOFAIL("ip netns del empty_skb");
151 }
152