selftests/bpf: Add tests for accessing ingress_ifindex in bpf_sk_lookup

A new field was added to the bpf_sk_lookup data that users can access.
Add tests that validate that the new ingress_ifindex field contains the
right data.

Signed-off-by: Mark Pashmfouroush <markpash@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20211110111016.5670-3-markpash@cloudflare.com

diff --git a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
index 6db07401bc49370e72c848ce57b07f0a61d02cc4..57846cc7ce360471251b5912924764c9b1eaee85 100644 (file)
--- a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
+++ b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
@@ -937,6 +937,37 @@ static void test_drop_on_lookup(struct test_sk_lookup *skel)
                        .connect_to     = { EXT_IP6, EXT_PORT },
                        .listen_at      = { EXT_IP6, INT_PORT },
                },
+               /* The program will drop on success, meaning that the ifindex
+                * was 1.
+                */
+               {
+                       .desc           = "TCP IPv4 drop on valid ifindex",
+                       .lookup_prog    = skel->progs.check_ifindex,
+                       .sotype         = SOCK_STREAM,
+                       .connect_to     = { EXT_IP4, EXT_PORT },
+                       .listen_at      = { EXT_IP4, EXT_PORT },
+               },
+               {
+                       .desc           = "TCP IPv6 drop on valid ifindex",
+                       .lookup_prog    = skel->progs.check_ifindex,
+                       .sotype         = SOCK_STREAM,
+                       .connect_to     = { EXT_IP6, EXT_PORT },
+                       .listen_at      = { EXT_IP6, EXT_PORT },
+               },
+               {
+                       .desc           = "UDP IPv4 drop on valid ifindex",
+                       .lookup_prog    = skel->progs.check_ifindex,
+                       .sotype         = SOCK_DGRAM,
+                       .connect_to     = { EXT_IP4, EXT_PORT },
+                       .listen_at      = { EXT_IP4, EXT_PORT },
+               },
+               {
+                       .desc           = "UDP IPv6 drop on valid ifindex",
+                       .lookup_prog    = skel->progs.check_ifindex,
+                       .sotype         = SOCK_DGRAM,
+                       .connect_to     = { EXT_IP6, EXT_PORT },
+                       .listen_at      = { EXT_IP6, EXT_PORT },
+               },
        };
        const struct test *t;
 

diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup.c b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
index 19d2465d94425b6fbaae808480a7525ca0a8bcbc..83b0aaa52ef77cdad9d911ea91f690da49c94121 100644 (file)
--- a/tools/testing/selftests/bpf/progs/test_sk_lookup.c
+++ b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
@@ -84,6 +84,14 @@ int lookup_drop(struct bpf_sk_lookup *ctx)
        return SK_DROP;
 }
 
+SEC("sk_lookup")
+int check_ifindex(struct bpf_sk_lookup *ctx)
+{
+       if (ctx->ingress_ifindex == 1)
+               return SK_DROP;
+       return SK_PASS;
+}
+
 SEC("sk_reuseport")
 int reuseport_pass(struct sk_reuseport_md *ctx)
 {

diff --git a/tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c b/tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c
index d78627be060fa34b60a1c97890891328642b4b71..a2b006e2fd06526f9859892f1c945a5d25a584ca 100644 (file)
--- a/tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c
+++ b/tools/testing/selftests/bpf/verifier/ctx_sk_lookup.c
@@ -229,6 +229,24 @@
                BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
                            offsetof(struct bpf_sk_lookup, local_port)),
 
+               /* 1-byte read from ingress_ifindex field */
+               BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex)),
+               BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex) + 1),
+               BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex) + 2),
+               BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex) + 3),
+               /* 2-byte read from ingress_ifindex field */
+               BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex)),
+               BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex) + 2),
+               /* 4-byte read from ingress_ifindex field */
+               BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex)),
+
                /* 8-byte read from sk field */
                BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
                            offsetof(struct bpf_sk_lookup, sk)),
@@ -351,6 +369,20 @@
        .expected_attach_type = BPF_SK_LOOKUP,
        .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
 },
+{
+       "invalid 8-byte read from bpf_sk_lookup ingress_ifindex field",
+       .insns = {
+               BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
+                           offsetof(struct bpf_sk_lookup, ingress_ifindex)),
+               BPF_MOV32_IMM(BPF_REG_0, 0),
+               BPF_EXIT_INSN(),
+       },
+       .errstr = "invalid bpf_context access",
+       .result = REJECT,
+       .prog_type = BPF_PROG_TYPE_SK_LOOKUP,
+       .expected_attach_type = BPF_SK_LOOKUP,
+       .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
+},
 /* invalid 1,2,4-byte reads from 8-byte fields in bpf_sk_lookup */
 {
        "invalid 4-byte read from bpf_sk_lookup sk field",