SSL flow_dissector.c
Sprache: unbekannt
// SPDX-License-Identifier: GPL-2.0 #define _GNU_SOURCE#include <test_progs.h>#include <network_helpers.h>#include <linux/if_tun.h>#include <sys/uio.h>#include "bpf_flow.skel.h" #define TEST_NS "flow_dissector_ns" #define FLOW_CONTINUE_SADDR 0 x7f00007f /* 127.0.0.127 */ #define TEST_NAME_MAX_LEN 64 #ifndef IP_MF#define IP_MF 0 x2000#endif struct ipv4_pkt {struct ethhdr eth;struct iphdr iph;struct tcphdr tcp;struct ipip_pkt {struct ethhdr eth;struct iphdr iph;struct iphdr iph_inner;struct tcphdr tcp;struct svlan_ipv4_pkt {struct ethhdr eth;struct iphdr iph;struct tcphdr tcp;struct ipv6_pkt {struct ethhdr eth;struct ipv6hdr iph;struct tcphdr tcp;struct ipv6_frag_pkt {struct ethhdr eth;struct ipv6hdr iph;struct frag_hdr {struct tcphdr tcp;struct dvlan_ipv6_pkt {struct ethhdr eth;struct ipv6hdr iph;struct tcphdr tcp;struct gre_base_hdr {struct gre_minimal_pkt {struct ethhdr eth;struct iphdr iph;struct gre_base_hdr gre_hdr;struct iphdr iph_inner;struct tcphdr tcp;struct test {const char *name;union {struct ipv4_pkt ipv4;struct svlan_ipv4_pkt svlan_ipv4;struct ipip_pkt ipip;struct ipv6_pkt ipv6;struct ipv6_frag_pkt ipv6_frag;struct dvlan_ipv6_pkt dvlan_ipv6;struct gre_minimal_pkt gre_minimal;struct bpf_flow_keys keys;#define VLAN_HLEN 4 struct test tests[] = {"ipv4" ,5 ,5 ,80 ,8080 ,sizeof (struct iphdr),80 ,8080 ,"ipv6" ,5 ,80 ,8080 ,sizeof (struct ipv6hdr),80 ,8080 ,"802.1q-ipv4" ,5 ,5 ,80 ,8080 ,sizeof (struct iphdr),80 ,8080 ,"802.1ad-ipv6" ,5 ,80 ,8080 ,2 ,2 +sizeof (struct ipv6hdr),80 ,8080 ,"ipv4-frag" ,5 ,5 ,80 ,8080 ,sizeof (struct iphdr),true ,true ,80 ,8080 ,"ipv4-no-frag" ,5 ,5 ,80 ,8080 ,sizeof (struct iphdr),true ,true ,"ipv6-frag" ,5 ,80 ,8080 ,sizeof (struct ipv6hdr) +sizeof (struct frag_hdr),true ,true ,80 ,8080 ,"ipv6-no-frag" ,5 ,80 ,8080 ,sizeof (struct ipv6hdr) +sizeof (struct frag_hdr),true ,true ,"ipv6-flow-label" ,0 xb, 0 xee, 0 xef },5 ,80 ,8080 ,sizeof (struct ipv6hdr),80 ,8080 ,0 xbeeef),"ipv6-no-flow-label" ,0 xb, 0 xee, 0 xef },5 ,80 ,8080 ,sizeof (struct ipv6hdr),0 xbeeef),"ipv6-empty-flow-label" ,0 x00, 0 x00, 0 x00 },5 ,80 ,8080 ,sizeof (struct ipv6hdr),80 ,8080 ,"ipip-encap" ,5 ,5 ,sizeof (struct iphdr)),5 ,80 ,8080 ,sizeof (struct iphdr) +sizeof (struct iphdr),true ,80 ,8080 ,"ipip-no-encap" ,5 ,5 ,sizeof (struct iphdr)),5 ,80 ,8080 ,sizeof (struct iphdr),true ,"ipip-encap-dissector-continue" ,5 ,5 ,sizeof (struct iphdr)),5 ,99 ,9090 ,"ip-gre" ,5 ,0 ,5 ,sizeof (struct iphdr)),5 ,80 ,8080 ,sizeof (struct iphdr) * 2 +sizeof (struct gre_base_hdr),true ,80 ,8080 ,"ip-gre-no-encap" ,5 ,5 ,sizeof (struct iphdr)),5 ,80 ,8080 ,sizeof (struct iphdr)sizeof (struct gre_base_hdr),true ,void serial_test_flow_dissector_namespace(void )struct bpf_flow *skel;struct nstoken *ns;int err, prog_fd;if (!ASSERT_OK_PTR(skel, "open/load skeleton" ))return ;if (!ASSERT_OK_FD(prog_fd, "get dissector fd" ))goto out_destroy_skel;/* We must be able to attach a flow dissector to root namespace */ 0 , BPF_FLOW_DISSECTOR, 0 );if (!ASSERT_OK(err, "attach on root namespace ok" ))goto out_destroy_skel;if (!ASSERT_OK(err, "create non-root net namespace" ))goto out_destroy_skel;/* We must not be able to additionally attach a flow dissector to a * non-root net namespace if (!ASSERT_OK_PTR(ns, "enter non-root net namespace" ))goto out_clean_ns;0 , BPF_FLOW_DISSECTOR, 0 );if (!ASSERT_ERR(err,"refuse new flow dissector in non-root net namespace" ))0 , BPF_FLOW_DISSECTOR);else "refused because of already attached prog" );/* If no flow dissector is attached to the root namespace, we must * be able to attach one to a non-root net namespace 0 , BPF_FLOW_DISSECTOR);"enter non-root net namespace" );0 , BPF_FLOW_DISSECTOR, 0 );"accept new flow dissector in non-root net namespace" );/* If a flow dissector is attached to non-root net namespace, attaching * a flow dissector to root namespace must fail 0 , BPF_FLOW_DISSECTOR, 0 );if (!ASSERT_ERR(err, "refuse new flow dissector on root namespace" ))0 , BPF_FLOW_DISSECTOR);else "refused because of already attached prog" );0 , BPF_FLOW_DISSECTOR);static int create_tap(const char *ifname)struct ifreq ifr = {int fd, ret;sizeof (ifr.ifr_name));"/dev/net/tun" , O_RDWR);if (fd < 0 )return -1 ;if (ret)return -1 ;return fd;static int tx_tap(int fd, void *pkt, size_t len)struct iovec iov[] = {return writev(fd, iov, ARRAY_SIZE(iov));static int ifup(const char *ifname)struct ifreq ifr = {};int sk, ret;sizeof (ifr.ifr_name));0 );if (sk < 0 )return -1 ;if (ret) {return -1 ;if (ret) {return -1 ;return 0 ;static int init_prog_array(struct bpf_object *obj, struct bpf_map *prog_array)int i, err, map_fd, prog_fd;struct bpf_program *prog;char prog_name[32 ];if (map_fd < 0 )return -1 ;for (i = 0 ; i < bpf_map__max_entries(prog_array); i++) {sizeof (prog_name), "flow_dissector_%d" , i);if (!prog)return -1 ;if (prog_fd < 0 )return -1 ;if (err)return -1 ;return 0 ;static void run_tests_skb_less(int tap_fd, struct bpf_map *keys,char *test_suffix)char test_name[TEST_NAME_MAX_LEN];int i, err, keys_fd;if (!ASSERT_OK_FD(keys_fd, "bpf_map__fd" ))return ;for (i = 0 ; i < ARRAY_SIZE(tests); i++) {/* Keep in sync with 'flags' from eth_get_headlen. */ struct bpf_flow_keys flow_keys = {};16 |"%s-%s" , tests[i].name,if (!test__start_subtest(test_name))continue ;/* For skb-less case we can't pass input flags; run * only the tests that have a matching set of flags. if (tests[i].flags != eth_get_headlen_flags)continue ;sizeof (tests[i].pkt));if (!ASSERT_EQ(err, sizeof (tests[i].pkt), "tx_tap" ))continue ;/* check the stored flow_keys only if BPF_OK expected */ if (tests[i].retval != BPF_OK)continue ;if (!ASSERT_OK(err, "bpf_map_lookup_elem" ))continue ;sizeof (struct bpf_flow_keys),"returned flow keys" );"bpf_map_delete_elem" );void test_flow_dissector_skb_less_direct_attach(void )int err, prog_fd, tap_fd;struct bpf_flow *skel;struct netns_obj *ns;"flow_dissector_skb_less_indirect_attach_ns" , true );if (!ASSERT_OK_PTR(ns, "create and open netns" ))return ;if (!ASSERT_OK_PTR(skel, "open/load skeleton" ))goto out_clean_ns;if (!ASSERT_OK(err, "init_prog_array" ))goto out_destroy_skel;if (!ASSERT_OK_FD(prog_fd, "bpf_program__fd" ))goto out_destroy_skel;0 , BPF_FLOW_DISSECTOR, 0 );if (!ASSERT_OK(err, "bpf_prog_attach" ))goto out_destroy_skel;"tap0" );if (!ASSERT_OK_FD(tap_fd, "create_tap" ))goto out_destroy_skel;"tap0" );if (!ASSERT_OK(err, "ifup" ))goto out_close_tap;"non-skb-direct-attach" );0 , BPF_FLOW_DISSECTOR);"bpf_prog_detach2" );void test_flow_dissector_skb_less_indirect_attach(void )int err, net_fd, tap_fd;struct bpf_flow *skel;struct bpf_link *link;struct netns_obj *ns;"flow_dissector_skb_less_indirect_attach_ns" , true );if (!ASSERT_OK_PTR(ns, "create and open netns" ))return ;if (!ASSERT_OK_PTR(skel, "open/load skeleton" ))goto out_clean_ns;"/proc/self/ns/net" , O_RDONLY);if (!ASSERT_OK_FD(net_fd, "open(/proc/self/ns/net" ))goto out_destroy_skel;if (!ASSERT_OK(err, "init_prog_array" ))goto out_destroy_skel;"tap0" );if (!ASSERT_OK_FD(tap_fd, "create_tap" ))goto out_close_ns;"tap0" );if (!ASSERT_OK(err, "ifup" ))goto out_close_tap;if (!ASSERT_OK_PTR(link, "attach_netns" ))goto out_close_tap;"non-skb-indirect-attach" );"bpf_link__destroy" );void test_flow_dissector_skb(void )char test_name[TEST_NAME_MAX_LEN];struct bpf_flow *skel;int i, err, prog_fd;if (!ASSERT_OK_PTR(skel, "open/load skeleton" ))return ;if (!ASSERT_OK(err, "init_prog_array" ))goto out_destroy_skel;if (!ASSERT_OK_FD(prog_fd, "bpf_program__fd" ))goto out_destroy_skel;for (i = 0 ; i < ARRAY_SIZE(tests); i++) {struct bpf_flow_keys flow_keys;sizeof (tests[i].pkt),static struct bpf_flow_keys ctx = {};"%s-skb" , tests[i].name);if (!test__start_subtest(test_name))continue ;if (tests[i].flags) {sizeof (ctx);"test_run" );"test_run retval" );/* check the resulting flow_keys only if BPF_OK returned */ if (topts.retval != BPF_OK)continue ;sizeof (flow_keys),"test_run data_size_out" );sizeof (struct bpf_flow_keys),"returned flow keys" );
Messung V0.5 in Prozent C=99 H=85 G=92
[Verzeichnis aufwärts0.19unsichere VerbindungÜbersetzung europäischer Sprachen durch Browser2026-06-05]
2026-06-09
