From: Nikolay Aleksandrov <razor@blackwall.org>
To: netdev@vger.kernel.org
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Martynas Pumputis <m@lambda.lt>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
wireguard@lists.zx2c4.com, kuba@kernel.org, davem@davemloft.net,
Nikolay Aleksandrov <razor@blackwall.org>
Subject: [PATCH net 2/2] wireguard: selftests: add metadata_dst xmit selftest
Date: Thu, 14 Apr 2022 13:44:58 +0300 [thread overview]
Message-ID: <20220414104458.3097244-3-razor@blackwall.org> (raw)
In-Reply-To: <20220414104458.3097244-1-razor@blackwall.org>
Add a selftest for transmitting skb with md_dst attached. It is done via
a bpf program which uses bpf_skb_set_tunnel_key on wireguard's egress
path. It requires clang and tc to be installed. If the test finishes
without a crash it is considered successful.
CC: wireguard@lists.zx2c4.com
CC: Jason A. Donenfeld <Jason@zx2c4.com>
CC: Daniel Borkmann <daniel@iogearbox.net>
CC: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
---
Executed the prep compilation commands with n1 to make them visible.
tools/testing/selftests/wireguard/netns.sh | 63 ++++++++++++++++++++++
1 file changed, 63 insertions(+)
diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh
index 8a9461aa0878..b492dbb94245 100755
--- a/tools/testing/selftests/wireguard/netns.sh
+++ b/tools/testing/selftests/wireguard/netns.sh
@@ -156,6 +156,67 @@ tests() {
done
}
+md_dst_test_cleanup() {
+ rm -rf /tmp/test_wg_tun.c /tmp/test_wg_tun.ll /tmp/test_wg_tun.o
+ n1 tc qdisc del dev wg0 clsact
+}
+
+# test for md dst on wireguard's egress path
+md_dst_test() {
+ # clang is required for the test
+ if [[ ! -x "$(command -v "clang")" ]]; then
+ return
+ fi
+
+ # attach md dst to the skb on egress using bpf_skb_set_tunnel_key
+ n1 cat > /tmp/test_wg_tun.c <<EOF
+#include <linux/bpf.h>
+
+#ifndef TC_ACT_OK
+# define TC_ACT_OK 0
+#endif
+
+static long (*bpf_skb_set_tunnel_key)(struct __sk_buff *skb, struct bpf_tunnel_key *key, __u32 size, __u64 flags) = (void *) 21;
+
+__attribute__((section("egress"), used))
+int tc_egress(struct __sk_buff *skb)
+{
+ struct bpf_tunnel_key key = {};
+
+ bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
+
+ return TC_ACT_OK;
+}
+
+char __license[] __attribute__((section("license"), used)) = "GPL";
+EOF
+
+ n1 clang -O2 -emit-llvm -c /tmp/test_wg_tun.c -o /tmp/test_wg_tun.ll
+ if [[ ! -f "/tmp/test_wg_tun.ll" ]]; then
+ md_dst_test_cleanup
+ return
+ fi
+ n1 llc -march=bpf -filetype=obj -o /tmp/test_wg_tun.o /tmp/test_wg_tun.ll
+ if [[ ! -f "/tmp/test_wg_tun.o" ]]; then
+ md_dst_test_cleanup
+ return
+ fi
+
+ n1 tc qdisc add dev wg0 clsact
+ if [[ $? -ne 0 ]]; then
+ md_dst_test_cleanup
+ return
+ fi
+ n1 tc filter add dev wg0 egress basic action bpf obj /tmp/test_wg_tun.o sec egress
+ if [[ $? -ne 0 ]]; then
+ md_dst_test_cleanup
+ return
+ fi
+ n1 ping -c 2 -f -W 1 192.168.241.2
+ # if we reach here without a crash the test passed
+ md_dst_test_cleanup
+}
+
[[ $(ip1 link show dev wg0) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}"
big_mtu=$(( 34816 - 1500 + $orig_mtu ))
@@ -175,6 +236,8 @@ read _ rx_bytes tx_bytes < <(n1 wg show wg0 transfer)
read _ timestamp < <(n1 wg show wg0 latest-handshakes)
(( timestamp != 0 ))
+md_dst_test
+
tests
ip1 link set wg0 mtu $big_mtu
ip2 link set wg0 mtu $big_mtu
--
2.35.1
next prev parent reply other threads:[~2022-04-22 0:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 10:44 [PATCH net 0/2] wireguard: device: fix metadata_dst xmit null pointer dereference Nikolay Aleksandrov
2022-04-14 10:44 ` [PATCH net 1/2] " Nikolay Aleksandrov
2022-04-14 11:28 ` Daniel Borkmann
2022-04-14 11:58 ` Jason A. Donenfeld
2022-04-14 10:44 ` Nikolay Aleksandrov [this message]
2022-04-14 12:06 ` [PATCH net 2/2] wireguard: selftests: add metadata_dst xmit selftest Jason A. Donenfeld
2022-04-14 12:12 ` Nikolay Aleksandrov
2022-04-14 12:24 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220414104458.3097244-3-razor@blackwall.org \
--to=razor@blackwall.org \
--cc=Jason@zx2c4.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=m@lambda.lt \
--cc=netdev@vger.kernel.org \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).