Re: [PATCH bpf] selftests/bpf: Fix xdp_synproxy build failure if CONFIG_NF_CONNTRACK=m/n

8 Jul 2022

On Fri, Jul 8, 2022 at 6:03 AM Maxim Mikityanskiy maximmi@nvidia.com wrote:
...
When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member
BPF_F_CURRENT_NETNS are not exposed. This commit allows building the
xdp_synproxy selftest in such cases. Note that nf_conntrack must be
loaded before running the test if it's compiled as a module.
This commit also allows this selftest to be successfully compiled when
CONFIG_NF_CONNTRACK is disabled.
One unused local variable of type struct bpf_ct_opts is also removed.
Reported-by: Yauheni Kaliuta ykaliuta@redhat.com
Signed-off-by: Maxim Mikityanskiy maximmi@nvidia.com
Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers")
Given tools/testing/selftests/bpf/config specifies CONFIG_NF_CONNTRACK=y,
I don't think this is really necessary.
Thanks,
Song
...

.../selftests/bpf/progs/xdp_synproxy_kern.c   | 24 +++++++++++++------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
index 9fd62e94b5e6..736686e903f6 100644
--- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
+++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c
@@ -77,16 +77,30 @@ struct {
        __uint(max_entries, MAX_ALLOWED_PORTS);
 } allowed_ports SEC(".maps");
+/* Some symbols defined in net/netfilter/nf_conntrack_bpf.c are unavailable in


vmlinux.h if CONFIG_NF_CONNTRACK=m, so they are redefined locally.


*/


+struct bpf_ct_opts___local {

  s32 netns_id;


  s32 error;


  u8 l4proto;


  u8 dir;


  u8 reserved[2];



+} __attribute__((preserve_access_index));



+#define BPF_F_CURRENT_NETNS (-1)



extern struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *xdp_ctx,
                                         struct bpf_sock_tuple *bpf_tuple,
                                         __u32 len_tuple,

                                   struct bpf_ct_opts *opts,




                                   struct bpf_ct_opts___local *opts,
                                   __u32 len_opts) __ksym;




extern struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *skb_ctx,
                                         struct bpf_sock_tuple *bpf_tuple,
                                         u32 len_tuple,

                                   struct bpf_ct_opts *opts,




                                   struct bpf_ct_opts___local *opts,
                                   u32 len_opts) __ksym;




extern void bpf_ct_release(struct nf_conn *ct) __ksym;
@@ -393,7 +407,7 @@ static __always_inline int tcp_dissect(void *data, void *data_end,
static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp)
 {

  struct bpf_ct_opts ct_lookup_opts = {




  struct bpf_ct_opts___local ct_lookup_opts = {
          .netns_id = BPF_F_CURRENT_NETNS,
          .l4proto = IPPROTO_TCP,
  };



@@ -714,10 +728,6 @@ static __always_inline int syncookie_handle_ack(struct header_pointers *hdr)
 static __always_inline int syncookie_part1(void *ctx, void *data, void *data_end,
                                           struct header_pointers *hdr, bool xdp)
 {

  struct bpf_ct_opts ct_lookup_opts = {


          .netns_id = BPF_F_CURRENT_NETNS,


          .l4proto = IPPROTO_TCP,


  };
  int ret;

  ret = tcp_dissect(data, data_end, hdr);



--
2.30.2

    

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH bpf] selftests/bpf: Fix xdp_synproxy build failure if CONFIG_NF_CONNTRACK=m/n