Hello Martin,
On Sat Oct 18, 2025 at 2:18 AM CEST, Martin KaFai Lau wrote:
On 10/17/25 7:29 AM, Alexis Lothoré (eBPF Foundation) wrote:
The test_tc_tunnel.sh script checks that a large variety of tunneling mechanisms handled by the kernel can be handled as well by eBPF programs. While this test shares similarities with test_tunnel.c (which is already integrated in test_progs), those are testing slightly different things:
- test_tunnel.c creates a tunnel interface, and then get and set tunnel keys in packet metadata, from BPF programs.
- test_tc_tunnels.sh manually parses/crafts packets content
Bring the tests covered by test_tc_tunnel.sh into the test_progs framework, by creating a dedicated test_tc_tunnel.sh. This new test defines a "generic" runner which, for each test configuration:
- will bring the relevant veth pair, each of those isolated in a dedicated namespace
- will check that traffic will fail if there is only an encapsulating program attached to one veth egress
- will check that traffic succeed if we enable some decapsulation module on kernel side
- will check that traffic still succeeds if we replace the kernel decapsulation with some eBPF ingress decapsulation.
Example of the new test execution:
# ./test_progs -a tc_tunnel #447/1 tc_tunnel/ipip_none:OK #447/2 tc_tunnel/ipip6_none:OK #447/3 tc_tunnel/ip6tnl_none:OK #447/4 tc_tunnel/sit_none:OK #447/5 tc_tunnel/vxlan_eth:OK #447/6 tc_tunnel/ip6vxlan_eth:OK #447/7 tc_tunnel/gre_none:OK #447/8 tc_tunnel/gre_eth:OK #447/9 tc_tunnel/gre_mpls:OK #447/10 tc_tunnel/ip6gre_none:OK #447/11 tc_tunnel/ip6gre_eth:OK #447/12 tc_tunnel/ip6gre_mpls:OK #447/13 tc_tunnel/udp_none:OK #447/14 tc_tunnel/udp_eth:OK #447/15 tc_tunnel/udp_mpls:OK #447/16 tc_tunnel/ip6udp_none:OK #447/17 tc_tunnel/ip6udp_eth:OK #447/18 tc_tunnel/ip6udp_mpls:OK #447 tc_tunnel:OK Summary: 1/18 PASSED, 0 SKIPPED, 0 FAILED
Thanks for working on this!
Thanks for the prompt and detailed review !
One high level comment is to minimize switching netns to make the test easier to follow.
Yeah, all the NS switches make the overall setup a bit tedious. I'll give a try to your suggestions and see if we can reduce the number of NS open/close pairs.
Alexis