When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member BPF_F_CURRENT_NETNS are not exposed. This commit allows building the xdp_synproxy selftest in such cases. Note that nf_conntrack must be loaded before running the test if it's compiled as a module.
This commit also allows this selftest to be successfully compiled when CONFIG_NF_CONNTRACK is disabled.
One unused local variable of type struct bpf_ct_opts is also removed.
Reported-by: Yauheni Kaliuta ykaliuta@redhat.com Signed-off-by: Maxim Mikityanskiy maximmi@nvidia.com Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers") --- .../selftests/bpf/progs/xdp_synproxy_kern.c | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c index 9fd62e94b5e6..736686e903f6 100644 --- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c +++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c @@ -77,16 +77,30 @@ struct { __uint(max_entries, MAX_ALLOWED_PORTS); } allowed_ports SEC(".maps");
+/* Some symbols defined in net/netfilter/nf_conntrack_bpf.c are unavailable in + * vmlinux.h if CONFIG_NF_CONNTRACK=m, so they are redefined locally. + */ + +struct bpf_ct_opts___local { + s32 netns_id; + s32 error; + u8 l4proto; + u8 dir; + u8 reserved[2]; +} __attribute__((preserve_access_index)); + +#define BPF_F_CURRENT_NETNS (-1) + extern struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *xdp_ctx, struct bpf_sock_tuple *bpf_tuple, __u32 len_tuple, - struct bpf_ct_opts *opts, + struct bpf_ct_opts___local *opts, __u32 len_opts) __ksym;
extern struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *skb_ctx, struct bpf_sock_tuple *bpf_tuple, u32 len_tuple, - struct bpf_ct_opts *opts, + struct bpf_ct_opts___local *opts, u32 len_opts) __ksym;
extern void bpf_ct_release(struct nf_conn *ct) __ksym; @@ -393,7 +407,7 @@ static __always_inline int tcp_dissect(void *data, void *data_end,
static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp) { - struct bpf_ct_opts ct_lookup_opts = { + struct bpf_ct_opts___local ct_lookup_opts = { .netns_id = BPF_F_CURRENT_NETNS, .l4proto = IPPROTO_TCP, }; @@ -714,10 +728,6 @@ static __always_inline int syncookie_handle_ack(struct header_pointers *hdr) static __always_inline int syncookie_part1(void *ctx, void *data, void *data_end, struct header_pointers *hdr, bool xdp) { - struct bpf_ct_opts ct_lookup_opts = { - .netns_id = BPF_F_CURRENT_NETNS, - .l4proto = IPPROTO_TCP, - }; int ret;
ret = tcp_dissect(data, data_end, hdr);
On Fri, Jul 8, 2022 at 6:03 AM Maxim Mikityanskiy maximmi@nvidia.com wrote:
When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member BPF_F_CURRENT_NETNS are not exposed. This commit allows building the xdp_synproxy selftest in such cases. Note that nf_conntrack must be loaded before running the test if it's compiled as a module.
This commit also allows this selftest to be successfully compiled when CONFIG_NF_CONNTRACK is disabled.
One unused local variable of type struct bpf_ct_opts is also removed.
Reported-by: Yauheni Kaliuta ykaliuta@redhat.com Signed-off-by: Maxim Mikityanskiy maximmi@nvidia.com Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers")
Given tools/testing/selftests/bpf/config specifies CONFIG_NF_CONNTRACK=y, I don't think this is really necessary.
Thanks, Song
.../selftests/bpf/progs/xdp_synproxy_kern.c | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c index 9fd62e94b5e6..736686e903f6 100644 --- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c +++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c @@ -77,16 +77,30 @@ struct { __uint(max_entries, MAX_ALLOWED_PORTS); } allowed_ports SEC(".maps");
+/* Some symbols defined in net/netfilter/nf_conntrack_bpf.c are unavailable in
- vmlinux.h if CONFIG_NF_CONNTRACK=m, so they are redefined locally.
- */
+struct bpf_ct_opts___local {
s32 netns_id;s32 error;u8 l4proto;u8 dir;u8 reserved[2];+} __attribute__((preserve_access_index));
+#define BPF_F_CURRENT_NETNS (-1)
extern struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *xdp_ctx, struct bpf_sock_tuple *bpf_tuple, __u32 len_tuple,
struct bpf_ct_opts *opts,
struct bpf_ct_opts___local *opts, __u32 len_opts) __ksym;extern struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *skb_ctx, struct bpf_sock_tuple *bpf_tuple, u32 len_tuple,
struct bpf_ct_opts *opts,
struct bpf_ct_opts___local *opts, u32 len_opts) __ksym;extern void bpf_ct_release(struct nf_conn *ct) __ksym; @@ -393,7 +407,7 @@ static __always_inline int tcp_dissect(void *data, void *data_end,
static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp) {
struct bpf_ct_opts ct_lookup_opts = {
struct bpf_ct_opts___local ct_lookup_opts = { .netns_id = BPF_F_CURRENT_NETNS, .l4proto = IPPROTO_TCP, };@@ -714,10 +728,6 @@ static __always_inline int syncookie_handle_ack(struct header_pointers *hdr) static __always_inline int syncookie_part1(void *ctx, void *data, void *data_end, struct header_pointers *hdr, bool xdp) {
struct bpf_ct_opts ct_lookup_opts = {.netns_id = BPF_F_CURRENT_NETNS,.l4proto = IPPROTO_TCP,}; int ret; ret = tcp_dissect(data, data_end, hdr);-- 2.30.2
On Fri, Jul 8, 2022 at 9:49 AM Song Liu song@kernel.org wrote:
On Fri, Jul 8, 2022 at 6:03 AM Maxim Mikityanskiy maximmi@nvidia.com wrote:
When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member BPF_F_CURRENT_NETNS are not exposed. This commit allows building the xdp_synproxy selftest in such cases. Note that nf_conntrack must be loaded before running the test if it's compiled as a module.
This commit also allows this selftest to be successfully compiled when CONFIG_NF_CONNTRACK is disabled.
One unused local variable of type struct bpf_ct_opts is also removed.
Reported-by: Yauheni Kaliuta ykaliuta@redhat.com Signed-off-by: Maxim Mikityanskiy maximmi@nvidia.com Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers")
Given tools/testing/selftests/bpf/config specifies CONFIG_NF_CONNTRACK=y, I don't think this is really necessary.
We do redefine some of the kernel structs (e.g., bpf_iter.h), though, to simplify build systems if it doesn't cost much maintenance burden. Which seems to be the case here. So I've applied this to bpf-next tree.
Thanks, Song
[...]
Hello:
This patch was applied to bpf/bpf-next.git (master) by Andrii Nakryiko andrii@kernel.org:
On Fri, 8 Jul 2022 16:03:19 +0300 you wrote:
When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member BPF_F_CURRENT_NETNS are not exposed. This commit allows building the xdp_synproxy selftest in such cases. Note that nf_conntrack must be loaded before running the test if it's compiled as a module.
This commit also allows this selftest to be successfully compiled when CONFIG_NF_CONNTRACK is disabled.
[...]
Here is the summary with links: - [bpf] selftests/bpf: Fix xdp_synproxy build failure if CONFIG_NF_CONNTRACK=m/n https://git.kernel.org/bpf/bpf-next/c/24bdfdd2ec34
You are awesome, thank you!
linux-kselftest-mirror@lists.linaro.org
-
Andrii Nakryiko -
Maxim Mikityanskiy -
patchwork-bot+netdevbpf@kernel.org -
Song Liu