| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200415085437.23028-3-liuhangbin@gmail.com>
Date: Wed, 15 Apr 2020 16:54:37 +0800
From: Hangbin Liu <liuhangbin@...il.com>
To: bpf@...r.kernel.org
Cc: netdev@...r.kernel.org,
Toke Høiland-Jørgensen <toke@...hat.com>,
Jiri Benc <jbenc@...hat.com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Eelco Chaudron <echaudro@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Hangbin Liu <liuhangbin@...il.com>
Subject: [RFC PATCH bpf-next 2/2] sample/bpf: add xdp_redirect_map_multicast test
This test is used for testing xdp multicast. It defined 3 groups
for different usage. Each interface in init net has different
exclude interfaces. In the test it tests both generic/native mode
and 3 different map-in-map types.
For more testing details, please see the test description in
xdp_redirect_map_multicast.sh.
Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
---
samples/bpf/Makefile | 3 +
samples/bpf/xdp_redirect_map_multicast.sh | 142 ++++++++
samples/bpf/xdp_redirect_map_multicast_kern.c | 147 +++++++++
samples/bpf/xdp_redirect_map_multicast_user.c | 306 ++++++++++++++++++
4 files changed, 598 insertions(+)
create mode 100755 samples/bpf/xdp_redirect_map_multicast.sh
create mode 100644 samples/bpf/xdp_redirect_map_multicast_kern.c
create mode 100644 samples/bpf/xdp_redirect_map_multicast_user.c
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index 424f6fe7ce38..55555b0267cf 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -41,6 +41,7 @@ tprogs-y += test_map_in_map
tprogs-y += per_socket_stats_example
tprogs-y += xdp_redirect
tprogs-y += xdp_redirect_map
+tprogs-y += xdp_redirect_map_multicast
tprogs-y += xdp_redirect_cpu
tprogs-y += xdp_monitor
tprogs-y += xdp_rxq_info
@@ -97,6 +98,7 @@ test_map_in_map-objs := bpf_load.o test_map_in_map_user.o
per_socket_stats_example-objs := cookie_uid_helper_example.o
xdp_redirect-objs := xdp_redirect_user.o
xdp_redirect_map-objs := xdp_redirect_map_user.o
+xdp_redirect_map_multicast-objs := bpf_load.o xdp_redirect_map_multicast_user.o
xdp_redirect_cpu-objs := bpf_load.o xdp_redirect_cpu_user.o
xdp_monitor-objs := bpf_load.o xdp_monitor_user.o
xdp_rxq_info-objs := xdp_rxq_info_user.o
@@ -156,6 +158,7 @@ always-y += tcp_tos_reflect_kern.o
always-y += tcp_dumpstats_kern.o
always-y += xdp_redirect_kern.o
always-y += xdp_redirect_map_kern.o
+always-y += xdp_redirect_map_multicast_kern.o
always-y += xdp_redirect_cpu_kern.o
always-y += xdp_monitor_kern.o
always-y += xdp_rxq_info_kern.o
diff --git a/samples/bpf/xdp_redirect_map_multicast.sh b/samples/bpf/xdp_redirect_map_multicast.sh
new file mode 100755
index 000000000000..01f825e33060
--- /dev/null
+++ b/samples/bpf/xdp_redirect_map_multicast.sh
@@ -0,0 +1,142 @@
+#!/bin/bash
+# Test topology:
+# - - - - - - - - - - - - - - - - - - - - - - - - -
+# | veth1 veth2 veth3 veth4 | init net
+# - -| - - - - - - | - - - - - - | - - - - - - | - -
+# --------- --------- --------- ---------
+# | veth0 | | veth0 | | veth0 | | veth0 |
+# --------- --------- --------- ---------
+# ns1 ns2 ns3 ns4
+#
+# Include Groups:
+# Group 1 has interfaces: veth1, veth2, veth3, veth4 (All traffic except IPv4, IPv6)
+# Group 2 has interfaces: veth1, veth3 (For IPv4 traffic only)
+# Group 3 has interfaces: veth2, veth4 (For IPv6 traffic only)
+# Exclude Groups:
+# veth1: exclude veth1
+# veth2: exclude veth2
+# veth3: exclude veth3, veth4
+# veth4: exclude veth3, veth4
+#
+# Testing:
+# XDP modes: generic, native
+# map types: array of array, hash of array, hash of hash
+# Include:
+# IPv4:
+# ns1 -> ns2 (fail), ns1 -> ns3 (pass)
+# IPv6
+# ns4 -> ns1 (fail), ns4 -> ns2 (pass)
+# Exclude:
+# arp ns1 -> ns2: ns2, ns3, ns4 should receive the arp request
+# arp ns4 -> ns1: ns1, ns2 should receive the arp request, ns3 should not
+#
+
+
+# netns numbers
+NUM=4
+IFACES=""
+DRV_MODE="generic native"
+MAP_TYPE="aa ha hh"
+
+test_pass()
+{
+ echo "Pass: $@"
+}
+
+test_fail()
+{
+ echo "fail: $@"
+}
+
+clean_up()
+{
+ for i in $(seq $NUM); do
+ ip netns del ns$i
+ done
+}
+
+setup_ns()
+{
+ local mode=$1
+
+ for i in $(seq $NUM); do
+ ip netns add ns$i
+ ip link add veth0 type veth peer name veth$i
+ ip link set veth0 netns ns$i
+ ip netns exec ns$i ip link set veth0 up
+ ip link set veth$i up
+
+ ip netns exec ns$i ip addr add 192.0.2.$i/24 dev veth0
+ ip netns exec ns$i ip addr add 2001:db8::$i/24 dev veth0
+ # Use xdp_redirect_map_kern.o because the dummy section in
+ # xdp_redirect_map_multicast_kern.o does not support iproute2 loading
+ ip netns exec ns$i ip link set veth0 xdp$mode obj xdp_redirect_map_kern.o sec xdp_redirect_dummy &> /dev/null || \
+ { test_fail "Unable to load dummy xdp" && exit 1; }
+ IFACES="$IFACES veth$i"
+ done
+}
+
+do_tests()
+{
+ local drv_mode=$1
+ local map_type=$2
+ local drv_p
+
+ [ ${drv_mode} == "drv" ] && drv_p="-N" || drv_p="-S"
+
+ ./xdp_redirect_map_multicast $drv_p -M $map_type $IFACES &> xdp_${drv_mode}_${map_type}.log &
+ xdp_pid=$!
+ sleep 10
+
+ # arp test
+ ip netns exec ns2 tcpdump -i veth0 -nn -l -e &> arp_ns1-2_${drv_mode}_${map_type}.log &
+ ip netns exec ns3 tcpdump -i veth0 -nn -l -e &> arp_ns1-3_${drv_mode}_${map_type}.log &
+ ip netns exec ns4 tcpdump -i veth0 -nn -l -e &> arp_ns1-4_${drv_mode}_${map_type}.log &
+ ip netns exec ns1 ping 192.0.2.100 -c 4 &> /dev/null
+ sleep 2
+ pkill -9 tcpdump
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.1" arp_ns1-2_${drv_mode}_${map_type}.log && \
+ test_pass "$drv_mode $map_type arp ns1-2" || test_fail "$drv_mode $map_type arp ns1-2"
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.1" arp_ns1-3_${drv_mode}_${map_type}.log && \
+ test_pass "$drv_mode $map_type arp ns1-3" || test_fail "$drv_mode $map_type arp ns1-3"
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.1" arp_ns1-4_${drv_mode}_${map_type}.log && \
+ test_pass "$drv_mode $map_type arp ns1-4" || test_fail "$drv_mode $map_type arp ns1-4"
+
+ ip netns exec ns1 tcpdump -i veth0 -nn -l -e &> arp_ns4-1_${drv_mode}_${map_type}.log &
+ ip netns exec ns2 tcpdump -i veth0 -nn -l -e &> arp_ns4-2_${drv_mode}_${map_type}.log &
+ ip netns exec ns3 tcpdump -i veth0 -nn -l -e &> arp_ns4-3_${drv_mode}_${map_type}.log &
+ ip netns exec ns4 ping 192.0.2.100 -c 4 &> /dev/null
+ sleep 2
+ pkill -9 tcpdump
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.4" arp_ns4-1_${drv_mode}_${map_type}.log && \
+ test_pass "$drv_mode $map_type arp ns4-1" || test_fail "$drv_mode $map_type arp ns4-1"
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.4" arp_ns4-2_${drv_mode}_${map_type}.log && \
+ test_pass "$drv_mode $map_type arp ns4-2" || test_fail "$drv_mode $map_type arp ns4-2"
+ grep -q "Request who-has 192.0.2.100 tell 192.0.2.4" arp_ns4-3_${drv_mode}_${map_type}.log && \
+ test_fail "$drv_mode $map_type arp ns4-3" || test_pass "$drv_mode $map_type arp ns4-3"
+
+
+ # ping test
+ ip netns exec ns1 ping 192.0.2.2 -c 4 &> /dev/null && \
+ test_fail "$drv_mode $map_type ping ns1-2" || test_pass "$drv_mode $map_type ping ns1-2"
+ ip netns exec ns1 ping 192.0.2.3 -c 4 &> /dev/null && \
+ test_pass "$drv_mode $map_type ping ns1-3" || test_fail "$drv_mode $map_type ping ns1-3"
+
+ # ping6 test
+ ip netns exec ns4 ping6 2001:db8::1 -c 4 &> /dev/null && \
+ test_fail "$drv_mode $map_type ping6 ns4-1" || test_pass "$drv_mode $map_type ping6 ns4-1"
+ ip netns exec ns4 ping6 2001:db8::2 -c 4 &> /dev/null && \
+ test_pass "$drv_mode $map_type ping6 ns4-2" || test_fail "$drv_mode $map_type ping6 ns4-2"
+
+ kill $xdp_pid
+}
+
+for mode in ${DRV_MODE}; do
+ sleep 2
+ setup_ns $mode
+ for type in ${MAP_TYPE}; do
+ do_tests $mode $type
+ done
+ sleep 20
+ clean_up
+done
diff --git a/samples/bpf/xdp_redirect_map_multicast_kern.c b/samples/bpf/xdp_redirect_map_multicast_kern.c
new file mode 100644
index 000000000000..f2ac36eed0e9
--- /dev/null
+++ b/samples/bpf/xdp_redirect_map_multicast_kern.c
@@ -0,0 +1,147 @@
+/* This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ */
+#define KBUILD_MODNAME "foo"
+#include <uapi/linux/bpf.h>
+#include <linux/in.h>
+#include <linux/if_ether.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <bpf/bpf_helpers.h>
+
+#define MAX_NR_PORTS 65536
+
+/* In the sample we will store all ports to group 1.
+ * And add two multicast groups:
+ * group 2 for even number interfaces, group 3 for odd number interfaces
+ */
+
+/* This is an array map template(NOT used) for multicast group storage
+ * The format could be lined by index:ifindex, like
+ * [0, 0], [1, 1], [2, 0], [3, 3], [4,4], [5, 0], [6, 0] ...
+ * which would be easier to modify and update.
+ *
+ * This map also could be used as multicast exclude array map.
+ * */
+struct bpf_map_def SEC("maps") group_a = {
+ .type = BPF_MAP_TYPE_DEVMAP,
+ .key_size = sizeof(u32),
+ .value_size = sizeof(int),
+ .max_entries = MAX_NR_PORTS,
+};
+
+/* This is a hash map template(NOT used) for multicast group storage
+ * The format could be none-lined index:ifindex, like
+ * [1, 1], [3, 3], [4, 4]...
+ * which would save more spaces for storage
+ *
+ * This map also could be used as multicast exclude hash map.
+ * */
+struct bpf_map_def SEC("maps") group_h = {
+ .type = BPF_MAP_TYPE_DEVMAP_HASH,
+ .key_size = sizeof(u32),
+ .value_size = sizeof(int),
+ .max_entries = MAX_NR_PORTS,
+};
+
+/* This is an array map-in-map, the inner maps will store all the
+ * include array maps and exclude array maps
+ *
+ * The max_entries is MAX_NR_PORTS * 32 as I only use 3 groups.
+ * */
+struct bpf_map_def SEC("maps") a_of_group_a = {
+ .type = BPF_MAP_TYPE_ARRAY_OF_MAPS,
+ .key_size = sizeof(u32),
+ .value_size = sizeof(u32),
+ .max_entries = MAX_NR_PORTS * 32,
+};
+
+/* This is a hash map-in-map, the inner maps will store all the
+ * include array maps and exclude array maps
+ * */
+struct bpf_map_def SEC("maps") h_of_group_a = {
+ .type = BPF_MAP_TYPE_HASH_OF_MAPS,
+ .key_size = sizeof(u32),
+ .value_size = sizeof(u32),
+ .max_entries = MAX_NR_PORTS * 32,
+};
+
+/* This is a hash map-in-map, the inner maps will store all the
+ * include hash maps and exclude hash maps
+ * */
+struct bpf_map_def SEC("maps") h_of_group_h = {
+ .type = BPF_MAP_TYPE_HASH_OF_MAPS,
+ .key_size = sizeof(u32),
+ .value_size = sizeof(u32),
+ .max_entries = MAX_NR_PORTS * 32,
+};
+
+/* Note: This map is not used yet, we get the gourp id based on IP version at
+ * present.
+ *
+ * This map is used to store all the include groups fds based on ip/mac dest.
+ */
+struct bpf_map_def SEC("maps") mcast_route_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(__u32),
+ .value_size = sizeof(__u16),
+ .max_entries = MAX_NR_PORTS,
+};
+
+/* TODO: This is used for broadcast redirecting/forwarding,
+ * how to do the redirecting/forwarding one on one based on neigh tables?? */
+SEC("xdp_redirect_map")
+int xdp_redirect_map_prog(struct xdp_md *ctx)
+{
+ u32 key, mcast_group_id, exclude_group_id, redirect_key;
+ void *data_end = (void *)(long)ctx->data_end;
+ void *data = (void *)(long)ctx->data;
+ struct ethhdr *eth = data;
+ int *inmap_id;
+ u16 h_proto;
+ u64 nh_off;
+
+ nh_off = sizeof(*eth);
+ if (data + nh_off > data_end)
+ return XDP_DROP;
+
+ h_proto = eth->h_proto;
+
+ if (h_proto == htons(ETH_P_IPV6))
+ mcast_group_id = 3;
+ else if (h_proto == htons(ETH_P_IP))
+ mcast_group_id = 2;
+ else
+ mcast_group_id = 1;
+
+ exclude_group_id = ctx->ingress_ifindex;
+ redirect_key = (mcast_group_id << 16) | exclude_group_id;
+
+ key = 1 << 16;
+ if ((inmap_id = bpf_map_lookup_elem(&a_of_group_a, &key)) && inmap_id)
+ return bpf_redirect_map(&a_of_group_a, redirect_key, 0);
+ else if ((inmap_id = bpf_map_lookup_elem(&h_of_group_a, &key)) && inmap_id)
+ return bpf_redirect_map(&h_of_group_a, redirect_key, 0);
+ else if ((inmap_id = bpf_map_lookup_elem(&h_of_group_h, &key)) && inmap_id)
+ return bpf_redirect_map(&h_of_group_h, redirect_key, 0);
+
+ return XDP_PASS;
+}
+
+/* FIXME: This prog could not be load by iproute2 as the map-in-map need
+ * set inner map fd first.
+ */
+SEC("xdp_redirect_dummy")
+int xdp_redirect_dummy_prog(struct xdp_md *ctx)
+{
+ return XDP_PASS;
+}
+
+char _license[] SEC("license") = "GPL";
diff --git a/samples/bpf/xdp_redirect_map_multicast_user.c b/samples/bpf/xdp_redirect_map_multicast_user.c
new file mode 100644
index 000000000000..a451c90a05b6
--- /dev/null
+++ b/samples/bpf/xdp_redirect_map_multicast_user.c
@@ -0,0 +1,306 @@
+/* SPDX-License-Identifier: GPL-2.0-only
+ */
+#include <linux/bpf.h>
+#include <linux/if_link.h>
+#include <errno.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <net/if.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <sys/resource.h>
+
+#include "bpf_load.h"
+#include <bpf/bpf.h>
+#include <bpf/libbpf.h>
+
+#define MAX_IFACE_NUM 32
+#define MAX_NR_PORTS 65536
+
+static int ifaces[MAX_IFACE_NUM] = {};
+static __u32 xdp_flags = XDP_FLAGS_UPDATE_IF_NOEXIST;
+
+static void int_exit(int sig)
+{
+ __u32 prog_id = 0;
+ int i;
+
+ for (i = 0; ifaces[i] > 0; i++) {
+ if (bpf_get_link_xdp_id(ifaces[i], &prog_id, xdp_flags)) {
+ printf("bpf_get_link_xdp_id failed\n");
+ exit(1);
+ }
+ if (prog_id)
+ bpf_set_link_xdp_fd(ifaces[i], -1, xdp_flags);
+ }
+
+ exit(0);
+}
+
+static int init_map_in_map(struct bpf_object *obj, char *outmap_name, bool inmap_hash)
+{
+ struct bpf_map *outmap;
+ int inmap_fd, ret;
+
+ inmap_fd = bpf_create_map(inmap_hash ? BPF_MAP_TYPE_DEVMAP_HASH : BPF_MAP_TYPE_DEVMAP, sizeof(__u32), sizeof(int), MAX_NR_PORTS, 0);
+ if (inmap_fd < 0) {
+ printf("Failed to create inner map '%s'!\n", strerror(errno));
+ return 1;
+ }
+ outmap = bpf_object__find_map_by_name(obj, outmap_name);
+ if (!outmap) {
+ printf("Failed to load map %s from test prog\n", outmap_name);
+ return 1;
+ }
+ ret = bpf_map__set_inner_map_fd(outmap, inmap_fd);
+ if (ret) {
+ printf("Failed to set inner_map_fd for map %s\n", outmap_name);
+ return 1;
+ }
+
+ return 0;
+}
+
+static void usage(const char *prog)
+{
+ fprintf(stderr,
+ "usage: %s [OPTS] <IFNAME|IFINDEX> <IFNAME|IFINDEX> ...\n"
+ "OPTS:\n"
+ " -S use skb-mode\n"
+ " -N enforce native mode\n"
+ " -F force loading prog\n"
+ " -M map-in-map mode, could be aa, ha, hh(default)\n",
+ prog);
+}
+
+int main(int argc, char **argv)
+{
+ struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
+ struct bpf_object_open_attr obj_open_attr = {
+ .prog_type = BPF_PROG_TYPE_XDP,
+ };
+ struct bpf_program *prog;
+ struct bpf_object *obj;
+ struct bpf_map *outmap;
+ char *outmap_name;
+ char ifname[IF_NAMESIZE];
+ int pro_fd, inmap_fd, outmap_fd;
+ int i, j, ret, opt, ifindex;
+ __u32 inmap_id, key;
+ char filename[256];
+ bool inmap_hash;
+ char *mode = NULL;
+
+ while ((opt = getopt(argc, argv, "SNFM:")) != -1) {
+ switch (opt) {
+ case 'S':
+ xdp_flags |= XDP_FLAGS_SKB_MODE;
+ break;
+ case 'N':
+ /* default, set below */
+ break;
+ case 'F':
+ xdp_flags &= ~XDP_FLAGS_UPDATE_IF_NOEXIST;
+ break;
+ case 'M':
+ mode = optarg;
+ break;
+ default:
+ usage(basename(argv[0]));
+ return 1;
+ }
+ }
+
+ if (!(xdp_flags & XDP_FLAGS_SKB_MODE))
+ xdp_flags |= XDP_FLAGS_DRV_MODE;
+
+ if (optind == argc) {
+ printf("usage: %s <IFNAME|IFINDEX> <IFNAME|IFINDEX> ...\n", argv[0]);
+ return 1;
+ }
+
+ /* array of array */
+ if (strncmp(mode, "aa", 2) == 0) {
+ outmap_name = "a_of_group_a";
+ inmap_hash = false;
+ /* hash of array */
+ } else if (strncmp(mode, "ha", 2) == 0) {
+ outmap_name = "h_of_group_a";
+ inmap_hash = false;
+ /* hash of hash */
+ } else {
+ outmap_name = "h_of_group_h";
+ inmap_hash = true;
+ }
+
+ if (setrlimit(RLIMIT_MEMLOCK, &r)) {
+ perror("setrlimit(RLIMIT_MEMLOCK)");
+ return 1;
+ }
+
+ printf("Get interfaces");
+ for (i = 0; i < MAX_IFACE_NUM && argv[optind + i]; i ++) {
+ ifaces[i] = if_nametoindex(argv[optind + i]);
+ if (!ifaces[i])
+ ifaces[i] = strtoul(argv[optind + i], NULL, 0);
+ if (!if_indextoname(ifaces[i], ifname)) {
+ perror("Invalid interface name or i");
+ return 1;
+ }
+ printf(" %d", ifaces[i]);
+ }
+ printf("\n");
+
+ /* open bpf obj, set inner fd for out map-in-map and load bpf obj */
+ snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
+ obj_open_attr.file = filename;
+ obj = bpf_object__open_xattr(&obj_open_attr);
+
+ /* We need set inner map fd for all outmaps. */
+ if(init_map_in_map(obj, "a_of_group_a", false)) {
+ printf("Failed to init out map a_of_group_a\n");
+ goto err_out;
+ }
+ if(init_map_in_map(obj, "h_of_group_a", false)) {
+ printf("Failed to init out map h_of_group_a\n");
+ goto err_out;
+ }
+ if(init_map_in_map(obj, "h_of_group_h", true)) {
+ printf("Failed to init out map h_of_group_h\n");
+ goto err_out;
+ }
+
+ bpf_object__load(obj);
+
+ prog = bpf_program__next(NULL, obj);
+ pro_fd = bpf_program__fd(prog);
+
+ outmap = bpf_object__find_map_by_name(obj, outmap_name);
+ if (!outmap) {
+ printf("Failed to load map %s from test prog\n", outmap_name);
+ goto err_out;
+ }
+ outmap_fd = bpf_map__fd(outmap);
+ if (outmap_fd < 0) {
+ printf("Failed to get fd from map %s\n", outmap_name);
+ goto err_out;
+ }
+ /* Init 3 multicast groups first.
+ * group 1: this is used for all ports group
+ * group 2: this is used for even number interfaces
+ * group 3: this is used for odd number interfaces
+ * You can store the group number in mcast_route_map for furture
+ * IP/MAC -> Multicast Group lookup.
+ */
+ for (i = 1; i <= 3; i++) {
+ /* Split the include/exclude groups by 16 bit
+ * FIXME: is there a flexible way? how to let
+ * kernel side know this?
+ */
+ key = i << 16;
+ inmap_fd = bpf_create_map(inmap_hash ? BPF_MAP_TYPE_DEVMAP_HASH : BPF_MAP_TYPE_DEVMAP, sizeof(__u32), sizeof(int), MAX_NR_PORTS, 0);
+ if (inmap_fd < 0) {
+ printf("Failed to create inner map '%s'!\n", strerror(errno));
+ goto err_out;
+ }
+ ret = bpf_map_update_elem(outmap_fd, &key, &inmap_fd, 0);
+ if (ret) {
+ printf("Failed to update map %s\n", outmap_name);
+ goto err_out;
+ }
+ }
+
+ signal(SIGINT, int_exit);
+ signal(SIGTERM, int_exit);
+
+ /* Set values for each map
+ * 1. set all ports to group 1
+ * 2. set ports to group 2 or 3 based on interface index
+ * 3. set exclude group for each interface
+ */
+ for (i = 0; ifaces[i] > 0; i++) {
+ ifindex = ifaces[i];
+
+ /* bind pro_fd to each interface */
+ ret = bpf_set_link_xdp_fd(ifindex, pro_fd, xdp_flags);
+ if (ret) {
+ printf("Set xdp fd failed on %d\n", ifindex);
+ goto err_out;
+ }
+
+ /* Add the interface to group 1 */
+ key = 1 << 16;
+ ret = bpf_map_lookup_elem(outmap_fd, &key, &inmap_id);
+ if (ret) {
+ printf("Failed to lookup inmap by key %u from map %s\n", key, outmap_name);
+ goto err_out;
+ }
+ inmap_fd = bpf_map_get_fd_by_id(inmap_id);
+ ret = bpf_map_update_elem(inmap_fd, &ifindex, &ifindex, 0);
+ if (ret) {
+ printf("Failed to update key %d, value %d for inmap id %u\n", ifindex, ifindex, inmap_id);
+ goto err_out;
+ }
+
+ /* Add the even number ifaces to group 2 and odd ifaces to group 3 */
+ if (i % 2 == 0)
+ key = 2 << 16;
+ else
+ key = 3 << 16;
+ ret = bpf_map_lookup_elem(outmap_fd, &key, &inmap_id);
+ if (ret) {
+ printf("Failed to lookup inmap by key %u from map %s\n", key, outmap_name);
+ goto err_out;
+ }
+ inmap_fd = bpf_map_get_fd_by_id(inmap_id);
+ ret = bpf_map_update_elem(inmap_fd, &ifindex, &ifindex, 0);
+ if (ret) {
+ printf("Failed to update key %d, value %d for inmap id %u\n", ifindex, ifindex, inmap_id);
+ goto err_out;
+ }
+
+ /* Set the exclude map for the interfaces */
+ key = ifindex;
+ inmap_fd = bpf_create_map(inmap_hash ? BPF_MAP_TYPE_DEVMAP_HASH : BPF_MAP_TYPE_DEVMAP, sizeof(__u32), sizeof(int), MAX_NR_PORTS, 0);
+ if (inmap_fd < 0) {
+ printf("Failed to create inner map '%s'!\n", strerror(errno));
+ goto err_out;
+ }
+ ret = bpf_map_update_elem(inmap_fd, &ifindex, &ifindex, 0);
+ if (ret) {
+ printf("Failed to update key %d, value %d for exclude inmap\n", ifindex, ifindex);
+ goto err_out;
+ }
+
+ /* let test exclude map by excluding all the interfaces except
+ * the first one. The first two interfaces are not affect. e.g.
+ * iface_1 = [1], iface_2 = [2], iface_3 = [3, 4,..],
+ * iface_4 = [3, 4,...]
+ */
+ for (j = 2; ifaces[j] > 0; j++) {
+ if (i <= 1 || i == j)
+ continue;
+ ifindex = ifaces[j];
+ ret = bpf_map_update_elem(inmap_fd, &ifindex, &ifindex, 0);
+ if (ret) {
+ printf("Failed to update key %d, value %d for exclude inmap\n", ifindex, ifindex);
+ goto err_out;
+ }
+
+ }
+ ret = bpf_map_update_elem(outmap_fd, &key, &inmap_fd, 0);
+ if (ret) {
+ printf("Failed to update map %s\n", outmap_name);
+ goto err_out;
+ }
+ }
+
+ sleep(600);
+ return 0;
+
+err_out:
+ return 1;
+}
--
2.19.2
Powered by blists - more mailing lists