From patchwork Wed Nov 22 18:20:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 746279 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=dxuuu.xyz header.i=@dxuuu.xyz header.b="dF50PVdg"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="OF/BwjXR" Received: from new3-smtp.messagingengine.com (new3-smtp.messagingengine.com [66.111.4.229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04E201B3; Wed, 22 Nov 2023 10:21:06 -0800 (PST) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.nyi.internal (Postfix) with ESMTP id 4FDFA580452; Wed, 22 Nov 2023 13:21:06 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 22 Nov 2023 13:21:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1700677266; x= 1700684466; bh=JJhVdczU7V+MRWD9pKXDtWWzYuthdE42AK0YbBKT7ow=; b=d F50PVdgUTy+lowMWaJEiGE3zPZujRZVyTjo9FyOYpxRymzz4dCbUUyRQnC+9ixPu Ae5cUXNfOseMZ8hVjTJNbpYTPWlFFxD9u+4V4lYmGxwdJogtnVogAqxN+I6Yr3L0 nbCusAT9W91OPwOkF2WNX37MmDWweQrljYEajhG220IW9l/pc3/D2hFuhbryFXi3 F/e77zoKzP9ENJzVOYeaeqf+D1RvLLQ4ATfqvXCnen++OvLFZSAPlHsmLlDxBqlv nFCsZ8BYEVgCiNCUZqj3WccxcQ5oayYjE36dlYcvlluZtj3d9OAp0byVVDRDtdJX Rs7r8KHChg32URIzIFFSA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1700677266; x= 1700684466; bh=JJhVdczU7V+MRWD9pKXDtWWzYuthdE42AK0YbBKT7ow=; b=O F/BwjXRZNdD+dOpCFVX0WjjU5Ya1eFqTyNpSal68q2Ksaq3CaRLdnhqcUwLbkkk8 KdiKQSO0YHLJt/IR1HsTjPQDUCac9D8wR+eP2WoMR2f7Pvmx5xHhYU8wDKzl40v6 vGNnUb8Pg1kzowjwpikMTz2R4llSCYlHFL8D5dkxQTKNRoF7DNEDlI77Ce2Qw684 upgjQI9uMGukASuzT5p4xHY1+TNN73IiAfPQ9qCbW9nEraK8WA2ukqcmeX2J3c3K J0Aq+qKVPBGr5Goo4gMn9H4Wou9TN3kEBxY5So4WQMuelPVMvFzFX3643h49LSfg c97guHywmX8hpDuznn/7A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudehuddguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 Nov 2023 13:21:04 -0500 (EST) From: Daniel Xu To: shuah@kernel.org, daniel@iogearbox.net, andrii@kernel.org, ast@kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com Cc: martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, devel@linux-ipsec.org, netdev@vger.kernel.org Subject: [PATCH ipsec-next v1 4/7] bpf: selftests: test_tunnel: Mount bpffs if necessary Date: Wed, 22 Nov 2023 11:20:25 -0700 Message-ID: X-Mailer: git-send-email 2.42.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Previously, if bpffs was not already mounted, then the test suite would fail during object file pinning steps. Fix by mounting bpffs if necessary. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- tools/testing/selftests/bpf/test_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh index 85ba39992461..dd3c79129e87 100755 --- a/tools/testing/selftests/bpf/test_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tunnel.sh @@ -46,7 +46,8 @@ # 6) Forward the packet to the overlay tnl dev BPF_FILE="test_tunnel_kern.bpf.o" -BPF_PIN_TUNNEL_DIR="/sys/fs/bpf/tc/tunnel" +BPF_FS="/sys/fs/bpf" +BPF_PIN_TUNNEL_DIR="${BPF_FS}/tc/tunnel" PING_ARG="-c 3 -w 10 -q" ret=0 GREEN='\033[0;92m' @@ -668,10 +669,20 @@ check_err() fi } +mount_bpffs() +{ + if ! mount | grep "bpf on /sys/fs/bpf" &>/dev/null; then + mount -t bpf bpf "$BPF_FS" + fi +} + bpf_tunnel_test() { local errors=0 + echo "Mounting bpffs..." + mount_bpffs + echo "Testing GRE tunnel..." test_gre errors=$(( $errors + $? )) From patchwork Wed Nov 22 18:20:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 746278 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=dxuuu.xyz header.i=@dxuuu.xyz header.b="B+X9C77J"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="XxsmaB38" Received: from new3-smtp.messagingengine.com (new3-smtp.messagingengine.com [66.111.4.229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47BD4A2; Wed, 22 Nov 2023 10:21:10 -0800 (PST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailnew.nyi.internal (Postfix) with ESMTP id 9102758071C; Wed, 22 Nov 2023 13:21:09 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 22 Nov 2023 13:21:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1700677269; x= 1700684469; bh=FuK4bS9tTFjezD3GdPwdW0QDdO9NNWltDhOsenLHkyk=; b=B +X9C77JGH3b1jTsp6qm22PCvhJHboU5I/AIyQsdtB9+1Qy66Kd6gmgDVGi7QCjg8 axDkALIr3THvEO4neF5rzKw6uMDZ+HCdRTIk12UDDj3CYdpy8LSBdCoIHGmKS4I+ e+A2CLmQvixxmunJaeu9vvvDaI+A9jTFxXv3bPqKexp+SGalgRnoFDyS2YOIETkM czdl1wVDn0fKAcd6wA5gj/9qr47QVFBYZrdHNQSmv+cfQU2ez7Pni2BB2JRsY6/u ZcItv7XBi2p7w1HAlzXDgHWnlZgS98dh3zYYu0sKY4xgzZXzQqk0dtLDXjVUmP/A LdqTfaSIc3Zp5/amSXLKQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1700677269; x= 1700684469; bh=FuK4bS9tTFjezD3GdPwdW0QDdO9NNWltDhOsenLHkyk=; b=X xsmaB38ivKpsZWBP+/F0rQNi4Hd/4NUJJFChk5ZSYlKyu92A6/13jn09nEJX652p o2uw33xx1iMo81dEUOLGFX+jUzA4dPEmaTRkz/M/YQSCR4+gOmSzHmnoZgQWZ8bH 9i55uwqFLhi1MPrTAyCpVwiGxha8ysPuonbBcv3OY4GoxCMftxcYP6HBNa9fxuEP 4SJN2B3dx7471qBk4NH/O9SNYHJY0x6klCWQLW/VKM40OPvD5sQc3jKvBaTY8zr8 CzKeiHOUwcyduJpvpPAm7I6vLaGRsQD0EkWD9nN4klnnUTi78Avd2HqvxEFkJMkW EkGFIbKEWhxuN3SPuB5sg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudehuddguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 Nov 2023 13:21:08 -0500 (EST) From: Daniel Xu To: shuah@kernel.org, daniel@iogearbox.net, andrii@kernel.org, ast@kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com Cc: mykolal@fb.com, martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, devel@linux-ipsec.org, netdev@vger.kernel.org Subject: [PATCH ipsec-next v1 6/7] bpf: selftests: test_tunnel: Disable CO-RE relocations Date: Wed, 22 Nov 2023 11:20:27 -0700 Message-ID: <391d524c496acc97a8801d8bea80976f58485810.1700676682.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Switching to vmlinux.h definitions seems to make the verifier very unhappy with bitfield accesses. The error is: ; md.u.md2.dir = direction; 33: (69) r1 = *(u16 *)(r2 +11) misaligned stack access off (0x0; 0x0)+-64+11 size 2 It looks like disabling CO-RE relocations seem to make the error go away. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- tools/testing/selftests/bpf/progs/test_tunnel_kern.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index 3065a716544d..ec7e04e012ae 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -6,6 +6,7 @@ * modify it under the terms of version 2 of the GNU General Public * License as published by the Free Software Foundation. */ +#define BPF_NO_PRESERVE_ACCESS_INDEX #include "vmlinux.h" #include #include From patchwork Wed Nov 22 18:20:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Xu X-Patchwork-Id: 746277 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=dxuuu.xyz header.i=@dxuuu.xyz header.b="rC5vATeK"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="Om7uyCE+" Received: from new3-smtp.messagingengine.com (new3-smtp.messagingengine.com [66.111.4.229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45BD51AB; Wed, 22 Nov 2023 10:21:12 -0800 (PST) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 7333258071E; Wed, 22 Nov 2023 13:21:11 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 22 Nov 2023 13:21:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dxuuu.xyz; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1700677271; x= 1700684471; bh=MkiWZ7hndeUKcl/hIWbjV8IQ3kJNfZ+yq9JosgeOxnU=; b=r C5vATeKuhOW93dtcUKH8UClKCfjzF9Xl4bA1RFgGxj4x2Z/V0laY/04WwqJPq6Ad r28Y4QVdadBBSD5RVGoYZ13ZFEDERoDtoJyZpZfd3IYyqMy8lOwzToqb2la/SDfx 3fvZo3l3hsKpmbbLk0+LhBOO/lr2AEG5yrTLaPM5qOmrKpwQGbkiwyFQsbCy0EXl +fjuncUUzp318ZSwX1n0gML9TXAzYvF/P4IahnPdtPg5fD+w/vF1MUPmolNuh0xQ GPYsmMoGG0yvy6JQLvvDEw/KxMJYlyme/dCEPWxRXcE36hZhx1Pv4VPDc3vCBT0d 31MDYZbgkCky8BRxwIdhg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1700677271; x= 1700684471; bh=MkiWZ7hndeUKcl/hIWbjV8IQ3kJNfZ+yq9JosgeOxnU=; b=O m7uyCE+97C8ZSq/6OKBwWyKEv9gWkvbTgMlQEwaFo6d0wXG7ky4shzpSKmmYkVmr ZVnEDlNVXE6M/quKpBnxMl4F7OgTrq84wLH6JP7DfhbYnn12BSnbZkTaRu1SivfF VUJao4vmqHLyHgPZQiTtNaovT+QAWLLTxzJ31oAAF/u/+9DBat2JMnB6bDFMvpkT MPK1pI2Fi8Dr5qikEv/dNTvVDQjeoBfVZdCNUXjGEVyrEHAvUFAMoxT+ff6ixRRR 5WqRAnardiLg5vDzdeDb8gBw+MdvC0JiuPkuy5MOJDxgAV2K3GaLJDVAyVecYIWO dxfMLb4pdJRs7Zq4VlN9g== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrudehuddguddutdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculdefhedmnecujfgurhephf fvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomhepffgrnhhivghlucgiuhcu oegugihusegugihuuhhurdighiiiqeenucggtffrrghtthgvrhhnpefgfefggeejhfduie ekvdeuteffleeifeeuvdfhheejleejjeekgfffgefhtddtteenucevlhhushhtvghrufhi iigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpegugihusegugihuuhhurdighiii X-ME-Proxy: Feedback-ID: i6a694271:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 Nov 2023 13:21:09 -0500 (EST) From: Daniel Xu To: john.fastabend@gmail.com, davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, hawk@kernel.org, kuba@kernel.org, andrii@kernel.org, shuah@kernel.org, steffen.klassert@secunet.com, antony.antony@secunet.com, alexei.starovoitov@gmail.com Cc: martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, devel@linux-ipsec.org Subject: [PATCH ipsec-next v1 7/7] bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state() Date: Wed, 22 Nov 2023 11:20:28 -0700 Message-ID: <84111ba0ea652a7013df520c151d40d400401e9c.1700676682.git.dxu@dxuuu.xyz> X-Mailer: git-send-email 2.42.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This commit extends test_tunnel selftest to test the new XDP xfrm state lookup kfunc. Co-developed-by: Antony Antony Signed-off-by: Antony Antony Signed-off-by: Daniel Xu --- .../selftests/bpf/progs/test_tunnel_kern.c | 49 +++++++++++++++++++ tools/testing/selftests/bpf/test_tunnel.sh | 12 +++-- 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c index ec7e04e012ae..17bf9ce28460 100644 --- a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c @@ -35,6 +35,10 @@ int bpf_skb_set_fou_encap(struct __sk_buff *skb_ctx, struct bpf_fou_encap *encap, int type) __ksym; int bpf_skb_get_fou_encap(struct __sk_buff *skb_ctx, struct bpf_fou_encap *encap) __ksym; +struct xfrm_state * +bpf_xdp_get_xfrm_state(struct xdp_md *ctx, struct bpf_xfrm_state_opts *opts, + u32 opts__sz) __ksym; +void bpf_xdp_xfrm_state_release(struct xfrm_state *x) __ksym; struct { __uint(type, BPF_MAP_TYPE_ARRAY); @@ -948,4 +952,49 @@ int xfrm_get_state(struct __sk_buff *skb) return TC_ACT_OK; } +SEC("xdp") +int xfrm_get_state_xdp(struct xdp_md *xdp) +{ + struct bpf_xfrm_state_opts opts = {}; + struct xfrm_state *x = NULL; + struct ip_esp_hdr *esph; + struct bpf_dynptr ptr; + u8 esph_buf[8] = {}; + u8 iph_buf[20] = {}; + struct iphdr *iph; + u32 off; + + if (bpf_dynptr_from_xdp(xdp, 0, &ptr)) + goto out; + + off = sizeof(struct ethhdr); + iph = bpf_dynptr_slice(&ptr, off, iph_buf, sizeof(iph_buf)); + if (!iph || iph->protocol != IPPROTO_ESP) + goto out; + + off += sizeof(struct iphdr); + esph = bpf_dynptr_slice(&ptr, off, esph_buf, sizeof(esph_buf)); + if (!esph) + goto out; + + opts.netns_id = BPF_F_CURRENT_NETNS, + opts.daddr.a4 = iph->daddr; + opts.spi = esph->spi; + opts.proto = IPPROTO_ESP; + opts.family = AF_INET; + + x = bpf_xdp_get_xfrm_state(xdp, &opts, sizeof(opts)); + if (!x || opts.error) + goto out; + + if (!x->replay_esn) + goto out; + + bpf_printk("replay-window %d\n", x->replay_esn->replay_window); +out: + if (x) + bpf_xdp_xfrm_state_release(x); + return XDP_PASS; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_tunnel.sh b/tools/testing/selftests/bpf/test_tunnel.sh index dd3c79129e87..17d263681c71 100755 --- a/tools/testing/selftests/bpf/test_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tunnel.sh @@ -528,7 +528,7 @@ setup_xfrm_tunnel() # at_ns0 -> root ip netns exec at_ns0 \ ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ - spi $spi_in_to_out reqid 1 mode tunnel \ + spi $spi_in_to_out reqid 1 mode tunnel replay-window 42 \ auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc ip netns exec at_ns0 \ ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir out \ @@ -537,7 +537,7 @@ setup_xfrm_tunnel() # root -> at_ns0 ip netns exec at_ns0 \ ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ - spi $spi_out_to_in reqid 2 mode tunnel \ + spi $spi_out_to_in reqid 2 mode tunnel replay-window 42 \ auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc ip netns exec at_ns0 \ ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir in \ @@ -553,14 +553,14 @@ setup_xfrm_tunnel() # root namespace # at_ns0 -> root ip xfrm state add src 172.16.1.100 dst 172.16.1.200 proto esp \ - spi $spi_in_to_out reqid 1 mode tunnel \ + spi $spi_in_to_out reqid 1 mode tunnel replay-window 42 \ auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc ip xfrm policy add src 10.1.1.100/32 dst 10.1.1.200/32 dir in \ tmpl src 172.16.1.100 dst 172.16.1.200 proto esp reqid 1 \ mode tunnel # root -> at_ns0 ip xfrm state add src 172.16.1.200 dst 172.16.1.100 proto esp \ - spi $spi_out_to_in reqid 2 mode tunnel \ + spi $spi_out_to_in reqid 2 mode tunnel replay-window 42 \ auth-trunc 'hmac(sha1)' $auth 96 enc 'cbc(aes)' $enc ip xfrm policy add src 10.1.1.200/32 dst 10.1.1.100/32 dir out \ tmpl src 172.16.1.200 dst 172.16.1.100 proto esp reqid 2 \ @@ -585,6 +585,8 @@ test_xfrm_tunnel() tc qdisc add dev veth1 clsact tc filter add dev veth1 proto ip ingress bpf da object-pinned \ ${BPF_PIN_TUNNEL_DIR}/xfrm_get_state + ip link set dev veth1 xdpdrv pinned \ + ${BPF_PIN_TUNNEL_DIR}/xfrm_get_state_xdp ip netns exec at_ns0 ping $PING_ARG 10.1.1.200 sleep 1 grep "reqid 1" ${TRACE} @@ -593,6 +595,8 @@ test_xfrm_tunnel() check_err $? grep "remote ip 0xac100164" ${TRACE} check_err $? + grep "replay-window 42" ${TRACE} + check_err $? cleanup if [ $ret -ne 0 ]; then