From 70b37fa81e4d5825ac77ea496a43056a571dd7c6 Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Wed, 5 Feb 2020 12:19:11 +0100 Subject: [PATCH] bpf: Add test for __ct_lookup return value Check that __ct_lookup returns CT_NEW when given tuple wasn't previously connection-tracked. Fixes: #9303 Signed-off-by: Paul Chaignon --- bpf/lib/conntrack_test.h | 8 ++++++++ daemon/bpf.sha | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/bpf/lib/conntrack_test.h b/bpf/lib/conntrack_test.h index 475b730d62db..a25b1668c3db 100644 --- a/bpf/lib/conntrack_test.h +++ b/bpf/lib/conntrack_test.h @@ -159,4 +159,12 @@ static void test___ct_lookup() assert(res == CT_ESTABLISHED); assert(monitor == 0); assert(timeout_in(entry, CT_CLOSE_TIMEOUT - 1)); + + /* Label connection as new if the tuple wasn't previously tracked */ + tuple = (void *)__TUPLE_NOEXIST; + seen_flags.value = TCP_FLAG_SYN; + res = __ct_lookup(map, &skb, tuple, ACTION_CREATE, CT_INGRESS, + &ct_state, true, seen_flags, &monitor); + assert(res == CT_NEW); + assert(monitor == TRACE_PAYLOAD_LEN); } diff --git a/daemon/bpf.sha b/daemon/bpf.sha index b2a703369f9a..a125d2979596 100644 --- a/daemon/bpf.sha +++ b/daemon/bpf.sha @@ -1,2 +1,2 @@ -GO_BINDATA_SHA1SUM=81a0dbcb04eefa38d7d657acad3f024549283e6a +GO_BINDATA_SHA1SUM=bbfd7afb0118c110b8b9e6433fe27a148ea7cac3 BPF_FILES=../bpf/COPYING ../bpf/Makefile ../bpf/Makefile.bpf ../bpf/bpf_alignchecker.c ../bpf/bpf_features.h ../bpf/bpf_hostdev_ingress.c ../bpf/bpf_ipsec.c ../bpf/bpf_lxc.c ../bpf/bpf_netdev.c ../bpf/bpf_network.c ../bpf/bpf_overlay.c ../bpf/bpf_sock.c ../bpf/bpf_xdp.c ../bpf/cilium-map-migrate.c ../bpf/filter_config.h ../bpf/include/bpf/api.h ../bpf/include/elf/elf.h ../bpf/include/elf/gelf.h ../bpf/include/elf/libelf.h ../bpf/include/iproute2/bpf_elf.h ../bpf/include/linux/bpf.h ../bpf/include/linux/bpf_common.h ../bpf/include/linux/byteorder.h ../bpf/include/linux/byteorder/big_endian.h ../bpf/include/linux/byteorder/little_endian.h ../bpf/include/linux/icmp.h ../bpf/include/linux/icmpv6.h ../bpf/include/linux/if_arp.h ../bpf/include/linux/if_ether.h ../bpf/include/linux/if_packet.h ../bpf/include/linux/in.h ../bpf/include/linux/in6.h ../bpf/include/linux/ioctl.h ../bpf/include/linux/ip.h ../bpf/include/linux/ipv6.h ../bpf/include/linux/perf_event.h ../bpf/include/linux/swab.h ../bpf/include/linux/tcp.h ../bpf/include/linux/type_mapper.h ../bpf/include/linux/udp.h ../bpf/init.sh ../bpf/lib/arp.h ../bpf/lib/common.h ../bpf/lib/config.h ../bpf/lib/conntrack.h ../bpf/lib/conntrack_map.h ../bpf/lib/conntrack_test.h ../bpf/lib/csum.h ../bpf/lib/dbg.h ../bpf/lib/drop.h ../bpf/lib/encap.h ../bpf/lib/eps.h ../bpf/lib/eth.h ../bpf/lib/events.h ../bpf/lib/icmp6.h ../bpf/lib/identity.h ../bpf/lib/ipv4.h ../bpf/lib/ipv6.h ../bpf/lib/ipv6_test.h ../bpf/lib/l3.h ../bpf/lib/l4.h ../bpf/lib/lb.h ../bpf/lib/lxc.h ../bpf/lib/maps.h ../bpf/lib/metrics.h ../bpf/lib/nat.h ../bpf/lib/nat46.h ../bpf/lib/nodeport.h ../bpf/lib/policy.h ../bpf/lib/signal.h ../bpf/lib/tailcall.h ../bpf/lib/trace.h ../bpf/lib/utils.h ../bpf/lib/xdp.h ../bpf/lxc_config.h ../bpf/netdev_config.h ../bpf/node_config.h ../bpf/probes/raw_change_tail.t ../bpf/probes/raw_fib_lookup.t ../bpf/probes/raw_insn.h ../bpf/probes/raw_invalidate_hash.t ../bpf/probes/raw_lpm_map.t ../bpf/probes/raw_lru_map.t ../bpf/probes/raw_main.c ../bpf/probes/raw_max_insn.t ../bpf/probes/raw_sock_cookie.t ../bpf/run_probes.sh ../bpf/sockops/Makefile ../bpf/sockops/bpf_redir.c ../bpf/sockops/bpf_sockops.c ../bpf/sockops/bpf_sockops.h ../bpf/sockops/sockops_config.h