Merge pull request #1299 from sancppp/ebpf_ut

Add ebpf ut framework & Add xdp ut

Author: kmesh-bot

.github/workflows/main-5.15.yml

@@ -36,3 +36,7 @@ jobs:
       - name: Go Test
         run: |
           sudo make test RUN_IN_CONTAINER=1
+
+      - name: eBPF Unit Test
+        run: |
+          sudo make ebpf_unit_test RUN_IN_CONTAINER=1 V=1

.github/workflows/main.yml

@@ -61,6 +61,10 @@ jobs:
       run: |
         sudo env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:$GITHUB_WORKSPACE/api/v2-c:$GITHUB_WORKSPACE/bpf/deserialization_to_bpf_map PKG_CONFIG_PATH=$GITHUB_WORKSPACE/mk go test -race -v -vet=off -coverprofile=coverage.out ./pkg/...
 
+    - name: eBPF Unit Test
+      run: |
+        sudo env LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:$GITHUB_WORKSPACE/api/v2-c:$GITHUB_WORKSPACE/bpf/deserialization_to_bpf_map make ebpf_unit_test V=1
+
     - name: Upload coverage reports to Codecov
       uses: codecov/codecov-action@v4
       with:

Makefile

@@ -210,13 +210,28 @@ e2e-ipv6:
 format:
 	./hack/format.sh
 
+
+GO_TEST_FLAGS:=
+ifeq ($(V),1)
+		GO_TEST_FLAGS += --verbose
+endif
+
 .PHONY: test
 ifeq ($(RUN_IN_CONTAINER),1)
 test:
-	./hack/run-ut.sh --docker
+	./hack/run-ut.sh --docker $(GO_TEST_FLAGS)
 else
 test:
-	./hack/run-ut.sh --local
+	./hack/run-ut.sh --local $(GO_TEST_FLAGS)
+endif
+
+.PHONY: ebpf_unit_test
+ifeq ($(RUN_IN_CONTAINER),1)
+ebpf_unit_test:
+	./hack/run-ebpf-ut.sh --docker $(GO_TEST_FLAGS)
+else
+ebpf_unit_test:
+	./hack/run-ebpf-ut.sh --local $(GO_TEST_FLAGS)
 endif
 
 UPDATE_VERSION ?= ${VERSION}

bpf/kmesh/workload/include/authz.h

@@ -658,17 +658,27 @@ int policy_check(struct xdp_md *ctx)
             BPF_LOG(
                 DEBUG,
                 AUTH,
-                "src ip: %u, dst ip %u, dst port: %u\n",
+                "src ip: %s, src port:%u",
                 ip2str(&tuple_key.ipv4.saddr, true),
+                bpf_ntohs(tuple_key.ipv4.sport));
+            BPF_LOG(
+                DEBUG,
+                AUTH,
+                "dst ip: %s, dst port:%u\n",
                 ip2str(&tuple_key.ipv4.daddr, true),
                 bpf_ntohs(tuple_key.ipv4.dport));
         } else {
             BPF_LOG(
                 DEBUG,
                 AUTH,
-                "src ip: %u, dst ip %u, dst port: %u\n",
-                ip2str(&tuple_key.ipv6.saddr[0], false),
-                ip2str(&tuple_key.ipv6.daddr[0], false),
+                "src ip: %s, src port:%u",
+                ip2str(tuple_key.ipv6.saddr, false),
+                bpf_ntohs(tuple_key.ipv6.sport));
+            BPF_LOG(
+                DEBUG,
+                AUTH,
+                "dst ip: %s, dst port:%u\n",
+                ip2str(tuple_key.ipv6.daddr, false),
                 bpf_ntohs(tuple_key.ipv6.dport));
         }
         if (bpf_map_delete_elem(&kmesh_tc_args, &tuple_key) != 0) {

go.mod

@@ -12,6 +12,7 @@ require (
 	github.com/cncf/xds/go v0.0.0-20241213214725-57cfbe6fad57
 	github.com/containernetworking/cni v1.2.3
 	github.com/containernetworking/plugins v1.6.1
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 	github.com/envoyproxy/go-control-plane v0.13.2-0.20241125134052-fc612d4a3afa
 	github.com/fsnotify/fsnotify v1.8.0
 	github.com/hashicorp/go-multierror v1.1.1
@@ -67,7 +68,6 @@ require (
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/cyphar/filepath-securejoin v0.3.5 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
 	github.com/docker/cli v27.4.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect

hack/run-ebpf-ut.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+
+. $ROOT_DIR/hack/utils.sh
+
+DOCKER_EBPF_TEST_COMMAND="make -C /kmesh/test/bpf_ut run"
+LOCAL_EBPF_TEST_COMMAND="make -C $ROOT_DIR/test/bpf_ut run"
+
+function docker_run_ebpf_ut() {
+    local container_id=$1
+
+    docker exec $container_id bash -c "$DOCKER_EBPF_TEST_COMMAND"
+    
+    exit_code=$?
+    return $exit_code
+}
+
+function run_ebpf_ut_local() {
+    bash $ROOT_DIR/build.sh
+    export PKG_CONFIG_PATH=$ROOT_DIR/mk
+    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ROOT_DIR/api/v2-c:$ROOT_DIR/bpf/deserialization_to_bpf_map
+    eval "$LOCAL_EBPF_TEST_COMMAND"  
+}
+
+function run_ebpf_ut_in_docker() {
+    container_id=$(run_docker_container)
+    build_kmesh $container_id
+    docker_run_ebpf_ut $container_id
+    ut_exit_code=$?
+    clean_container $container_id
+    exit $ut_exit_code
+}
+
+function clean() {
+    make clean $ROOT_DIR
+}
+
+TEST_FLAGS=""
+
+if [[ "$*" == *"-v"* ]] || [[ "$*" == *"--verbose"* ]]; then
+    TEST_FLAGS="$TEST_FLAGS V=1"
+fi
+
+DOCKER_EBPF_TEST_COMMAND="$DOCKER_EBPF_TEST_COMMAND $TEST_FLAGS"
+LOCAL_EBPF_TEST_COMMAND="$LOCAL_EBPF_TEST_COMMAND $TEST_FLAGS"
+
+# Running ebpf ut with docker by default
+if [ -z "$1" -o "$1" == "-d"  -o  "$1" == "--docker" ]; then
+    run_ebpf_ut_in_docker
+    exit
+fi
+
+if [ "$1" == "-l"  -o  "$1" == "--local" ]; then
+    run_ebpf_ut_local
+    exit
+fi
+
+if [ "$1" == "-h"  -o  "$1" == "--help" ]; then
+    echo run-ebpf-ut.sh -h/--help : Help.
+    echo run-ebpf-ut.sh -d/--docker: run ebpf unit test in docker.
+    echo run-ebpf-ut.sh -l/--local: run ebpf unit test locally.
+    exit
+fi
+
+if [ "$1" == "-c"  -o  "$1" == "--clean" ]; then
+    clean
+    exit
+fi 

kmesh_compile_env_pre.sh

@@ -17,7 +17,7 @@ function dependency_pkg_install() {
         echo "Checking for required packages on a Debian-based system..."
 
 
-        packages=(git make clang libbpf-dev llvm linux-tools-generic protobuf-compiler libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler cmake pkg-config)
+        packages=(git make clang libbpf-dev llvm linux-tools-generic protobuf-compiler libprotobuf-dev libprotobuf-c-dev protobuf-c-compiler cmake pkg-config gcc-multilib)
 
 
         update_needed=false
@@ -51,7 +51,7 @@ function dependency_pkg_install() {
         echo "Checking for required packages on a Red Hat-based system..."
 
         # List of required packages
-        packages=(git make clang llvm libboundscheck protobuf protobuf-c protobuf-c-devel bpftool libbpf libbpf-devel cmake pkg-config)
+        packages=(git make clang llvm libboundscheck protobuf protobuf-c protobuf-c-devel bpftool libbpf libbpf-devel cmake pkg-config glibc-devel libstdc++-devel)
 
         # Install each missing package
         for pkg in "${packages[@]}"; do

pkg/bpf/workload/loader.go

@@ -94,6 +94,13 @@ func (w *BpfWorkload) Start() error {
 		return fmt.Errorf("failed to set api env")
 	}
 
+	if err := w.DeserialInit(); err != nil {
+		return fmt.Errorf("failed to init deserialization: %v", err)
+	}
+	return nil
+}
+
+func (w *BpfWorkload) DeserialInit() error {
 	ret := C.deserial_init()
 	if ret != 0 {
 		return fmt.Errorf("deserial_init failed:%v", ret)

pkg/constants/constants.go

@@ -76,8 +76,9 @@ const (
 	KmKernelNativeBpfPath = "/bpf_kmesh"
 	KmDualEngineBpfPath   = "/bpf_kmesh_workload"
 
-	TailCallMap = "tail_call_map"
-	Prog_link   = "prog_link"
+	TailCallMap    = "tail_call_map"
+	XDPTailCallMap = "km_xdp_tailcall"
+	Prog_link      = "prog_link"
 
 	ALL_CIDR = "0.0.0.0/0"
 )

test/bpf_ut/.gitignore

@@ -0,0 +1,2 @@
+*.d
+*.o

test/bpf_ut/Makefile

@@ -0,0 +1,76 @@
+MAKEFLAGS += -r
+
+QUIET ?= @
+CLANG ?= clang
+GO ?= go
+
+ROOT_DIR := $(shell git rev-parse --show-toplevel)
+TEST_DIR := $(ROOT_DIR)/test/bpf_ut
+
+FLAGS := -isystem /usr/include -I/usr/local/include
+FLAGS += -I./include  -I$(ROOT_DIR)/bpf/include  
+FLAGS += -fPIC -D__NR_CPUS__=$(shell nproc --all) -D__TARGET_ARCH_x86_64 -D__x86_64__ -D_GNU_SOURCE -DKERNEL_VERSION_HIGHER_5_13_0=1
+FLAGS += -O2 -g
+
+CLANG_FLAGS := ${FLAGS} --target=bpf -std=gnu99
+# eBPF verifier enforces unaligned access checks where necessary, so don't
+# let clang complain too early.
+CLANG_FLAGS += -Wall -Wextra
+CLANG_FLAGS += -Wno-address-of-packed-member
+CLANG_FLAGS += -Wno-unknown-warning-option
+CLANG_FLAGS += -Wno-gnu-variable-sized-type-not-at-end
+CLANG_FLAGS += -Wenum-conversion
+CLANG_FLAGS += -Wimplicit-fallthrough
+# Create dependency files for each .o file.
+CLANG_FLAGS += -MD
+
+.PHONY: all clean run
+
+TEST_OBJECTS = xdp_shutdown_in_userspace_test.o xdp_authz_offload_test.o
+
+XDP_FLAGS = -I$(ROOT_DIR)/bpf/kmesh/ -I$(ROOT_DIR)/bpf/kmesh/workload/include -I$(ROOT_DIR)/api/v2-c
+xdp_%.o: xdp_%.c clean
+	$(QUIET) $(CLANG) $(CLANG_FLAGS) $(XDP_FLAGS) -c $< -o $@
+
+
+all: $(TEST_OBJECTS)
+
+clean:
+	$(QUIET) rm -f $(wildcard *.o)
+	$(QUIET) rm -f $(wildcard *.d)
+	$(QUIET) echo "clean all object files"
+
+BPF_TEST_FLAGS:=
+ifneq ($(shell id -u), 0)
+		BPF_TEST_FLAGS += -exec "sudo -E"
+endif
+ifeq ($(V),1)
+    BPF_TEST_FLAGS += -test.v
+endif
+ifeq ($(COVER),1)
+	ifndef COVERFORMAT
+		COVERFORMAT:=html
+	endif
+    BPF_TEST_FLAGS += -coverage-report $(ROOT_DIR)/bpf-coverage.$(COVERFORMAT) -coverage-format $(COVERFORMAT)
+ifdef NOCOVER
+    BPF_TEST_FLAGS += -no-test-coverage "$(NOCOVER)"
+endif
+endif
+ifeq ($(INSTRLOG),1)
+    BPF_TEST_FLAGS += -instrumentation-log $(ROOT_DIR)/test/bpf-instrumentation.log
+endif
+ifdef RUN
+    BPF_TEST_FLAGS += -run $(RUN)
+endif
+ifdef BPF_TEST_DUMP_CTX
+    BPF_TEST_FLAGS += -dump-ctx
+endif
+ifdef BPF_TEST_FILE
+	BPF_TEST_FLAGS += -test $(BPF_TEST_FILE)
+endif
+
+run: all
+	$(QUIET)echo "rebuild and run bpf tests"
+	$(GO) test ./bpftest -bpf-ut-path $(ROOT_DIR)/test/bpf_ut $(BPF_TEST_FLAGS)
+
+-include $(TEST_OBJECTS:.o=.d)