github.com/fafucoder/cilium@v1.6.11/test/bpf/verifier-test.sh (about) 1 #!/bin/bash 2 # 3 # Copyright 2018-2019 Authors of Cilium 4 # 5 # Licensed under the Apache License, Version 2.0 (the "License"); 6 # you may not use this file except in compliance with the License. 7 # You may obtain a copy of the License at 8 # 9 # http://www.apache.org/licenses/LICENSE-2.0 10 # 11 # Unless required by applicable law or agreed to in writing, software 12 # distributed under the License is distributed on an "AS IS" BASIS, 13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 # See the License for the specific language governing permissions and 15 # limitations under the License. 16 17 set -eo pipefail 18 19 DEV="cilium-probe" 20 DIR=$(dirname $0)/../../bpf 21 TC_PROGS="bpf_hostdev_ingress bpf_ipsec bpf_lb bpf_lxc bpf_netdev bpf_network bpf_overlay" 22 CG_PROGS="bpf_sock sockops/bpf_sockops sockops/bpf_redir" 23 XDP_PROGS="bpf_xdp" 24 IGNORED_PROGS="bpf_alignchecker" 25 ALL_PROGS="${IGNORED_PROGS} ${CG_PROGS} ${TC_PROGS} ${XDP_PROGS}" 26 VERBOSE=false 27 28 function clean_maps { 29 rm -rf /sys/fs/bpf/tc/globals/* 30 } 31 32 function cleanup { 33 ip link del ${DEV} 2>/dev/null || true 34 clean_maps 35 } 36 37 function get_section { 38 grep "__section(" $1 | sed 's/__sec[^\"]*\"\([0-9A-Za-z_-]*\).*/\1/' 39 } 40 41 function load_prog { 42 loader=$1 43 mode=$2 44 prog=$3 45 for section in $(get_section ${prog}.c); do 46 echo "=> Loading ${prog}.c:${section}..." 47 if $VERBOSE; then 48 # Redirect stderr to stdout to assist caller parsing 49 ${loader} dev ${DEV} ${mode} obj ${prog}.o \ 50 sec $section verbose 2>&1 51 else 52 # Only run verbose mode if loading fails. 53 ${loader} dev ${DEV} ${mode} obj ${prog}.o sec $section 2>/dev/null \ 54 || ${loader} dev ${DEV} ${mode} obj ${prog}.o sec $section verbose 55 fi 56 done 57 } 58 59 function load_tc { 60 for p in ${TC_PROGS}; do 61 load_prog "tc filter replace" "ingress bpf da" ${DIR}/${p} 62 clean_maps 63 done 64 } 65 66 function load_cg { 67 for p in ${CG_PROGS}; do 68 echo "=> Skipping ${DIR}/${p}.c." 69 done 70 } 71 72 function load_xdp { 73 if ip link set help 2>&1 | grep -q xdpgeneric; then 74 ip link set dev ${DEV} xdpgeneric off 75 for p in ${XDP_PROGS}; do 76 load_prog "ip link set" "xdpgeneric" ${DIR}/${p} 77 clean_maps 78 done 79 else 80 echo "=> Skipping ${DIR}/bpf_xdp.c." 81 echo "Ensure you have linux >= 4.12 and recent iproute2 to test XDP." 1>&2 82 fi 83 } 84 85 function handle_args { 86 if [ $(id -u) -ne 0 ]; then 87 echo "Must be run as root" 1>&2 88 exit 1 89 fi 90 91 if ps cax | grep cilium-agent; then 92 echo "WARNING: This test will conflict with running cilium instances." 1>&2 93 echo "Shut down cilium before continuing." 1>&2 94 exit 1 95 fi 96 97 # If first argument is "-v", always set verbose 98 if [ $# -gt 0 ]; then 99 case "$1" in 100 -v|--verbose) 101 VERBOSE=true 102 ;; 103 *) 104 echo "Unrecognized argument '$1'" 1>&2 105 exit 1 106 ;; 107 esac 108 fi 109 } 110 111 function handle_developers { 112 set +e 113 PROG_DIFF=$(diff -u \ 114 <(find ${DIR}/ -name "bpf*.c" | sed 's/^.*bpf\/\([^.]*\).*$/\1/' | sort) \ 115 <(for p in ${ALL_PROGS}; do echo $p; done | sort)) 116 PROGS_NOT_COVERED=$? 117 set -e 118 if [ $PROGS_NOT_COVERED -ne 0 ]; then 119 echo "This script doesn't verify all BPF programs:" 1>&2 120 echo "${PROG_DIFF}" | tail -n +4 1>&2 121 exit 1 122 fi 123 } 124 125 function main { 126 handle_args 127 handle_developers 128 129 trap cleanup EXIT 130 ip link add ${DEV} type dummy 131 tc qdisc replace dev ${DEV} clsact 132 133 load_tc 134 load_cg 135 load_xdp 136 } 137 138 main "$@"