Unit Testing eBPF Programs: A Comprehensive Guide with XDP Examples#

In large software projects with contributions from dozens of developers, changes can unexpectedly disrupt related functionalities. eBPF programs, being kernel-level code that operates in a critical execution environment, require thorough testing to detect issues before they could impact production applications.

This comprehensive guide demonstrates how to effectively unit test eBPF programs, with a focus on XDP (eXpress Data Path) programs, using the BPF_PROG_RUN command and libbpf utilities.

Understanding eBPF Unit Testing#

The BPF_PROG_RUN Command#

The core functionality for unit testing eBPF programs is the BPF_PROG_RUN command (previously named BPF_PROG_TEST_RUN). This command is invoked via the bpf() syscall to execute an eBPF program in a controlled environment and return its results to user-space.

1
graph TB
2
    subgraph "eBPF Unit Testing Architecture"
3
        UserSpace["User Space Test"]
4
        Syscall["bpf() syscall"]
5
        Kernel["Kernel Space"]
6
        Program["eBPF Program"]
7

8
        UserSpace --> |"BPF_PROG_RUN"| Syscall
9
        Syscall --> Kernel
10
        Kernel --> |"Execute"| Program
11
        Program --> |"Results"| Kernel
12
        Kernel --> Syscall
13
        Syscall --> UserSpace
14
    end
15

16
    style UserSpace fill:#e1f5fe
17
    style Program fill:#f3e5f5
18
    style Kernel fill:#e8f5e8

Supported Program Types#

As of the current kernel version, BPF_PROG_RUN supports testing the following eBPF program types:

BPF_PROG_TYPE_SOCKET_FILTER
BPF_PROG_TYPE_SCHED_CLS
BPF_PROG_TYPE_SCHED_ACT
BPF_PROG_TYPE_XDP
BPF_PROG_TYPE_SK_LOOKUP
BPF_PROG_TYPE_CGROUP_SKB
BPF_PROG_TYPE_LWT_IN
BPF_PROG_TYPE_LWT_OUT
BPF_PROG_TYPE_LWT_XMIT
BPF_PROG_TYPE_LWT_SEG6LOCAL
BPF_PROG_TYPE_FLOW_DISSECTOR
BPF_PROG_TYPE_STRUCT_OPS
BPF_PROG_TYPE_RAW_TRACEPOINT
BPF_PROG_TYPE_SYSCALL

The libbpf Testing Framework#

Understanding libbpf#

libbpf is a C library that provides essential tools and abstractions for loading, managing, and interacting with eBPF programs in the Linux kernel. It simplifies the complex process of working with eBPF by providing high-level APIs.

bpf_prog_test_run_opts Function#

Instead of directly invoking the syscall, libbpf offers the bpf_prog_test_run_opts wrapper function that streamlines the testing process:

1
int bpf_prog_test_run_opts(int prog_fd, struct bpf_test_run_opts *opts);

The function takes two arguments:

prog_fd: eBPF program file descriptor
opts: Pointer to bpf_test_run_opts structure containing test parameters

bpf_test_run_opts Structure#

The bpf_test_run_opts structure contains various fields for configuring the test execution:

1
struct bpf_test_run_opts {
2
    size_t sz;              /* Size of this structure */
3
    const void *data_in;    /* Input data */
4
    void *data_out;         /* Output data buffer */
5
    __u32 data_size_in;     /* Size of input data */
6
    __u32 data_size_out;    /* Size of output buffer */
7
    __u32 retval;           /* Program return value */
8
    __u32 duration;         /* Execution duration */
9
    __u32 repeat;           /* Number of repetitions */
10
    const void *ctx_in;     /* Input context */
11
    void *ctx_out;          /* Output context buffer */
12
    __u32 ctx_size_in;      /* Size of input context */
13
    __u32 ctx_size_out;     /* Size of output context buffer */
14
};

XDP Program Testing Example#

Let’s create a comprehensive example of testing an XDP program that filters packets based on protocol type.

Sample XDP Program#

First, let’s look at a simple XDP program that drops ICMP packets:

1
#include <linux/bpf.h>
2
#include <linux/if_ether.h>
3
#include <linux/ip.h>
4
#include <linux/in.h>
5
#include <bpf/bpf_helpers.h>
6

7
SEC("xdp")
8
int xdp_icmp_filter(struct xdp_md *ctx) {
9
    void *data_end = (void *)(long)ctx->data_end;
10
    void *data = (void *)(long)ctx->data;
11

12
    // Check if we have enough space for Ethernet header
13
    struct ethhdr *eth = data;
14
    if ((void *)(eth + 1) > data_end)
15
        return XDP_PASS;
16

17
    // Only process IPv4 packets
18
    if (eth->h_proto != __constant_htons(ETH_P_IP))
19
        return XDP_PASS;
20

21
    // Check if we have enough space for IP header
22
    struct iphdr *ip = (void *)(eth + 1);
23
    if ((void *)(ip + 1) > data_end)
24
        return XDP_PASS;
25

26
    // Drop ICMP packets
27
    if (ip->protocol == IPPROTO_ICMP) {
28
        return XDP_DROP;
29
    }
30

31
    return XDP_PASS;
32
}
33

34
char _license[] SEC("license") = "GPL";

Unit Test Implementation#

Now, let’s create a comprehensive unit test for our XDP program:

1
#include <stdio.h>
2
#include <stdlib.h>
3
#include <string.h>
4
#include <unistd.h>
5
#include <errno.h>
6
#include <linux/if_ether.h>
7
#include <linux/ip.h>
8
#include <linux/in.h>
9
#include <arpa/inet.h>
10
#include <bpf/libbpf.h>
11
#include <bpf/bpf.h>
12

13
#define PACKET_SIZE 64
14

15
// Test result structure
16
struct test_result {
17
    const char *test_name;
18
    int expected_action;
19
    int actual_action;
20
    bool passed;
21
};
22

23
// Create a mock IPv4 packet
24
static void create_ipv4_packet(char *packet, __u8 protocol,
25
                              const char *src_ip, const char *dst_ip) {
26
    struct ethhdr *eth = (struct ethhdr *)packet;
27
    struct iphdr *ip = (struct iphdr *)(eth + 1);
28

29
    // Clear packet
30
    memset(packet, 0, PACKET_SIZE);
31

32
    // Ethernet header
33
    eth->h_proto = htons(ETH_P_IP);
34

35
    // IP header
36
    ip->version = 4;
37
    ip->ihl = 5;
38
    ip->tot_len = htons(PACKET_SIZE - sizeof(struct ethhdr));
39
    ip->protocol = protocol;
40
    ip->saddr = inet_addr(src_ip);
41
    ip->daddr = inet_addr(dst_ip);
42
}
43

44
// Execute a single test case
45
static struct test_result run_test_case(int prog_fd, const char *test_name,
46
                                       __u8 protocol, int expected_action) {
47
    struct test_result result = {
48
        .test_name = test_name,
49
        .expected_action = expected_action,
50
        .passed = false
51
    };
52

53
    char packet[PACKET_SIZE];
54
    create_ipv4_packet(packet, protocol, "192.168.1.1", "192.168.1.2");
55

56
    // Configure test options
57
    LIBBPF_OPTS(bpf_test_run_opts, opts,
58
        .data_in = packet,
59
        .data_size_in = PACKET_SIZE,
60
        .repeat = 1,
61
    );
62

63
    // Run the test
64
    int err = bpf_prog_test_run_opts(prog_fd, &opts);
65
    if (err) {
66
        fprintf(stderr, "Failed to run test %s: %s\n",
67
                test_name, strerror(errno));
68
        return result;
69
    }
70

71
    result.actual_action = opts.retval;
72
    result.passed = (result.actual_action == result.expected_action);
73

74
    return result;
75
}
76

77
// Performance benchmark
78
static void benchmark_program(int prog_fd) {
79
    char packet[PACKET_SIZE];
80
    create_ipv4_packet(packet, IPPROTO_TCP, "192.168.1.1", "192.168.1.2");
81

82
    const int iterations = 1000000;
83

84
    LIBBPF_OPTS(bpf_test_run_opts, opts,
85
        .data_in = packet,
86
        .data_size_in = PACKET_SIZE,
87
        .repeat = iterations,
88
    );
89

90
    printf("Running performance benchmark (%d iterations)...\n", iterations);
91

92
    int err = bpf_prog_test_run_opts(prog_fd, &opts);
93
    if (err) {
94
        fprintf(stderr, "Benchmark failed: %s\n", strerror(errno));
95
        return;
96
    }
97

98
    printf("Total duration: %u ns\n", opts.duration);
99
    printf("Average per iteration: %.2f ns\n",
100
           (double)opts.duration / iterations);
101
}
102

103
int main(int argc, char **argv) {
104
    if (argc != 2) {
105
        fprintf(stderr, "Usage: %s <path_to_xdp_object>\n", argv[0]);
106
        return 1;
107
    }
108

109
    // Load the eBPF object
110
    struct bpf_object *obj = bpf_object__open_file(argv[1], NULL);
111
    if (libbpf_get_error(obj)) {
112
        fprintf(stderr, "Failed to open eBPF object file\n");
113
        return 1;
114
    }
115

116
    // Load the program into the kernel
117
    if (bpf_object__load(obj)) {
118
        fprintf(stderr, "Failed to load eBPF object\n");
119
        bpf_object__close(obj);
120
        return 1;
121
    }
122

123
    // Find the XDP program
124
    struct bpf_program *prog = bpf_object__find_program_by_name(obj, "xdp_icmp_filter");
125
    if (!prog) {
126
        fprintf(stderr, "Failed to find XDP program\n");
127
        bpf_object__close(obj);
128
        return 1;
129
    }
130

131
    int prog_fd = bpf_program__fd(prog);
132

133
    printf("=== XDP ICMP Filter Unit Tests ===\n\n");
134

135
    // Define test cases
136
    struct {
137
        const char *name;
138
        __u8 protocol;
139
        int expected_action;
140
    } test_cases[] = {
141
        {"ICMP packet should be dropped", IPPROTO_ICMP, XDP_DROP},
142
        {"TCP packet should pass", IPPROTO_TCP, XDP_PASS},
143
        {"UDP packet should pass", IPPROTO_UDP, XDP_PASS},
144
        {"SCTP packet should pass", IPPROTO_SCTP, XDP_PASS},
145
    };
146

147
    int passed_tests = 0;
148
    int total_tests = sizeof(test_cases) / sizeof(test_cases[0]);
149

150
    // Run all test cases
151
    for (int i = 0; i < total_tests; i++) {
152
        struct test_result result = run_test_case(
153
            prog_fd,
154
            test_cases[i].name,
155
            test_cases[i].protocol,
156
            test_cases[i].expected_action
157
        );
158

159
        printf("Test: %s\n", result.test_name);
160
        printf("  Expected: %s (%d)\n",
161
               result.expected_action == XDP_DROP ? "XDP_DROP" : "XDP_PASS",
162
               result.expected_action);
163
        printf("  Actual:   %s (%d)\n",
164
               result.actual_action == XDP_DROP ? "XDP_DROP" : "XDP_PASS",
165
               result.actual_action);
166
        printf("  Result:   %s\n\n", result.passed ? "PASS" : "FAIL");
167

168
        if (result.passed) {
169
            passed_tests++;
170
        }
171
    }
172

173
    printf("=== Test Summary ===\n");
174
    printf("Passed: %d/%d tests\n", passed_tests, total_tests);
175
    printf("Success rate: %.2f%%\n\n",
176
           (double)passed_tests / total_tests * 100);
177

178
    // Run performance benchmark
179
    benchmark_program(prog_fd);
180

181
    // Cleanup
182
    bpf_object__close(obj);
183

184
    return (passed_tests == total_tests) ? 0 : 1;
185
}

Build Script and Makefile#

Create a Makefile to build both the eBPF program and the test:

1
# Makefile
2
CC = clang
3
CFLAGS = -O2 -g -Wall
4
BPF_CFLAGS = -target bpf -O2 -g
5

6
# Libbpf paths (adjust as needed)
7
LIBBPF_DIR = /usr/lib/x86_64-linux-gnu
8
LIBBPF_INCLUDE = /usr/include
9

10
.PHONY: all clean test
11

12
all: xdp_filter.bpf.o test_xdp_filter
13

14
# Compile eBPF program
15
xdp_filter.bpf.o: xdp_filter.bpf.c
16
  $(CC) $(BPF_CFLAGS) -I$(LIBBPF_INCLUDE) -c $< -o $@
17

18
# Compile test program
19
test_xdp_filter: test_xdp_filter.c
20
  $(CC) $(CFLAGS) -I$(LIBBPF_INCLUDE) $< -L$(LIBBPF_DIR) -lbpf -o $@
21

22
# Run tests
23
test: all
24
  sudo ./test_xdp_filter xdp_filter.bpf.o
25

26
clean:
27
  rm -f *.o test_xdp_filter

Advanced Testing Patterns#

Testing with Different Packet Sizes#

1
// Test with various packet sizes
2
static void test_packet_sizes(int prog_fd) {
3
    int sizes[] = {64, 128, 256, 512, 1024, 1500};
4
    int num_sizes = sizeof(sizes) / sizeof(sizes[0]);
5

6
    for (int i = 0; i < num_sizes; i++) {
7
        char *packet = malloc(sizes[i]);
8
        if (!packet) continue;
9

10
        create_ipv4_packet(packet, IPPROTO_TCP, "10.0.0.1", "10.0.0.2");
11

12
        LIBBPF_OPTS(bpf_test_run_opts, opts,
13
            .data_in = packet,
14
            .data_size_in = sizes[i],
15
            .repeat = 1,
16
        );
17

18
        int err = bpf_prog_test_run_opts(prog_fd, &opts);
19
        printf("Packet size %d: %s (action: %d)\n",
20
               sizes[i],
21
               err ? "FAILED" : "SUCCESS",
22
               opts.retval);
23

24
        free(packet);
25
    }
26
}

Testing with Malformed Packets#

1
// Test with malformed packets
2
static void test_malformed_packets(int prog_fd) {
3
    printf("=== Malformed Packet Tests ===\n");
4

5
    // Test with truncated Ethernet header
6
    char small_packet[10] = {0};
7
    LIBBPF_OPTS(bpf_test_run_opts, opts1,
8
        .data_in = small_packet,
9
        .data_size_in = 10,
10
        .repeat = 1,
11
    );
12

13
    int err = bpf_prog_test_run_opts(prog_fd, &opts1);
14
    printf("Truncated packet test: %s (action: %d)\n",
15
           err ? "FAILED" : "SUCCESS", opts1.retval);
16

17
    // Test with invalid IP header
18
    char packet[PACKET_SIZE];
19
    memset(packet, 0, PACKET_SIZE);
20
    struct ethhdr *eth = (struct ethhdr *)packet;
21
    eth->h_proto = htons(ETH_P_IP);
22
    // Leave IP header invalid
23

24
    LIBBPF_OPTS(bpf_test_run_opts, opts2,
25
        .data_in = packet,
26
        .data_size_in = PACKET_SIZE,
27
        .repeat = 1,
28
    );
29

30
    err = bpf_prog_test_run_opts(prog_fd, &opts2);
31
    printf("Invalid IP header test: %s (action: %d)\n",
32
           err ? "FAILED" : "SUCCESS", opts2.retval);
33
}

Testing Flow Visualization#

1
graph TD
2
    subgraph "eBPF Testing Workflow"
3
        A["Compile eBPF Program"] --> B["Load into Kernel"]
4
        B --> C["Create Test Packets"]
5
        C --> D["Configure Test Options"]
6
        D --> E["Execute BPF_PROG_RUN"]
7
        E --> F["Analyze Results"]
8
        F --> G["Performance Benchmarks"]
9
        G --> H["Generate Report"]
10

11
        subgraph "Test Types"
12
            T1["Functional Tests"]
13
            T2["Edge Case Tests"]
14
            T3["Performance Tests"]
15
            T4["Malformed Data Tests"]
16
        end
17

18
        C --> T1
19
        C --> T2
20
        C --> T3
21
        C --> T4
22
    end
23

24
    style A fill:#e8f5e8
25
    style F fill:#fff3e0
26
    style H fill:#e1f5fe

Best Practices for eBPF Testing#

1. Comprehensive Test Coverage#

1
// Example of comprehensive test matrix
2
struct test_matrix {
3
    const char *description;
4
    __u8 protocol;
5
    __u16 sport;
6
    __u16 dport;
7
    __u32 saddr;
8
    __u32 daddr;
9
    int expected_action;
10
};
11

12
static struct test_matrix comprehensive_tests[] = {
13
    {"ICMP from localhost", IPPROTO_ICMP, 0, 0,
14
     inet_addr("127.0.0.1"), inet_addr("127.0.0.1"), XDP_DROP},
15
    {"ICMP from external", IPPROTO_ICMP, 0, 0,
16
     inet_addr("8.8.8.8"), inet_addr("192.168.1.1"), XDP_DROP},
17
    {"HTTP traffic", IPPROTO_TCP, 12345, 80,
18
     inet_addr("192.168.1.100"), inet_addr("192.168.1.1"), XDP_PASS},
19
    {"HTTPS traffic", IPPROTO_TCP, 12345, 443,
20
     inet_addr("192.168.1.100"), inet_addr("192.168.1.1"), XDP_PASS},
21
    // Add more test cases...
22
};

2. Automated Testing Integration#

Create a testing script that can be integrated into CI/CD pipelines:

1
#!/bin/bash
2
set -e
3

4
echo "Building eBPF programs..."
5
make clean && make
6

7
echo "Running unit tests..."
8
sudo ./test_xdp_filter xdp_filter.bpf.o
9

10
echo "Running integration tests..."
11
# Add integration test commands here
12

13
echo "Generating coverage report..."
14
# Add coverage analysis if available
15

16
echo "All tests completed successfully!"

3. Error Handling and Validation#

1
// Robust error handling in tests
2
static bool validate_test_environment(void) {
3
    // Check if running as root
4
    if (geteuid() != 0) {
5
        fprintf(stderr, "Tests must be run as root\n");
6
        return false;
7
    }
8

9
    // Check kernel version
10
    struct utsname uts;
11
    if (uname(&uts) != 0) {
12
        perror("uname");
13
        return false;
14
    }
15

16
    printf("Running on kernel: %s\n", uts.release);
17

18
    // Add more environment checks...
19
    return true;
20
}

4. Performance Testing and Benchmarking#

1
// Detailed performance analysis
2
static void detailed_performance_test(int prog_fd) {
3
    struct perf_results {
4
        __u32 min_duration;
5
        __u32 max_duration;
6
        __u32 avg_duration;
7
        __u32 total_duration;
8
    };
9

10
    const int test_iterations = 10000;
11
    struct perf_results results = {0};
12

13
    char packet[PACKET_SIZE];
14
    create_ipv4_packet(packet, IPPROTO_TCP, "192.168.1.1", "192.168.1.2");
15

16
    // Individual test runs for statistics
17
    for (int i = 0; i < 100; i++) {
18
        LIBBPF_OPTS(bpf_test_run_opts, opts,
19
            .data_in = packet,
20
            .data_size_in = PACKET_SIZE,
21
            .repeat = test_iterations / 100,
22
        );
23

24
        int err = bpf_prog_test_run_opts(prog_fd, &opts);
25
        if (err) continue;
26

27
        __u32 avg_per_iteration = opts.duration / (test_iterations / 100);
28

29
        if (results.min_duration == 0 || avg_per_iteration < results.min_duration)
30
            results.min_duration = avg_per_iteration;
31
        if (avg_per_iteration > results.max_duration)
32
            results.max_duration = avg_per_iteration;
33

34
        results.total_duration += opts.duration;
35
    }
36

37
    results.avg_duration = results.total_duration / (test_iterations);
38

39
    printf("Performance Results:\n");
40
    printf("  Min duration per packet: %u ns\n", results.min_duration);
41
    printf("  Max duration per packet: %u ns\n", results.max_duration);
42
    printf("  Avg duration per packet: %u ns\n", results.avg_duration);
43
    printf("  Total test duration: %u ns\n", results.total_duration);
44
}

Troubleshooting Common Issues#

1. Permission Problems#

1
# Ensure proper permissions
2
sudo ./test_program
3

4
# Check if eBPF is enabled
5
cat /boot/config-$(uname -r) | grep CONFIG_BPF
6

7
# Verify cgroup v2 mount (if needed)
8
mount | grep cgroup2

2. Program Loading Issues#

1
// Add detailed error reporting
2
if (bpf_object__load(obj)) {
3
    char buf[256];
4
    int err = libbpf_get_error(obj);
5
    libbpf_strerror(err, buf, sizeof(buf));
6
    fprintf(stderr, "Failed to load eBPF object: %s\n", buf);
7
    return 1;
8
}

3. Verifier Errors#

1
# Enable verifier logs for debugging
2
echo 1 | sudo tee /proc/sys/kernel/bpf_stats_enabled
3

4
# Check kernel logs for verifier messages
5
sudo dmesg | tail -20

Integration with Testing Frameworks#

Using Google Test (C++)#

1
#include <gtest/gtest.h>
2
extern "C" {
3
    #include <bpf/libbpf.h>
4
    #include <bpf/bpf.h>
5
}
6

7
class XDPFilterTest : public ::testing::Test {
8
protected:
9
    void SetUp() override {
10
        obj = bpf_object__open_file("xdp_filter.bpf.o", nullptr);
11
        ASSERT_FALSE(libbpf_get_error(obj));
12
        ASSERT_EQ(bpf_object__load(obj), 0);
13

14
        prog = bpf_object__find_program_by_name(obj, "xdp_icmp_filter");
15
        ASSERT_NE(prog, nullptr);
16
        prog_fd = bpf_program__fd(prog);
17
    }
18

19
    void TearDown() override {
20
        if (obj) bpf_object__close(obj);
21
    }
22

23
    struct bpf_object *obj = nullptr;
24
    struct bpf_program *prog = nullptr;
25
    int prog_fd = -1;
26
};
27

28
TEST_F(XDPFilterTest, DropsICMPPackets) {
29
    char packet[64];
30
    create_ipv4_packet(packet, IPPROTO_ICMP, "192.168.1.1", "192.168.1.2");
31

32
    LIBBPF_OPTS(bpf_test_run_opts, opts,
33
        .data_in = packet,
34
        .data_size_in = 64,
35
        .repeat = 1,
36
    );
37

38
    ASSERT_EQ(bpf_prog_test_run_opts(prog_fd, &opts), 0);
39
    EXPECT_EQ(opts.retval, XDP_DROP);
40
}
41

42
TEST_F(XDPFilterTest, PassesTCPPackets) {
43
    char packet[64];
44
    create_ipv4_packet(packet, IPPROTO_TCP, "192.168.1.1", "192.168.1.2");
45

46
    LIBBPF_OPTS(bpf_test_run_opts, opts,
47
        .data_in = packet,
48
        .data_size_in = 64,
49
        .repeat = 1,
50
    );
51

52
    ASSERT_EQ(bpf_prog_test_run_opts(prog_fd, &opts), 0);
53
    EXPECT_EQ(opts.retval, XDP_PASS);
54
}

Conclusion#

Unit testing eBPF programs is essential for maintaining code quality and ensuring reliable operation in production environments. The BPF_PROG_RUN command, combined with libbpf’s testing utilities, provides a powerful framework for comprehensive testing.

Key takeaways:

Systematic Testing: Use structured test cases covering normal, edge, and error conditions
Performance Awareness: Include benchmarking in your test suite
Error Handling: Implement robust error checking and reporting
Automation: Integrate tests into CI/CD pipelines for continuous validation
Documentation: Maintain clear test documentation and expected behaviors

By following these practices and using the examples provided, you can build robust, well-tested eBPF programs that perform reliably in production environments.