lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 May 2018 21:51:29 -0600
From:   David Ahern <dsahern@...il.com>
To:     Jason Wang <jasowang@...hat.com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: xdp and fragments with virtio

Hi Jason:

I am trying to test MTU changes to the BPF fib_lookup helper and seeing
something odd. Hoping you can help.

I have a VM with multiple virtio based NICs and tap backends. I install
the xdp program on eth1 and eth2 to do forwarding. In the host I send a
large packet to eth1:

$ ping -s 1500 9.9.9.9


The tap device in the host sees 2 packets:

$ sudo tcpdump -nv -i vm02-eth1
20:44:33.943160 IP (tos 0x0, ttl 64, id 58746, offset 0, flags [+],
proto ICMP (1), length 1500)
    10.100.1.254 > 9.9.9.9: ICMP echo request, id 17917, seq 1, length 1480
20:44:33.943172 IP (tos 0x0, ttl 64, id 58746, offset 1480, flags
[none], proto ICMP (1), length 48)
    10.100.1.254 > 9.9.9.9: ip-proto-1


In the VM, the XDP program only sees the first packet, not the fragment.
I added a printk to the program (see diff below):

$ cat trace_pipe
          <idle>-0     [003] ..s2   254.436467: 0: packet length 1514


Anything come to mind in the virtio xdp implementation that affects
fragment packets? I see this with both IPv4 and v6.

Thanks,
David

[1] xdp program diff showing printk that dumps packet length:

diff --git a/samples/bpf/xdp_fwd_kern.c b/samples/bpf/xdp_fwd_kern.c
index 4a6be0f87505..f119b506e782 100644
--- a/samples/bpf/xdp_fwd_kern.c
+++ b/samples/bpf/xdp_fwd_kern.c
@@ -52,6 +52,11 @@ static __always_inline int xdp_fwd_flags(struct
xdp_md *ctx, u32 flags)
        u16 h_proto;
        u64 nh_off;

+       {
+               char fmt[] = "packet length %u\n";
+
+               bpf_trace_printk(fmt, sizeof(fmt), ctx->data_end-ctx->data);
+       }
        nh_off = sizeof(*eth);
        if (data + nh_off > data_end)
                return XDP_DROP;

Powered by blists - more mailing lists