| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240920-reverse-sk-lookup-v2-3-916a48c47d56@cloudflare.com>
Date: Fri, 20 Sep 2024 18:02:14 +0100
From: Tiago Lam <tiagolam@...udflare.com>
To: "David S. Miller" <davem@...emloft.net>,
David Ahern <dsahern@...nel.org>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
Willem de Bruijn <willemdebruijn.kernel@...il.com>,
Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Mykola Lysenko <mykolal@...com>,
Shuah Khan <shuah@...nel.org>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, linux-kselftest@...r.kernel.org,
Jakub Sitnicki <jakub@...udflare.com>, Tiago Lam <tiagolam@...udflare.com>,
kernel-team@...udflare.com
Subject: [RFC PATCH v2 3/3] bpf: Add sk_lookup test to use ORIGDSTADDR
cmsg.
This patch reuses the framework already in place for sk_lookup, allowing
it now to send a reply from the server fd directly, instead of having to
create a socket bound to the original destination address and reply from
there. It does this by passing the source address and port from where to
reply from in a IP_ORIGDSTADDR ancillary message passed in sendmsg.
Signed-off-by: Tiago Lam <tiagolam@...udflare.com>
---
tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 67 +++++++++++++++-------
1 file changed, 45 insertions(+), 22 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
index ae87c00867ba..df780624c16c 100644
--- a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
+++ b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c
@@ -75,6 +75,7 @@ struct test {
struct inet_addr listen_at;
enum server accept_on;
bool reuseport_has_conns; /* Add a connected socket to reuseport group */
+ bool dont_bind_reply; /* Don't bind, send direct from server fd. */
};
struct cb_opts {
@@ -363,7 +364,7 @@ static void v4_to_v6(struct sockaddr_storage *ss)
memset(&v6->sin6_addr.s6_addr[0], 0, 10);
}
-static int udp_recv_send(int server_fd)
+static int udp_recv_send(int server_fd, bool dont_bind_reply)
{
char cmsg_buf[CMSG_SPACE(sizeof(struct sockaddr_storage))];
struct sockaddr_storage _src_addr = { 0 };
@@ -373,7 +374,7 @@ static int udp_recv_send(int server_fd)
struct iovec iov = { 0 };
struct cmsghdr *cm;
char buf[1];
- int ret, fd;
+ int fd;
ssize_t n;
iov.iov_base = buf;
@@ -415,26 +416,37 @@ static int udp_recv_send(int server_fd)
v4_to_v6(dst_addr);
}
- /* Reply from original destination address. */
- fd = start_server_addr(SOCK_DGRAM, dst_addr, sizeof(*dst_addr), NULL);
- if (!ASSERT_OK_FD(fd, "start_server_addr")) {
- log_err("failed to create tx socket");
- return -1;
- }
+ if (dont_bind_reply) {
+ /* Reply directly from server fd, specifying the source address
+ * and/or port in struct msghdr.
+ */
+ n = sendmsg(server_fd, &msg, 0);
+ if (CHECK(n <= 0, "sendmsg", "failed\n")) {
+ log_err("failed to send echo reply");
+ return -1;
+ }
+ } else {
+ /* Reply from original destination address. */
+ fd = start_server_addr(SOCK_DGRAM, dst_addr, sizeof(*dst_addr),
+ NULL);
+ if (!ASSERT_OK_FD(fd, "start_server_addr")) {
+ log_err("failed to create tx socket");
+ return -1;
+ }
- msg.msg_control = NULL;
- msg.msg_controllen = 0;
- n = sendmsg(fd, &msg, 0);
- if (CHECK(n <= 0, "sendmsg", "failed\n")) {
- log_err("failed to send echo reply");
- ret = -1;
- goto out;
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+ n = sendmsg(fd, &msg, 0);
+ if (CHECK(n <= 0, "sendmsg", "failed\n")) {
+ log_err("failed to send echo reply");
+ close(fd);
+ return -1;
+ }
+
+ close(fd);
}
- ret = 0;
-out:
- close(fd);
- return ret;
+ return 0;
}
static int tcp_echo_test(int client_fd, int server_fd)
@@ -454,14 +466,14 @@ static int tcp_echo_test(int client_fd, int server_fd)
return 0;
}
-static int udp_echo_test(int client_fd, int server_fd)
+static int udp_echo_test(int client_fd, int server_fd, bool dont_bind_reply)
{
int err;
err = send_byte(client_fd);
if (err)
return -1;
- err = udp_recv_send(server_fd);
+ err = udp_recv_send(server_fd, dont_bind_reply);
if (err)
return -1;
err = recv_byte(client_fd);
@@ -653,7 +665,8 @@ static void run_lookup_prog(const struct test *t)
if (t->sotype == SOCK_STREAM)
tcp_echo_test(client_fd, server_fds[t->accept_on]);
else
- udp_echo_test(client_fd, server_fds[t->accept_on]);
+ udp_echo_test(client_fd, server_fds[t->accept_on],
+ t->dont_bind_reply);
close(client_fd);
close:
@@ -775,6 +788,16 @@ static void test_redirect_lookup(struct test_sk_lookup *skel)
.listen_at = { INT_IP4, INT_PORT },
.accept_on = SERVER_B,
},
+ {
+ .desc = "UDP IPv4 redir different ports",
+ .lookup_prog = skel->progs.select_sock_a_no_reuseport,
+ .sock_map = skel->maps.redir_map,
+ .sotype = SOCK_DGRAM,
+ .connect_to = { EXT_IP4, EXT_PORT },
+ .listen_at = { INT_IP4, INT_PORT },
+ .accept_on = SERVER_A,
+ .dont_bind_reply = true,
+ },
{
.desc = "UDP IPv4 redir and reuseport with conns",
.lookup_prog = skel->progs.select_sock_a,
--
2.34.1
Powered by blists - more mailing lists