[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOftzPgLWV8fVJpwYSpcOotDo7r=RgLyh2yQUZXKaC5HVK9SfQ@mail.gmail.com>
Date: Thu, 4 Oct 2018 11:33:18 -0700
From: Joe Stringer <joe@...d.net.nz>
To: daniel@...earbox.net
Cc: Joe Stringer <joe@...d.net.nz>, netdev <netdev@...r.kernel.org>,
ast@...nel.org
Subject: Re: [PATCH bpf-next] net: core: Fix build with CONFIG_IPV6=m
On Thu, 4 Oct 2018 at 01:48, Daniel Borkmann <daniel@...earbox.net> wrote:
>
> On 10/03/2018 07:32 AM, Joe Stringer wrote:
> > Stephen Rothwell reports the following link failure with IPv6 as module:
> >
> > x86_64-linux-gnu-ld: net/core/filter.o: in function `sk_lookup':
> > (.text+0x19219): undefined reference to `__udp6_lib_lookup'
> >
> > Fix the build by only enabling the IPv6 socket lookup if IPv6 support is
> > compiled into the kernel.
> >
> > Signed-off-by: Joe Stringer <joe@...d.net.nz>
> > ---
> > net/core/filter.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 591c698bc517..30c6b2d3ef16 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -4838,7 +4838,7 @@ struct sock *sk_lookup(struct net *net, struct bpf_sock_tuple *tuple,
> > sk = __udp4_lib_lookup(net, src4, tuple->ipv4.sport,
> > dst4, tuple->ipv4.dport,
> > dif, sdif, &udp_table, skb);
> > -#if IS_ENABLED(CONFIG_IPV6)
> > +#if IS_REACHABLE(CONFIG_IPV6)
> > } else {
> > struct in6_addr *src6 = (struct in6_addr *)&tuple->ipv6.saddr;
> > struct in6_addr *dst6 = (struct in6_addr *)&tuple->ipv6.daddr;
> >
>
> Applied as a quick fix, thanks Joe, but ideally this should also work when ipv6
> is compiled as a module. There's the ipv6_bpf_stub, which does that job for other
> helpers that would call into v6 code out of the builtin filter.c, so I think we
> should follow the same approach here as well. See commit d74bad4e74ee ("bpf:
> Hooks for sys_connect").
Thanks for the pointers, I'll look into that.
To confirm my understanding, is it possible to unload the IPv6 module?
I don't see any code that uninitializes "ipv6_bpf_stub". Seems like a
simple conditional check on that variable should be enough to gate its
usage from packet paths where sk_lookup could be invoked (Given that
the system could receive any packets, including IPv6 when the module
is not loaded).
Cheers,
Joe
Powered by blists - more mailing lists