lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 15 Jan 2020 22:35:29 +0000
From:   Hanlin Shi <hanlins@...are.com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC:     Cheng-Chun William Tu <tuc@...are.com>
Subject: Veth pair swallow packets for XDP_TX operation

Hi community,

I’m prototyping an XDP program, and the hit issues with XDP_TX operation on veth device. The following code snippet is working as expected on 4.15.0-54-generic, but is NOT working on 4.20.17-042017-lowlatency (I got the kernel here: https://kernel.ubuntu.com/~kernel-ppa/mainline/v4.20.17/).

Here’s my setup: I created a veth pair (namely veth1 and veth2), and put them in two namespaces (namely ns1 and ns2). I assigned address 60.0.0.1 on veth1 and 60.0.0.2 on veth2, set the device as the default interface in its namespace respectively (e.g. in ns1, do “ip r set default dev veth1”). Then in ns1, I ping 60.0.0.2, and tcpdump on veth1’s RX for ICMP.

Before loading any XDP program on veth2, I can see ICMP replies on veth1 interface. I load a program which do “XDP_TX” for all packets on veth2. I expect to see the same ICMP packet being returned, but I saw nothing.

I added some debugging message in the XDP program so I’m sure that the packet is processed on veth2, but on veth1, even with promisc mode on, I cannot see any ICMP packets or even ARP packets. In my understanding, 4.15 is using generic XDP mode where 4.20 is using native XDP mode for veth, so I guess there’s something wrong with veth native XDP and need some helps on fixing the issue.

Please let me know if you need help on reproducing the issue.

Thanks,
Hanlin

PS: here’s the src code for the XDP program:
#include <stddef.h>
#include <string.h>
#include <linux/if_vlan.h>
#include <stdbool.h>
#include <bpf/bpf_endian.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/in.h>#define DEBUG
#include "bpf_helpers.h"

SEC("xdp")
int loadbal(struct xdp_md *ctx) {
  bpf_printk("got packet, direct return\n");
  return XDP_TX;
}char _license[] SEC("license") = "GPL";

"bpf_helpers.h" can be found here: https://github.com/dropbox/goebpf/raw/master/bpf_helpers.h

Powered by blists - more mailing lists