lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Jan 2020 18:01:32 +0900 From: Toshiaki Makita <toshiaki.makita1@...il.com> To: Hanlin Shi <hanlins@...are.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Cc: Cheng-Chun William Tu <tuc@...are.com> Subject: Re: Veth pair swallow packets for XDP_TX operation Hi Hanlin, On 2020/01/16 7:35, Hanlin Shi wrote: > Hi community, > > I’m prototyping an XDP program, and the hit issues with XDP_TX operation on veth device. The following code snippet is working as expected on 4.15.0-54-generic, but is NOT working on 4.20.17-042017-lowlatency (I got the kernel here: https://kernel.ubuntu.com/~kernel-ppa/mainline/v4.20.17/). > > Here’s my setup: I created a veth pair (namely veth1 and veth2), and put them in two namespaces (namely ns1 and ns2). I assigned address 60.0.0.1 on veth1 and 60.0.0.2 on veth2, set the device as the default interface in its namespace respectively (e.g. in ns1, do “ip r set default dev veth1”). Then in ns1, I ping 60.0.0.2, and tcpdump on veth1’s RX for ICMP. > > Before loading any XDP program on veth2, I can see ICMP replies on veth1 interface. I load a program which do “XDP_TX” for all packets on veth2. I expect to see the same ICMP packet being returned, but I saw nothing. > > I added some debugging message in the XDP program so I’m sure that the packet is processed on veth2, but on veth1, even with promisc mode on, I cannot see any ICMP packets or even ARP packets. In my understanding, 4.15 is using generic XDP mode where 4.20 is using native XDP mode for veth, so I guess there’s something wrong with veth native XDP and need some helps on fixing the issue. You need to load a dummy program to receive packets from peer XDP_TX when using native veth XDP. The dummy program is something like this: int xdp_pass(struct xdp_md *ctx) { return XDP_PASS; } And load this program on "veth1". For more information please refer to this slides. https://netdevconf.info/0x13/session.html?talk-veth-xdp Also there is a working example here. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/bpf/test_xdp_veth.sh Toshiaki Makita > > Please let me know if you need help on reproducing the issue. > > Thanks, > Hanlin > > PS: here’s the src code for the XDP program: > #include <stddef.h> > #include <string.h> > #include <linux/if_vlan.h> > #include <stdbool.h> > #include <bpf/bpf_endian.h> > #include <linux/if_ether.h> > #include <linux/ip.h> > #include <linux/tcp.h> > #include <linux/udp.h> > #include <linux/in.h>#define DEBUG > #include "bpf_helpers.h" > > SEC("xdp") > int loadbal(struct xdp_md *ctx) { > bpf_printk("got packet, direct return\n"); > return XDP_TX; > }char _license[] SEC("license") = "GPL"; > > "bpf_helpers.h" can be found here: https://github.com/dropbox/goebpf/raw/master/bpf_helpers.h >
Powered by blists - more mailing lists