lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 31 Jul 2020 02:04:52 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Jakub Sitnicki <jakub@...udflare.com>
Cc:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        kernel-team <kernel-team@...udflare.com>,
        Alexei Starovoitov <ast@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>
Subject: Re: [PATCH bpf-next v5 15/15] selftests/bpf: Tests for BPF_SK_LOOKUP
 attach point

On 7/29/20 10:55 AM, Jakub Sitnicki wrote:
> Hi Daniel,
> 
> On Tue, Jul 28, 2020 at 10:47 PM CEST, Daniel Borkmann wrote:
> 
> [...]
> 
>> Jakub, I'm actually seeing a slightly different one on my test machine with sk_lookup:
>>
>> # ./test_progs -t sk_lookup
>> #14 cgroup_skb_sk_lookup:OK
>> #73/1 query lookup prog:OK
>> #73/2 TCP IPv4 redir port:OK
>> #73/3 TCP IPv4 redir addr:OK
>> #73/4 TCP IPv4 redir with reuseport:OK
>> #73/5 TCP IPv4 redir skip reuseport:OK
>> #73/6 TCP IPv6 redir port:OK
>> #73/7 TCP IPv6 redir addr:OK
>> #73/8 TCP IPv4->IPv6 redir port:OK
>> #73/9 TCP IPv6 redir with reuseport:OK
>> #73/10 TCP IPv6 redir skip reuseport:OK
>> #73/11 UDP IPv4 redir port:OK
>> #73/12 UDP IPv4 redir addr:OK
>> #73/13 UDP IPv4 redir with reuseport:OK
>> attach_lookup_prog:PASS:open 0 nsec
>> attach_lookup_prog:PASS:bpf_program__attach_netns 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> update_lookup_map:PASS:bpf_map__fd 0 nsec
>> update_lookup_map:PASS:bpf_map_update_elem 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> update_lookup_map:PASS:bpf_map__fd 0 nsec
>> update_lookup_map:PASS:bpf_map_update_elem 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> run_lookup_prog:PASS:getsockname 0 nsec
>> run_lookup_prog:PASS:connect 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_client:PASS:make_client 0 nsec
>> send_byte:PASS:send_byte 0 nsec
>> udp_recv_send:FAIL:recvmsg failed
>> (/root/bpf-next/tools/testing/selftests/bpf/prog_tests/sk_lookup.c:339: errno: Resource temporarily unavailable) failed to receive
>> #73/14 UDP IPv4 redir and reuseport with conns:FAIL
>> #73/15 UDP IPv4 redir skip reuseport:OK
>> #73/16 UDP IPv6 redir port:OK
>> #73/17 UDP IPv6 redir addr:OK
>> #73/18 UDP IPv4->IPv6 redir port:OK
>> #73/19 UDP IPv6 redir and reuseport:OK
>> attach_lookup_prog:PASS:open 0 nsec
>> attach_lookup_prog:PASS:bpf_program__attach_netns 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> update_lookup_map:PASS:bpf_map__fd 0 nsec
>> update_lookup_map:PASS:bpf_map_update_elem 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> update_lookup_map:PASS:bpf_map__fd 0 nsec
>> update_lookup_map:PASS:bpf_map_update_elem 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec
>> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec
>> make_server:PASS:bind 0 nsec
>> make_server:PASS:attach_reuseport 0 nsec
>> run_lookup_prog:PASS:getsockname 0 nsec
>> run_lookup_prog:PASS:connect 0 nsec
>> make_socket:PASS:make_address 0 nsec
>> make_socket:PASS:socket 0 nsec
>> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec
>> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec
>> make_client:PASS:make_client 0 nsec
>> send_byte:PASS:send_byte 0 nsec
>> udp_recv_send:FAIL:recvmsg failed
>> (/root/bpf-next/tools/testing/selftests/bpf/prog_tests/sk_lookup.c:339: errno: Resource temporarily unavailable) failed to receive
>> #73/20 UDP IPv6 redir and reuseport with conns:FAIL
>> #73/21 UDP IPv6 redir skip reuseport:OK
>> #73/22 TCP IPv4 drop on lookup:OK
>> #73/23 TCP IPv6 drop on lookup:OK
>> #73/24 UDP IPv4 drop on lookup:OK
>> #73/25 UDP IPv6 drop on lookup:OK
>> #73/26 TCP IPv4 drop on reuseport:OK
>> #73/27 TCP IPv6 drop on reuseport:OK
>> #73/28 UDP IPv4 drop on reuseport:OK
>> #73/29 TCP IPv6 drop on reuseport:OK
>> #73/30 sk_assign returns EEXIST:OK
>> #73/31 sk_assign honors F_REPLACE:OK
>> #73/32 sk_assign accepts NULL socket:OK
>> #73/33 access ctx->sk:OK
>> #73/34 narrow access to ctx v4:OK
>> #73/35 narrow access to ctx v6:OK
>> #73/36 sk_assign rejects TCP established:OK
>> #73/37 sk_assign rejects UDP connected:OK
>> #73/38 multi prog - pass, pass:OK
>> #73/39 multi prog - drop, drop:OK
>> #73/40 multi prog - pass, drop:OK
>> #73/41 multi prog - drop, pass:OK
>> #73/42 multi prog - pass, redir:OK
>> #73/43 multi prog - redir, pass:OK
>> #73/44 multi prog - drop, redir:OK
>> #73/45 multi prog - redir, drop:OK
>> #73/46 multi prog - redir, redir:OK
>> #73 sk_lookup:FAIL
>> Summary: 1/44 PASSED, 0 SKIPPED, 3 FAILED
> 
> This patch addresses the failures:
> 
>    https://lore.kernel.org/bpf/20200726120228.1414348-1-jakub@cloudflare.com/
> 
> It spawned a discussion on what to do about reuseport bpf returning
> connected udp sockets, and the conclusion was that it would be best to
> change reuseport logic itself if no one is relying on said behavior.
> 
> IOW, I belive the fix does the right thing and can be applied as is. We
> get the same reuseport behavior everywhere, that is with regular socket
> lookup and BPF sk lookup, even if that behavior needs to be changed.

Seems reasonable to me, I've applied it to bpf-next, thanks Jakub!

Powered by blists - more mailing lists