lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Jul 2020 02:04:52 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: Jakub Sitnicki <jakub@...udflare.com> Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>, bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>, kernel-team <kernel-team@...udflare.com>, Alexei Starovoitov <ast@...nel.org>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org> Subject: Re: [PATCH bpf-next v5 15/15] selftests/bpf: Tests for BPF_SK_LOOKUP attach point On 7/29/20 10:55 AM, Jakub Sitnicki wrote: > Hi Daniel, > > On Tue, Jul 28, 2020 at 10:47 PM CEST, Daniel Borkmann wrote: > > [...] > >> Jakub, I'm actually seeing a slightly different one on my test machine with sk_lookup: >> >> # ./test_progs -t sk_lookup >> #14 cgroup_skb_sk_lookup:OK >> #73/1 query lookup prog:OK >> #73/2 TCP IPv4 redir port:OK >> #73/3 TCP IPv4 redir addr:OK >> #73/4 TCP IPv4 redir with reuseport:OK >> #73/5 TCP IPv4 redir skip reuseport:OK >> #73/6 TCP IPv6 redir port:OK >> #73/7 TCP IPv6 redir addr:OK >> #73/8 TCP IPv4->IPv6 redir port:OK >> #73/9 TCP IPv6 redir with reuseport:OK >> #73/10 TCP IPv6 redir skip reuseport:OK >> #73/11 UDP IPv4 redir port:OK >> #73/12 UDP IPv4 redir addr:OK >> #73/13 UDP IPv4 redir with reuseport:OK >> attach_lookup_prog:PASS:open 0 nsec >> attach_lookup_prog:PASS:bpf_program__attach_netns 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> update_lookup_map:PASS:bpf_map__fd 0 nsec >> update_lookup_map:PASS:bpf_map_update_elem 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> update_lookup_map:PASS:bpf_map__fd 0 nsec >> update_lookup_map:PASS:bpf_map_update_elem 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> run_lookup_prog:PASS:getsockname 0 nsec >> run_lookup_prog:PASS:connect 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_client:PASS:make_client 0 nsec >> send_byte:PASS:send_byte 0 nsec >> udp_recv_send:FAIL:recvmsg failed >> (/root/bpf-next/tools/testing/selftests/bpf/prog_tests/sk_lookup.c:339: errno: Resource temporarily unavailable) failed to receive >> #73/14 UDP IPv4 redir and reuseport with conns:FAIL >> #73/15 UDP IPv4 redir skip reuseport:OK >> #73/16 UDP IPv6 redir port:OK >> #73/17 UDP IPv6 redir addr:OK >> #73/18 UDP IPv4->IPv6 redir port:OK >> #73/19 UDP IPv6 redir and reuseport:OK >> attach_lookup_prog:PASS:open 0 nsec >> attach_lookup_prog:PASS:bpf_program__attach_netns 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> update_lookup_map:PASS:bpf_map__fd 0 nsec >> update_lookup_map:PASS:bpf_map_update_elem 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> update_lookup_map:PASS:bpf_map__fd 0 nsec >> update_lookup_map:PASS:bpf_map_update_elem 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_server:PASS:setsockopt(IP_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(IPV6_RECVORIGDSTADDR) 0 nsec >> make_server:PASS:setsockopt(SO_REUSEPORT) 0 nsec >> make_server:PASS:bind 0 nsec >> make_server:PASS:attach_reuseport 0 nsec >> run_lookup_prog:PASS:getsockname 0 nsec >> run_lookup_prog:PASS:connect 0 nsec >> make_socket:PASS:make_address 0 nsec >> make_socket:PASS:socket 0 nsec >> make_socket:PASS:setsockopt(SO_SNDTIMEO) 0 nsec >> make_socket:PASS:setsockopt(SO_RCVTIMEO) 0 nsec >> make_client:PASS:make_client 0 nsec >> send_byte:PASS:send_byte 0 nsec >> udp_recv_send:FAIL:recvmsg failed >> (/root/bpf-next/tools/testing/selftests/bpf/prog_tests/sk_lookup.c:339: errno: Resource temporarily unavailable) failed to receive >> #73/20 UDP IPv6 redir and reuseport with conns:FAIL >> #73/21 UDP IPv6 redir skip reuseport:OK >> #73/22 TCP IPv4 drop on lookup:OK >> #73/23 TCP IPv6 drop on lookup:OK >> #73/24 UDP IPv4 drop on lookup:OK >> #73/25 UDP IPv6 drop on lookup:OK >> #73/26 TCP IPv4 drop on reuseport:OK >> #73/27 TCP IPv6 drop on reuseport:OK >> #73/28 UDP IPv4 drop on reuseport:OK >> #73/29 TCP IPv6 drop on reuseport:OK >> #73/30 sk_assign returns EEXIST:OK >> #73/31 sk_assign honors F_REPLACE:OK >> #73/32 sk_assign accepts NULL socket:OK >> #73/33 access ctx->sk:OK >> #73/34 narrow access to ctx v4:OK >> #73/35 narrow access to ctx v6:OK >> #73/36 sk_assign rejects TCP established:OK >> #73/37 sk_assign rejects UDP connected:OK >> #73/38 multi prog - pass, pass:OK >> #73/39 multi prog - drop, drop:OK >> #73/40 multi prog - pass, drop:OK >> #73/41 multi prog - drop, pass:OK >> #73/42 multi prog - pass, redir:OK >> #73/43 multi prog - redir, pass:OK >> #73/44 multi prog - drop, redir:OK >> #73/45 multi prog - redir, drop:OK >> #73/46 multi prog - redir, redir:OK >> #73 sk_lookup:FAIL >> Summary: 1/44 PASSED, 0 SKIPPED, 3 FAILED > > This patch addresses the failures: > > https://lore.kernel.org/bpf/20200726120228.1414348-1-jakub@cloudflare.com/ > > It spawned a discussion on what to do about reuseport bpf returning > connected udp sockets, and the conclusion was that it would be best to > change reuseport logic itself if no one is relying on said behavior. > > IOW, I belive the fix does the right thing and can be applied as is. We > get the same reuseport behavior everywhere, that is with regular socket > lookup and BPF sk lookup, even if that behavior needs to be changed. Seems reasonable to me, I've applied it to bpf-next, thanks Jakub!
Powered by blists - more mailing lists