| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af28e4e7-8089-b252-3927-a962b98ad7b8@iogearbox.net>
Date: Thu, 3 Dec 2020 00:43:36 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Jesper Dangaard Brouer <brouer@...hat.com>, bpf@...r.kernel.org
Cc: netdev@...r.kernel.org, Daniel Borkmann <borkmann@...earbox.net>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
maze@...gle.com, lmb@...udflare.com, shaun@...era.io,
Lorenzo Bianconi <lorenzo@...nel.org>, marek@...udflare.com,
John Fastabend <john.fastabend@...il.com>,
Jakub Kicinski <kuba@...nel.org>, eyal.birger@...il.com,
colrack@...il.com
Subject: Re: [PATCH bpf-next V8 5/8] bpf: drop MTU check when doing TC-BPF
redirect to ingress
On 11/27/20 7:06 PM, Jesper Dangaard Brouer wrote:
> The use-case for dropping the MTU check when TC-BPF does redirect to
> ingress, is described by Eyal Birger in email[0]. The summary is the
> ability to increase packet size (e.g. with IPv6 headers for NAT64) and
> ingress redirect packet and let normal netstack fragment packet as needed.
>
> [0] https://lore.kernel.org/netdev/CAHsH6Gug-hsLGHQ6N0wtixdOa85LDZ3HNRHVd0opR=19Qo4W4Q@mail.gmail.com/
>
> V4:
> - Keep net_device "up" (IFF_UP) check.
> - Adjustment to handle bpf_redirect_peer() helper
>
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
> ---
> include/linux/netdevice.h | 31 +++++++++++++++++++++++++++++--
> net/core/dev.c | 19 ++-----------------
> net/core/filter.c | 14 +++++++++++---
> 3 files changed, 42 insertions(+), 22 deletions(-)
>
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index 7ce648a564f7..4a854e09e918 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -3917,11 +3917,38 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb);
> bool is_skb_forwardable(const struct net_device *dev,
> const struct sk_buff *skb);
>
> +static __always_inline bool __is_skb_forwardable(const struct net_device *dev,
> + const struct sk_buff *skb,
> + const bool check_mtu)
> +{
> + const u32 vlan_hdr_len = 4; /* VLAN_HLEN */
> + unsigned int len;
> +
> + if (!(dev->flags & IFF_UP))
> + return false;
> +
> + if (!check_mtu)
> + return true;
> +
> + len = dev->mtu + dev->hard_header_len + vlan_hdr_len;
> + if (skb->len <= len)
> + return true;
> +
> + /* if TSO is enabled, we don't care about the length as the packet
> + * could be forwarded without being segmented before
> + */
> + if (skb_is_gso(skb))
> + return true;
> +
> + return false;
> +}
> +
> static __always_inline int ____dev_forward_skb(struct net_device *dev,
> - struct sk_buff *skb)
> + struct sk_buff *skb,
> + const bool check_mtu)
> {
> if (skb_orphan_frags(skb, GFP_ATOMIC) ||
> - unlikely(!is_skb_forwardable(dev, skb))) {
> + unlikely(!__is_skb_forwardable(dev, skb, check_mtu))) {
> atomic_long_inc(&dev->rx_dropped);
> kfree_skb(skb);
> return NET_RX_DROP;
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 60d325bda0d7..6ceb6412ee97 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -2189,28 +2189,13 @@ static inline void net_timestamp_set(struct sk_buff *skb)
>
> bool is_skb_forwardable(const struct net_device *dev, const struct sk_buff *skb)
> {
> - unsigned int len;
> -
> - if (!(dev->flags & IFF_UP))
> - return false;
> -
> - len = dev->mtu + dev->hard_header_len + VLAN_HLEN;
> - if (skb->len <= len)
> - return true;
> -
> - /* if TSO is enabled, we don't care about the length as the packet
> - * could be forwarded without being segmented before
> - */
> - if (skb_is_gso(skb))
> - return true;
> -
> - return false;
> + return __is_skb_forwardable(dev, skb, true);
> }
> EXPORT_SYMBOL_GPL(is_skb_forwardable);
Only user of is_skb_forwardable() that is left after this patch is bridge, maybe
the whole thing should be moved into the header?
> int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
> {
> - int ret = ____dev_forward_skb(dev, skb);
> + int ret = ____dev_forward_skb(dev, skb, true);
>
> if (likely(!ret)) {
> skb->protocol = eth_type_trans(skb, dev);
> diff --git a/net/core/filter.c b/net/core/filter.c
> index d6125cfc49c3..4673afe59533 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -2083,13 +2083,21 @@ static const struct bpf_func_proto bpf_csum_level_proto = {
>
> static inline int __bpf_rx_skb(struct net_device *dev, struct sk_buff *skb)
> {
> - return dev_forward_skb(dev, skb);
> + int ret = ____dev_forward_skb(dev, skb, false);
> +
> + if (likely(!ret)) {
> + skb->protocol = eth_type_trans(skb, dev);
> + skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
> + ret = netif_rx(skb);
Why netif_rx() and not netif_rx_internal() as in dev_forward_skb() originally?
One extra call otherwise.
> + }
> +
> + return ret;
> }
>
> static inline int __bpf_rx_skb_no_mac(struct net_device *dev,
> struct sk_buff *skb)
> {
> - int ret = ____dev_forward_skb(dev, skb);
> + int ret = ____dev_forward_skb(dev, skb, false);
>
> if (likely(!ret)) {
> skb->dev = dev;
> @@ -2480,7 +2488,7 @@ int skb_do_redirect(struct sk_buff *skb)
> goto out_drop;
> dev = ops->ndo_get_peer_dev(dev);
> if (unlikely(!dev ||
> - !is_skb_forwardable(dev, skb) ||
> + !__is_skb_forwardable(dev, skb, false) ||
If we only use __is_skb_forwardable() with false directly here, maybe then
lets just have the !(dev->flags & IFF_UP) test here instead..
> net_eq(net, dev_net(dev))))
> goto out_drop;
> skb->dev = dev;
>
>
Powered by blists - more mailing lists