| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Feb 2022 17:19:49 -0800
From: Martin KaFai Lau <kafai@...com>
To: Toke Høiland-Jørgensen <toke@...hat.com>
CC: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Jesper Dangaard Brouer <hawk@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Andrii Nakryiko <andrii@...nel.org>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
KP Singh <kpsingh@...nel.org>, Shuah Khan <shuah@...nel.org>,
<netdev@...r.kernel.org>, <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next v8 5/5] selftests/bpf: Add selftest for
XDP_REDIRECT in BPF_PROG_RUN
On Fri, Feb 18, 2022 at 06:50:29PM +0100, Toke Høiland-Jørgensen wrote:
[ .. ]
> diff --git a/tools/testing/selftests/bpf/progs/test_xdp_do_redirect.c b/tools/testing/selftests/bpf/progs/test_xdp_do_redirect.c
> new file mode 100644
> index 000000000000..af3cffccc794
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_xdp_do_redirect.c
> @@ -0,0 +1,85 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include <vmlinux.h>
> +#include <bpf/bpf_helpers.h>
> +
> +#define ETH_ALEN 6
> +const volatile int ifindex_out;
> +const volatile int ifindex_in;
> +const volatile __u8 expect_dst[ETH_ALEN];
> +volatile int pkts_seen_xdp = 0;
> +volatile int pkts_seen_tc = 0;
> +volatile int retcode = XDP_REDIRECT;
> +
> +SEC("xdp")
> +int xdp_redirect(struct xdp_md *xdp)
> +{
> + __u32 *metadata = (void *)(long)xdp->data_meta;
> + void *data = (void *)(long)xdp->data;
> + int ret = retcode;
> +
> + if (xdp->ingress_ifindex != ifindex_in)
> + return XDP_ABORTED;
> +
> + if (metadata + 1 > data)
> + return XDP_ABORTED;
> +
> + if (*metadata != 0x42)
> + return XDP_ABORTED;
> +
> + if (bpf_xdp_adjust_meta(xdp, 4))
> + return XDP_ABORTED;
> +
> + if (retcode > XDP_PASS)
> + retcode--;
> +
> + if (ret == XDP_REDIRECT)
> + return bpf_redirect(ifindex_out, 0);
> +
> + return ret;
> +}
> +
> +static bool check_pkt(void *data, void *data_end)
> +{
> + struct ethhdr *eth = data;
> + struct ipv6hdr *iph = (void *)(eth + 1);
> + struct udphdr *udp = (void *)(iph + 1);
> + __u8 *payload = (void *)(udp + 1);
> +
> + if (payload + 1 > data_end)
> + return false;
> +
> + if (iph->nexthdr != IPPROTO_UDP || *payload != 0x42)
> + return false;
> +
> + /* reset the payload so the same packet doesn't get counted twice when
> + * it cycles back through the kernel path and out the dst veth
> + */
> + *payload = 0;
> + return true;
> +}
> +
> +SEC("xdp")
> +int xdp_count_pkts(struct xdp_md *xdp)
> +{
> + void *data = (void *)(long)xdp->data;
> + void *data_end = (void *)(long)xdp->data_end;
> +
> + if (check_pkt(data, data_end))
> + pkts_seen_xdp++;
> +
> + return XDP_PASS;
If it is XDP_DROP here (@veth-ingress), the packet will be put back
to the page pool with zero-ed payload and that will be closer to the
real scenario when xmit-ing out of a real NIC instead of veth? Just
to ensure I understand the recycling and pkt rewrite description in
patch 2 correctly because it seems the test always getting
a data init-ed page.
Regarding to the tcp trafficgen in the xdptool repo,
do you have thoughts on how to handle retransmit (e.g. after seeing
SACK or dupack)? Is it possible for the regular xdp receiver (i.e.
not test_run) to directly retransmit it after seeing SACK if it knows
the tcp payload?
An off topic question, I expect the test_run approach is faster.
Mostly curious, do you have a rough guess on what may be the perf
difference with doing it in xsk?
Powered by blists - more mailing lists