| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzakwPD-63UGUekpSSxy+KordBf2Hs5+bqcFkyzv8y7YOQ@mail.gmail.com>
Date: Wed, 27 Apr 2022 12:42:38 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Eyal Birger <eyal.birger@...il.com>
Cc: Shuah Khan <shuah@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
john fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, posk@...gle.com,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf] selftests/bpf: test setting tunnel key from lwt xmit
On Sun, Apr 24, 2022 at 9:53 AM Eyal Birger <eyal.birger@...il.com> wrote:
>
> This commit adds test_egress_md() tests which perform a similar flow as
> test_egress() only that they use gre devices in collect_md mode and set
> the tunnel key from lwt bpf xmit.
>
> VRF scenarios are not checked since it is currently not possible to set
> the underlying device or vrf from bpf_set_tunnel_key().
>
> This introduces minor changes to the existing setup for consistency with
> the new tests:
>
> - GRE key must exist as bpf_set_tunnel_key() explicitly sets the
> TUNNEL_KEY flag
>
> - Source address for GRE traffic is set to IPv*_5 instead of IPv*_1 since
> GRE traffic is sent via veth5 so its address is selected when using
> bpf_set_tunnel_key()
>
> Signed-off-by: Eyal Birger <eyal.birger@...il.com>
> ---
> .../selftests/bpf/progs/test_lwt_ip_encap.c | 51 ++++++++++-
> .../selftests/bpf/test_lwt_ip_encap.sh | 85 ++++++++++++++++++-
> 2 files changed, 128 insertions(+), 8 deletions(-)
>
[...]
> @@ -73,6 +77,7 @@ int bpf_lwt_encap_gre6(struct __sk_buff *skb)
> hdr.ip6hdr.daddr.s6_addr[15] = 1;
>
> hdr.greh.protocol = skb->protocol;
> + hdr.greh.flags = bpf_htons(GRE_KEY);
>
> err = bpf_lwt_push_encap(skb, BPF_LWT_ENCAP_IP, &hdr,
> sizeof(struct encap_hdr));
> @@ -82,4 +87,42 @@ int bpf_lwt_encap_gre6(struct __sk_buff *skb)
> return BPF_LWT_REROUTE;
> }
>
> +SEC("encap_gre_md")
This is not a section name that's supported by libbpf in it's strict
1.0 mode. Please update all SEC() definition to be compliant. Is this
SEC("tc") case?
> +int bpf_lwt_encap_gre_md(struct __sk_buff *skb)
> +{
> + struct bpf_tunnel_key key;
> + int err;
> +
> + __builtin_memset(&key, 0x0, sizeof(key));
> + key.remote_ipv4 = 0xac101064; /* 172.16.16.100 - always in host order */
> + key.tunnel_ttl = 0x40;
> + err = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
> + BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER);
> + if (err)
> + return BPF_DROP;
> +
> + return BPF_OK;
> +}
> +
[...]
Powered by blists - more mailing lists