lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 19 Dec 2022 16:47:01 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     daniel@...earbox.net
Cc:     bpf@...r.kernel.org, netdev@...r.kernel.org,
        Jakub Kicinski <kuba@...nel.org>
Subject: [PATCH bpf 2/2] selftests/bpf: tunnel: add sanity test for checksums

Simple netdevsim based test. Netdevsim will validate xmit'ed
packets, in particular we care about checksum sanity (along
the lines of checks inside skb_checksum_help()). Triggering
skb_checksum_help() directly would require the right HW device
or a crypto device setup, netdevsim is much simpler.

Signed-off-by: Jakub Kicinski <kuba@...nel.org>
---
 drivers/net/netdevsim/netdev.c                |  5 ++++
 tools/testing/selftests/bpf/test_tc_tunnel.sh | 27 +++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/drivers/net/netdevsim/netdev.c b/drivers/net/netdevsim/netdev.c
index 6db6a75ff9b9..e4808a6d37a4 100644
--- a/drivers/net/netdevsim/netdev.c
+++ b/drivers/net/netdevsim/netdev.c
@@ -33,6 +33,11 @@ static netdev_tx_t nsim_start_xmit(struct sk_buff *skb, struct net_device *dev)
 	if (!nsim_ipsec_tx(ns, skb))
 		goto out;
 
+	/* Validate the packet */
+	if (skb->ip_summed == CHECKSUM_PARTIAL)
+		WARN_ON_ONCE((unsigned int)skb_checksum_start_offset(skb) >=
+			     skb_headlen(skb));
+
 	u64_stats_update_begin(&ns->syncp);
 	ns->tx_packets++;
 	ns->tx_bytes += skb->len;
diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh
index 334bdfeab940..4dac87f6a6fa 100755
--- a/tools/testing/selftests/bpf/test_tc_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh
@@ -15,6 +15,7 @@ readonly ns1_v4=192.168.1.1
 readonly ns2_v4=192.168.1.2
 readonly ns1_v6=fd::1
 readonly ns2_v6=fd::2
+readonly nsim_v4=192.168.2.1
 
 # Must match port used by bpf program
 readonly udpport=5555
@@ -67,6 +68,10 @@ cleanup() {
 	if [[ -n $server_pid ]]; then
 		kill $server_pid 2> /dev/null
 	fi
+
+	if [ -e /sys/bus/netdevsim/devices/netdevsim1 ]; then
+	    echo 1 > /sys/bus/netdevsim/del_device
+	fi
 }
 
 server_listen() {
@@ -93,6 +98,25 @@ verify_data() {
 	fi
 }
 
+decap_sanity() {
+    echo "test decap sanity"
+    modprobe netdevsim
+    echo 1 1 > /sys/bus/netdevsim/new_device
+    udevadm settle
+    nsim=$(ls /sys/bus/netdevsim/devices/netdevsim1/net/)
+    ip link set dev $nsim up
+    ip addr add dev $nsim $nsim_v4/24
+
+    tc qdisc add dev $nsim clsact
+    tc filter add dev $nsim egress \
+       bpf direct-action object-file ${BPF_FILE} section decap
+
+    echo abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz | \
+	nc -u 192.168.2.2 7777
+
+    echo 1 > /sys/bus/netdevsim/del_device
+}
+
 set -e
 
 # no arguments: automated test, run all
@@ -138,6 +162,9 @@ if [[ "$#" -eq "0" ]]; then
 		$0 ipv6 ip6udp $mac 2000
 	done
 
+	echo "decap sanity check"
+	decap_sanity
+
 	echo "OK. All tests passed"
 	exit 0
 fi
-- 
2.38.1

Powered by blists - more mailing lists