Commit 70a00e2f authored by Martin KaFai Lau's avatar Martin KaFai Lau Committed by Daniel Borkmann

selftests/bpf: Test bpf_skb_adjust_room on CHECKSUM_PARTIAL

When the bpf_skb_adjust_room() shrinks the skb such that its csum_start
is invalid, the skb->ip_summed should be reset from CHECKSUM_PARTIAL to
CHECKSUM_NONE.

The commit 54c3f1a8 ("bpf: pull before calling skb_postpull_rcsum()")
fixed it.

This patch adds a test to ensure the skb->ip_summed changed from
CHECKSUM_PARTIAL to CHECKSUM_NONE after bpf_skb_adjust_room().
Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarStanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/bpf/20221221185653.1589961-1-martin.lau@linux.dev
parent 54c3f1a8
...@@ -14,6 +14,7 @@ cgrp_kfunc # JIT does not support calling kernel f ...@@ -14,6 +14,7 @@ cgrp_kfunc # JIT does not support calling kernel f
cgrp_local_storage # prog_attach unexpected error: -524 (trampoline) cgrp_local_storage # prog_attach unexpected error: -524 (trampoline)
core_read_macros # unknown func bpf_probe_read#4 (overlapping) core_read_macros # unknown func bpf_probe_read#4 (overlapping)
d_path # failed to auto-attach program 'prog_stat': -524 (trampoline) d_path # failed to auto-attach program 'prog_stat': -524 (trampoline)
decap_sanity # JIT does not support calling kernel function (kfunc)
deny_namespace # failed to attach: ERROR: strerror_r(-524)=22 (trampoline) deny_namespace # failed to attach: ERROR: strerror_r(-524)=22 (trampoline)
dummy_st_ops # test_run unexpected error: -524 (errno 524) (trampoline) dummy_st_ops # test_run unexpected error: -524 (errno 524) (trampoline)
fentry_fexit # fentry attach failed: -524 (trampoline) fentry_fexit # fentry attach failed: -524 (trampoline)
......
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>
#include <linux/in6.h>
#include "test_progs.h"
#include "network_helpers.h"
#include "decap_sanity.skel.h"
#define SYS(fmt, ...) \
({ \
char cmd[1024]; \
snprintf(cmd, sizeof(cmd), fmt, ##__VA_ARGS__); \
if (!ASSERT_OK(system(cmd), cmd)) \
goto fail; \
})
#define NS_TEST "decap_sanity_ns"
#define IPV6_IFACE_ADDR "face::1"
#define UDP_TEST_PORT 7777
void test_decap_sanity(void)
{
LIBBPF_OPTS(bpf_tc_hook, qdisc_hook, .attach_point = BPF_TC_EGRESS);
LIBBPF_OPTS(bpf_tc_opts, tc_attach);
struct nstoken *nstoken = NULL;
struct decap_sanity *skel;
struct sockaddr_in6 addr;
socklen_t addrlen;
char buf[128] = {};
int sockfd, err;
skel = decap_sanity__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel open_and_load"))
return;
SYS("ip netns add %s", NS_TEST);
SYS("ip -net %s -6 addr add %s/128 dev lo nodad", NS_TEST, IPV6_IFACE_ADDR);
SYS("ip -net %s link set dev lo up", NS_TEST);
nstoken = open_netns(NS_TEST);
if (!ASSERT_OK_PTR(nstoken, "open_netns"))
goto fail;
qdisc_hook.ifindex = if_nametoindex("lo");
if (!ASSERT_GT(qdisc_hook.ifindex, 0, "if_nametoindex lo"))
goto fail;
err = bpf_tc_hook_create(&qdisc_hook);
if (!ASSERT_OK(err, "create qdisc hook"))
goto fail;
tc_attach.prog_fd = bpf_program__fd(skel->progs.decap_sanity);
err = bpf_tc_attach(&qdisc_hook, &tc_attach);
if (!ASSERT_OK(err, "attach filter"))
goto fail;
addrlen = sizeof(addr);
err = make_sockaddr(AF_INET6, IPV6_IFACE_ADDR, UDP_TEST_PORT,
(void *)&addr, &addrlen);
if (!ASSERT_OK(err, "make_sockaddr"))
goto fail;
sockfd = socket(AF_INET6, SOCK_DGRAM, 0);
if (!ASSERT_NEQ(sockfd, -1, "socket"))
goto fail;
err = sendto(sockfd, buf, sizeof(buf), 0, (void *)&addr, addrlen);
close(sockfd);
if (!ASSERT_EQ(err, sizeof(buf), "send"))
goto fail;
ASSERT_TRUE(skel->bss->init_csum_partial, "init_csum_partial");
ASSERT_TRUE(skel->bss->final_csum_none, "final_csum_none");
ASSERT_FALSE(skel->bss->broken_csum_start, "broken_csum_start");
fail:
if (nstoken) {
bpf_tc_hook_destroy(&qdisc_hook);
close_netns(nstoken);
}
system("ip netns del " NS_TEST " >& /dev/null");
decap_sanity__destroy(skel);
}
...@@ -50,6 +50,12 @@ ...@@ -50,6 +50,12 @@
#define ICSK_TIME_LOSS_PROBE 5 #define ICSK_TIME_LOSS_PROBE 5
#define ICSK_TIME_REO_TIMEOUT 6 #define ICSK_TIME_REO_TIMEOUT 6
#define ETH_HLEN 14
#define ETH_P_IPV6 0x86DD
#define CHECKSUM_NONE 0
#define CHECKSUM_PARTIAL 3
#define IFNAMSIZ 16 #define IFNAMSIZ 16
#define RTF_GATEWAY 0x0002 #define RTF_GATEWAY 0x0002
......
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
#define UDP_TEST_PORT 7777
void *bpf_cast_to_kern_ctx(void *) __ksym;
bool init_csum_partial = false;
bool final_csum_none = false;
bool broken_csum_start = false;
static unsigned int skb_headlen(const struct sk_buff *skb)
{
return skb->len - skb->data_len;
}
static unsigned int skb_headroom(const struct sk_buff *skb)
{
return skb->data - skb->head;
}
static int skb_checksum_start_offset(const struct sk_buff *skb)
{
return skb->csum_start - skb_headroom(skb);
}
SEC("tc")
int decap_sanity(struct __sk_buff *skb)
{
struct sk_buff *kskb;
struct ipv6hdr ip6h;
struct udphdr udph;
int err;
if (skb->protocol != __bpf_constant_htons(ETH_P_IPV6))
return TC_ACT_SHOT;
if (bpf_skb_load_bytes(skb, ETH_HLEN, &ip6h, sizeof(ip6h)))
return TC_ACT_SHOT;
if (ip6h.nexthdr != IPPROTO_UDP)
return TC_ACT_SHOT;
if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(ip6h), &udph, sizeof(udph)))
return TC_ACT_SHOT;
if (udph.dest != __bpf_constant_htons(UDP_TEST_PORT))
return TC_ACT_SHOT;
kskb = bpf_cast_to_kern_ctx(skb);
init_csum_partial = (kskb->ip_summed == CHECKSUM_PARTIAL);
err = bpf_skb_adjust_room(skb, -(s32)(ETH_HLEN + sizeof(ip6h) + sizeof(udph)),
1, BPF_F_ADJ_ROOM_FIXED_GSO);
if (err)
return TC_ACT_SHOT;
final_csum_none = (kskb->ip_summed == CHECKSUM_NONE);
if (kskb->ip_summed == CHECKSUM_PARTIAL &&
(unsigned int)skb_checksum_start_offset(kskb) >= skb_headlen(kskb))
broken_csum_start = true;
return TC_ACT_SHOT;
}
char __license[] SEC("license") = "GPL";
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment