Adjust packets in SK_SKB verdict program

Adjust packets in SK_SKB verdict program

[farbod shahinfar]

Hello everyone,

I have a question about sk_skb eBPF hook. Specifically my question is 
about resizing packets in the sk_skb verdict programs using 
`bpf_skb_adjust_room`. The issue is that even though I call this helper 
and it returns successfully, after redirecting the packet, the size of 
the packet received on the other side of the socket (userspace app) has 
the original size.

I believe that this helper works properly and it really increases the 
skb room. Also after invoking this helper, the verifier won't complain 
about out of packet accesses. I think the issue is that the length would 
be overwritten by the value from the  stream parser before redirecting 
the skb (look at [1]).

Looking at the implementation of `bpf_skb_adjust_room` helper function  
(here [2]), it seems that at line [3] the stream parser value is updated 
if there is a context for the TLS program. In my test environment this 
update is not happening (I checked by adding printk). I am not 
interested in kTLS, so it makes sense to me that this branch is not 
taken. But it also makes me wonder if there should be a similar thing 
for other sk_skb programs. Am I missing a point?

My question is, can a sk_skb verdict program resize the packet it redirects?

Just for the sake of testing, I added some changes to update the stream 
parser length value with respect to room adjustment and it solves the 
issue. But I wonder if I have missed the point.

[1] https://github.com/torvalds/linux/blob/master/net/core/skmsg.c#L664
[2] https://github.com/torvalds/linux/blob/master/net/core/filter.c#L3536
[3] https://github.com/torvalds/linux/blob/master/net/core/filter.c#L3562


Sincerely,
Farbod