* [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu
@ 2021-03-08 14:59 Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 1/2] bpf: BPF-helper for MTU checking add length input Jesper Dangaard Brouer
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2021-03-08 14:59 UTC (permalink / raw)
To: bpf; +Cc: Jesper Dangaard Brouer, netdev, Daniel Borkmann, Alexei Starovoitov
The FIB lookup example[1] show how the IP-header field tot_len
(iph->tot_len) is used as input to perform the MTU check. The recently
added MTU check helper bpf_check_mtu() should also support this type
of MTU check.
Lets add this feature before merge window, please. This is a followup
to 34b2021cc616 ("bpf: Add BPF-helper for MTU checking").
[1] samples/bpf/xdp_fwd_kern.c
---
V2: Fixed spelling and added ACKs from John
Jesper Dangaard Brouer (2):
bpf: BPF-helper for MTU checking add length input
selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param
include/uapi/linux/bpf.h | 16 ++-
net/core/filter.c | 12 ++-
tools/testing/selftests/bpf/prog_tests/check_mtu.c | 4 +
tools/testing/selftests/bpf/progs/test_check_mtu.c | 92 ++++++++++++++++++++
4 files changed, 117 insertions(+), 7 deletions(-)
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH bpf V3 1/2] bpf: BPF-helper for MTU checking add length input
2021-03-08 14:59 [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu Jesper Dangaard Brouer
@ 2021-03-08 14:59 ` Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 2/2] selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param Jesper Dangaard Brouer
2021-03-08 21:50 ` [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2021-03-08 14:59 UTC (permalink / raw)
To: bpf; +Cc: Jesper Dangaard Brouer, netdev, Daniel Borkmann, Alexei Starovoitov
The FIB lookup example[1] show how the IP-header field tot_len
(iph->tot_len) is used as input to perform the MTU check.
This patch extend the BPF-helper bpf_check_mtu() with the same ability
to provide the length as user parameter input, via mtu_len parameter.
[1] samples/bpf/xdp_fwd_kern.c
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
---
include/uapi/linux/bpf.h | 16 +++++++++++-----
net/core/filter.c | 12 ++++++++++--
2 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 79c893310492..4ba4ef0ff63a 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -3850,7 +3850,7 @@ union bpf_attr {
*
* long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags)
* Description
- * Check ctx packet size against exceeding MTU of net device (based
+ * Check packet size against exceeding MTU of net device (based
* on *ifindex*). This helper will likely be used in combination
* with helpers that adjust/change the packet size.
*
@@ -3867,6 +3867,14 @@ union bpf_attr {
* against the current net device. This is practical if this isn't
* used prior to redirect.
*
+ * On input *mtu_len* must be a valid pointer, else verifier will
+ * reject BPF program. If the value *mtu_len* is initialized to
+ * zero then the ctx packet size is use. When value *mtu_len* is
+ * provided as input this specify the L3 length that the MTU check
+ * is done against. Remember XDP and TC length operate at L2, but
+ * this value is L3 as this correlate to MTU and IP-header tot_len
+ * values which are L3 (similar behavior as bpf_fib_lookup).
+ *
* The Linux kernel route table can configure MTUs on a more
* specific per route level, which is not provided by this helper.
* For route level MTU checks use the **bpf_fib_lookup**\ ()
@@ -3891,11 +3899,9 @@ union bpf_attr {
*
* On return *mtu_len* pointer contains the MTU value of the net
* device. Remember the net device configured MTU is the L3 size,
- * which is returned here and XDP and TX length operate at L2.
+ * which is returned here and XDP and TC length operate at L2.
* Helper take this into account for you, but remember when using
- * MTU value in your BPF-code. On input *mtu_len* must be a valid
- * pointer and be initialized (to zero), else verifier will reject
- * BPF program.
+ * MTU value in your BPF-code.
*
* Return
* * 0 on success, and populate MTU value in *mtu_len* pointer.
diff --git a/net/core/filter.c b/net/core/filter.c
index adfdad234674..9323d34d34cc 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5658,7 +5658,7 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb,
if (unlikely(flags & ~(BPF_MTU_CHK_SEGS)))
return -EINVAL;
- if (unlikely(flags & BPF_MTU_CHK_SEGS && len_diff))
+ if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff || *mtu_len)))
return -EINVAL;
dev = __dev_via_ifindex(dev, ifindex);
@@ -5668,7 +5668,11 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb,
mtu = READ_ONCE(dev->mtu);
dev_len = mtu + dev->hard_header_len;
- skb_len = skb->len + len_diff; /* minus result pass check */
+
+ /* If set use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */
+ skb_len = *mtu_len ? *mtu_len + dev->hard_header_len : skb->len;
+
+ skb_len += len_diff; /* minus result pass check */
if (skb_len <= dev_len) {
ret = BPF_MTU_CHK_RET_SUCCESS;
goto out;
@@ -5713,6 +5717,10 @@ BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp,
/* Add L2-header as dev MTU is L3 size */
dev_len = mtu + dev->hard_header_len;
+ /* Use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */
+ if (*mtu_len)
+ xdp_len = *mtu_len + dev->hard_header_len;
+
xdp_len += len_diff; /* minus result pass check */
if (xdp_len > dev_len)
ret = BPF_MTU_CHK_RET_FRAG_NEEDED;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH bpf V3 2/2] selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param
2021-03-08 14:59 [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 1/2] bpf: BPF-helper for MTU checking add length input Jesper Dangaard Brouer
@ 2021-03-08 14:59 ` Jesper Dangaard Brouer
2021-03-08 21:50 ` [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2021-03-08 14:59 UTC (permalink / raw)
To: bpf; +Cc: Jesper Dangaard Brouer, netdev, Daniel Borkmann, Alexei Starovoitov
Add tests that use mtu_len as input parameter in BPF-helper
bpf_check_mtu().
The BPF-helper is avail from both XDP and TC context. Add two tests
per context, one that tests below MTU and one that exceeds the MTU.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
---
tools/testing/selftests/bpf/prog_tests/check_mtu.c | 4 +
tools/testing/selftests/bpf/progs/test_check_mtu.c | 92 ++++++++++++++++++++
2 files changed, 96 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/check_mtu.c b/tools/testing/selftests/bpf/prog_tests/check_mtu.c
index 36af1c138faf..b62a39315336 100644
--- a/tools/testing/selftests/bpf/prog_tests/check_mtu.c
+++ b/tools/testing/selftests/bpf/prog_tests/check_mtu.c
@@ -128,6 +128,8 @@ static void test_check_mtu_xdp(__u32 mtu, __u32 ifindex)
test_check_mtu_run_xdp(skel, skel->progs.xdp_use_helper, mtu);
test_check_mtu_run_xdp(skel, skel->progs.xdp_exceed_mtu, mtu);
test_check_mtu_run_xdp(skel, skel->progs.xdp_minus_delta, mtu);
+ test_check_mtu_run_xdp(skel, skel->progs.xdp_input_len, mtu);
+ test_check_mtu_run_xdp(skel, skel->progs.xdp_input_len_exceed, mtu);
cleanup:
test_check_mtu__destroy(skel);
@@ -187,6 +189,8 @@ static void test_check_mtu_tc(__u32 mtu, __u32 ifindex)
test_check_mtu_run_tc(skel, skel->progs.tc_exceed_mtu, mtu);
test_check_mtu_run_tc(skel, skel->progs.tc_exceed_mtu_da, mtu);
test_check_mtu_run_tc(skel, skel->progs.tc_minus_delta, mtu);
+ test_check_mtu_run_tc(skel, skel->progs.tc_input_len, mtu);
+ test_check_mtu_run_tc(skel, skel->progs.tc_input_len_exceed, mtu);
cleanup:
test_check_mtu__destroy(skel);
}
diff --git a/tools/testing/selftests/bpf/progs/test_check_mtu.c b/tools/testing/selftests/bpf/progs/test_check_mtu.c
index b7787b43f9db..c4a9bae96e75 100644
--- a/tools/testing/selftests/bpf/progs/test_check_mtu.c
+++ b/tools/testing/selftests/bpf/progs/test_check_mtu.c
@@ -105,6 +105,54 @@ int xdp_minus_delta(struct xdp_md *ctx)
return retval;
}
+SEC("xdp")
+int xdp_input_len(struct xdp_md *ctx)
+{
+ int retval = XDP_PASS; /* Expected retval on successful test */
+ void *data_end = (void *)(long)ctx->data_end;
+ void *data = (void *)(long)ctx->data;
+ __u32 ifindex = GLOBAL_USER_IFINDEX;
+ __u32 data_len = data_end - data;
+
+ /* API allow user give length to check as input via mtu_len param,
+ * resulting MTU value is still output in mtu_len param after call.
+ *
+ * Input len is L3, like MTU and iph->tot_len.
+ * Remember XDP data_len is L2.
+ */
+ __u32 mtu_len = data_len - ETH_HLEN;
+
+ if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
+ retval = XDP_ABORTED;
+
+ global_bpf_mtu_xdp = mtu_len;
+ return retval;
+}
+
+SEC("xdp")
+int xdp_input_len_exceed(struct xdp_md *ctx)
+{
+ int retval = XDP_ABORTED; /* Fail */
+ __u32 ifindex = GLOBAL_USER_IFINDEX;
+ int err;
+
+ /* API allow user give length to check as input via mtu_len param,
+ * resulting MTU value is still output in mtu_len param after call.
+ *
+ * Input length value is L3 size like MTU.
+ */
+ __u32 mtu_len = GLOBAL_USER_MTU;
+
+ mtu_len += 1; /* Exceed with 1 */
+
+ err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
+ if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
+ retval = XDP_PASS ; /* Success in exceeding MTU check */
+
+ global_bpf_mtu_xdp = mtu_len;
+ return retval;
+}
+
SEC("classifier")
int tc_use_helper(struct __sk_buff *ctx)
{
@@ -196,3 +244,47 @@ int tc_minus_delta(struct __sk_buff *ctx)
global_bpf_mtu_xdp = mtu_len;
return retval;
}
+
+SEC("classifier")
+int tc_input_len(struct __sk_buff *ctx)
+{
+ int retval = BPF_OK; /* Expected retval on successful test */
+ __u32 ifindex = GLOBAL_USER_IFINDEX;
+
+ /* API allow user give length to check as input via mtu_len param,
+ * resulting MTU value is still output in mtu_len param after call.
+ *
+ * Input length value is L3 size.
+ */
+ __u32 mtu_len = GLOBAL_USER_MTU;
+
+ if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
+ retval = BPF_DROP;
+
+ global_bpf_mtu_xdp = mtu_len;
+ return retval;
+}
+
+SEC("classifier")
+int tc_input_len_exceed(struct __sk_buff *ctx)
+{
+ int retval = BPF_DROP; /* Fail */
+ __u32 ifindex = GLOBAL_USER_IFINDEX;
+ int err;
+
+ /* API allow user give length to check as input via mtu_len param,
+ * resulting MTU value is still output in mtu_len param after call.
+ *
+ * Input length value is L3 size like MTU.
+ */
+ __u32 mtu_len = GLOBAL_USER_MTU;
+
+ mtu_len += 1; /* Exceed with 1 */
+
+ err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
+ if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
+ retval = BPF_OK; /* Success in exceeding MTU check */
+
+ global_bpf_mtu_xdp = mtu_len;
+ return retval;
+}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu
2021-03-08 14:59 [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 1/2] bpf: BPF-helper for MTU checking add length input Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 2/2] selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param Jesper Dangaard Brouer
@ 2021-03-08 21:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-03-08 21:50 UTC (permalink / raw)
To: Jesper Dangaard Brouer; +Cc: bpf, netdev, borkmann, alexei.starovoitov
Hello:
This series was applied to bpf/bpf.git (refs/heads/master):
On Mon, 08 Mar 2021 15:59:13 +0100 you wrote:
> The FIB lookup example[1] show how the IP-header field tot_len
> (iph->tot_len) is used as input to perform the MTU check. The recently
> added MTU check helper bpf_check_mtu() should also support this type
> of MTU check.
>
> Lets add this feature before merge window, please. This is a followup
> to 34b2021cc616 ("bpf: Add BPF-helper for MTU checking").
>
> [...]
Here is the summary with links:
- [bpf,V3,1/2] bpf: BPF-helper for MTU checking add length input
https://git.kernel.org/bpf/bpf/c/e5e35e754c28
- [bpf,V3,2/2] selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param
https://git.kernel.org/bpf/bpf/c/e5e010a3063a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-08 21:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-08 14:59 [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 1/2] bpf: BPF-helper for MTU checking add length input Jesper Dangaard Brouer
2021-03-08 14:59 ` [PATCH bpf V3 2/2] selftests/bpf: Tests using bpf_check_mtu BPF-helper input mtu_len param Jesper Dangaard Brouer
2021-03-08 21:50 ` [PATCH bpf V3 0/2] bpf: Updates for BPF-helper bpf_check_mtu patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).