Message ID | 20200117070533.402240-1-komachi.yoshiki@gmail.com |
---|---|
Headers | show |
Series | Fix the classification based on port ranges in bpf hook | expand |
On 1/17/20 8:05 AM, Yoshiki Komachi wrote: > When I tried a test based on the selftest program for BPF flow dissector > (test_flow_dissector.sh), I observed unexpected result as below: > > $ tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \ > udp src_port 8-10 action drop > $ tools/testing/selftests/bpf/test_flow_dissector -i 4 -f 9 -F > inner.dest4: 127.0.0.1 > inner.source4: 127.0.0.3 > pkts: tx=10 rx=10 > > The last rx means the number of received packets. I expected rx=0 in this > test (i.e., all received packets should have been dropped), but it resulted > in acceptance. > > Although the previous commit 8ffb055beae5 ("cls_flower: Fix the behavior > using port ranges with hw-offload") added new flag and field toward filtering > based on port ranges with hw-offload, it missed applying for BPF flow dissector > then. As a result, BPF flow dissector currently stores data extracted from > packets in incorrect field used for exact match whenever packets are classified > by filters based on port ranges. Thus, they never match rules in such cases > because flow dissector gives rise to generating incorrect flow keys. > > This series fixes the issue by replacing incorrect flag and field with new > ones in BPF flow dissector, and adds a test for filtering based on specified > port ranges to the existing selftest program. > > Changes in v2: > - set key_ports to NULL at the top of __skb_flow_bpf_to_target() > > Yoshiki Komachi (2): > flow_dissector: Fix to use new variables for port ranges in bpf hook > selftests/bpf: Add test based on port range for BPF flow dissector > > net/core/flow_dissector.c | 9 ++++++++- > tools/testing/selftests/bpf/test_flow_dissector.sh | 14 ++++++++++++++ > 2 files changed, 22 insertions(+), 1 deletion(-) > Applied, thanks!