diff mbox series

[bpf,3/3] bpf, selftests: Adapt cls_redirect to call csum_level helper

Message ID e7458f10e3f3d795307cbc5ad870112671d9c6f7.1591108731.git.daniel@iogearbox.net
State Accepted
Delegated to: BPF Maintainers
Headers show
Series Fix csum unnecessary on bpf_skb_adjust_room | expand

Commit Message

Daniel Borkmann June 2, 2020, 2:58 p.m. UTC 
Adapt bpf_skb_adjust_room() to pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag and
use the new bpf_csum_level() helper to inc/dec the checksum level by one after
the encap/decap.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
 tools/testing/selftests/bpf/progs/test_cls_redirect.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Comments

Lorenz Bauer June 2, 2020, 3:13 p.m. UTC | #1 
On Tue, 2 Jun 2020 at 15:58, Daniel Borkmann <daniel@iogearbox.net> wrote:
>
> Adapt bpf_skb_adjust_room() to pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag and
> use the new bpf_csum_level() helper to inc/dec the checksum level by one after
> the encap/decap.

Just to be on the safe side: we go from
    | ETH | IP | UDP | GUE | IP | TCP |
to
    | ETH | IP | TCP |
by cutting | IP | UDP | GUE | after the Ethernet header.

Since IP is never included in csum_level and because GUE is not eligible for
CHECKSUM_UNNECESSARY we only need to do csum_level-- once, not twice.

If that is correct:
Reviewed-by: Lorenz Bauer <lmb@cloudflare.com>

>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> ---
>  tools/testing/selftests/bpf/progs/test_cls_redirect.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> index 1668b993eb86..f0b72e86bee5 100644
> --- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> +++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> @@ -380,9 +380,10 @@ static ret_t accept_locally(struct __sk_buff *skb, encap_headers_t *encap)
>         }
>
>         if (bpf_skb_adjust_room(skb, -encap_overhead, BPF_ADJ_ROOM_MAC,
> -                               BPF_F_ADJ_ROOM_FIXED_GSO)) {
> +                               BPF_F_ADJ_ROOM_FIXED_GSO |
> +                               BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
> +           bpf_csum_level(skb, BPF_CSUM_LEVEL_DEC))
>                 return TC_ACT_SHOT;
> -       }
>
>         return bpf_redirect(skb->ifindex, BPF_F_INGRESS);
>  }
> @@ -472,7 +473,9 @@ static ret_t forward_with_gre(struct __sk_buff *skb, encap_headers_t *encap,
>         }
>
>         if (bpf_skb_adjust_room(skb, delta, BPF_ADJ_ROOM_NET,
> -                               BPF_F_ADJ_ROOM_FIXED_GSO)) {
> +                               BPF_F_ADJ_ROOM_FIXED_GSO |
> +                               BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
> +           bpf_csum_level(skb, BPF_CSUM_LEVEL_INC)) {
>                 metrics->errors_total_encap_adjust_failed++;
>                 return TC_ACT_SHOT;
>         }
> --
> 2.21.0
>
Daniel Borkmann June 2, 2020, 3:48 p.m. UTC | #2 
On 6/2/20 5:13 PM, Lorenz Bauer wrote:
> On Tue, 2 Jun 2020 at 15:58, Daniel Borkmann <daniel@iogearbox.net> wrote:
>>
>> Adapt bpf_skb_adjust_room() to pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag and
>> use the new bpf_csum_level() helper to inc/dec the checksum level by one after
>> the encap/decap.
> 
> Just to be on the safe side: we go from
>      | ETH | IP | UDP | GUE | IP | TCP |
> to
>      | ETH | IP | TCP |
> by cutting | IP | UDP | GUE | after the Ethernet header.
> 
> Since IP is never included in csum_level and because GUE is not eligible for
> CHECKSUM_UNNECESSARY we only need to do csum_level-- once, not twice.

Yes, that is correct.
diff mbox series

Patch

diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
index 1668b993eb86..f0b72e86bee5 100644
--- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
+++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
@@ -380,9 +380,10 @@  static ret_t accept_locally(struct __sk_buff *skb, encap_headers_t *encap)
 	}
 
 	if (bpf_skb_adjust_room(skb, -encap_overhead, BPF_ADJ_ROOM_MAC,
-				BPF_F_ADJ_ROOM_FIXED_GSO)) {
+				BPF_F_ADJ_ROOM_FIXED_GSO |
+				BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
+	    bpf_csum_level(skb, BPF_CSUM_LEVEL_DEC))
 		return TC_ACT_SHOT;
-	}
 
 	return bpf_redirect(skb->ifindex, BPF_F_INGRESS);
 }
@@ -472,7 +473,9 @@  static ret_t forward_with_gre(struct __sk_buff *skb, encap_headers_t *encap,
 	}
 
 	if (bpf_skb_adjust_room(skb, delta, BPF_ADJ_ROOM_NET,
-				BPF_F_ADJ_ROOM_FIXED_GSO)) {
+				BPF_F_ADJ_ROOM_FIXED_GSO |
+				BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
+	    bpf_csum_level(skb, BPF_CSUM_LEVEL_INC)) {
 		metrics->errors_total_encap_adjust_failed++;
 		return TC_ACT_SHOT;
 	}