Message ID | 20200802182638.77377-2-zeil@yandex-team.ru |
---|---|
State | Changes Requested |
Delegated to: | BPF Maintainers |
Headers | show |
Series | bpf: cgroup skb improvements for bpf_prog_test_run | expand |
On 8/2/20 11:26 AM, Dmitry Yakunin wrote: > Now it's impossible to test all branches of cgroup_skb bpf program which > accesses skb->family and skb->{local,remote}_ip{4,6} fields because they > are zeroed during socket allocation. This commit fills socket family and > addresses from related fields in constructed skb. > > v2: > - fix build without CONFIG_IPV6 (kernel test robot <lkp@intel.com>) > > Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru> > --- > net/bpf/test_run.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c > index b03c469..2521b27 100644 > --- a/net/bpf/test_run.c > +++ b/net/bpf/test_run.c > @@ -449,6 +449,23 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, > skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev); > skb_reset_network_header(skb); > At this point, there is no guarantee the skb contains these headers. You will have to add safety checks against skb->len > + switch (skb->protocol) { > + case htons(ETH_P_IP): > + sk->sk_family = AF_INET; > + sk->sk_rcv_saddr = ip_hdr(skb)->saddr; > + sk->sk_daddr = ip_hdr(skb)->daddr; > + break; > +#if IS_ENABLED(CONFIG_IPV6) > + case htons(ETH_P_IPV6): > + sk->sk_family = AF_INET6; > + sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr; > + sk->sk_v6_daddr = ipv6_hdr(skb)->daddr; > + break; > +#endif > + default: > + break; > + } > + > if (is_l2) > __skb_push(skb, hh_len); > if (is_direct_pkt_access) >
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index b03c469..2521b27 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -449,6 +449,23 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev); skb_reset_network_header(skb); + switch (skb->protocol) { + case htons(ETH_P_IP): + sk->sk_family = AF_INET; + sk->sk_rcv_saddr = ip_hdr(skb)->saddr; + sk->sk_daddr = ip_hdr(skb)->daddr; + break; +#if IS_ENABLED(CONFIG_IPV6) + case htons(ETH_P_IPV6): + sk->sk_family = AF_INET6; + sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr; + sk->sk_v6_daddr = ipv6_hdr(skb)->daddr; + break; +#endif + default: + break; + } + if (is_l2) __skb_push(skb, hh_len); if (is_direct_pkt_access)
Now it's impossible to test all branches of cgroup_skb bpf program which accesses skb->family and skb->{local,remote}_ip{4,6} fields because they are zeroed during socket allocation. This commit fills socket family and addresses from related fields in constructed skb. v2: - fix build without CONFIG_IPV6 (kernel test robot <lkp@intel.com>) Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru> --- net/bpf/test_run.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)