From patchwork Fri Jan 17 07:05:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoshiki Komachi X-Patchwork-Id: 1224653 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Nkb72vbr; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47zXHV6Vjlz9sRl for ; Fri, 17 Jan 2020 18:09:26 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729188AbgAQHJ0 (ORCPT ); Fri, 17 Jan 2020 02:09:26 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:37020 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729011AbgAQHJ0 (ORCPT ); Fri, 17 Jan 2020 02:09:26 -0500 Received: by mail-pl1-f196.google.com with SMTP id c23so9483135plz.4; Thu, 16 Jan 2020 23:09:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=DCEXZjiPuUDxze4sqKJXmHDwjjbO/PgAp/+TH+NfY1o=; b=Nkb72vbrRG9CkP2Lj9OEsbs1AL4IqDsNYT5BEwrP8XHOHQHEy594SPH+roF8VIObW2 NTOSxtdcnwKemmlhJgPBbECBVP3WRgaZq6Ehc3Qs9DOF4CNwiEQqCrtba3D9NBu9lK8J ENrGs9xXJTo0PkfdGVDKzmruRWbVz3hpgDDbF05xfn3kTezOtu2VSjoMminJKCEQICIb tcGRWTg+YccQFeS/sxGlzXLIqBmhK/yQj1w3lcyhUt34JzUdb9AThZ0Yon+eJXz7wqVM WxIk/+Y0wEl3ivVAroN871+uFOmSFng6bfzhb0ZKkiIkOb1VQ2o/rmZeoKW/OmyUFlR/ 7fUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DCEXZjiPuUDxze4sqKJXmHDwjjbO/PgAp/+TH+NfY1o=; b=nfOm8sV2562u/vjRANhnqTYQVZ7LbwiqPD7w1I9F5+/dzs82pCaUmgvvvcmOKbhZs1 dPA10ht6BsW6TMrhGBe8ft1M1bUx7EiyqwNFm+VuYOLWZunC4PtHy0nZyxg2eG6ezqls CmtERgt+iKkE+rYNU92VH2A0EBABWHDjKr/LVZ3MsB6U9BOV0poSRglpxEtuojN+b1Lo HVvTpjCbio+oxLFB1Oo7LBKxFiKmcec/M2XPPPfvYBkuaY/wRQu+wQq/+Xkcnd7jaZJJ 8fn4XwnfW51kvWYOpbX403q5VX+KsE7ce204Tshu+LA6PXa/Y3c8MW3hoHedlsRygfi4 EaYg== X-Gm-Message-State: APjAAAUcsNgw9KxZFd2CDsw5i8nDa8mO3p48dTAFmnnxMCgRW94LfVsq HsWoHfCLAZN1msqPW6i/Kg8= X-Google-Smtp-Source: APXvYqxlPi81D9YnMewagzW+lZt9lwDL1Kfg2M6Z46J5RqarAXbt2TAGXZc6u2jRpsAii1qnRkmfbA== X-Received: by 2002:a17:90a:98d:: with SMTP id 13mr4021119pjo.102.1579244965420; Thu, 16 Jan 2020 23:09:25 -0800 (PST) Received: from hpg8-3.kern.oss.ntt.co.jp ([222.151.198.97]) by smtp.gmail.com with ESMTPSA id d4sm407499pjg.19.2020.01.16.23.09.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jan 2020 23:09:25 -0800 (PST) From: Yoshiki Komachi To: "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , Petar Penkov Cc: Yoshiki Komachi , netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH v2 bpf 1/2] flow_dissector: Fix to use new variables for port ranges in bpf hook Date: Fri, 17 Jan 2020 16:05:32 +0900 Message-Id: <20200117070533.402240-2-komachi.yoshiki@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200117070533.402240-1-komachi.yoshiki@gmail.com> References: <20200117070533.402240-1-komachi.yoshiki@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org This patch applies new flag (FLOW_DISSECTOR_KEY_PORTS_RANGE) and field (tp_range) to BPF flow dissector to generate appropriate flow keys when classified by specified port ranges. Fixes: 8ffb055beae5 ("cls_flower: Fix the behavior using port ranges with hw-offload") Signed-off-by: Yoshiki Komachi Acked-by: Petar Penkov Acked-by: John Fastabend --- net/core/flow_dissector.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 2dbbb03..cc32d1d 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -834,10 +834,10 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, struct flow_dissector *flow_dissector, void *target_container) { + struct flow_dissector_key_ports *key_ports = NULL; struct flow_dissector_key_control *key_control; struct flow_dissector_key_basic *key_basic; struct flow_dissector_key_addrs *key_addrs; - struct flow_dissector_key_ports *key_ports; struct flow_dissector_key_tags *key_tags; key_control = skb_flow_dissector_target(flow_dissector, @@ -876,10 +876,17 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; } - if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) { + if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) key_ports = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_PORTS, target_container); + else if (dissector_uses_key(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS_RANGE)) + key_ports = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS_RANGE, + target_container); + + if (key_ports) { key_ports->src = flow_keys->sport; key_ports->dst = flow_keys->dport; } From patchwork Fri Jan 17 07:05:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoshiki Komachi X-Patchwork-Id: 1224655 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=T1regV3z; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47zXHb6qHsz9sRR for ; Fri, 17 Jan 2020 18:09:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729238AbgAQHJb (ORCPT ); Fri, 17 Jan 2020 02:09:31 -0500 Received: from mail-pj1-f68.google.com ([209.85.216.68]:52528 "EHLO mail-pj1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729011AbgAQHJb (ORCPT ); Fri, 17 Jan 2020 02:09:31 -0500 Received: by mail-pj1-f68.google.com with SMTP id a6so2746885pjh.2; Thu, 16 Jan 2020 23:09:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RK6UZgBmhgEaIuXMKp36pKBJr/MfZBh5b9X7zcGawqQ=; b=T1regV3zY65rFQ4cAN0QS9yAC71rCeI56atdE5P8FjvM1Pabnm/kJTqtVCp8E1fMSl aeNyfMxoW7u0ss6/mhGgBT4P/y1+tsuHFdJUfP2+JQWLNIjxnMlvR7Y7ajseV+OV2HGE SuLmCgx6yxaby8QJDugt+NTy00wn/tMhBl2dooYagoMfMRGByYA/gUCD1f+etGltq+2C wezFeCiRq6UAXPU24/7YfjmyfdKn05Ad71qr3Pe7dZYeQ6zzBgni+MGgE6IXDa5zSSyD tnAxyGRuXMCo8lZ/EGpOcddFvTMhkqwp/ilBW+Bicyny1CGPJ3jR0CCvQRuQxD0063kO P7Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RK6UZgBmhgEaIuXMKp36pKBJr/MfZBh5b9X7zcGawqQ=; b=GM9TMSbjnqfMxY1R/Mm27WfcHu5LqpXrR6yh1quhA8u9+GbQLHQ+1s0ur0Ai/rIxn6 lLIXMUMSrIz66pcyp8YR5pvBz7FnG3O2A5RPTk4FG0bq7BbbEtU1rJkMWfDahtsMlIqR Oypu+inDA2pCpOLpKSspPVaZ3pbPgye2HViD8kPDqS5kKsNt2J6sBBWOTDCp2NyUxCpt hEuXV+78cbnApobKfJqxROYVur9Ye0DsXiHPvlKmgVSHjG9iftuSfdfyLr+GoGh/t0NZ ed58LUcZbCWD7tjf/srk18HEz1Q13EnyePUxmoBN9n5gapd4Ou9q83GBO60AtizMtYu0 UXWw== X-Gm-Message-State: APjAAAVNz4rfZrfqIT2QeRash/Z85dqv/z8ZKHZryKMtwfj9D8ESgNG7 jHoG/1axDYH+zEt4dmsl4SjDUrDp X-Google-Smtp-Source: APXvYqwGh+XubKBcjJppor0qa+63gq1314RAIqyPIQYDqMiYHhyop9TV1GQI0tvKKJ2nSiVn4+l5CQ== X-Received: by 2002:a17:90a:cf11:: with SMTP id h17mr3982656pju.103.1579244970768; Thu, 16 Jan 2020 23:09:30 -0800 (PST) Received: from hpg8-3.kern.oss.ntt.co.jp ([222.151.198.97]) by smtp.gmail.com with ESMTPSA id d4sm407499pjg.19.2020.01.16.23.09.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jan 2020 23:09:30 -0800 (PST) From: Yoshiki Komachi To: "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , Petar Penkov Cc: Yoshiki Komachi , netdev@vger.kernel.org, bpf@vger.kernel.org, Petar Penkov Subject: [PATCH v2 bpf 2/2] selftests/bpf: Add test based on port range for BPF flow dissector Date: Fri, 17 Jan 2020 16:05:33 +0900 Message-Id: <20200117070533.402240-3-komachi.yoshiki@gmail.com> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20200117070533.402240-1-komachi.yoshiki@gmail.com> References: <20200117070533.402240-1-komachi.yoshiki@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Add a simple test to make sure that a filter based on specified port range classifies packets correctly. Signed-off-by: Yoshiki Komachi Acked-by: Petar Penkov Acked-by: John Fastabend --- tools/testing/selftests/bpf/test_flow_dissector.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/bpf/test_flow_dissector.sh b/tools/testing/selftests/bpf/test_flow_dissector.sh index a8485ae..174b72a 100755 --- a/tools/testing/selftests/bpf/test_flow_dissector.sh +++ b/tools/testing/selftests/bpf/test_flow_dissector.sh @@ -139,6 +139,20 @@ echo "Testing IPv4 + GRE..." tc filter del dev lo ingress pref 1337 +echo "Testing port range..." +# Drops all IP/UDP packets coming from port 8-10 +tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \ + udp src_port 8-10 action drop + +# Send 10 IPv4/UDP packets from port 7. Filter should not drop any. +./test_flow_dissector -i 4 -f 7 +# Send 10 IPv4/UDP packets from port 9. Filter should drop all. +./test_flow_dissector -i 4 -f 9 -F +# Send 10 IPv4/UDP packets from port 11. Filter should not drop any. +./test_flow_dissector -i 4 -f 11 + +tc filter del dev lo ingress pref 1337 + echo "Testing IPv6..." # Drops all IPv6/UDP packets coming from port 9 tc filter add dev lo parent ffff: protocol ipv6 pref 1337 flower ip_proto \