From patchwork Wed Jul 22 16:17:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1334015 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.a=rsa-sha256 header.s=google header.b=nGO92wwI; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4BBgbZ0BNTz9sQt for ; Thu, 23 Jul 2020 02:17:30 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730694AbgGVQR3 (ORCPT ); Wed, 22 Jul 2020 12:17:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40472 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729201AbgGVQR2 (ORCPT ); Wed, 22 Jul 2020 12:17:28 -0400 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A3A1C0619E0 for ; Wed, 22 Jul 2020 09:17:26 -0700 (PDT) Received: by mail-lj1-x242.google.com with SMTP id b25so3115657ljp.6 for ; Wed, 22 Jul 2020 09:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Z/vrIiZMIRo5/cj1woXZIrQCk0a6lQc+EnEXLrdvZDY=; b=nGO92wwI6A9aKT66SCiThO3sDJZCJxa7fVpdgCzIw9xhQ+B5DLTpyiMD/ZgmjPwUHe nStizFhG99wuFIulTOAiIxJm6wNWqcTMPkVJSJX8XfEEhXOLQt+tXoDf1QmAEGiOKMTj wRdRj1YgACsQBncBSLgf1QkNBpFkmcp8uvMOo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Z/vrIiZMIRo5/cj1woXZIrQCk0a6lQc+EnEXLrdvZDY=; b=QYAxQihBjjNC7ROBi2wWq2plGmwIbhScIcmM0Jy0tQCETrNEelCb4q3VDTjYslR06z yIlNIhjulyUlWAvIYvUITwvRe4HXHzr+5qECO34V6sb9coM+4clu/a9HRLdoGnWCh9QN Xqmj5ZVgOmmmpZlIaR11vQsg4t+B5p7L9mxcSO2qNb1sJYFs/RNA9u/rN03LA3zKofFO HTEUsyiAyqKM7+DT4ok6pr6YVEELbai9Ywrz+ZuWD+HhrZ0X93B3EKj+3ICmXVpuKGHu mip5tl15w/ylgXWxxlr1RtY7exWIfUE6R89QHqWvVTzPquIC8aXNsSbWIOuYJLJfHfUw B4nA== X-Gm-Message-State: AOAM531F47Et4xVZVFOfUcSMOa/wtdheNFiJRFWthpuEoTxYmDtEGx6v awxsnyJY8ZgKqDOU7OpAx3MNysqwf1o= X-Google-Smtp-Source: ABdhPJx+ynMKTKOhOxISF52y6PBHe5A50p4EnDunQPBRVF2AgtvHY9OnRSh0hYVujv35fl9YEksNXQ== X-Received: by 2002:a2e:96d6:: with SMTP id d22mr6495ljj.67.1595434644460; Wed, 22 Jul 2020 09:17:24 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id t4sm313045ljg.11.2020.07.22.09.17.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jul 2020 09:17:23 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: netdev@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Jakub Kicinski Subject: [PATCH bpf-next 1/2] udp: Don't discard reuseport selection when group has connections Date: Wed, 22 Jul 2020 18:17:19 +0200 Message-Id: <20200722161720.940831-2-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200722161720.940831-1-jakub@cloudflare.com> References: <20200722161720.940831-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org When BPF socket lookup prog selects a socket that belongs to a reuseport group, and the reuseport group has connected sockets in it, the socket selected by reuseport will be discarded, and socket returned by BPF socket lookup will be used instead. Modify this behavior so that the socket selected by reuseport running after BPF socket lookup always gets used. Ignore the fact that the reuseport group might have connections because it is only relevant when scoring sockets during regular hashtable-based lookup. Fixes: 72f7e9440e9b ("udp: Run SK_LOOKUP BPF program on socket lookup") Fixes: 6d4201b1386b ("udp6: Run SK_LOOKUP BPF program on socket lookup") Signed-off-by: Jakub Sitnicki --- net/ipv4/udp.c | 5 +---- net/ipv6/udp.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index b5231ab350e0..487740d0088c 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -421,9 +421,6 @@ static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk, hash = udp_ehashfn(net, daddr, hnum, saddr, sport); reuse_sk = reuseport_select_sock(sk, hash, skb, sizeof(struct udphdr)); - /* Fall back to scoring if group has connections */ - if (reuseport_has_conns(sk, false)) - return NULL; } return reuse_sk; } @@ -447,7 +444,7 @@ static struct sock *udp4_lib_lookup2(struct net *net, if (score > badness) { result = lookup_reuseport(net, sk, skb, saddr, sport, daddr, hnum); - if (result) + if (result && !reuseport_has_conns(sk, false)) return result; badness = score; diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index ff8be202726a..8fd8eb04994c 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -155,9 +155,6 @@ static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk, hash = udp6_ehashfn(net, daddr, hnum, saddr, sport); reuse_sk = reuseport_select_sock(sk, hash, skb, sizeof(struct udphdr)); - /* Fall back to scoring if group has connections */ - if (reuseport_has_conns(sk, false)) - return NULL; } return reuse_sk; } @@ -180,7 +177,7 @@ static struct sock *udp6_lib_lookup2(struct net *net, if (score > badness) { result = lookup_reuseport(net, sk, skb, saddr, sport, daddr, hnum); - if (result) + if (result && !reuseport_has_conns(sk, false)) return result; result = sk; From patchwork Wed Jul 22 16:17:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1334016 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.a=rsa-sha256 header.s=google header.b=SpoeVVl8; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4BBgbZ2ryBz9sRN for ; Thu, 23 Jul 2020 02:17:30 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730804AbgGVQR3 (ORCPT ); Wed, 22 Jul 2020 12:17:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40476 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727867AbgGVQR2 (ORCPT ); Wed, 22 Jul 2020 12:17:28 -0400 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52855C0619E2 for ; Wed, 22 Jul 2020 09:17:28 -0700 (PDT) Received: by mail-lj1-x242.google.com with SMTP id s9so3088882ljm.11 for ; Wed, 22 Jul 2020 09:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=FcwspamFpLMvy8ptVddtyaKP8RbDMpDsWcPFu9YxmcQ=; b=SpoeVVl8tisue+OLBio6OZtxflJQdnksEMEmWldMDhV8185ro33MhaGYUf6O9i8Dgy Fc8eruiR19i4OXmzVQT7VT2NfT2Kb9rV2ybXj0yfvgK32bFqxsfU28N7lL4NkxRTAP1+ 8WNEMKS3LNyBZ56DrXxBakVyFyMXG8OgS+G/0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FcwspamFpLMvy8ptVddtyaKP8RbDMpDsWcPFu9YxmcQ=; b=dHk3YNdEzYkNimYamQM7LFBwnyK+Xl5FBI4nECEHn52wUmeE98jYm/1Q8UvU5ODlM9 FbCTxUWHsiZ72aS7fidJTs49O0RJJ/mr5i7V7Sz9pFjCUtpeWA7yAl8lgEiJbsQsOgBc kJLPHk2SggPoQ1EtIpPGCE5yGqXFvY19/c+/Nb1eUlxd/y5JvtuAGGhp9DzV3p60A6cI 7sOBZkVAX5axjBtfkiLqMdL02Sa9qewFc/ItOkezX+9eAre2JpJvA/PdPtOdI/haE75n uKrL8f5o/E9Y3oVCzTeO8QDTuSj4ZhrL7sH9ozLVqVYyzHe9CrUfhMtZc9jUPkxB7ueh 1RxQ== X-Gm-Message-State: AOAM532cv4dUPKVytOVZHBYaIY2s463ai09h3geRoRDgfUat2LO2RyPi rG1TNT8X/P3PpDdsXkt2zD2VyMks5b0= X-Google-Smtp-Source: ABdhPJylAT4P0G7sOyxKYsqThqqUZFpzp88U7GZxPz2Qlkk8+uKrzFFRE2JhqQ2Fo+qw7XTVsAHv/A== X-Received: by 2002:a2e:8851:: with SMTP id z17mr605ljj.225.1595434646268; Wed, 22 Jul 2020 09:17:26 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id h26sm285926ljb.78.2020.07.22.09.17.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Jul 2020 09:17:25 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: netdev@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Jakub Kicinski Subject: [PATCH bpf-next 2/2] selftests/bpf: Test BPF socket lookup and reuseport with connections Date: Wed, 22 Jul 2020 18:17:20 +0200 Message-Id: <20200722161720.940831-3-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.4 In-Reply-To: <20200722161720.940831-1-jakub@cloudflare.com> References: <20200722161720.940831-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Cover the case when BPF socket lookup returns a socket that belongs to a reuseport group, and the reuseport group contains connected UDP sockets. Ensure that the presence of connected UDP sockets in reuseport group does not affect the socket lookup result. Socket selected by reuseport should always be used as result in such case. Signed-off-by: Jakub Sitnicki --- .../selftests/bpf/prog_tests/sk_lookup.c | 54 ++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c index f1784ae4565a..9bbd2b2b7630 100644 --- a/tools/testing/selftests/bpf/prog_tests/sk_lookup.c +++ b/tools/testing/selftests/bpf/prog_tests/sk_lookup.c @@ -74,6 +74,7 @@ struct test { struct inet_addr connect_to; struct inet_addr listen_at; enum server accept_on; + bool reuseport_has_conns; /* Add a connected socket to reuseport group */ }; static __u32 duration; /* for CHECK macro */ @@ -559,7 +560,8 @@ static void query_lookup_prog(struct test_sk_lookup *skel) static void run_lookup_prog(const struct test *t) { - int client_fd, server_fds[MAX_SERVERS] = { -1 }; + int server_fds[MAX_SERVERS] = { -1 }; + int client_fd, reuse_conn_fd = -1; struct bpf_link *lookup_link; int i, err; @@ -583,6 +585,32 @@ static void run_lookup_prog(const struct test *t) break; } + /* Regular UDP socket lookup with reuseport behaves + * differently when reuseport group contains connected + * sockets. Check that adding a connected UDP socket to the + * reuseport group does not affect how reuseport works with + * BPF socket lookup. + */ + if (t->reuseport_has_conns) { + struct sockaddr_storage addr = {}; + socklen_t len = sizeof(addr); + + /* Add an extra socket to reuseport group */ + reuse_conn_fd = make_server(t->sotype, t->listen_at.ip, + t->listen_at.port, + t->reuseport_prog); + if (reuse_conn_fd < 0) + goto close; + + /* Connect the extra socket to itself */ + err = getsockname(reuse_conn_fd, (void *)&addr, &len); + if (CHECK(err, "getsockname", "errno %d\n", errno)) + goto close; + err = connect(reuse_conn_fd, (void *)&addr, len); + if (CHECK(err, "connect", "errno %d\n", errno)) + goto close; + } + client_fd = make_client(t->sotype, t->connect_to.ip, t->connect_to.port); if (client_fd < 0) goto close; @@ -594,6 +622,8 @@ static void run_lookup_prog(const struct test *t) close(client_fd); close: + if (reuse_conn_fd != -1) + close(reuse_conn_fd); for (i = 0; i < ARRAY_SIZE(server_fds); i++) { if (server_fds[i] != -1) close(server_fds[i]); @@ -710,6 +740,17 @@ static void test_redirect_lookup(struct test_sk_lookup *skel) .listen_at = { INT_IP4, INT_PORT }, .accept_on = SERVER_B, }, + { + .desc = "UDP IPv4 redir and reuseport with conns", + .lookup_prog = skel->progs.select_sock_a, + .reuseport_prog = skel->progs.select_sock_b, + .sock_map = skel->maps.redir_map, + .sotype = SOCK_DGRAM, + .connect_to = { EXT_IP4, EXT_PORT }, + .listen_at = { INT_IP4, INT_PORT }, + .accept_on = SERVER_B, + .reuseport_has_conns = true, + }, { .desc = "UDP IPv4 redir skip reuseport", .lookup_prog = skel->progs.select_sock_a_no_reuseport, @@ -754,6 +795,17 @@ static void test_redirect_lookup(struct test_sk_lookup *skel) .listen_at = { INT_IP6, INT_PORT }, .accept_on = SERVER_B, }, + { + .desc = "UDP IPv6 redir and reuseport with conns", + .lookup_prog = skel->progs.select_sock_a, + .reuseport_prog = skel->progs.select_sock_b, + .sock_map = skel->maps.redir_map, + .sotype = SOCK_DGRAM, + .connect_to = { EXT_IP6, EXT_PORT }, + .listen_at = { INT_IP6, INT_PORT }, + .accept_on = SERVER_B, + .reuseport_has_conns = true, + }, { .desc = "UDP IPv6 redir skip reuseport", .lookup_prog = skel->progs.select_sock_a_no_reuseport,