diff options
| author | Willem de Bruijn <[email protected]> | 2025-04-08 13:27:48 +0000 |
|---|---|---|
| committer | Alexei Starovoitov <[email protected]> | 2025-04-10 03:02:51 +0000 |
| commit | d4bac0288a2b444e468e6df9cb4ed69479ddf14a (patch) | |
| tree | a4af25d133f46758e9c56bc0d985234bf4dc5d2c /tools/testing/selftests/net/lib/py/ynl.py | |
| parent | selftests/bpf: Make res_spin_lock test less verbose (diff) | |
| download | kernel-d4bac0288a2b444e468e6df9cb4ed69479ddf14a.tar.gz kernel-d4bac0288a2b444e468e6df9cb4ed69479ddf14a.zip | |
bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
Classic BPF socket filters with SKB_NET_OFF and SKB_LL_OFF fail to
read when these offsets extend into frags.
This has been observed with iwlwifi and reproduced with tun with
IFF_NAPI_FRAGS. The below straightforward socket filter on UDP port,
applied to a RAW socket, will silently miss matching packets.
const int offset_proto = offsetof(struct ip6_hdr, ip6_nxt);
const int offset_dport = sizeof(struct ip6_hdr) + offsetof(struct udphdr, dest);
struct sock_filter filter_code[] = {
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, SKF_AD_OFF + SKF_AD_PKTTYPE),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, PACKET_HOST, 0, 4),
BPF_STMT(BPF_LD + BPF_B + BPF_ABS, SKF_NET_OFF + offset_proto),
BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 2),
BPF_STMT(BPF_LD + BPF_H + BPF_ABS, SKF_NET_OFF + offset_dport),
This is unexpected behavior. Socket filter programs should be
consistent regardless of environment. Silent misses are
particularly concerning as hard to detect.
Use skb_copy_bits for offsets outside linear, same as done for
non-SKF_(LL|NET) offsets.
Offset is always positive after subtracting the reference threshold
SKB_(LL|NET)_OFF, so is always >= skb_(mac|network)_offset. The sum of
the two is an offset against skb->data, and may be negative, but it
cannot point before skb->head, as skb_(mac|network)_offset would too.
This appears to go back to when frag support was introduced to
sk_run_filter in linux-2.4.4, before the introduction of git.
The amount of code change and 8/16/32 bit duplication are unfortunate.
But any attempt I made to be smarter saved very few LoC while
complicating the code.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Link: https://lore.kernel.org/netdev/[email protected]/
Link: https://elixir.bootlin.com/linux/2.4.4/source/net/core/filter.c#L244
Reported-by: Matt Moeller <[email protected]>
Co-developed-by: Maciej Żenczykowski <[email protected]>
Signed-off-by: Maciej Żenczykowski <[email protected]>
Signed-off-by: Willem de Bruijn <[email protected]>
Acked-by: Stanislav Fomichev <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Alexei Starovoitov <[email protected]>
Diffstat (limited to 'tools/testing/selftests/net/lib/py/ynl.py')
0 files changed, 0 insertions, 0 deletions