bpf: icmp6: have icmp6_load_type() return an error

Under the hood this uses ctx_load_bytes(), which can fail. Return such an error to the caller. Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
jschwinger233 · Jul 2, 2023 · 283b8b7 · 283b8b7
1 parent c44f3aa
commit 283b8b7
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 12 deletions.
diff --git a/bpf/lib/icmp6.h b/bpf/lib/icmp6.h
@@ -40,12 +40,9 @@
 #define ACTION_UNKNOWN_ICMP6_NS DROP_UNKNOWN_TARGET
 #endif
 
-static __always_inline __u8 icmp6_load_type(struct __ctx_buff *ctx, int nh_off)
+static __always_inline int icmp6_load_type(struct __ctx_buff *ctx, int nh_off, __u8 *type)
 {
-	__u8 type;
-
-	ctx_load_bytes(ctx, nh_off + ICMP6_TYPE_OFFSET, &type, sizeof(type));
-	return type;
+	return ctx_load_bytes(ctx, nh_off + ICMP6_TYPE_OFFSET, type, sizeof(*type));
 }
 
 static __always_inline int icmp6_send_reply(struct __ctx_buff *ctx, int nh_off)
@@ -370,7 +367,10 @@ static __always_inline int icmp6_handle_ns(struct __ctx_buff *ctx, int nh_off,
 static __always_inline bool
 is_icmp6_ndp(struct __ctx_buff *ctx, const struct ipv6hdr *ip6, int nh_off)
 {
-	__u8 type = icmp6_load_type(ctx, nh_off);
+	__u8 type;
+
+	if (icmp6_load_type(ctx, nh_off, &type) < 0)
+		return false;
 
 	return ip6->nexthdr == IPPROTO_ICMPV6 &&
 	       (type == ICMP6_NS_MSG_TYPE || type == ICMP6_NA_MSG_TYPE);
@@ -379,9 +379,12 @@ is_icmp6_ndp(struct __ctx_buff *ctx, const struct ipv6hdr *ip6, int nh_off)
 static __always_inline int icmp6_ndp_handle(struct __ctx_buff *ctx, int nh_off,
 					    enum metric_dir direction)
 {
-	__u8 type = icmp6_load_type(ctx, nh_off);
-	cilium_dbg(ctx, DBG_ICMP6_HANDLE, type, 0);
+	__u8 type;
 
+	if (icmp6_load_type(ctx, nh_off, &type) < 0)
+		return DROP_INVALID;
+
+	cilium_dbg(ctx, DBG_ICMP6_HANDLE, type, 0);
 	if (type == ICMP6_NS_MSG_TYPE)
 		return icmp6_handle_ns(ctx, nh_off, direction);
 
@@ -394,9 +397,10 @@ static __always_inline int icmp6_ndp_handle(struct __ctx_buff *ctx, int nh_off,
 static __always_inline int
 icmp6_host_handle(struct __ctx_buff *ctx __maybe_unused)
 {
-	__u8 type __maybe_unused;
+	__u8 type;
 
-	type = icmp6_load_type(ctx, ETH_HLEN);
+	if (icmp6_load_type(ctx, ETH_HLEN, &type) < 0)
+		return DROP_INVALID;
 
 	/* When the host firewall is enabled, we drop and allow ICMPv6 messages
 	 * according to RFC4890, except for echo request and reply messages which

diff --git a/bpf/lib/wireguard.h b/bpf/lib/wireguard.h
@@ -22,7 +22,6 @@ wg_maybe_redirect_to_encrypt(struct __ctx_buff *ctx)
 	__u16 proto = 0;
 	struct ipv6hdr __maybe_unused *ip6;
 	struct iphdr __maybe_unused *ip4;
-	__u8 __maybe_unused icmp_type = 0;
 
 	if (!validate_ethertype(ctx, &proto))
 		return DROP_UNSUPPORTED_L2;
@@ -39,10 +38,15 @@ wg_maybe_redirect_to_encrypt(struct __ctx_buff *ctx)
 		 * NA should not be sent over WG.
 		 */
 		if (ip6->nexthdr == IPPROTO_ICMPV6) {
+			__u8 icmp_type;
+
 			if (data + sizeof(*ip6) + ETH_HLEN +
 			    sizeof(struct icmp6hdr) > data_end)
 				return DROP_INVALID;
-			icmp_type = icmp6_load_type(ctx, ETH_HLEN);
+
+			if (icmp6_load_type(ctx, ETH_HLEN, &icmp_type) < 0)
+				return DROP_INVALID;
+
 			if (icmp_type == ICMP6_NA_MSG_TYPE)
 				goto out;
 		}