-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support defragmenting IPv4 packets in BPF #4215
Conversation
Upstream branch: b148c8b |
Upstream branch: b148c8b |
4cd9a09
to
ccd1d35
Compare
025e4db
to
b3c7025
Compare
Once we wrap ip_check_defrag() in a kfunc, it may be useful for progs to know the exact error condition ip_check_defrag() encountered. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
KF_CHANGES_PKT indicates that the kfunc call may change packet data. This is analogous to bpf_helper_changes_pkt_data(). Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
This kfunc is used to defragment IPv4 packets. The idea is that if you see a fragmented packet, you call this kfunc. If the kfunc returns 0, then the skb has been updated to contain the entire reassembled packet. If the kfunc returns an error (most likely -EINPROGRESS), then it means the skb is part of a yet-incomplete original packet. A reasonable response to -EINPROGRESS is to drop the packet, as the ip defrag infrastructure is already hanging onto the frag for future reassembly. Care has been taken to ensure the prog skb remains valid no matter what the underlying ip_check_defrag() call does. This is in contrast to ip_defrag(), which may consume the skb if the skb is part of a yet-incomplete original packet. So far this kfunc is only callable from TC clsact progs. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
For connectionless protocols or raw sockets we do not want to actually connect() to the server. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Extend connect_to_fd_opts() to take optional type and protocol parameters for the client socket. These parameters are useful when opening a raw socket to send IP fragments. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
This selftest tests 2 major scenarios: the BPF based defragmentation can succesfully be done and that packet pointers are invalidated after calls to the kfunc. In the first scenario, we create a UDP client and UDP echo server. The the server side is fairly straightforward: we attach the prog and simply echo back the message. The on the client side, we send fragmented packets to and expect the reassembled message back from the server. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Upstream branch: 0e43662 |
ccd1d35
to
0d983f5
Compare
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=704622 expired. Closing PR. |
Pull request for series with
subject: Support defragmenting IPv4 packets in BPF
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=704622