| Message ID | 160216614239.882446.4447190431655011838.stgit@firesoul (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF |
| Headers | show |
| Series | bpf: New approach for BPF MTU handling | expand |
On 10/8/20 4:09 PM, Jesper Dangaard Brouer wrote: > Multiple BPF-helpers that can manipulate/increase the size of the SKB uses > __bpf_skb_max_len() as the max-length. This function limit size against > the current net_device MTU (skb->dev->mtu). > > When a BPF-prog grow the packet size, then it should not be limited to the > MTU. The MTU is a transmit limitation, and software receiving this packet > should be allowed to increase the size. Further more, current MTU check in > __bpf_skb_max_len uses the MTU from ingress/current net_device, which in > case of redirects uses the wrong net_device. > > Keep a sanity max limit of IP6_MAX_MTU (under CONFIG_IPV6) which is 64KiB > plus 40 bytes IPv6 header size. If compiled without IPv6 use IP_MAX_MTU. > > V3: replace __bpf_skb_max_len() with define and use IPv6 max MTU size. > > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> > --- > net/core/filter.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 05df73780dd3..ddc1f9ba89d1 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -3474,11 +3474,11 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, > return 0; > } > > -static u32 __bpf_skb_max_len(const struct sk_buff *skb) > -{ > - return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len : > - SKB_MAX_ALLOC; > -} > +#ifdef IP6_MAX_MTU /* Depend on CONFIG_IPV6 */ > +#define BPF_SKB_MAX_LEN IP6_MAX_MTU > +#else > +#define BPF_SKB_MAX_LEN IP_MAX_MTU > +#endif Shouldn't that check on skb->protocol? The way I understand it is that a number of devices including virtual ones use ETH_MAX_MTU as their dev->max_mtu, so the mtu must be in the range of dev->min_mtu(=ETH_MIN_MTU), dev->max_mtu(=ETH_MAX_MTU). __dev_set_mtu() then sets the user value to dev->mtu in the core if within this range. That means in your case skb->dev->hard_header_len for example is left out, meaning if we go for some constant, that would need to be higher. > BPF_CALL_4(sk_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, > u32, mode, u64, flags) > @@ -3527,7 +3527,7 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, > { > u32 len_cur, len_diff_abs = abs(len_diff); > u32 len_min = bpf_skb_net_base_len(skb); > - u32 len_max = __bpf_skb_max_len(skb); > + u32 len_max = BPF_SKB_MAX_LEN; > __be16 proto = skb->protocol; > bool shrink = len_diff < 0; > u32 off; > @@ -3610,7 +3610,7 @@ static int bpf_skb_trim_rcsum(struct sk_buff *skb, unsigned int new_len) > static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len, > u64 flags) > { > - u32 max_len = __bpf_skb_max_len(skb); > + u32 max_len = BPF_SKB_MAX_LEN; > u32 min_len = __bpf_skb_min_len(skb); > int ret; > > @@ -3686,7 +3686,7 @@ static const struct bpf_func_proto sk_skb_change_tail_proto = { > static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room, > u64 flags) > { > - u32 max_len = __bpf_skb_max_len(skb); > + u32 max_len = BPF_SKB_MAX_LEN; > u32 new_len = skb->len + head_room; > int ret; > > >
> > Multiple BPF-helpers that can manipulate/increase the size of the SKB uses > > __bpf_skb_max_len() as the max-length. This function limit size against > > the current net_device MTU (skb->dev->mtu). > > > > When a BPF-prog grow the packet size, then it should not be limited to the > > MTU. The MTU is a transmit limitation, and software receiving this packet > > should be allowed to increase the size. Further more, current MTU check in > > __bpf_skb_max_len uses the MTU from ingress/current net_device, which in > > case of redirects uses the wrong net_device. > > > > Keep a sanity max limit of IP6_MAX_MTU (under CONFIG_IPV6) which is 64KiB > > plus 40 bytes IPv6 header size. If compiled without IPv6 use IP_MAX_MTU. > > > > V3: replace __bpf_skb_max_len() with define and use IPv6 max MTU size. > > > > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> > > --- > > net/core/filter.c | 16 ++++++++-------- > > 1 file changed, 8 insertions(+), 8 deletions(-) > > > > diff --git a/net/core/filter.c b/net/core/filter.c > > index 05df73780dd3..ddc1f9ba89d1 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -3474,11 +3474,11 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, > > return 0; > > } > > > > -static u32 __bpf_skb_max_len(const struct sk_buff *skb) > > -{ > > - return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len : > > - SKB_MAX_ALLOC; > > -} > > +#ifdef IP6_MAX_MTU /* Depend on CONFIG_IPV6 */ > > +#define BPF_SKB_MAX_LEN IP6_MAX_MTU > > +#else > > +#define BPF_SKB_MAX_LEN IP_MAX_MTU > > +#endif > > Shouldn't that check on skb->protocol? The way I understand it is that a number of devices > including virtual ones use ETH_MAX_MTU as their dev->max_mtu, so the mtu must be in the range > of dev->min_mtu(=ETH_MIN_MTU), dev->max_mtu(=ETH_MAX_MTU). __dev_set_mtu() then sets the user > value to dev->mtu in the core if within this range. That means in your case skb->dev->hard_header_len > for example is left out, meaning if we go for some constant, that would need to be higher. I think in the past skb->protocol was not guaranteed to be correct - could be zero... (with [misconfigured] raw sockets - maybe that's fixed now?)
On Fri, 9 Oct 2020 18:12:20 +0200 Daniel Borkmann <daniel@iogearbox.net> wrote: > On 10/8/20 4:09 PM, Jesper Dangaard Brouer wrote: > > Multiple BPF-helpers that can manipulate/increase the size of the SKB uses > > __bpf_skb_max_len() as the max-length. This function limit size against > > the current net_device MTU (skb->dev->mtu). > > > > When a BPF-prog grow the packet size, then it should not be limited to the > > MTU. The MTU is a transmit limitation, and software receiving this packet > > should be allowed to increase the size. Further more, current MTU check in > > __bpf_skb_max_len uses the MTU from ingress/current net_device, which in > > case of redirects uses the wrong net_device. > > > > Keep a sanity max limit of IP6_MAX_MTU (under CONFIG_IPV6) which is 64KiB > > plus 40 bytes IPv6 header size. If compiled without IPv6 use IP_MAX_MTU. > > > > V3: replace __bpf_skb_max_len() with define and use IPv6 max MTU size. > > > > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> > > --- > > net/core/filter.c | 16 ++++++++-------- > > 1 file changed, 8 insertions(+), 8 deletions(-) > > > > diff --git a/net/core/filter.c b/net/core/filter.c > > index 05df73780dd3..ddc1f9ba89d1 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -3474,11 +3474,11 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, > > return 0; > > } > > > > -static u32 __bpf_skb_max_len(const struct sk_buff *skb) > > -{ > > - return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len : > > - SKB_MAX_ALLOC; > > -} > > +#ifdef IP6_MAX_MTU /* Depend on CONFIG_IPV6 */ > > +#define BPF_SKB_MAX_LEN IP6_MAX_MTU > > +#else > > +#define BPF_SKB_MAX_LEN IP_MAX_MTU > > +#endif > > Shouldn't that check on skb->protocol? The way I understand it is > that a number of devices including virtual ones use ETH_MAX_MTU as > their dev->max_mtu, so the mtu must be in the range of > dev->min_mtu(=ETH_MIN_MTU), dev->max_mtu(=ETH_MAX_MTU). > __dev_set_mtu() then sets the user value to dev->mtu in the core if > within this range. That means in your case skb->dev->hard_header_len > for example is left out, meaning if we go for some constant, that > would need to be higher. Sorry, but I think you have missed the point. This BPF_SKB_MAX_LEN is just a sanity max limit. We are removing the limit for BPF-progs to change the size of the packet (regardless of MTU). This will allow BPF-ingress to increase packet size (up-to this sanity limit) and then BPF-egress can decrease packet size again, before sending it to the actual dev. It is up to the BPF-programmer that to use this for, but I think this adds good flexibility, instead of being limited to the *transmit* size (MTU) of the dev. This is software why have this MTU limit.
diff --git a/net/core/filter.c b/net/core/filter.c index 05df73780dd3..ddc1f9ba89d1 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3474,11 +3474,11 @@ static int bpf_skb_net_shrink(struct sk_buff *skb, u32 off, u32 len_diff, return 0; } -static u32 __bpf_skb_max_len(const struct sk_buff *skb) -{ - return skb->dev ? skb->dev->mtu + skb->dev->hard_header_len : - SKB_MAX_ALLOC; -} +#ifdef IP6_MAX_MTU /* Depend on CONFIG_IPV6 */ +#define BPF_SKB_MAX_LEN IP6_MAX_MTU +#else +#define BPF_SKB_MAX_LEN IP_MAX_MTU +#endif BPF_CALL_4(sk_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, u32, mode, u64, flags) @@ -3527,7 +3527,7 @@ BPF_CALL_4(bpf_skb_adjust_room, struct sk_buff *, skb, s32, len_diff, { u32 len_cur, len_diff_abs = abs(len_diff); u32 len_min = bpf_skb_net_base_len(skb); - u32 len_max = __bpf_skb_max_len(skb); + u32 len_max = BPF_SKB_MAX_LEN; __be16 proto = skb->protocol; bool shrink = len_diff < 0; u32 off; @@ -3610,7 +3610,7 @@ static int bpf_skb_trim_rcsum(struct sk_buff *skb, unsigned int new_len) static inline int __bpf_skb_change_tail(struct sk_buff *skb, u32 new_len, u64 flags) { - u32 max_len = __bpf_skb_max_len(skb); + u32 max_len = BPF_SKB_MAX_LEN; u32 min_len = __bpf_skb_min_len(skb); int ret; @@ -3686,7 +3686,7 @@ static const struct bpf_func_proto sk_skb_change_tail_proto = { static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room, u64 flags) { - u32 max_len = __bpf_skb_max_len(skb); + u32 max_len = BPF_SKB_MAX_LEN; u32 new_len = skb->len + head_room; int ret;
Multiple BPF-helpers that can manipulate/increase the size of the SKB uses __bpf_skb_max_len() as the max-length. This function limit size against the current net_device MTU (skb->dev->mtu). When a BPF-prog grow the packet size, then it should not be limited to the MTU. The MTU is a transmit limitation, and software receiving this packet should be allowed to increase the size. Further more, current MTU check in __bpf_skb_max_len uses the MTU from ingress/current net_device, which in case of redirects uses the wrong net_device. Keep a sanity max limit of IP6_MAX_MTU (under CONFIG_IPV6) which is 64KiB plus 40 bytes IPv6 header size. If compiled without IPv6 use IP_MAX_MTU. V3: replace __bpf_skb_max_len() with define and use IPv6 max MTU size. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> --- net/core/filter.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)