| Message ID | 20220125232424.2487391-1-jeffreyji@google.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v4,net-next] net-core: add InMacErrors counter | expand |
Reviewed-by: Brian Vazquez <brianvv@google.com> On Tue, Jan 25, 2022 at 3:24 PM Jeffrey Ji <jeffreyjilinux@gmail.com> wrote: > > From: jeffreyji <jeffreyji@google.com> > > Increment InMacErrors counter when packet dropped due to incorrect dest > MAC addr. > > An example when this drop can occur is when manually crafting raw > packets that will be consumed by a user space application via a tap > device. For testing purposes local traffic was generated using trafgen > for the client and netcat to start a server > > example output from nstat: > \~# nstat -a | grep InMac > Ip6InMacErrors 0 0.0 > IpExtInMacErrors 1 0.0 > > Tested: Created 2 netns, sent 1 packet using trafgen from 1 to the other > with "{eth(daddr=$INCORRECT_MAC...}", verified that nstat showed the > counter was incremented. > > Changelog: > > v3-4: > Remove Change-Id > > v2: > Use skb_free_reason() for tracing > Add real-life example in patch msg > > Signed-off-by: jeffreyji <jeffreyji@google.com> > --- > include/linux/skbuff.h | 1 + > include/uapi/linux/snmp.h | 1 + > net/ipv4/ip_input.c | 7 +++++-- > net/ipv4/proc.c | 1 + > net/ipv6/ip6_input.c | 12 +++++++----- > net/ipv6/proc.c | 1 + > 6 files changed, 16 insertions(+), 7 deletions(-) > > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h > index bf11e1fbd69b..04a36352f677 100644 > --- a/include/linux/skbuff.h > +++ b/include/linux/skbuff.h > @@ -320,6 +320,7 @@ enum skb_drop_reason { > SKB_DROP_REASON_TCP_CSUM, > SKB_DROP_REASON_TCP_FILTER, > SKB_DROP_REASON_UDP_CSUM, > + SKB_DROP_REASON_BAD_DEST_MAC, > SKB_DROP_REASON_MAX, > }; > > diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h > index 904909d020e2..ac2fac12dd7d 100644 > --- a/include/uapi/linux/snmp.h > +++ b/include/uapi/linux/snmp.h > @@ -57,6 +57,7 @@ enum > IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */ > IPSTATS_MIB_CEPKTS, /* InCEPkts */ > IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */ > + IPSTATS_MIB_INMACERRORS, /* InMacErrors */ > __IPSTATS_MIB_MAX > }; > > diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c > index 3a025c011971..379ef6b46920 100644 > --- a/net/ipv4/ip_input.c > +++ b/net/ipv4/ip_input.c > @@ -441,8 +441,11 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) > /* When the interface is in promisc. mode, drop all the crap > * that it receives, do not try to analyse it. > */ > - if (skb->pkt_type == PACKET_OTHERHOST) > - goto drop; > + if (skb->pkt_type == PACKET_OTHERHOST) { > + __IP_INC_STATS(net, IPSTATS_MIB_INMACERRORS); > + kfree_skb_reason(skb, SKB_DROP_REASON_BAD_DEST_MAC); > + return NULL; > + } > > __IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len); > > diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c > index f30273afb539..dfe0a1dbf8e9 100644 > --- a/net/ipv4/proc.c > +++ b/net/ipv4/proc.c > @@ -117,6 +117,7 @@ static const struct snmp_mib snmp4_ipextstats_list[] = { > SNMP_MIB_ITEM("InECT0Pkts", IPSTATS_MIB_ECT0PKTS), > SNMP_MIB_ITEM("InCEPkts", IPSTATS_MIB_CEPKTS), > SNMP_MIB_ITEM("ReasmOverlaps", IPSTATS_MIB_REASM_OVERLAPS), > + SNMP_MIB_ITEM("InMacErrors", IPSTATS_MIB_INMACERRORS), > SNMP_MIB_SENTINEL > }; > > diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c > index 80256717868e..f6245fba7699 100644 > --- a/net/ipv6/ip6_input.c > +++ b/net/ipv6/ip6_input.c > @@ -149,15 +149,17 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev, > u32 pkt_len; > struct inet6_dev *idev; > > - if (skb->pkt_type == PACKET_OTHERHOST) { > - kfree_skb(skb); > - return NULL; > - } > - > rcu_read_lock(); > > idev = __in6_dev_get(skb->dev); > > + if (skb->pkt_type == PACKET_OTHERHOST) { > + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INMACERRORS); > + rcu_read_unlock(); > + kfree_skb_reason(skb, SKB_DROP_REASON_BAD_DEST_MAC); > + return NULL; > + } > + > __IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len); > > if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || > diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c > index d6306aa46bb1..76e6119ba558 100644 > --- a/net/ipv6/proc.c > +++ b/net/ipv6/proc.c > @@ -84,6 +84,7 @@ static const struct snmp_mib snmp6_ipstats_list[] = { > SNMP_MIB_ITEM("Ip6InECT1Pkts", IPSTATS_MIB_ECT1PKTS), > SNMP_MIB_ITEM("Ip6InECT0Pkts", IPSTATS_MIB_ECT0PKTS), > SNMP_MIB_ITEM("Ip6InCEPkts", IPSTATS_MIB_CEPKTS), > + SNMP_MIB_ITEM("Ip6InMacErrors", IPSTATS_MIB_INMACERRORS), > SNMP_MIB_SENTINEL > }; > > -- > 2.35.0.rc0.227.g00780c9af4-goog >
On Tue, 25 Jan 2022 23:24:24 +0000 Jeffrey Ji wrote: > v3-4: > Remove Change-Id > > v2: > Use skb_free_reason() for tracing > Add real-life example in patch msg > > Signed-off-by: jeffreyji <jeffreyji@google.com> > --- > include/linux/skbuff.h | 1 + > include/uapi/linux/snmp.h | 1 + > net/ipv4/ip_input.c | 7 +++++-- > net/ipv4/proc.c | 1 + > net/ipv6/ip6_input.c | 12 +++++++----- > net/ipv6/proc.c | 1 + > 6 files changed, 16 insertions(+), 7 deletions(-) > > diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h > index bf11e1fbd69b..04a36352f677 100644 > --- a/include/linux/skbuff.h > +++ b/include/linux/skbuff.h > @@ -320,6 +320,7 @@ enum skb_drop_reason { > SKB_DROP_REASON_TCP_CSUM, > SKB_DROP_REASON_TCP_FILTER, > SKB_DROP_REASON_UDP_CSUM, > + SKB_DROP_REASON_BAD_DEST_MAC, Ah, sorry I missed that you pulled in the reason in v3, I thought you'd leave it to Menglong. Either way is fine, but "BAD_DEST_MAC" is probably not the most fortunate name for this reason code. Menglong had OTHERHOST - that seems more intuitive to me, the MAC address is not bad, it's just not the address of the local host.
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index bf11e1fbd69b..04a36352f677 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -320,6 +320,7 @@ enum skb_drop_reason { SKB_DROP_REASON_TCP_CSUM, SKB_DROP_REASON_TCP_FILTER, SKB_DROP_REASON_UDP_CSUM, + SKB_DROP_REASON_BAD_DEST_MAC, SKB_DROP_REASON_MAX, }; diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 904909d020e2..ac2fac12dd7d 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -57,6 +57,7 @@ enum IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */ IPSTATS_MIB_CEPKTS, /* InCEPkts */ IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */ + IPSTATS_MIB_INMACERRORS, /* InMacErrors */ __IPSTATS_MIB_MAX }; diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 3a025c011971..379ef6b46920 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -441,8 +441,11 @@ static struct sk_buff *ip_rcv_core(struct sk_buff *skb, struct net *net) /* When the interface is in promisc. mode, drop all the crap * that it receives, do not try to analyse it. */ - if (skb->pkt_type == PACKET_OTHERHOST) - goto drop; + if (skb->pkt_type == PACKET_OTHERHOST) { + __IP_INC_STATS(net, IPSTATS_MIB_INMACERRORS); + kfree_skb_reason(skb, SKB_DROP_REASON_BAD_DEST_MAC); + return NULL; + } __IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len); diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index f30273afb539..dfe0a1dbf8e9 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c @@ -117,6 +117,7 @@ static const struct snmp_mib snmp4_ipextstats_list[] = { SNMP_MIB_ITEM("InECT0Pkts", IPSTATS_MIB_ECT0PKTS), SNMP_MIB_ITEM("InCEPkts", IPSTATS_MIB_CEPKTS), SNMP_MIB_ITEM("ReasmOverlaps", IPSTATS_MIB_REASM_OVERLAPS), + SNMP_MIB_ITEM("InMacErrors", IPSTATS_MIB_INMACERRORS), SNMP_MIB_SENTINEL }; diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 80256717868e..f6245fba7699 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -149,15 +149,17 @@ static struct sk_buff *ip6_rcv_core(struct sk_buff *skb, struct net_device *dev, u32 pkt_len; struct inet6_dev *idev; - if (skb->pkt_type == PACKET_OTHERHOST) { - kfree_skb(skb); - return NULL; - } - rcu_read_lock(); idev = __in6_dev_get(skb->dev); + if (skb->pkt_type == PACKET_OTHERHOST) { + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INMACERRORS); + rcu_read_unlock(); + kfree_skb_reason(skb, SKB_DROP_REASON_BAD_DEST_MAC); + return NULL; + } + __IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_IN, skb->len); if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL || diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c index d6306aa46bb1..76e6119ba558 100644 --- a/net/ipv6/proc.c +++ b/net/ipv6/proc.c @@ -84,6 +84,7 @@ static const struct snmp_mib snmp6_ipstats_list[] = { SNMP_MIB_ITEM("Ip6InECT1Pkts", IPSTATS_MIB_ECT1PKTS), SNMP_MIB_ITEM("Ip6InECT0Pkts", IPSTATS_MIB_ECT0PKTS), SNMP_MIB_ITEM("Ip6InCEPkts", IPSTATS_MIB_CEPKTS), + SNMP_MIB_ITEM("Ip6InMacErrors", IPSTATS_MIB_INMACERRORS), SNMP_MIB_SENTINEL };