From patchwork Sun Aug 21 11:35:16 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shmulik Ladkani <shmulik@metanetworks.com>
X-Patchwork-Id: 12949877
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 513C2C00140
	for <bpf@archiver.kernel.org>; Sun, 21 Aug 2022 11:35:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229526AbiHULfw (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Sun, 21 Aug 2022 07:35:52 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57340 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229445AbiHULft (ORCPT <rfc822;bpf@vger.kernel.org>);
        Sun, 21 Aug 2022 07:35:49 -0400
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com
 [IPv6:2a00:1450:4864:20::431])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5FE918349
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:48 -0700 (PDT)
Received: by mail-wr1-x431.google.com with SMTP id h5so9254350wru.7
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=metanetworks.com; s=google;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc;
        bh=Wg6mAAkilMI/2+ZXuROZzAW1qEHdMe6H3hCymOv9/wE=;
        b=dkS0XhHfSTXmCyKcjadMqINCLEjxnhInzD69JxyEebiC8lOmeIIqY+LSMSGTdFQwwK
         Z5nXAJffPZnrXz5bTwH14baJT8maJsElPVp6XDUexXJGlOy5SpiVRTumyEGTlKWpo0KA
         tYU0I1+USlY4dzlE0avdMfrpkT1kHZN/9HmBM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=Wg6mAAkilMI/2+ZXuROZzAW1qEHdMe6H3hCymOv9/wE=;
        b=6r+Iq/j/DxNDHYsilTrPRSti9KoBKcrO4NMoxvsBEOyItVRjs8603ua2RuQIUUTeVA
         EN/ELZP8k53D/9iGKvWBkbkHz0MfVTnlDRmNfo29qYeLZXiZw/iK6ufIfu2nAGhs+rRl
         Sg6IIBXkJdenRou7qBeVdgk201efDCEQ47EQEs5VWtOxibYPJZUTrvmbtPl17yDes6d0
         uZUzep9+TRfIVOY2dDfJSwtJDLIKkIJMT8DvBpV7yRjkkimBLqoPcKSn3JA39A16fCA5
         JBApLwMa5YmRbNchcQDjG1iSst/m39LV44rbYycyny7kKmb+RUskfwIB5P4p4ZD1ueAB
         6hDQ==
X-Gm-Message-State: ACgBeo38crQWQ11NpYUFCvrxdZE6oi/GMeLgYzlC+Sf4ONXtc4IOLFeA
        NK/q0IBkcPyGhEbnGz44Cmi4ikwxsihIAPvkXH75J0ZNDAeiR6OuPcsYuENUg3F0t0e2T8wTiq7
        HqJt2RFoQwGdIbujVECjJOGWmHEMbI22TJ61si2aIfKBNzUFkH1CiimbkHQq16H7oKYiEYjD9
X-Google-Smtp-Source: 
 AA6agR48zxLlD862jPyQ+ZrOMnQDqAjf+tLxZ2W1XWrC1VLmp9h2DWtfzVK9qVSWE7ED9SZ0n9WZEw==
X-Received: by 2002:a5d:5a9b:0:b0:225:3fa0:f9ca with SMTP id
 bp27-20020a5d5a9b000000b002253fa0f9camr4757832wrb.204.1661081746885;
        Sun, 21 Aug 2022 04:35:46 -0700 (PDT)
Received: from blondie.home ([94.230.83.151])
        by smtp.gmail.com with ESMTPSA id
 l8-20020a05600c2cc800b003a6632fe925sm1067178wmc.13.2022.08.21.04.35.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Aug 2022 04:35:46 -0700 (PDT)
From: Shmulik Ladkani <shmulik@metanetworks.com>
X-Google-Original-From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
To: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
        Stanislav Fomichev <sdf@google.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
        Petar Penkov <ppenkov@google.com>,
        Willem de Bruijn <willemb@google.com>,
        Shmulik Ladkani <shmulik.ladkani@gmail.com>
Subject: [PATCH v2 bpf-next 1/4] flow_dissector: Make 'bpf_flow_dissect'
 return the bpf program retcode
Date: Sun, 21 Aug 2022 14:35:16 +0300
Message-Id: <20220821113519.116765-2-shmulik.ladkani@gmail.com>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
References: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

Let 'bpf_flow_dissect' callers know the bpf program's retcode and act
accordingly.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
 include/linux/skbuff.h    |  4 ++--
 net/bpf/test_run.c        |  2 +-
 net/core/flow_dissector.c | 13 +++++++------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ca8afa382bf2..87921996175c 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1460,8 +1460,8 @@ void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
 			     unsigned int key_count);
 
 struct bpf_flow_dissector;
-bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
-		      __be16 proto, int nhoff, int hlen, unsigned int flags);
+u32 bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
+		     __be16 proto, int nhoff, int hlen, unsigned int flags);
 
 bool __skb_flow_dissect(const struct net *net,
 			const struct sk_buff *skb,
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 25d8ecf105aa..51c479433517 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -1445,7 +1445,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
 	bpf_test_timer_enter(&t);
 	do {
 		retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN,
-					  size, flags);
+					  size, flags) == BPF_OK;
 	} while (bpf_test_timer_continue(&t, 1, repeat, &ret, &duration));
 	bpf_test_timer_leave(&t);
 
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 764c4cb3fe8f..a01817fb4ef4 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -866,8 +866,8 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys,
 	}
 }
 
-bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
-		      __be16 proto, int nhoff, int hlen, unsigned int flags)
+u32 bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
+		     __be16 proto, int nhoff, int hlen, unsigned int flags)
 {
 	struct bpf_flow_keys *flow_keys = ctx->flow_keys;
 	u32 result;
@@ -892,7 +892,7 @@ bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
 	flow_keys->thoff = clamp_t(u16, flow_keys->thoff,
 				   flow_keys->nhoff, hlen);
 
-	return result == BPF_OK;
+	return result;
 }
 
 static bool is_pppoe_ses_hdr_valid(const struct pppoe_hdr *hdr)
@@ -1008,6 +1008,7 @@ bool __skb_flow_dissect(const struct net *net,
 			};
 			__be16 n_proto = proto;
 			struct bpf_prog *prog;
+			u32 result;
 
 			if (skb) {
 				ctx.skb = skb;
@@ -1019,12 +1020,12 @@ bool __skb_flow_dissect(const struct net *net,
 			}
 
 			prog = READ_ONCE(run_array->items[0].prog);
-			ret = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
-					       hlen, flags);
+			result = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
+						  hlen, flags);
 			__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
 						 target_container);
 			rcu_read_unlock();
-			return ret;
+			return result == BPF_OK;
 		}
 		rcu_read_unlock();
 	}

From patchwork Sun Aug 21 11:35:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shmulik Ladkani <shmulik@metanetworks.com>
X-Patchwork-Id: 12949878
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 15042C00140
	for <bpf@archiver.kernel.org>; Sun, 21 Aug 2022 11:35:58 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229537AbiHULf5 (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Sun, 21 Aug 2022 07:35:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57352 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229445AbiHULf4 (ORCPT <rfc822;bpf@vger.kernel.org>);
        Sun, 21 Aug 2022 07:35:56 -0400
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com
 [IPv6:2a00:1450:4864:20::32e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5AA941835F
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:55 -0700 (PDT)
Received: by mail-wm1-x32e.google.com with SMTP id
 m10-20020a05600c3b0a00b003a603fc3f81so4636500wms.0
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=metanetworks.com; s=google;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc;
        bh=Emvzw81E9rbTpR7B4v/LnUFapcpD5Nw0KeJWBhy/LAE=;
        b=Ea+OHOfB2wZ0mjdR27UV1O0nLu8PkpH2W8dtkQ0gebllTfEFk07tAOtXEuBZyIaIO0
         O5wMDY8RBDCiJuiguVETybqGj5vEva4RYBMZCxo64F1PG3BxEgNo0kIiyt1/mI4euv67
         0XxQjPtKTzsSl1Cd6VcZy8LPQXvVGlZLLFqcw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=Emvzw81E9rbTpR7B4v/LnUFapcpD5Nw0KeJWBhy/LAE=;
        b=3r67mDjEPcPCVFbRXAq4roNzHlhnDijAwfn3o/BEDcx3x65VFdBROZhZ2NpWIGlt2T
         j4vMCXxXvw5svzr+tum+m/8iEMVcCritiwqsQdrNgj2wL4hP518iRv7tPuJStxrqYsGW
         4M4pOKL4e6sAA2LexAFqGFuu03HXrbf6GGh2n76y2FrEkkFcL54A+pMtYKt7NwF/AcAz
         FGjaKyjqymn07+pXNs0kUvJNf6PVSVcWP7PRAOIXLOaENKDrYFgOeY9mIusa28wOp934
         O6XZy94EiUgNBUftXl8Nr+7LO4gya9PCIb2nWwgBfqKlpVsECzO6kJq/O1Kut9JFhNhX
         uyXg==
X-Gm-Message-State: ACgBeo0+1jx1lQj1G1OoJRxEhBAra8Hj1JcoVIXwd2SJdoJDaCsHOWyL
        Jb853P1cKnMP4aWZEZg3hjGqX0V0QwBjADV2F/HBloUaGDxMpA9MhL6XdSV2ggPB84wNVC4h+Kw
        VxyNmZFdJ0w8cyn915mkvkVXIM+O44D6UbEfyT0qxhNGS8eo+5i8qkQrgHNTUFy8be/stW1Ll
X-Google-Smtp-Source: 
 AA6agR7947z5lpBeW5Ame0BJfug407/tGmULHJCxQZmvM3gaSrfoX+ulf98cSNCutQpbceK66ZQ2Bw==
X-Received: by 2002:a05:600c:358e:b0:3a5:f19d:28db with SMTP id
 p14-20020a05600c358e00b003a5f19d28dbmr13211720wmq.76.1661081753483;
        Sun, 21 Aug 2022 04:35:53 -0700 (PDT)
Received: from blondie.home ([94.230.83.151])
        by smtp.gmail.com with ESMTPSA id
 l8-20020a05600c2cc800b003a6632fe925sm1067178wmc.13.2022.08.21.04.35.52
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Aug 2022 04:35:53 -0700 (PDT)
From: Shmulik Ladkani <shmulik@metanetworks.com>
X-Google-Original-From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
To: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
        Stanislav Fomichev <sdf@google.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
        Petar Penkov <ppenkov@google.com>,
        Willem de Bruijn <willemb@google.com>,
        Shmulik Ladkani <shmulik.ladkani@gmail.com>
Subject: [PATCH v2 bpf-next 2/4] bpf/flow_dissector: Introduce
 BPF_FLOW_DISSECTOR_CONTINUE retcode for flow-dissector bpf progs
Date: Sun, 21 Aug 2022 14:35:17 +0300
Message-Id: <20220821113519.116765-3-shmulik.ladkani@gmail.com>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
References: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

Currently, attaching BPF_PROG_TYPE_FLOW_DISSECTOR programs completely
replaces the flow-dissector logic with custom dissection logic.
This forces implementors to write programs that handle dissection for
any flows expected in the namespace.

It makes sense for flow-dissector bpf programs to just augment the
dissector with custom logic (e.g. dissecting certain flows or custom
protocols), while enjoying the broad capabilities of the standard
dissector for any other traffic.

Introduce BPF_FLOW_DISSECTOR_CONTINUE retcode. Flow-dissector bpf
programs may return this to indicate no dissection was made, and
fallback to the standard dissector is requested.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
 include/uapi/linux/bpf.h       | 5 +++++
 net/core/flow_dissector.c      | 3 +++
 tools/include/uapi/linux/bpf.h | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 934a2a8beb87..7f87012b012e 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5861,6 +5861,11 @@ enum bpf_ret_code {
 	 *    represented by BPF_REDIRECT above).
 	 */
 	BPF_LWT_REROUTE = 128,
+	/* BPF_FLOW_DISSECTOR_CONTINUE: used by BPF_PROG_TYPE_FLOW_DISSECTOR
+	 *   to indicate that no custom dissection was performed, and
+	 *   fallback to standard dissector is requested.
+	 */
+	BPF_FLOW_DISSECTOR_CONTINUE = 129,
 };
 
 struct bpf_sock {
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index a01817fb4ef4..990429c69ccd 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1022,11 +1022,14 @@ bool __skb_flow_dissect(const struct net *net,
 			prog = READ_ONCE(run_array->items[0].prog);
 			result = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
 						  hlen, flags);
+			if (result == BPF_FLOW_DISSECTOR_CONTINUE)
+				goto dissect_continue;
 			__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
 						 target_container);
 			rcu_read_unlock();
 			return result == BPF_OK;
 		}
+dissect_continue:
 		rcu_read_unlock();
 	}
 
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 1d6085e15fc8..f38814fbb618 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -5861,6 +5861,11 @@ enum bpf_ret_code {
 	 *    represented by BPF_REDIRECT above).
 	 */
 	BPF_LWT_REROUTE = 128,
+	/* BPF_FLOW_DISSECTOR_CONTINUE: used by BPF_PROG_TYPE_FLOW_DISSECTOR
+	 *   to indicate that no custom dissection was performed, and
+	 *   fallback to standard dissector is requested.
+	 */
+	BPF_FLOW_DISSECTOR_CONTINUE = 129,
 };
 
 struct bpf_sock {

From patchwork Sun Aug 21 11:35:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shmulik Ladkani <shmulik@metanetworks.com>
X-Patchwork-Id: 12949879
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 17E76C00140
	for <bpf@archiver.kernel.org>; Sun, 21 Aug 2022 11:36:02 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229585AbiHULgA (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Sun, 21 Aug 2022 07:36:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57378 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229445AbiHULgA (ORCPT <rfc822;bpf@vger.kernel.org>);
        Sun, 21 Aug 2022 07:36:00 -0400
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com
 [IPv6:2a00:1450:4864:20::42e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CD9A1836D
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:59 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id e20so9567715wri.13
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:35:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=metanetworks.com; s=google;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc;
        bh=glrEjaF6UN80soJ6diZk7wLex8HkVNn1dIiRDIPDZ9w=;
        b=I4AA7BTY/dURuFhFMqcPZSjqHNnx0Cys1a2aQG2jedBW0gC9b2m/dScuwwLgmznUcd
         7DP4jY+Q7Zcer417D0GAwKDz3IRDSW7sC4mHeZjh3SwMxbBbkM7x9CjNurBay+MfNyhB
         lou4M4Bg3qwr+HNCUbjCy+uRpggnBbUSn+Phc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=glrEjaF6UN80soJ6diZk7wLex8HkVNn1dIiRDIPDZ9w=;
        b=N56GObjlCxuUVnPAQa3jC5UihaegLau3I+QJnRA56xApbIO2cdoCXNfheeYbwKdhbT
         BnFmXoCb9jzrv4IKSEe9WhLHv8zaOiKtFWKGL+Sharys3DnjN63osjDEg5pMvhS1N1pr
         BFNpeANtHsAZFpAQLC5j+8B71To1KXsHYLJYgMlLGF07v/5xCJ7XMDgDu5BbTYkmAYdn
         S/PLRrTK2hrxXPSlLIJrCzHlcSTwQaONHWmvosltxg/Wd0zbxYdk8PXraDSdd6DyYJcB
         oMpDfmD6Z4LyAl/1eH06vrLJgfuc/jeySyIsb5dNREm630mmtV4a2Bn/5hG14kpuHzXV
         zpIw==
X-Gm-Message-State: ACgBeo2NmNdE6lKYJqaomm7WTBj0lIGRCJwzguoF7DmzU43SPf9cwGZj
        4r0JXNtS9bMxsiqC6lysav2jJHd6N04epkUdqXx9MtewM/iuZNdxQEpV95094SuTInYecXys/Gt
        g2v78f3ETeCgUf/q8yKaxHDZreGUdwScTB5Ty989evCNXPnHFOB0+luedKbrx0T9dwhBhmZb5
X-Google-Smtp-Source: 
 AA6agR5BJClQ6VyjJebVyBgPCBp6jmEMgOABqZwrjzDymNEn8MOdRzIpSgi0x0gGAfyI2LC2efUKjw==
X-Received: by 2002:a05:6000:1547:b0:225:4fbb:df97 with SMTP id
 7-20020a056000154700b002254fbbdf97mr2037927wry.76.1661081757161;
        Sun, 21 Aug 2022 04:35:57 -0700 (PDT)
Received: from blondie.home ([94.230.83.151])
        by smtp.gmail.com with ESMTPSA id
 l8-20020a05600c2cc800b003a6632fe925sm1067178wmc.13.2022.08.21.04.35.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Aug 2022 04:35:56 -0700 (PDT)
From: Shmulik Ladkani <shmulik@metanetworks.com>
X-Google-Original-From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
To: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
        Stanislav Fomichev <sdf@google.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
        Petar Penkov <ppenkov@google.com>,
        Willem de Bruijn <willemb@google.com>,
        Shmulik Ladkani <shmulik.ladkani@gmail.com>
Subject: [PATCH v2 bpf-next 3/4] bpf: test_run: Propagate bpf_flow_dissect's
 retval to user's bpf_attr.test.retval
Date: Sun, 21 Aug 2022 14:35:18 +0300
Message-Id: <20220821113519.116765-4-shmulik.ladkani@gmail.com>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
References: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

Formerly, a boolean denoting whether bpf_flow_dissect returned BPF_OK
was set into 'bpf_attr.test.retval'.

Augment this, so users can check the actual return code of the dissector
program under test.

Existing prog_tests/flow_dissector*.c tests were correspondingly changed
to check against each test's expected retval.
Also, tests' resulting 'flow_keys' are verified only in case the expected
retval is BPF_OK. This allows adding new tests that expect non BPF_OK.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
 net/bpf/test_run.c                            |  2 +-
 .../selftests/bpf/prog_tests/flow_dissector.c | 23 ++++++++++++++++++-
 .../prog_tests/flow_dissector_load_bytes.c    |  2 +-
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 51c479433517..25d8ecf105aa 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -1445,7 +1445,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
 	bpf_test_timer_enter(&t);
 	do {
 		retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN,
-					  size, flags) == BPF_OK;
+					  size, flags);
 	} while (bpf_test_timer_continue(&t, 1, repeat, &ret, &duration));
 	bpf_test_timer_leave(&t);
 
diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
index 0c1661ea996e..8fa3c454995e 100644
--- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
+++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
@@ -100,6 +100,7 @@ struct test {
 	} pkt;
 	struct bpf_flow_keys keys;
 	__u32 flags;
+	__u32 retval;
 };
 
 #define VLAN_HLEN	4
@@ -126,6 +127,7 @@ struct test tests[] = {
 			.sport = 80,
 			.dport = 8080,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv6",
@@ -146,6 +148,7 @@ struct test tests[] = {
 			.sport = 80,
 			.dport = 8080,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "802.1q-ipv4",
@@ -168,6 +171,7 @@ struct test tests[] = {
 			.sport = 80,
 			.dport = 8080,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "802.1ad-ipv6",
@@ -191,6 +195,7 @@ struct test tests[] = {
 			.sport = 80,
 			.dport = 8080,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv4-frag",
@@ -217,6 +222,7 @@ struct test tests[] = {
 			.dport = 8080,
 		},
 		.flags = BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv4-no-frag",
@@ -239,6 +245,7 @@ struct test tests[] = {
 			.is_frag = true,
 			.is_first_frag = true,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv6-frag",
@@ -265,6 +272,7 @@ struct test tests[] = {
 			.dport = 8080,
 		},
 		.flags = BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG,
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv6-no-frag",
@@ -287,6 +295,7 @@ struct test tests[] = {
 			.is_frag = true,
 			.is_first_frag = true,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv6-flow-label",
@@ -309,6 +318,7 @@ struct test tests[] = {
 			.dport = 8080,
 			.flow_label = __bpf_constant_htonl(0xbeeef),
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipv6-no-flow-label",
@@ -331,6 +341,7 @@ struct test tests[] = {
 			.flow_label = __bpf_constant_htonl(0xbeeef),
 		},
 		.flags = BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL,
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipip-encap",
@@ -359,6 +370,7 @@ struct test tests[] = {
 			.sport = 80,
 			.dport = 8080,
 		},
+		.retval = BPF_OK,
 	},
 	{
 		.name = "ipip-no-encap",
@@ -386,6 +398,7 @@ struct test tests[] = {
 			.is_encap = true,
 		},
 		.flags = BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP,
+		.retval = BPF_OK,
 	},
 };
 
@@ -503,6 +516,10 @@ static void run_tests_skb_less(int tap_fd, struct bpf_map *keys)
 		err = tx_tap(tap_fd, &tests[i].pkt, sizeof(tests[i].pkt));
 		CHECK(err < 0, "tx_tap", "err %d errno %d\n", err, errno);
 
+		/* check the stored flow_keys only if BPF_OK expected */
+		if (tests[i].retval != BPF_OK)
+			continue;
+
 		err = bpf_map_lookup_elem(keys_fd, &key, &flow_keys);
 		ASSERT_OK(err, "bpf_map_lookup_elem");
 
@@ -588,7 +605,11 @@ void test_flow_dissector(void)
 
 		err = bpf_prog_test_run_opts(prog_fd, &topts);
 		ASSERT_OK(err, "test_run");
-		ASSERT_EQ(topts.retval, 1, "test_run retval");
+		ASSERT_EQ(topts.retval, tests[i].retval, "test_run retval");
+
+		/* check the resulting flow_keys only if BPF_OK returned */
+		if (topts.retval != BPF_OK)
+			continue;
 		ASSERT_EQ(topts.data_size_out, sizeof(flow_keys),
 			  "test_run data_size_out");
 		CHECK_FLOW_KEYS(tests[i].name, flow_keys, tests[i].keys);
diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c
index 36afb409c25f..c7a47b57ac91 100644
--- a/tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c
+++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c
@@ -44,7 +44,7 @@ void serial_test_flow_dissector_load_bytes(void)
 	ASSERT_OK(err, "test_run");
 	ASSERT_EQ(topts.data_size_out, sizeof(flow_keys),
 		  "test_run data_size_out");
-	ASSERT_EQ(topts.retval, 1, "test_run retval");
+	ASSERT_EQ(topts.retval, BPF_OK, "test_run retval");
 
 	if (fd >= -1)
 		close(fd);

From patchwork Sun Aug 21 11:35:19 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shmulik Ladkani <shmulik@metanetworks.com>
X-Patchwork-Id: 12949880
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0E502C00140
	for <bpf@archiver.kernel.org>; Sun, 21 Aug 2022 11:36:09 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229445AbiHULgG (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Sun, 21 Aug 2022 07:36:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57422 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230010AbiHULgF (ORCPT <rfc822;bpf@vger.kernel.org>);
        Sun, 21 Aug 2022 07:36:05 -0400
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com
 [IPv6:2a00:1450:4864:20::432])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3733618386
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:36:04 -0700 (PDT)
Received: by mail-wr1-x432.google.com with SMTP id b5so5785378wrr.5
        for <bpf@vger.kernel.org>; Sun, 21 Aug 2022 04:36:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=metanetworks.com; s=google;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc;
        bh=TjEkirEwRULf0M9gpuyThDnBStTzoL3ecCcLN72VTeE=;
        b=fk2MgxXDadb3rj3zJ+gqZ2Ms/Xr8lwoESWmvE6jPU0z6xZpeuFIztzw5noR5bX9hbY
         e5ewGMoiV/vJ3Ik5fJ3WWS0C1KMAPdJ/YvSjnwShgaUjYpiIHoTfh/9GMuQvZ8aTk+/x
         OCV/3X3aIBNUqllJHINxtvv8bGhPK9VXL7tSg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc;
        bh=TjEkirEwRULf0M9gpuyThDnBStTzoL3ecCcLN72VTeE=;
        b=1TSj1i5PrvWYsGwpqMX29R24Jh4VusRxFA7HPoWDr4dUMsewizPSoiOMz9Vb5IA8mh
         hLFNmrOExGaHxSCtBLtQU/b5bJuO9BJaIDDJbbpZDlEq45bGFOZ8CptbiVDdGZXyumkY
         A4fd4Odh/7KT26xCZrI8PHPorD08qPn+leICti9YYnBOLU1Wpkn9GnBDPMsPQxUgFx86
         VD2CWlEef8JCuwgtN7A1SMlgrduSzvmb4tUlkA75D5f0n85nznzc1F6opVQJztpGLIl2
         R5fWRCmfcJxCVj70IJnYqyhVCrVkuzulfN6EuciLx4jTPPH1l/YsUG7dW+xTfwuhiaGo
         pbng==
X-Gm-Message-State: ACgBeo2JBcVaw2x6085JRLgssAIDPmPjoTXPCEJiOxdcFueg1plwjce9
        L2li9LnbNrVkRf7m7BzIVRPz6p/FdhG+QW4UJVFH3trUcJi1POwkaRhlpzxNM+t7Ms8sPPQ1TMY
        OqZPvUDdJePeYGx/qmHJeEqpZysj+CmXL4b95vr2W/VCIRIqxvKoEBuA2H96FawCVsLuLlwP4
X-Google-Smtp-Source: 
 AA6agR4USe1J/cxBmdA0BykymoP+IowmTBCOI/AJM/O8p6SXiIrgfgUpflbMTYc3qHqIlDjAjWxWZA==
X-Received: by 2002:adf:e68f:0:b0:225:337c:f710 with SMTP id
 r15-20020adfe68f000000b00225337cf710mr7022208wrm.555.1661081762411;
        Sun, 21 Aug 2022 04:36:02 -0700 (PDT)
Received: from blondie.home ([94.230.83.151])
        by smtp.gmail.com with ESMTPSA id
 l8-20020a05600c2cc800b003a6632fe925sm1067178wmc.13.2022.08.21.04.36.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Aug 2022 04:36:02 -0700 (PDT)
From: Shmulik Ladkani <shmulik@metanetworks.com>
X-Google-Original-From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
To: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
        Stanislav Fomichev <sdf@google.com>
Cc: Jakub Sitnicki <jakub@cloudflare.com>,
        Petar Penkov <ppenkov@google.com>,
        Willem de Bruijn <willemb@google.com>,
        Shmulik Ladkani <shmulik.ladkani@gmail.com>
Subject: [PATCH v2 bpf-next 4/4] selftests/bpf: test
 BPF_FLOW_DISSECTOR_CONTINUE
Date: Sun, 21 Aug 2022 14:35:19 +0300
Message-Id: <20220821113519.116765-5-shmulik.ladkani@gmail.com>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
References: <20220821113519.116765-1-shmulik.ladkani@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

The dissector program returns BPF_FLOW_DISSECTOR_CONTINUE (and avoids
setting skb->flow_keys or last_dissection map) in case it encounters
IP packets whose (outer) source address is 127.0.0.127.

Additional test is added to prog_tests/flow_dissector.c which sets
this address as test's pkk.iph.saddr, with the expected retval of
BPF_FLOW_DISSECTOR_CONTINUE.

Also, legacy test_flow_dissector.sh was similarly augmented.

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
---
 .../selftests/bpf/prog_tests/flow_dissector.c | 21 +++++++++++++++++++
 tools/testing/selftests/bpf/progs/bpf_flow.c  | 15 +++++++++++++
 .../selftests/bpf/test_flow_dissector.sh      |  8 +++++++
 3 files changed, 44 insertions(+)

diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
index 8fa3c454995e..7acca37a3d2b 100644
--- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
+++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c
@@ -8,6 +8,8 @@
 
 #include "bpf_flow.skel.h"
 
+#define FLOW_CONTINUE_SADDR 0x7f00007f /* 127.0.0.127 */
+
 #ifndef IP_MF
 #define IP_MF 0x2000
 #endif
@@ -400,6 +402,25 @@ struct test tests[] = {
 		.flags = BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP,
 		.retval = BPF_OK,
 	},
+	{
+		.name = "ipip-encap-dissector-continue",
+		.pkt.ipip = {
+			.eth.h_proto = __bpf_constant_htons(ETH_P_IP),
+			.iph.ihl = 5,
+			.iph.protocol = IPPROTO_IPIP,
+			.iph.tot_len = __bpf_constant_htons(MAGIC_BYTES),
+			.iph.saddr = __bpf_constant_htonl(FLOW_CONTINUE_SADDR),
+			.iph_inner.ihl = 5,
+			.iph_inner.protocol = IPPROTO_TCP,
+			.iph_inner.tot_len =
+				__bpf_constant_htons(MAGIC_BYTES) -
+				sizeof(struct iphdr),
+			.tcp.doff = 5,
+			.tcp.source = 99,
+			.tcp.dest = 9090,
+		},
+		.retval = BPF_FLOW_DISSECTOR_CONTINUE,
+	},
 };
 
 static int create_tap(const char *ifname)
diff --git a/tools/testing/selftests/bpf/progs/bpf_flow.c b/tools/testing/selftests/bpf/progs/bpf_flow.c
index f266c757b3df..a20c5ed5e454 100644
--- a/tools/testing/selftests/bpf/progs/bpf_flow.c
+++ b/tools/testing/selftests/bpf/progs/bpf_flow.c
@@ -22,6 +22,8 @@
 #define PROG(F) PROG_(F, _##F)
 #define PROG_(NUM, NAME) SEC("flow_dissector") int flow_dissector_##NUM
 
+#define FLOW_CONTINUE_SADDR 0x7f00007f /* 127.0.0.127 */
+
 /* These are the identifiers of the BPF programs that will be used in tail
  * calls. Name is limited to 16 characters, with the terminating character and
  * bpf_func_ above, we have only 6 to work with, anything after will be cropped.
@@ -143,6 +145,19 @@ int _dissect(struct __sk_buff *skb)
 {
 	struct bpf_flow_keys *keys = skb->flow_keys;
 
+	if (keys->n_proto == bpf_htons(ETH_P_IP)) {
+		/* IP traffic from FLOW_CONTINUE_SADDR falls-back to
+		 * standard dissector
+		 */
+		struct iphdr *iph, _iph;
+
+		iph = bpf_flow_dissect_get_header(skb, sizeof(*iph), &_iph);
+		if (iph && iph->ihl == 5 &&
+		    iph->saddr == bpf_htonl(FLOW_CONTINUE_SADDR)) {
+			return BPF_FLOW_DISSECTOR_CONTINUE;
+		}
+	}
+
 	return parse_eth_proto(skb, keys->n_proto);
 }
 
diff --git a/tools/testing/selftests/bpf/test_flow_dissector.sh b/tools/testing/selftests/bpf/test_flow_dissector.sh
index dbd91221727d..5303ce0c977b 100755
--- a/tools/testing/selftests/bpf/test_flow_dissector.sh
+++ b/tools/testing/selftests/bpf/test_flow_dissector.sh
@@ -115,6 +115,14 @@ tc filter add dev lo parent ffff: protocol ip pref 1337 flower ip_proto \
 # Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
 ./test_flow_dissector -i 4 -f 10
 
+echo "Testing IPv4 from 127.0.0.127 (fallback to generic dissector)..."
+# Send 10 IPv4/UDP packets from port 8. Filter should not drop any.
+./test_flow_dissector -i 4 -S 127.0.0.127 -f 8
+# Send 10 IPv4/UDP packets from port 9. Filter should drop all.
+./test_flow_dissector -i 4 -S 127.0.0.127 -f 9 -F
+# Send 10 IPv4/UDP packets from port 10. Filter should not drop any.
+./test_flow_dissector -i 4 -S 127.0.0.127 -f 10
+
 echo "Testing IPIP..."
 # Send 10 IPv4/IPv4/UDP packets from port 8. Filter should not drop any.
 ./with_addr.sh ./with_tunnels.sh ./test_flow_dissector -o 4 -e bare -i 4 \