From: Jiayuan Chen <jiayuan.chen@linux.dev>
To: Leon Hwang <leon.hwang@linux.dev>, bpf@vger.kernel.org
Cc: "David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <martin.lau@linux.dev>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
Guillaume Nault <gnault@redhat.com>,
Ido Schimmel <idosch@nvidia.com>,
Fernando Fernandez Mancera <fmancera@suse.de>,
Peter Oskolkov <posk@google.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-kselftest@vger.kernel.org, kernel-patches-bot@fb.com,
Leon Hwang <leon.huangfu@shopee.com>
Subject: Re: [PATCH bpf v3 1/2] bpf: Update transport_header when encapsulating UDP tunnel in lwt
Date: Tue, 2 Jun 2026 11:17:15 +0800 [thread overview]
Message-ID: <0fecd90a-d218-48dc-86d1-860ab2e7f6d5@linux.dev> (raw)
In-Reply-To: <20260601150203.20352-2-leon.hwang@linux.dev>
On 6/1/26 11:02 PM, Leon Hwang wrote:
> Currently, bpf_lwt_push_ip_encap() does not update skb->transport_header.
> When a driver, e.g. ice, reuses the stale skb->transport_header to
> offload checksum computation to NIC hardware, VxLAN packets encapsulated
> by bpf_lwt_push_encap() helper may be dropped due to incorrect checksum.
>
> Update skb->transport_header in bpf_lwt_push_ip_encap() whenever the
> encapsulated packet uses UDP, so checksum offload works correctly.
>
> Fixes: 52f278774e79 ("bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap")
> Cc: Leon Hwang <leon.huangfu@shopee.com>
> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
> ---
> net/core/lwt_bpf.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/net/core/lwt_bpf.c b/net/core/lwt_bpf.c
> index f71ef82a5f3d..65d1dfbf3312 100644
> --- a/net/core/lwt_bpf.c
> +++ b/net/core/lwt_bpf.c
> @@ -599,6 +599,7 @@ static int handle_gso_encap(struct sk_buff *skb, bool ipv4, int encap_len)
>
> int bpf_lwt_push_ip_encap(struct sk_buff *skb, void *hdr, u32 len, bool ingress)
> {
> + bool is_udp_tunnel;
> struct iphdr *iph;
> bool ipv4;
> int err;
> @@ -612,10 +613,16 @@ int bpf_lwt_push_ip_encap(struct sk_buff *skb, void *hdr, u32 len, bool ingress)
> ipv4 = true;
> if (unlikely(len < iph->ihl * 4))
> return -EINVAL;
> + is_udp_tunnel = iph->protocol == IPPROTO_UDP;
> + if (unlikely(is_udp_tunnel && len < iph->ihl * 4 + sizeof(struct udphdr)))
> + return -EINVAL;
> } else if (iph->version == 6) {
> ipv4 = false;
> if (unlikely(len < sizeof(struct ipv6hdr)))
> return -EINVAL;
> + is_udp_tunnel = ((struct ipv6hdr *)iph)->nexthdr == NEXTHDR_UDP;
> + if (unlikely(is_udp_tunnel && len < sizeof(struct ipv6hdr) + sizeof(struct udphdr)))
> + return -EINVAL;
> } else {
> return -EINVAL;
> }
> @@ -637,6 +644,10 @@ int bpf_lwt_push_ip_encap(struct sk_buff *skb, void *hdr, u32 len, bool ingress)
> if (ingress)
> skb_postpush_rcsum(skb, iph, len);
> skb_reset_network_header(skb);
> + if (ipv4 && is_udp_tunnel)
> + skb_set_transport_header(skb, skb_network_offset(skb) + iph->ihl * 4);
> + else if (!ipv4 && is_udp_tunnel)
> + skb_set_transport_header(skb, skb_network_offset(skb) + sizeof(struct ipv6hdr));
I think GRE is also affected, why not unconditionally set transport
header to network_offset + outer_ip_ihl regardless of outer protocol??
> memcpy(skb_network_header(skb), hdr, len);
> bpf_compute_data_pointers(skb);
> skb_clear_hash(skb);
next prev parent reply other threads:[~2026-06-02 3:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-01 15:02 [PATCH bpf v3 0/2] bpf: Update transport_header when encapsulating UDP tunnel in lwt Leon Hwang
2026-06-01 15:02 ` [PATCH bpf v3 1/2] " Leon Hwang
2026-06-01 15:17 ` sashiko-bot
2026-06-01 15:28 ` Eric Dumazet
2026-06-01 15:33 ` Eric Dumazet
2026-06-01 15:45 ` bot+bpf-ci
2026-06-01 17:03 ` Emil Tsalapatis
2026-06-02 2:11 ` Leon Hwang
2026-06-02 3:17 ` Jiayuan Chen [this message]
2026-06-02 5:38 ` Leon Hwang
2026-06-01 15:02 ` [PATCH bpf v3 2/2] selftests/bpf: Add tests to verify the fix of encapsulating VxLAN " Leon Hwang
2026-06-01 18:24 ` Emil Tsalapatis
2026-06-02 2:27 ` Leon Hwang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0fecd90a-d218-48dc-86d1-860ab2e7f6d5@linux.dev \
--to=jiayuan.chen@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=fmancera@suse.de \
--cc=gnault@redhat.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=jolsa@kernel.org \
--cc=kernel-patches-bot@fb.com \
--cc=kuba@kernel.org \
--cc=leon.huangfu@shopee.com \
--cc=leon.hwang@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=posk@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.