From: David Ahern <dsahern@gmail.com>
To: netdev@vger.kernel.org, borkmann@iogearbox.net, ast@kernel.org
Cc: davem@davemloft.net, David Ahern <dsahern@gmail.com>
Subject: [PATCH bpf-next 3/3] bpf: Add mtu checking to FIB forwarding helper
Date: Thu, 17 May 2018 09:09:30 -0700 [thread overview]
Message-ID: <20180517160930.25076-4-dsahern@gmail.com> (raw)
In-Reply-To: <20180517160930.25076-1-dsahern@gmail.com>
Add check that egress MTU can handle packet to be forwarded. If
the MTU is less than the packet lenght, return 0 meaning the
packet is expected to continue up the stack for help - eg.,
fragmenting the packet or sending an ICMP.
Signed-off-by: David Ahern <dsahern@gmail.com>
---
net/core/filter.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 6d0d1560bd70..c47c47a75d4b 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4098,6 +4098,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
struct fib_nh *nh;
struct flowi4 fl4;
int err;
+ u32 mtu;
dev = dev_get_by_index_rcu(net, params->ifindex);
if (unlikely(!dev))
@@ -4149,6 +4150,10 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
if (res.fi->fib_nhs > 1)
fib_select_path(net, &res, &fl4, NULL);
+ mtu = ip_mtu_from_fib_result(&res, params->ipv4_dst);
+ if (params->tot_len > mtu)
+ return 0;
+
nh = &res.fi->fib_nh[res.nh_sel];
/* do not handle lwt encaps right now */
@@ -4188,6 +4193,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
struct flowi6 fl6;
int strict = 0;
int oif;
+ u32 mtu;
/* link local addresses are never forwarded */
if (rt6_need_strict(dst) || rt6_need_strict(src))
@@ -4250,6 +4256,10 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
fl6.flowi6_oif, NULL,
strict);
+ mtu = ip6_mtu_from_fib6(f6i, dst, src);
+ if (params->tot_len > mtu)
+ return 0;
+
if (f6i->fib6_nh.nh_lwtstate)
return 0;
--
2.11.0
next prev parent reply other threads:[~2018-05-17 16:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-17 16:09 [PATCH bpf-next 0/3] bpf: Add MTU check to fib lookup helper David Ahern
2018-05-17 16:09 ` [PATCH bpf-next 1/3] net/ipv4: Add helper to return path MTU based on fib result David Ahern
2018-05-17 16:09 ` [PATCH bpf-next 2/3] net/ipv6: " David Ahern
2018-05-17 16:09 ` David Ahern [this message]
2018-05-17 22:22 ` [PATCH bpf-next 3/3] bpf: Add mtu checking to FIB forwarding helper Daniel Borkmann
2018-05-18 0:34 ` David Ahern
2018-05-18 14:01 ` Daniel Borkmann
2018-05-20 6:41 ` kbuild test robot
2018-05-20 11:14 ` kbuild test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180517160930.25076-4-dsahern@gmail.com \
--to=dsahern@gmail.com \
--cc=ast@kernel.org \
--cc=borkmann@iogearbox.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.