From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: Nick Hudson <nhudson@akamai.com>,
bpf@vger.kernel.org, netdev@vger.kernel.org,
Willem de Bruijn <willemb@google.com>,
Martin KaFai Lau <martin.lau@linux.dev>
Cc: Nick Hudson <nhudson@akamai.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Shuah Khan <shuah@kernel.org>,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH bpf-next v4 6/6] selftests/bpf: tc_tunnel validate decap GSO state
Date: Thu, 16 Apr 2026 08:33:34 -0400 [thread overview]
Message-ID: <willemdebruijn.kernel.2a800b32a572a@gmail.com> (raw)
In-Reply-To: <20260416075514.927101-7-nhudson@akamai.com>
Nick Hudson wrote:
> Require BPF_F_ADJ_ROOM_DECAP_L4_UDP and BPF_F_ADJ_ROOM_DECAP_L4_GRE enum
> values at runtime using CO-RE enum existence checks so missing kernel
> support fails fast instead of silently proceeding.
>
> After bpf_skb_adjust_room() decapsulation, inspect skb_shared_info and
> sk_buff state for GSO packets and assert that the expected tunnel GSO
> bits are cleared and encapsulation matches the remaining tunnel state.
>
> Signed-off-by: Nick Hudson <nhudson@akamai.com>
> ---
> .../selftests/bpf/progs/test_tc_tunnel.c | 58 +++++++++++++++++++
> 1 file changed, 58 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
> index 7376df405a6b..74dfb694a210 100644
> --- a/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
> +++ b/tools/testing/selftests/bpf/progs/test_tc_tunnel.c
> @@ -6,6 +6,7 @@
>
> #include <bpf/bpf_helpers.h>
> #include <bpf/bpf_endian.h>
> +#include <bpf/bpf_core_read.h>
> #include "bpf_tracing_net.h"
> #include "bpf_compiler.h"
>
> @@ -37,6 +38,23 @@ struct vxlanhdr___local {
>
> #define EXTPROTO_VXLAN 0x1
>
> +#define SKB_GSO_UDP_TUNNEL_MASK (SKB_GSO_UDP_TUNNEL | \
> + SKB_GSO_UDP_TUNNEL_CSUM | \
> + SKB_GSO_TUNNEL_REMCSUM)
Leftover remcsum reference?
> +
> +#define SKB_GSO_TUNNEL_MASK (SKB_GSO_UDP_TUNNEL_MASK | \
Odd indentation?
> + SKB_GSO_GRE | \
> + SKB_GSO_GRE_CSUM | \
> + SKB_GSO_IPXIP4 | \
> + SKB_GSO_IPXIP6 | \
> + SKB_GSO_ESP)
> +
> +#define BPF_F_ADJ_ROOM_DECAP_L4_MASK (BPF_F_ADJ_ROOM_DECAP_L4_UDP | \
> + BPF_F_ADJ_ROOM_DECAP_L4_GRE)
> +
> +#define BPF_F_ADJ_ROOM_DECAP_IPXIP_MASK (BPF_F_ADJ_ROOM_DECAP_IPXIP4 | \
> + BPF_F_ADJ_ROOM_DECAP_IPXIP6)
> +
> #define VXLAN_FLAGS bpf_htonl(1<<27)
> #define VNI_ID 1
> #define VXLAN_VNI bpf_htonl(VNI_ID << 8)
> @@ -592,6 +610,8 @@ int __encap_ip6vxlan_eth(struct __sk_buff *skb)
> static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
> {
> __u64 flags = BPF_F_ADJ_ROOM_FIXED_GSO;
> + struct sk_buff *kskb;
> + struct skb_shared_info *shinfo;
> struct ipv6_opt_hdr ip6_opt_hdr;
> struct gre_hdr greh;
> struct udphdr udph;
> @@ -621,6 +641,11 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
> break;
> case IPPROTO_GRE:
> olen += sizeof(struct gre_hdr);
> + if (!bpf_core_enum_value_exists(enum bpf_adj_room_flags,
> + BPF_F_ADJ_ROOM_DECAP_L4_GRE))
> + return TC_ACT_SHOT;
> + flags |= BPF_F_ADJ_ROOM_DECAP_L4_GRE;
> +
> if (bpf_skb_load_bytes(skb, off + len, &greh, sizeof(greh)) < 0)
> return TC_ACT_OK;
> switch (bpf_ntohs(greh.protocol)) {
> @@ -634,6 +659,10 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
> break;
> case IPPROTO_UDP:
> olen += sizeof(struct udphdr);
> + if (!bpf_core_enum_value_exists(enum bpf_adj_room_flags,
> + BPF_F_ADJ_ROOM_DECAP_L4_UDP))
> + return TC_ACT_SHOT;
> + flags |= BPF_F_ADJ_ROOM_DECAP_L4_UDP;
> if (bpf_skb_load_bytes(skb, off + len, &udph, sizeof(udph)) < 0)
> return TC_ACT_OK;
> switch (bpf_ntohs(udph.dest)) {
> @@ -655,6 +684,35 @@ static int decap_internal(struct __sk_buff *skb, int off, int len, char proto)
> if (bpf_skb_adjust_room(skb, -olen, BPF_ADJ_ROOM_MAC, flags))
> return TC_ACT_SHOT;
>
> + kskb = bpf_cast_to_kern_ctx(skb);
> + shinfo = bpf_core_cast(kskb->head + kskb->end, struct skb_shared_info);
> + if (!shinfo->gso_size)
> + return TC_ACT_OK;
> +
> + if ((flags & BPF_F_ADJ_ROOM_DECAP_L4_UDP) &&
> + (shinfo->gso_type & SKB_GSO_UDP_TUNNEL_MASK))
> + return TC_ACT_SHOT;
> +
> + if ((flags & BPF_F_ADJ_ROOM_DECAP_L4_GRE) &&
> + (shinfo->gso_type & (SKB_GSO_GRE | SKB_GSO_GRE_CSUM)))
> + return TC_ACT_SHOT;
> +
> + if ((flags & BPF_F_ADJ_ROOM_DECAP_IPXIP4) &&
> + (shinfo->gso_type & SKB_GSO_IPXIP4))
> + return TC_ACT_SHOT;
> +
> + if ((flags & BPF_F_ADJ_ROOM_DECAP_IPXIP6) &&
> + (shinfo->gso_type & SKB_GSO_IPXIP6))
> + return TC_ACT_SHOT;
> +
> + if (flags & (BPF_F_ADJ_ROOM_DECAP_L4_MASK |
> + BPF_F_ADJ_ROOM_DECAP_IPXIP_MASK)) {
> + if ((shinfo->gso_type & SKB_GSO_TUNNEL_MASK) && !kskb->encapsulation)
> + return TC_ACT_SHOT;
> + if (!(shinfo->gso_type & SKB_GSO_TUNNEL_MASK) && kskb->encapsulation)
> + return TC_ACT_SHOT;
> + }
> +
> return TC_ACT_OK;
> }
>
> --
> 2.34.1
>
next prev parent reply other threads:[~2026-04-16 12:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-16 7:55 [PATCH bpf-next v4 0/6] bpf: decap flags and GSO state updates Nick Hudson
2026-04-16 7:55 ` [PATCH bpf-next v4 1/6] bpf: name the enum for BPF_FUNC_skb_adjust_room flags Nick Hudson
2026-04-16 10:02 ` sashiko-bot
2026-04-16 14:18 ` Alexei Starovoitov
2026-04-17 11:44 ` Hudson, Nick
2026-04-16 7:55 ` [PATCH bpf-next v4 2/6] bpf: refactor masks for ADJ_ROOM flags and encap validation Nick Hudson
2026-04-16 7:55 ` [PATCH bpf-next v4 3/6] bpf: add BPF_F_ADJ_ROOM_DECAP_* flags for tunnel decapsulation Nick Hudson
2026-04-16 7:55 ` [PATCH bpf-next v4 4/6] bpf: allow new DECAP flags and add guard rails Nick Hudson
2026-04-16 7:55 ` [PATCH bpf-next v4 5/6] bpf: clear decap tunnel GSO state in skb_adjust_room Nick Hudson
2026-04-16 8:34 ` bot+bpf-ci
2026-04-16 12:03 ` sashiko-bot
2026-04-16 12:32 ` Willem de Bruijn
2026-04-17 12:27 ` Hudson, Nick
2026-04-16 7:55 ` [PATCH bpf-next v4 6/6] selftests/bpf: tc_tunnel validate decap GSO state Nick Hudson
2026-04-16 12:33 ` Willem de Bruijn [this message]
2026-04-16 12:43 ` sashiko-bot
2026-04-16 19:46 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=willemdebruijn.kernel.2a800b32a572a@gmail.com \
--to=willemdebruijn.kernel@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=nhudson@akamai.com \
--cc=shuah@kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.