[PATCH v2] selftests/bpf: Validate UDP length in cls

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
@ 2025-06-03  5:28 Suchit Karunakaran
  2025-06-06 18:33 ` Alexei Starovoitov
  0 siblings, 1 reply; 3+ messages in thread
From: Suchit Karunakaran @ 2025-06-03  5:28 UTC (permalink / raw)
  To: andrii, eddyz87, bpf, linux-kselftest, linux-kernel, mykolal, ast,
	daniel
  Cc: martin.lau, song, yonghong.song, john.fastabend, kpsingh, sdf,
	haoluo, jolsa, shuah, Suchit

From: Suchit <suchitkarunakaran@gmail.com>

Add validation step to ensure that the UDP payload is
long enough to contain the expected GUE and UNIGUE encapsulation
headers

Signed-off-by: Suchit <suchitkarunakaran@gmail.com>
---

Changes since v2:
- Rebase

 tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
index f344c6835e84..c1d2eaee2e77 100644
--- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
+++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
@@ -978,7 +978,14 @@ int cls_redirect(struct __sk_buff *skb)
 		return TC_ACT_OK;
 	}
 
-	/* TODO Check UDP length? */
+	uint16_t udp_len = bpf_ntohs(encap->udp.len);
+	uint16_t min_encap_len = sizeof(encap->udp) + sizeof(encap->gue) + sizeof(encap->unigue);
+
+	if (udp_len < min_encap_len) {
+		metrics->errors_total_malformed_encapsulation++;
+		return TC_ACT_SHOT;
+	}
+
 	if (encap->udp.dest != ENCAPSULATION_PORT) {
 		return TC_ACT_OK;
 	}
-- 
2.49.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
  2025-06-03  5:28 [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test Suchit Karunakaran
@ 2025-06-06 18:33 ` Alexei Starovoitov
  2025-06-07 15:54   ` Suchit K
  0 siblings, 1 reply; 3+ messages in thread
From: Alexei Starovoitov @ 2025-06-06 18:33 UTC (permalink / raw)
  To: Suchit Karunakaran
  Cc: Andrii Nakryiko, Eduard, bpf, open list:KERNEL SELFTEST FRAMEWORK,
	LKML, Mykola Lysenko, Alexei Starovoitov, Daniel Borkmann,
	Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan

On Mon, Jun 2, 2025 at 10:28 PM Suchit Karunakaran
<suchitkarunakaran@gmail.com> wrote:
>
> From: Suchit <suchitkarunakaran@gmail.com>
>
> Add validation step to ensure that the UDP payload is
> long enough to contain the expected GUE and UNIGUE encapsulation
> headers
>
> Signed-off-by: Suchit <suchitkarunakaran@gmail.com>
> ---
>
> Changes since v2:
> - Rebase
>
>  tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> index f344c6835e84..c1d2eaee2e77 100644
> --- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> +++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> @@ -978,7 +978,14 @@ int cls_redirect(struct __sk_buff *skb)
>                 return TC_ACT_OK;
>         }
>
> -       /* TODO Check UDP length? */
> +       uint16_t udp_len = bpf_ntohs(encap->udp.len);
> +       uint16_t min_encap_len = sizeof(encap->udp) + sizeof(encap->gue) + sizeof(encap->unigue);
> +
> +       if (udp_len < min_encap_len) {
> +               metrics->errors_total_malformed_encapsulation++;
> +               return TC_ACT_SHOT;
> +       }

I don't quite see the point.
This is a test prog. It's not supposed to be used as production code.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
  2025-06-06 18:33 ` Alexei Starovoitov
@ 2025-06-07 15:54   ` Suchit K
  0 siblings, 0 replies; 3+ messages in thread
From: Suchit K @ 2025-06-07 15:54 UTC (permalink / raw)
  To: Alexei Starovoitov
  Cc: Andrii Nakryiko, Eduard, bpf, open list:KERNEL SELFTEST FRAMEWORK,
	LKML, Mykola Lysenko, Alexei Starovoitov, Daniel Borkmann,
	Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend,
	KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan

> I don't quite see the point.
> This is a test prog. It's not supposed to be used as production code.

It was marked as a TODO and so I sent a patch for it. I'm sorry I
didn't think of the practical implications of it.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-06-07 15:54 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-03  5:28 [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test Suchit Karunakaran
2025-06-06 18:33 ` Alexei Starovoitov
2025-06-07 15:54   ` Suchit K

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).