linux/net
Jesper Dangaard Brouer 88f8f40c90 bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
[ Upstream commit 2c0a10af688c02adcf127aad29e923e0056c6b69 ]

BPF end-user on Cilium slack-channel (Carlo Carraro) wants to use
bpf_fib_lookup for doing MTU-check, but *prior* to extending packet size,
by adjusting fib_params 'tot_len' with the packet length plus the expected
encap size. (Just like the bpf_check_mtu helper supports). He discovered
that for SKB ctx the param->tot_len was not used, instead skb->len was used
(via MTU check in is_skb_forwardable() that checks against netdev MTU).

Fix this by using fib_params 'tot_len' for MTU check. If not provided (e.g.
zero) then keep existing TC behaviour intact. Notice that 'tot_len' for MTU
check is done like XDP code-path, which checks against FIB-dst MTU.

V16:
- Revert V13 optimization, 2nd lookup is against egress/resulting netdev

V13:
- Only do ifindex lookup one time, calling dev_get_by_index_rcu().

V10:
- Use same method as XDP for 'tot_len' MTU check

Fixes: 4c79579b44 ("bpf: Change bpf_fib_lookup to return lookup status")
Reported-by: Carlo Carraro <colrack@gmail.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/161287789444.790810.15247494756551413508.stgit@firesoul
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-04 10:26:17 +01:00
..
6lowpan
9p
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:05:31 +01:00
appletalk
atm
ax25
batman-adv batman-adv: set .owner to THIS_MODULE 2020-12-02 08:49:50 +01:00
bluetooth Bluetooth: Put HCI device if inquiry procedure interrupts 2021-03-04 10:26:14 +01:00
bpf
bpfilter
bridge net: bridge: Fix a warning when del bridge sysfs 2021-02-23 15:02:25 +01:00
caif
can can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check 2020-12-11 13:23:32 +01:00
ceph
core bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx 2021-03-04 10:26:17 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:57:59 +01:00
dccp
decnet
dns_resolver
dsa net: dsa: call teardown method on probe failure 2021-02-17 10:35:19 +01:00
ethernet
hsr
ieee802154
ife
ipv4 net: ip_tunnel: fix mtu calculation 2021-02-10 09:25:32 +01:00
ipv6 IPv6: reply ICMP error if the first fragment don't include all headers 2021-02-03 23:25:55 +01:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:40:23 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-13 13:52:54 +01:00
l2tp
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc
mac80211 mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 10:26:17 +01:00
mac802154
mpls
ncsi net/ncsi: Use real net-device for response handler 2021-01-12 20:16:13 +01:00
netfilter netfilter: conntrack: skip identical origin tuple in same zone only 2021-02-17 10:35:17 +01:00
netlabel netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() 2020-11-24 13:28:57 +01:00
netlink
netrom
nfc NFC: fix possible resource leak 2021-02-03 23:26:01 +01:00
nsh
openvswitch net: openvswitch: ensure LSE is pullable before reading it 2020-12-08 10:40:27 +01:00
packet
phonet
psample
qrtr net: qrtr: Fix port ID for control messages 2021-02-23 15:02:25 +01:00
rds net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS 2021-02-17 10:35:19 +01:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:40:23 +01:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 10:35:18 +01:00
sched net_sched: reject silly cell_log in qdisc_get_rtab() 2021-01-27 11:47:54 +01:00
sctp net: fix iteration for sctp transport seq_files 2021-02-17 10:35:19 +01:00
smc net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() 2020-11-24 13:28:58 +01:00
strparser
sunrpc SUNRPC: Handle 0 length opaque XDR object data properly 2021-02-13 13:52:56 +01:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:35:46 +01:00
tipc tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 15:58:00 +01:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-12-08 10:40:23 +01:00
unix
vmw_vsock vsock: fix locking in vsock_shutdown() 2021-02-17 10:35:19 +01:00
wimax
wireless wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:25:56 +01:00
x25 net/x25: prevent a couple of overflows 2020-12-08 10:40:26 +01:00
xdp xsk: Replace datagram_poll by sock_poll_wait 2020-12-30 11:50:53 +01:00
xfrm xfrm: Fix wraparound in xfrm_policy_addr_delta() 2021-02-03 23:25:59 +01:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c