From patchwork Mon Jan 24 15:11:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Mikityanskiy X-Patchwork-Id: 12722283 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9DC1C433EF for ; Mon, 24 Jan 2022 15:13:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240620AbiAXPND (ORCPT ); Mon, 24 Jan 2022 10:13:03 -0500 Received: from mail-bn7nam10on2055.outbound.protection.outlook.com ([40.107.92.55]:10208 "EHLO NAM10-BN7-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S240539AbiAXPNC (ORCPT ); Mon, 24 Jan 2022 10:13:02 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lRADE14xrUD/NNVwKxyCXWR0jddr99aoKP1SZmeyw+H3rRhEZkSoRxsHJrdTVCYQ1YvAMmf0tTa/nhgwua0dGCh4n8g73NEZ1/weDiL1Z17d62nuEyo7hJaHf0W6Utvb5HCQJNwDCFwb+wtdqtuGnHi91np7js/Q/IWyvw/qsHu+K9nEkJ86Uf8LL3kc9WXhVYWLMuYBcbGzInB+vJ6xvTm9k6fZSfYH9y7GQBShQ6nMQ2c2DSmpnPGMr7gxA0eYsiALRCxvn5sRamI8V9Ul6MBTvrztblla9f6VOqguARfD7+bNCGHA6wt5WRM5RVmE9NVnLJBhMFenCJC5iUPItw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=41QmeqrzqpdDyAPw1FXDzpbBfKGkWN1TZ2S78qV4CjI=; b=SAaJOetOFOCpeXJ7kHgjz2qcShO2IbIV2bjjJV4DWdogCmx1hgEYQZOZe3TKKC8plkwifDQnG57xJshz7BbF8VhBuup3wn4JFmT12M9IdasOqkT7f4GngM1uGQNNcL0xkVRJ3SDZ+xkg/b+4/nJwTwE8HEMJSbq3eZwcu/orjEFBr6+LupU9BGBBOhDaM8iVneCDfqJ2gjezBffsrOZZwp0/Ioozo9ht5Hnx7NiljX4JFvsEZxc5XdphMTDQpqqgPZasT8GqWONZjrFiaNilSSPgW+VnfZGEHAYpwB0If1wEVsR6rPQ9FAEy7yZX9FIMwwAukZr0YeQt0tuu5kpiOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.238) smtp.rcpttodomain=fb.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=41QmeqrzqpdDyAPw1FXDzpbBfKGkWN1TZ2S78qV4CjI=; b=TmKq0ytNaBOqox3Jb+CnZSPfD365oHYOTPqWNj1TUCrd6ZMb9qpWwQwnbSmBNgRAGp2TqvVFan9gL5Wvl80/7fAYXzujroC72Sjd8K57h6FIet2MuXgZzUghr7EMLBT2d420SZU4gm1AduO0ODLodL4WU5Fp4PFIRJr9hHFgyqBXMaB1bPB/AHiRC6TGckZkz8SGMMsdWOW1tiMB8ILaS7jNjtp9L9idGYQSLo55QdCEWtocwYoGalXLqxxP8Ogf4Go5xHDbA9qENpBydi2AcpNbCdiG++v62u13I7XtovxBApPPgdMqdxsMafdR4QLQqVIZibuPEtTfdIuvXuS97w== Received: from BN6PR13CA0057.namprd13.prod.outlook.com (2603:10b6:404:11::19) by DM5PR1201MB0012.namprd12.prod.outlook.com (2603:10b6:3:e7::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.12; Mon, 24 Jan 2022 15:13:00 +0000 Received: from BN8NAM11FT054.eop-nam11.prod.protection.outlook.com (2603:10b6:404:11:cafe::34) by BN6PR13CA0057.outlook.office365.com (2603:10b6:404:11::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15 via Frontend Transport; Mon, 24 Jan 2022 15:13:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.238) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.238 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.238; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.238) by BN8NAM11FT054.mail.protection.outlook.com (10.13.177.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4909.7 via Frontend Transport; Mon, 24 Jan 2022 15:13:00 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by DRHQMAIL105.nvidia.com (10.27.9.14) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 24 Jan 2022 15:12:59 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Mon, 24 Jan 2022 07:12:59 -0800 Received: from vdi.nvidia.com (10.127.8.12) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server id 15.2.986.9 via Frontend Transport; Mon, 24 Jan 2022 07:12:55 -0800 From: Maxim Mikityanskiy To: , Alexei Starovoitov , "Daniel Borkmann" , Andrii Nakryiko , CC: Tariq Toukan , Martin KaFai Lau , "Song Liu" , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , Petar Penkov , Lorenz Bauer , Eric Dumazet , Maxim Mikityanskiy Subject: [PATCH bpf v2 1/4] bpf: Use ipv6_only_sock in bpf_tcp_gen_syncookie Date: Mon, 24 Jan 2022 17:11:43 +0200 Message-ID: <20220124151146.376446-2-maximmi@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220124151146.376446-1-maximmi@nvidia.com> References: <20220124151146.376446-1-maximmi@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a0d78fd4-1ad9-4db5-c384-08d9df4c029b X-MS-TrafficTypeDiagnostic: DM5PR1201MB0012:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1169; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PNx10GC2Ai9zeuw6HUf/58hddHyJSaJUfAZQxgA5QLIbCoYHYDWazFkXK2Yi0hGvok3lgsC0gTYBltl+OLpI6QW/XQAB1+ToJRr+pilhbm5xkugTMR7SP+gLBnacRILku78uwJK1I0UMJkReU331/lqdrdUnSE6kQrQeM9srZtXS240JRo+jey4pea9tEMHEn3mzPuaUjDBytSYRxjHqq4deVhmRlTPmdmialAxiRc8YbipVFcS7Ad/kFTQxjuj1gpdn6dbJR9iTuzK1ucQYo4kMWR8SKf9wkFdWH3KXqCLls2ciPNqZZkKm/clEQ4vJM1WidrAHeWt1REeSEvdA49N4k3LVQzxYwR9ZwR7cYcGNm/LHBBpPAFNEAQtB2moIRG+/Y7nX844KpPQcAB+ChGmbGjwp9iySm5AAbwFPI3dgbuolXXUAIEu25xquJg4eLZsDbrhZtHnAo0IT47UlKtf3ZPstTeqPiF9DheJFnklapzMD/W4VCmjFaLKfP25y+JHPD7wPdB7UOngi208ROEYMNPs+eovTL+H5qC81uBJkVhC+D6XwOc63PsEtDax236uinmt8+RTHEtk6W+hIZ14NAerOR7F4wPOtOOqTI0IWdGSTBSvRmJhVbF44Rr+CBEF28IEBDy2aGqgUsLVvpH8F2erXuX3d5x7dT174Zu7Y1OcYPoWAPUTTfHr1wY/vjMDnr4/RAgk0M7bGfXxki3ghNxmlq+0vkJvXEYJgnCHtLK2TczSoeEDAYea4IpLiY6ClMiHKvXy56hTLWp9ReBudJ3c4Ie/HH4iGg2uevCg= X-Forefront-Antispam-Report: CIP:12.22.5.238;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:mail.nvidia.com;PTR:InfoNoRecords;CAT:NONE;SFS:(4636009)(40470700004)(36840700001)(46966006)(8676002)(7416002)(5660300002)(2906002)(86362001)(81166007)(36860700001)(4744005)(107886003)(4326008)(8936002)(1076003)(356005)(82310400004)(7696005)(26005)(54906003)(186003)(316002)(47076005)(110136005)(426003)(336012)(36756003)(508600001)(83380400001)(40460700003)(6666004)(2616005)(70206006)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 15:13:00.2188 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a0d78fd4-1ad9-4db5-c384-08d9df4c029b X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[12.22.5.238];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT054.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1201MB0012 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Instead of querying the sk_ipv6only field directly, use the dedicated ipv6_only_sock helper. Fixes: 70d66244317e ("bpf: add bpf_tcp_gen_syncookie helper") Signed-off-by: Maxim Mikityanskiy Reviewed-by: Tariq Toukan Acked-by: John Fastabend Acked-by: Lorenz Bauer Acked-by: Petar Penkov --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 4603b7cd3cd1..05efa691b796 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6848,7 +6848,7 @@ BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len, */ switch (((struct iphdr *)iph)->version) { case 4: - if (sk->sk_family == AF_INET6 && sk->sk_ipv6only) + if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) return -EINVAL; mss = tcp_v4_get_syncookie(sk, iph, th, &cookie); From patchwork Mon Jan 24 15:11:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Mikityanskiy X-Patchwork-Id: 12722284 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DFC0C433FE for ; Mon, 24 Jan 2022 15:13:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240631AbiAXPNH (ORCPT ); Mon, 24 Jan 2022 10:13:07 -0500 Received: from mail-dm6nam11on2055.outbound.protection.outlook.com ([40.107.223.55]:9569 "EHLO NAM11-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S240599AbiAXPNG (ORCPT ); Mon, 24 Jan 2022 10:13:06 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VvjND9qc0R2Wn3SQnmnqimdxIDKVuosSTXaeArUubariNbX1EBpJbmv45H3w9iMjnkCWdRnbawHt0GZBX2Uh4LSreZxu6Jz1ReeNU3lvlbusH2VUcnS+8O8fJgQvvltSDJbqCU95sSGCPGE4phPPIXkgv/Di1psQjBwVeV2jeXgxtKJdcyBANqHlUA8seg4gXwKmSIsDUSahBy1ZNt1U2tlQRW6kVNCDx7aZ2cftGGJRDLrmFSR2f1Tj+Aa/ncaKItjKGp3kWt2kI5vTgvL6637InwMhJ0jtzI9HGxCxeZ8zWqSCNqOKYidVO3PfokGSnyxt7pP808lDayTn//zctw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sSLrECum19GVLxu/U2hMa+5Up5hqR2wp6WVRVn9cWyQ=; b=OxzDRTMBh5yTFBH04J+dvl0oqIdMY15H3uUfpickWgA1yvj5Hu3cDxfPSW37o5uB7x1dEKsvYTuUhJlxfbKK+TgjkX+c/ujuw5wtOKGEDQwHNmv7tR0PE/LgTekBFo47ixtcN1ip+mBGQaB/6j7qSHwuLQaef3iNRuHEJK9e1FiXt6V8ez0wXesy8yryR+Rhrw6/Xia9PWgLs3HeGvnamS8Bm9UuNkOwjIM7ezbO57T8qWSiN0+quzoGQrRxKexs/g7RNJRYm72VEhM6rCiC0J2puRCODPe3zffugUxfvz6ugr7FjsTUcs/wzbuuqLFiZYb+2yv1ZGJ03kM49SwPNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.234) smtp.rcpttodomain=fb.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sSLrECum19GVLxu/U2hMa+5Up5hqR2wp6WVRVn9cWyQ=; b=lPAJwDCztyTIeQqr0mjeqOh9AlmUW4C8rUtafAuf4RgdLgrdcjJL7H3V1DmADK3T9aBE0GiOv21KpWbH28Cuxb9LGoRK+0gPPd8vhbgjeM4+Wm0hNRgnrEZBFf1n9bc5sYNoUP+To7/yGzcDHE5UMiU9BwKZuhAL4L5DuVBV/D0tlzjomrXkdtLANtwIddSNN1khIui4Ub3akj7xvxgFkuV0JxxkkUVj0bS6f4sI7oIbbnbnfi7F1WRDJUqVO9bIeIyV0ajDUWRb+C2Xhp1VNQUO7tu5jSieVn5GncaeWm2BUsGmYsbF80AqM2WQyO1LoS1N0ABYhd2HU9boOGoDwA== Received: from BN6PR17CA0005.namprd17.prod.outlook.com (2603:10b6:404:65::15) by MWHPR12MB1485.namprd12.prod.outlook.com (2603:10b6:301:4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Mon, 24 Jan 2022 15:13:05 +0000 Received: from BN8NAM11FT061.eop-nam11.prod.protection.outlook.com (2603:10b6:404:65:cafe::c) by BN6PR17CA0005.outlook.office365.com (2603:10b6:404:65::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.17 via Frontend Transport; Mon, 24 Jan 2022 15:13:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.234) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.234 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.234; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.234) by BN8NAM11FT061.mail.protection.outlook.com (10.13.177.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4909.7 via Frontend Transport; Mon, 24 Jan 2022 15:13:04 +0000 Received: from drhqmail201.nvidia.com (10.126.190.180) by DRHQMAIL101.nvidia.com (10.27.9.10) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 24 Jan 2022 15:13:03 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail201.nvidia.com (10.126.190.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Mon, 24 Jan 2022 07:13:03 -0800 Received: from vdi.nvidia.com (10.127.8.12) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server id 15.2.986.9 via Frontend Transport; Mon, 24 Jan 2022 07:12:59 -0800 From: Maxim Mikityanskiy To: , Alexei Starovoitov , "Daniel Borkmann" , Andrii Nakryiko , CC: Tariq Toukan , Martin KaFai Lau , "Song Liu" , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , Petar Penkov , Lorenz Bauer , Eric Dumazet , Maxim Mikityanskiy Subject: [PATCH bpf v2 2/4] bpf: Support dual-stack sockets in bpf_tcp_check_syncookie Date: Mon, 24 Jan 2022 17:11:44 +0200 Message-ID: <20220124151146.376446-3-maximmi@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220124151146.376446-1-maximmi@nvidia.com> References: <20220124151146.376446-1-maximmi@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0b425d60-eed8-4180-6853-08d9df4c0537 X-MS-TrafficTypeDiagnostic: MWHPR12MB1485:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LP1qvGe6SOlKUXjbNcovjWx042CBj3WGQtbbMlbyTomy9yY/LGtWYvOZTdCoLH/X9EGlaufdYdiK61jLegc7swOjqQl74Wq9JJmOEWtV2unGwXMWZPS7FFh2CQ0M1BonueZr1FJVg+RvD48JtUuR1MisbpMVx0z/xhW6ZDmXH3HBPiaJVo+aFlcu4qcBTEv2LdoWf68UviIIXT7vZ5yOLvKCk+376mBxaVpte0fPjNac+IEXFPYLyjzhN3R4clE+QpqCjwgBGu+P+41Ci7C9A1x8hAbnfAtomEjumt1eTut5aCveebNpYQCR/hQ7vM+hE6EEFan6uMlEAC4rkovv1OrqUeNL03Heps5/MlLOBkwEay6fJ5flNneTIiBd8+IT7+CMmpJoeFsPzeN1/TLJKMsIqUvsve8noruYu12HLn0m8bDtNFQtzSoe0IPv1v/hR6QV2W2VQYzmdXLR+Sc2XsaA/ONZg+9OGKU0g41AWthXGLG014kXlxI67DM7yEwqRN5GtyCpT3LN9WZK82+bmaqQ9t7moSvt7OOge1RLshIzpRShpaIjadzFNFyFoqyPMWqDBaL5zzH4PxzrNFV5x78jPnC4tkAQOkOB38EwxlXRQ0lzJlWmJypkGvGF+NxOezFDhR5P6ke64bt4rBJB0LdVvID2oELwc5wR/G/Q9w1wbH27QRpmyzZa2iiX9sX73iwGl+3I0Mv/ZCVxYYaVnE5aP/ju6zZTryBW8JA+MSvxAFT2oMgxTe5BxXsPUhAMfUZzOQ2Zx6FZ8ux01gaFrwsYRBURkLB9oiYYQWCg8Yw= X-Forefront-Antispam-Report: CIP:12.22.5.234;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:mail.nvidia.com;PTR:InfoNoRecords;CAT:NONE;SFS:(4636009)(40470700004)(46966006)(36840700001)(2616005)(316002)(86362001)(107886003)(426003)(40460700003)(7416002)(36756003)(1076003)(54906003)(110136005)(83380400001)(82310400004)(508600001)(8676002)(36860700001)(70206006)(4326008)(70586007)(47076005)(7696005)(81166007)(186003)(26005)(8936002)(6666004)(5660300002)(336012)(356005)(2906002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 15:13:04.6099 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0b425d60-eed8-4180-6853-08d9df4c0537 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[12.22.5.234];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT061.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1485 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net bpf_tcp_gen_syncookie looks at the IP version in the IP header and validates the address family of the socket. It supports IPv4 packets in AF_INET6 dual-stack sockets. On the other hand, bpf_tcp_check_syncookie looks only at the address family of the socket, ignoring the real IP version in headers, and validates only the packet size. This implementation has some drawbacks: 1. Packets are not validated properly, allowing a BPF program to trick bpf_tcp_check_syncookie into handling an IPv6 packet on an IPv4 socket. 2. Dual-stack sockets fail the checks on IPv4 packets. IPv4 clients end up receiving a SYNACK with the cookie, but the following ACK gets dropped. This patch fixes these issues by changing the checks in bpf_tcp_check_syncookie to match the ones in bpf_tcp_gen_syncookie. IP version from the header is taken into account, and it is validated properly with address family. Fixes: 399040847084 ("bpf: add helper to check for a valid SYN cookie") Signed-off-by: Maxim Mikityanskiy Reviewed-by: Tariq Toukan Acked-by: John Fastabend --- net/core/filter.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 05efa691b796..780e635fb52a 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6774,24 +6774,33 @@ BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len if (!th->ack || th->rst || th->syn) return -ENOENT; + if (unlikely(iph_len < sizeof(struct iphdr))) + return -EINVAL; + if (tcp_synq_no_recent_overflow(sk)) return -ENOENT; cookie = ntohl(th->ack_seq) - 1; - switch (sk->sk_family) { - case AF_INET: - if (unlikely(iph_len < sizeof(struct iphdr))) + /* Both struct iphdr and struct ipv6hdr have the version field at the + * same offset so we can cast to the shorter header (struct iphdr). + */ + switch (((struct iphdr *)iph)->version) { + case 4: + if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) return -EINVAL; ret = __cookie_v4_check((struct iphdr *)iph, th, cookie); break; #if IS_BUILTIN(CONFIG_IPV6) - case AF_INET6: + case 6: if (unlikely(iph_len < sizeof(struct ipv6hdr))) return -EINVAL; + if (sk->sk_family != AF_INET6) + return -EINVAL; + ret = __cookie_v6_check((struct ipv6hdr *)iph, th, cookie); break; #endif /* CONFIG_IPV6 */ From patchwork Mon Jan 24 15:11:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Mikityanskiy X-Patchwork-Id: 12722285 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 482D6C433EF for ; Mon, 24 Jan 2022 15:13:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240637AbiAXPNN (ORCPT ); Mon, 24 Jan 2022 10:13:13 -0500 Received: from mail-dm3nam07on2052.outbound.protection.outlook.com ([40.107.95.52]:44193 "EHLO NAM02-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S240539AbiAXPNM (ORCPT ); Mon, 24 Jan 2022 10:13:12 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BuzAZOZ3sUrbU2IMPSE/jjXWZ6XMIWHezmwwoJ5L6EqeWcMTRaPrLdzQVJ0gUUWFXPEyEIrWqnPJiCC/ep0Tt4VBhQJLYtfiR2Gj1NZ5QnrPWcws7R91KqOopjYXWE+ec+n2QETdX9gNptJh0puSJVGcjZXaYMgWz295t3RPPNPJizDlDMOSj4hWwORZ/ccgtdNuI0sGhkeH3/pDI5gAJl5r15cKFA/R0YVisUbY/u/dmlL3dsP+F9rKN+SQhoKRxWN6BTwDXq+/6cqVyElmoQfetzzNo1MRlivFNtIcLYxK2cX/Di11EYp98Pq1DBsQSzUayTRW3ywObI671ToxZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Jtvb5t9cA06BY/orVb7kQ2HYfItsUoTme8hwtbbxHD4=; b=NdufzpgPPn6P9gYIfvYMdzWbotEsFZtDpYBaky26lFeli1bAMSFqBC31hFyt5qp/RTdFq8ma251d31fzgRczrALnqhTnpr4w/+T63+y/oWwnWQUve2dprtYPBkTfeSv9jejXPMp6/FTpeQr5qDADf2CnUMQiP54qk+Id6Cz0gGhBh2yF9wHDbvaUrwHHIC2lyBVkKpCXUEGW3HeV3KPjYdiJFjLJSFPvBU0olFNNugK7uxm4bxMScH2W+MVR12zo4Avf/pSAUa1ui5cFDZ2H+ooTbK9V2bclomks7/rxDKeaKHrrVvmNOi0HRobzNbsDUuIQhQ2kXehNAKyBDdYx+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.235) smtp.rcpttodomain=fb.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jtvb5t9cA06BY/orVb7kQ2HYfItsUoTme8hwtbbxHD4=; b=Q3rnHZAc+cBV7O/t/SJQMlMN7Ncn16f69lvKYXFjwDloFYreliZMUIwG8FuGkr3U6peECMa+wvufGDJadH2rmwiHjI6Anke6rLpMii7f7dfwsqtRlYmOp1B1H20DSw93KnvTSW989ohUdVz/2qZ8JLxF7NTzeEofeDZGSqXvLIrRfM/wDNOCyGzikte9JrTTVcdMP6yG7DZLxWX2tp8gLRS0cApQn4jNV+FQqXSSrCxV2Qm1j2O/KuBtFyQyCth1fHD4x+1trB7vyP6G7YWDeFaoEs9IdmvamyuoMRdvg08JM7rW1iPVAWMiySK2FJ7lz28XCzVafM4X9ZpVPJdO7w== Received: from BN9PR03CA0239.namprd03.prod.outlook.com (2603:10b6:408:f8::34) by MW2PR12MB2409.namprd12.prod.outlook.com (2603:10b6:907:9::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Mon, 24 Jan 2022 15:13:09 +0000 Received: from BN8NAM11FT037.eop-nam11.prod.protection.outlook.com (2603:10b6:408:f8:cafe::1f) by BN9PR03CA0239.outlook.office365.com (2603:10b6:408:f8::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.7 via Frontend Transport; Mon, 24 Jan 2022 15:13:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.235) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.235 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.235; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.235) by BN8NAM11FT037.mail.protection.outlook.com (10.13.177.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4909.7 via Frontend Transport; Mon, 24 Jan 2022 15:13:08 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 24 Jan 2022 15:13:08 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail202.nvidia.com (10.126.190.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Mon, 24 Jan 2022 07:13:07 -0800 Received: from vdi.nvidia.com (10.127.8.12) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server id 15.2.986.9 via Frontend Transport; Mon, 24 Jan 2022 07:13:04 -0800 From: Maxim Mikityanskiy To: , Alexei Starovoitov , "Daniel Borkmann" , Andrii Nakryiko , CC: Tariq Toukan , Martin KaFai Lau , "Song Liu" , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , Petar Penkov , Lorenz Bauer , Eric Dumazet , Maxim Mikityanskiy Subject: [PATCH bpf v2 3/4] bpf: Use EOPNOTSUPP in bpf_tcp_check_syncookie Date: Mon, 24 Jan 2022 17:11:45 +0200 Message-ID: <20220124151146.376446-4-maximmi@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220124151146.376446-1-maximmi@nvidia.com> References: <20220124151146.376446-1-maximmi@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5adb986a-de79-4429-cf14-08d9df4c07a8 X-MS-TrafficTypeDiagnostic: MW2PR12MB2409:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:5797; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: eekp1h9PiO/J3xoLUfdRFVUewVL8bzAoza5aZJqXDH2Xw+vop53NhK3Zr2J8hg0BqC8Z18AH+/pQe4fKlgGCj9f2pgUtZZyVkrk5fgeGyso5ofFQHXASFdR63qT0aMGpUswGEuBfWBV0j5XII29XSerDWGkbLIVJAUwxqdRrSJ7BhtZmoN6fFkrrtpZrrRRy8Aqj1OOc2jlDhN39YQxuuF+wZilnOoa1UfacFJEmSqwlg0oTtIn/CFHsYI6fYLBH41GPPydahMgYUCHbmgJb+coQE4+XhX9HVOIwd1MK2X2gU5m9NERPhKJUatqH4QxpnNN8c/CbGZ7LF5j2EcDjl6mL25byBkPwioa5wT6lMHMq1CyqdpghXkR+vJ2Nb7jdgR9TGAUEN7qZlFA7up+M0f2SUmvNaFakVLLH7r+x8YVcjiVFSv56XnWhlm9lMiN2IzpjuD5yV2gbxknA5ZrQ4lpSArOQrEzrQ14fqXZegqsdmbZjo6b1EXvZQFvrq1iGSiKTjV59x0tpfGWwI/dn0pf4w1OVJr0yylLW8v2V58UFFZJmRgieFpFBLZPLRlvSSNuPY9T1guNpvaLVN8yLJ/DUGchCNqLzvvF+cEgHLv1KSq49DLqK3OKXgKax6K5RyKoqqA3tUb24Ts0fPprFszfTvxCt093lXIQmqdOHLCOx849yh2BacSu9sqyLscemmVVpW2To5314kJY3AQ6E9tQjXbaUakrY018rn61yB6oeMGZHoktu6t9j58QTfxEV8PZ16W5F6q1P6RpMqnbsIO3aHd3ua8Q/boctHh90wEY= X-Forefront-Antispam-Report: CIP:12.22.5.235;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:mail.nvidia.com;PTR:InfoNoRecords;CAT:NONE;SFS:(4636009)(40470700004)(46966006)(36840700001)(2616005)(426003)(82310400004)(508600001)(5660300002)(70206006)(81166007)(36756003)(8676002)(47076005)(26005)(86362001)(336012)(8936002)(7416002)(1076003)(107886003)(36860700001)(40460700003)(2906002)(83380400001)(4744005)(110136005)(186003)(7696005)(54906003)(70586007)(6666004)(356005)(316002)(4326008)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 15:13:08.6773 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5adb986a-de79-4429-cf14-08d9df4c07a8 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[12.22.5.235];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT037.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR12MB2409 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net When CONFIG_SYN_COOKIES is off, bpf_tcp_check_syncookie returns ENOTSUPP. It's a non-standard and deprecated code. The related function bpf_tcp_gen_syncookie and most of the other functions use EOPNOTSUPP if some feature is not available. This patch changes ENOTSUPP to EOPNOTSUPP in bpf_tcp_check_syncookie. Fixes: 399040847084 ("bpf: add helper to check for a valid SYN cookie") Signed-off-by: Maxim Mikityanskiy Reviewed-by: Tariq Toukan --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 780e635fb52a..2c9106704821 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6814,7 +6814,7 @@ BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len return -ENOENT; #else - return -ENOTSUPP; + return -EOPNOTSUPP; #endif } From patchwork Mon Jan 24 15:11:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Mikityanskiy X-Patchwork-Id: 12722286 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22D54C433EF for ; Mon, 24 Jan 2022 15:13:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240648AbiAXPNS (ORCPT ); Mon, 24 Jan 2022 10:13:18 -0500 Received: from mail-dm6nam08on2087.outbound.protection.outlook.com ([40.107.102.87]:52289 "EHLO NAM04-DM6-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S240599AbiAXPNP (ORCPT ); Mon, 24 Jan 2022 10:13:15 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jsy9OgU/WmGaO4ryFyuqVUMk5uuzU/sfnBBNWaZ90z6+5KKMwvPBIZQJDqBOPWNaQve9bqpX47eN4X0wRmbsp4ubmZ8vsgErP1FrbjqL6hXP5Sh9/FrgIWNcXcSASZSWHhY1YNXZ1URG1wbdR3NtA0Pwu4K2qHuwijy+Grk09bJpVUnYUmzca3sNDr9DG5XYXUFIVsiq3RoIlqRpqMEakySwEq8W5RTpvLE8WDmgZIKjpug54NvzVEhiyxmVKmyx/5dEiLjBYUsuZidIUdwjx9CIVFjQeScPe6xdYyOfV0AYNaAkjRBSP0z/6c5kvifISzFYIVKDmb5foVZufzUI/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=k8pGPkeKFB2fwW6nVl+IHstHP3XdoLL44R7qMXvc4RQ=; b=Ym2AP46wGVPc3o+Hk5hL1pbwskzD+RtA4Fv1eenGHy5U81lEwmEgG8+axjypHQZjH8UDr692XGYLDv72pa3vcXu1MBjAbly1wcrvWfvH2FB4i8Hwsu6NQxxnMM4BCLtXYkZUbN1JFYtU2X7ulAO6CYTh5Yvpb9tIGpZopRlw+GpLYdUi1/yjRJdAH1tazEBqgw3ANWJ7fNWDsB8jf+JypRCe0X4J3n3OMUFcKEtBPmwkuinr3POu7xsBWZM/FRxtdOD3JWd0P4BHIeRKBhvXL7HGo77H18E8Pi1m1mazNpgkoLQYm7eJVxrExOPFzOIMTeKtt8Mx0BEuRf6KyeQEEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.235) smtp.rcpttodomain=fb.com smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k8pGPkeKFB2fwW6nVl+IHstHP3XdoLL44R7qMXvc4RQ=; b=MnqSrXe/JpdRnjaoOFtB9I500QCESNroHRRpe5Bx4t2HEDAt6YLyCL32eeGUln+2KSM9Y7yj8wkLi4BC9MQch4H4xJtdQ4X1dg2lAiq1J0rYA4yQa08dEeVkNR1gMhQRK6HMWaRkXTeOXS5Rky5w3VFedKCtEhJJp/3IO5uu3jlqpU3iR66REmcaX+yOzvGnvIX0G6jlyGqpayqClaFcYSAwWobszbOSpdXtoJmnvzTmQMMdr2K5eRBWpV7lbrf4Qizq2Z6pXsXgLUVscdE6XWC58tF91t46xUpq76z9bG8uDNR/TvUoghE5PmYxhN1N7xI/EUOHE9+a+7JC+Ung1w== Received: from BN9PR03CA0607.namprd03.prod.outlook.com (2603:10b6:408:106::12) by CH2PR12MB3831.namprd12.prod.outlook.com (2603:10b6:610:29::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.10; Mon, 24 Jan 2022 15:13:14 +0000 Received: from BN8NAM11FT023.eop-nam11.prod.protection.outlook.com (2603:10b6:408:106:cafe::13) by BN9PR03CA0607.outlook.office365.com (2603:10b6:408:106::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.8 via Frontend Transport; Mon, 24 Jan 2022 15:13:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.235) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.235 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.235; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.235) by BN8NAM11FT023.mail.protection.outlook.com (10.13.177.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4909.7 via Frontend Transport; Mon, 24 Jan 2022 15:13:13 +0000 Received: from drhqmail203.nvidia.com (10.126.190.182) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 24 Jan 2022 15:13:12 +0000 Received: from drhqmail202.nvidia.com (10.126.190.181) by drhqmail203.nvidia.com (10.126.190.182) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Mon, 24 Jan 2022 07:13:12 -0800 Received: from vdi.nvidia.com (10.127.8.12) by mail.nvidia.com (10.126.190.181) with Microsoft SMTP Server id 15.2.986.9 via Frontend Transport; Mon, 24 Jan 2022 07:13:08 -0800 From: Maxim Mikityanskiy To: , Alexei Starovoitov , "Daniel Borkmann" , Andrii Nakryiko , CC: Tariq Toukan , Martin KaFai Lau , "Song Liu" , Yonghong Song , John Fastabend , KP Singh , "David S. Miller" , Jakub Kicinski , Petar Penkov , Lorenz Bauer , Eric Dumazet , Maxim Mikityanskiy Subject: [PATCH bpf v2 4/4] bpf: Fix documentation of th_len in bpf_tcp_{gen,check}_syncookie Date: Mon, 24 Jan 2022 17:11:46 +0200 Message-ID: <20220124151146.376446-5-maximmi@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220124151146.376446-1-maximmi@nvidia.com> References: <20220124151146.376446-1-maximmi@nvidia.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fc14715b-d894-4b05-b2f9-08d9df4c0a9e X-MS-TrafficTypeDiagnostic: CH2PR12MB3831:EE_ X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7219; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ub/yR0zgynUXGnJ8oR8/91wvR8F52C4Zun0Zn40zgEh4uwgTlcSCDnB9U/5bNWejvfMcGTVjzv+HATH+io4JCUTA+rbf//W1vie3BjeIvTSS+ReGVOfrxvnQiZNPNktT+wnP6ZdP18Dzjs5y0PFXLNlb9DzN8AUwtL2Erl1jP4HDMg0HuXraBLaJndLqj3jQsd78oIh26eE9rHWdhUw0OyBrcyho8bUMYIu2XBD4RYrtCfZ+hxkMkU8pxPMfJXI48xY2D9laW/iVaXLkiAlrm2gi0ttrHGoEPBXFHMxsTT04tYsjjWH1mWDPfF5b6GOy1RsWA9snO5LGXYPTgz69eNcuTLgkQJ55fYpGqOQYje52r+tfIbVrTGB1EbpQePFYQuTSL2iiwz4Krc54jtndBYLFiiDPMB5VmDRsT1D0jMPzQHQAljCBKNdgwzPITK592dFBUiY2FzeDaWLnR2NzY5W5aDxbeGxc0TOnV4YbNBoWRev/eGAbJyPkl5hLt1U+3kLQYqpjxzAPNO0899/3xx5hMMEX6kJ/SlpUim2XmfiCxcU19Q0Jjn/p86s67v8cp8hwUkklSVj2vIAIA74dakubTzHCeXmmYAl77LkxKil2Pn+c8G2q1yq1DpsQhSX+XCT4zLYWdSzyRqethaAGrFYU8o1NqewbHMKUUfPSW8l1spECQ8qaME3EGx6MnYXedEmMx59ZyvIqVPUQpJ1i2YBpshbcUWeR1/cMmj7XBXcE6LFsYBsjnx8dP86iwcPlA+P/IHhLghxztR7JSQDG8g/EU87CFbcn9pZlAKqYP1M= X-Forefront-Antispam-Report: CIP:12.22.5.235;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:mail.nvidia.com;PTR:InfoNoRecords;CAT:NONE;SFS:(4636009)(40470700004)(36840700001)(46966006)(336012)(8676002)(40460700003)(36756003)(2616005)(426003)(36860700001)(1076003)(7416002)(26005)(70586007)(7696005)(508600001)(82310400004)(356005)(186003)(70206006)(8936002)(5660300002)(83380400001)(81166007)(54906003)(4326008)(2906002)(107886003)(110136005)(86362001)(316002)(6666004)(47076005)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 15:13:13.6598 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fc14715b-d894-4b05-b2f9-08d9df4c0a9e X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[12.22.5.235];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT023.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB3831 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net bpf_tcp_gen_syncookie and bpf_tcp_check_syncookie expect the full length of the TCP header (with all extensions). Fix the documentation that says it should be sizeof(struct tcphdr). Fixes: 399040847084 ("bpf: add helper to check for a valid SYN cookie") Fixes: 70d66244317e ("bpf: add bpf_tcp_gen_syncookie helper") Signed-off-by: Maxim Mikityanskiy Reviewed-by: Tariq Toukan Acked-by: John Fastabend Acked-by: Lorenz Bauer --- include/uapi/linux/bpf.h | 6 ++++-- tools/include/uapi/linux/bpf.h | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b0383d371b9a..520f1e557dce 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3553,7 +3553,8 @@ union bpf_attr { * **sizeof**\ (**struct ip6hdr**). * * *th* points to the start of the TCP header, while *th_len* - * contains **sizeof**\ (**struct tcphdr**). + * contains the length of the TCP header (at least + * **sizeof**\ (**struct tcphdr**)). * Return * 0 if *iph* and *th* are a valid SYN cookie ACK, or a negative * error otherwise. @@ -3739,7 +3740,8 @@ union bpf_attr { * **sizeof**\ (**struct ip6hdr**). * * *th* points to the start of the TCP header, while *th_len* - * contains the length of the TCP header. + * contains the length of the TCP header (at least + * **sizeof**\ (**struct tcphdr**)). * Return * On success, lower 32 bits hold the generated SYN cookie in * followed by 16 bits which hold the MSS value for that cookie, diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index b0383d371b9a..520f1e557dce 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -3553,7 +3553,8 @@ union bpf_attr { * **sizeof**\ (**struct ip6hdr**). * * *th* points to the start of the TCP header, while *th_len* - * contains **sizeof**\ (**struct tcphdr**). + * contains the length of the TCP header (at least + * **sizeof**\ (**struct tcphdr**)). * Return * 0 if *iph* and *th* are a valid SYN cookie ACK, or a negative * error otherwise. @@ -3739,7 +3740,8 @@ union bpf_attr { * **sizeof**\ (**struct ip6hdr**). * * *th* points to the start of the TCP header, while *th_len* - * contains the length of the TCP header. + * contains the length of the TCP header (at least + * **sizeof**\ (**struct tcphdr**)). * Return * On success, lower 32 bits hold the generated SYN cookie in * followed by 16 bits which hold the MSS value for that cookie,