From patchwork Tue Feb 18 04:32:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13978999 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 492CF1537DA for ; Tue, 18 Feb 2025 04:32:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853151; cv=none; b=TBy9cPlmkgUUhO90rLRXRvo4uyknxrm57C5pGDGAncFSML2RHlLk74hoU7cy9uj13N7duL3TFth6fxO+yxH7Yu74jRVd9rQclIqCyV65cbEO5EQyhDcq0h3Xes+1OY2S+xSlig2YCyIlb72H09DY4Zct2mSPv/N5HH4+E9QAUfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853151; c=relaxed/simple; bh=9cx0/eu6P1T5ks4PM6wl4/IHG4kGRc2vpFfqmPOkwto=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MgNk97SLOWhN+TS9Gku/nFL4UATKX+gCwjIHc8f6AWkxnsl8PNK5Z6VqYiETCG+UcxmYwTPRZ/1bsGc/XH2iRkpMYu32QQBJQ24fQCjElVQcZEDy841A57J+wFvfmUn6g5mcCpMH3sSwTJzDqqlhOYdjCSOWq342kSUY5MgD2wI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TltOrtvW; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TltOrtvW" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-221206dbd7eso31887125ad.2 for ; Mon, 17 Feb 2025 20:32:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739853149; x=1740457949; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GEHMqt+ucWGB42zAlQegd8aAHoZHpwN1ts3CV/Z7IV8=; b=TltOrtvWAK7MvUKdwy30itd4EJahDkl9jvLu+Yxx+2g3kfi8ARWaNmIVYtUX9PRhDV EoF7OWRktmaw3A++Nzps8k/T8tjRU96BCMKhclEtGqLbHYkHn4TjRrkzkJI8HcDp4zH0 5jDud8+IicMFExwRYo0OyZd0l3SkLLuWeklUoxMknbogBp/rIm+b+I83BPKJ26YwJIra rzX2jI3nhCrnefvfDjg2ePGkXWZUfMFwKkHia6OXPtqbekxULzsMj9BzRWh82oyHh/or 2S/kMXIuUY6K1Xmx9fE3v4YwNWoVa5+R8K/z1M7eLHp7VxohIB8Ra9tyvGgoImlhcO30 Orzw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739853149; x=1740457949; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GEHMqt+ucWGB42zAlQegd8aAHoZHpwN1ts3CV/Z7IV8=; b=uYxcCLgfRxvpIebn3Hn7Kez62dJEGjqoPkZ+Mv9o1bTSkvzxOfFYrkjsgNzfcpdrZf AIbmCQh6lj98kZaD4YYeFxsy1jk6snF9hDRHnOMcXAUG1czQ2r9FeVFYVKHJkc3I88Ss 4aYzfF2o9usvG9ZI5Py784gT6CqQ5s7cqQ8u0HQyyKmMWVUahFVRfIk6G85x89AVkeu0 oEdPJd98CAvV4x4i8MgsWUbL93WsUb4H1Y0H7mfhZ7NtNXtUp4MsQV3QfHYDNGSzlA6u U9gSH1rhxr43HmxvCku2lddyMP36gTOSPOAJqZMC92oUtznqNK+hfFFRPKju6xrWgBjd Hp/A== X-Gm-Message-State: AOJu0YzbkqEfOzOZs4Ebz3cSO/xmkynVIl8HKR0JpQS+8rhrQMcsdiaR Ej2SXMkwSjs1wBOKO58HnS/VKpT1O/tXO0yZzqT2hkwjBI3oSHu+5EZSOw== X-Gm-Gg: ASbGncufc6z45GyWAP4/CX/YbYV/k7mMBKtgLejPdyrIhljeLdrrMrIDNTW7su1NbCC OaVcJbSkjKPXLJXnZ71jVtIXhL37ZlQBx36wNMyFN4+30ort3eanwtDgJ8wG6tsW/DBoZ2WuMBw 8kucNt+ZEAgRHwLO9TsIbqvSGiHlNcBbbmI24Vfygrj7nj7SQgt1ByN/iLAhSEj4vofnPkVS+q1 wIDtqWJbeggz62Cfa1bZeAyWnOFNXsyZGmEBhs7z+YCpnKl2AiYq1PUwo0o6whujEXtHTLDpfeX J9TALNle8yiDUbrehFMaiC0c18+LeaRl85zOhZc2fjIQ X-Google-Smtp-Source: AGHT+IFLQO/mxfYjqYZmLesVF796Zfxq4lDRk9JNCH8ScHYq9IPV0ZUofmOtoWLMiZ9vp1HS1baV8Q== X-Received: by 2002:a05:6a00:847:b0:732:2170:b69a with SMTP id d2e1a72fcca58-732618ba2d2mr21910997b3a.18.1739853149098; Mon, 17 Feb 2025 20:32:29 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:304e:ca62:f87b:b334]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7326aef465dsm4907501b3a.177.2025.02.17.20.32.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Feb 2025 20:32:28 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , Qiang Zhang , Yoshiki Komachi , Jamal Hadi Salim , Jiri Pirko Subject: [Patch net 1/4] flow_dissector: Fix handling of mixed port and port-range keys Date: Mon, 17 Feb 2025 20:32:07 -0800 Message-Id: <20250218043210.732959-2-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250218043210.732959-1-xiyou.wangcong@gmail.com> References: <20250218043210.732959-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org This patch fixes a bug in TC flower filter where rules combining a specific destination port with a source port range weren't working correctly. The specific case was when users tried to configure rules like: tc filter add dev ens38 ingress protocol ip flower ip_proto udp \ dst_port 5000 src_port 2000-3000 action drop The root cause was in the flow dissector code. While both FLOW_DISSECTOR_KEY_PORTS and FLOW_DISSECTOR_KEY_PORTS_RANGE flags were being set correctly in the classifier, the __skb_flow_dissect_ports() function was only populating one of them: whichever came first in the enum check. This meant that when the code needed both a specific port and a port range, one of them would be left as 0, causing the filter to not match packets as expected. Fix it by removing the either/or logic and instead checking and populating both key types independently when they're in use. Fixes: 8ffb055beae5 ("cls_flower: Fix the behavior using port ranges with hw-offload") Reported-by: Qiang Zhang Closes: https://lore.kernel.org/netdev/CAPx+-5uvFxkhkz4=j_Xuwkezjn9U6kzKTD5jz4tZ9msSJ0fOJA@mail.gmail.com/ Cc: Yoshiki Komachi Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Reviewed-by: Ido Schimmel --- net/core/flow_dissector.c | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 5db41bf2ed93..c33af3ef0b79 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -853,23 +853,30 @@ __skb_flow_dissect_ports(const struct sk_buff *skb, void *target_container, const void *data, int nhoff, u8 ip_proto, int hlen) { - enum flow_dissector_key_id dissector_ports = FLOW_DISSECTOR_KEY_MAX; - struct flow_dissector_key_ports *key_ports; + struct flow_dissector_key_ports_range *key_ports_range = NULL; + struct flow_dissector_key_ports *key_ports = NULL; + __be32 ports; if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) - dissector_ports = FLOW_DISSECTOR_KEY_PORTS; - else if (dissector_uses_key(flow_dissector, - FLOW_DISSECTOR_KEY_PORTS_RANGE)) - dissector_ports = FLOW_DISSECTOR_KEY_PORTS_RANGE; + key_ports = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS, + target_container); - if (dissector_ports == FLOW_DISSECTOR_KEY_MAX) + if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS_RANGE)) + key_ports_range = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS_RANGE, + target_container); + + if (!key_ports && !key_ports_range) return; - key_ports = skb_flow_dissector_target(flow_dissector, - dissector_ports, - target_container); - key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto, - data, hlen); + ports = __skb_flow_get_ports(skb, nhoff, ip_proto, data, hlen); + + if (key_ports) + key_ports->ports = ports; + + if (key_ports_range) + key_ports_range->tp.ports = ports; } static void From patchwork Tue Feb 18 04:32:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13979000 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8EC981E for ; Tue, 18 Feb 2025 04:32:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853153; cv=none; b=r3FO+zDdJVfZ9XD3UOcKhP89eajyQStsw9EIgt1puDEBjd34PpAlBlrZX84xYfQMMrgmzGt2ah33S/lZpD7F4fdNsbkSA0YWrGRgJzcnSDQlwKTdzJnr3Q4iiPYcNE2HZAmUNkGESczN+NYBGp044K5gGVT6cUxpzRxVXZdFS4s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853153; c=relaxed/simple; bh=Xvkq8uTdPCJXApQqsNTYajyVZLVKJG8z8rsV3kajv/Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VbbgxFKpkZDHWYDdGkiJHXL8lgOlXwvdvrruvksGYu91GqpX8Bj8cg/WXIJ5l4Iz8FljGCuMaX7mM+qa3zWNGGAS6qZxhCVObJRaRiyycpqccr+hJk4JDqtRDxow9FiifZMv9ZAZz5TaujGxUZkxur/QKxI7LKiNLplLdIN3b0w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lxjElHep; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lxjElHep" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21f61b01630so92945655ad.1 for ; Mon, 17 Feb 2025 20:32:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739853150; x=1740457950; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/9cc3S0M29XarWk16c0bKedE92oIPNNchrVRuGkZCz4=; b=lxjElHeprVQfuhCsizn8YT76ll3ujS8v2034s3UbpZsNq+ZJpELgO66C3z5LK29xmu JoIq80f+DNjryWJYXZEuqHKpp+xaIfYuo1eOT3f48XMzpjWYvnnTVwExDbbOoM0LbL42 VGzAEamyqJvtanxH54Bnf/Dn27ca3+YisGqGn9ArsVXR5LgzSo23TGDp+pd7CPMghPRY AyDFuUaFldut3oegslEppeNrfdKnr1Qo2bKV1l3J8o7XbsgKPs4zVQ0/Ul+FTYaSpOTQ PbygRsIMzptB7evsvkvm6tIdR92AAu0mO3/Bd71Rfzmh9ih765+7ikY5a/X1DrSZ7Sc+ CKiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739853150; x=1740457950; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/9cc3S0M29XarWk16c0bKedE92oIPNNchrVRuGkZCz4=; b=OQ9fkpzHz890QwG+ZKiISLOF/jc0JW4cmChLU2nFadMNLh09OAoIZxFi4fd43OLk7W wWWlZm6DsiUsFz3NGqXaogclcZaXRvZbTvYGEaU1gMTrBdAWMME3TwXTO0F4Ly8Ef9zv 1FIu+3vvcCRYyM5EIuebYcWycQfh8D4LtJlQHmGM/O5ZBormx3cd0IkGyj62J1zULrpZ Fk6fxwKtqGT01989KgJPOMlS1R5IQ4+O3yUBbghTxGHuPms2SKyZs09xv442JDLewkB/ Mbj05uQSNcSqL0b04G4B7gQtHpmyyIFkCkpXUbnedEaHH++vXiIImHPU8r1kJsSF3wlf xz1Q== X-Gm-Message-State: AOJu0Yxln1blo6QMbMDBHN/yoKbaVPfqo6fG9voq/kmfON1CMWWrCofK zZbC8lTaRRG07ljVX5Vcyr15t439SyQ1ai4OlECYQkMOf1/+hv4RCfvpyw== X-Gm-Gg: ASbGncvbJUBIHwwaj+5xHv72tS0oWQkiJA38IYx243xcy6LVrxBLDRrVVbEJ2rbOPHE 11Hz1Tufv/vT5X5uX+ueqE95W8lfFcQfHcntacYpusMNE/bi/cF4X/y8J/PqyYWsLW8CAOKvE8r 5IP6Jbl3G6TXXSrKTkb66PG716JUcmnp75tyxKXtjaJS8jzoSZ+7giGa7pExY3EKVPJ05rnX/4R 7eI5rWzViabD5BBxFudIhwJCJ99dZCFj5irRsZuCbQbq//LhwPwNTfIuQrWmMKc6nY4CUkEJXp7 FHOKkDh8G5AkQLsmHBAoasJzcc/usKVPxp5dMZ9CclYs X-Google-Smtp-Source: AGHT+IGZDq0t68bwJV/7aryfXyU4n4p+gD+6mJZuUpTVdm0rlQ7AV9FqqJPKQ109iRPcpfi3SrsMBQ== X-Received: by 2002:a05:6a21:4014:b0:1ed:a5f2:dba6 with SMTP id adf61e73a8af0-1ee8d7acd39mr19917439637.14.1739853150456; Mon, 17 Feb 2025 20:32:30 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:304e:ca62:f87b:b334]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7326aef465dsm4907501b3a.177.2025.02.17.20.32.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Feb 2025 20:32:29 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , Qiang Zhang , Jamal Hadi Salim , Jiri Pirko Subject: [Patch net 2/4] selftests/net/forwarding: Add a test case for tc-flower of mixed port and port-range Date: Mon, 17 Feb 2025 20:32:08 -0800 Message-Id: <20250218043210.732959-3-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250218043210.732959-1-xiyou.wangcong@gmail.com> References: <20250218043210.732959-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org After this patch: # ./tc_flower_port_range.sh TEST: Port range matching - IPv4 UDP [ OK ] TEST: Port range matching - IPv4 TCP [ OK ] TEST: Port range matching - IPv6 UDP [ OK ] TEST: Port range matching - IPv6 TCP [ OK ] TEST: Port range matching - IPv4 UDP Drop [ OK ] Cc: Qiang Zhang Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang Reviewed-by: Ido Schimmel Tested-by: Ido Schimmel --- .../net/forwarding/tc_flower_port_range.sh | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh index 3885a2a91f7d..baed5e380dae 100755 --- a/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh +++ b/tools/testing/selftests/net/forwarding/tc_flower_port_range.sh @@ -20,6 +20,7 @@ ALL_TESTS=" test_port_range_ipv4_tcp test_port_range_ipv6_udp test_port_range_ipv6_tcp + test_port_range_ipv4_udp_drop " NUM_NETIFS=4 @@ -194,6 +195,51 @@ test_port_range_ipv6_tcp() __test_port_range $proto $ip_proto $sip $dip $mode "$name" } +test_port_range_ipv4_udp_drop() +{ + local proto=ipv4 + local ip_proto=udp + local sip=192.0.2.1 + local dip=192.0.2.2 + local mode="-4" + local name="IPv4 UDP Drop" + local dmac=$(mac_get $h2) + local smac=$(mac_get $h1) + local sport_min=2000 + local sport_max=3000 + local sport_mid=$((sport_min + (sport_max - sport_min) / 2)) + local dport=5000 + + RET=0 + + tc filter add dev $swp1 ingress protocol $proto handle 101 pref 1 \ + flower src_ip $sip dst_ip $dip ip_proto $ip_proto \ + src_port $sport_min-$sport_max \ + dst_port $dport \ + action drop + + # Test ports outside range - should pass + $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \ + -t $ip_proto "sp=$((sport_min - 1)),dp=$dport" + $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \ + -t $ip_proto "sp=$((sport_max + 1)),dp=$dport" + + # Test ports inside range - should be dropped + $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \ + -t $ip_proto "sp=$sport_min,dp=$dport" + $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \ + -t $ip_proto "sp=$sport_mid,dp=$dport" + $MZ $mode $h1 -c 1 -q -p 100 -a $smac -b $dmac -A $sip -B $dip \ + -t $ip_proto "sp=$sport_max,dp=$dport" + + tc_check_packets "dev $swp1 ingress" 101 3 + check_err $? "Filter did not drop the expected number of packets" + + tc filter del dev $swp1 ingress protocol $proto pref 1 handle 101 flower + + log_test "Port range matching - $name" +} + setup_prepare() { h1=${NETIFS[p1]} From patchwork Tue Feb 18 04:32:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13979001 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA9041AB6DE for ; Tue, 18 Feb 2025 04:32:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853154; cv=none; b=Bl25ZMaCWfGTPHoAXa3RBoycnm0hSXxO9wqsroO59/XM0Q2alq4reLOURWgkTfEQgcYPxug5HfohJJxzJUGje0kr+NA4kImjfpJt1aBjfmGcJ0twWLetBnuGh7f/Wh9OO3beBFBiOeFeDwaronWZqdBjwXXNvKLqWYOm6abL6eE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853154; c=relaxed/simple; bh=K0nUvKTL+oKjINXniaj/u7aFwM1Yq9iSu+s3rsVQTG8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ok/pUKNPpEjopFs3VH86unTQWflDuUY4vEnmktgqis6RlKSunytUCSVTLUlYK4vi6Xd6c4r9zgrGlNYv2FBqMqHAYiT1OffX4QEa7T9FIz3wgis4wrfTN1JOk83HKh9CfXKT3am8IqMA5CKP5RIo+nX2etSIwPP2gepRzAc4Fvo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=myghX7l7; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="myghX7l7" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-220e6028214so82279115ad.0 for ; Mon, 17 Feb 2025 20:32:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739853152; x=1740457952; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QaMoKp/08ZfOYxZZIFyKP1+AXjFJ41FwH1Rc4CFQ+5E=; b=myghX7l7ZuCJnNDZ1ZBpjxQX38B/XUe/DtgX24PJIKJzdCudRV/DfuTo3qDgk7C99R iidpVlXNbbX4LmEKm3k70easUCRlgygqrrWslVuHKzKHzGLov+26O5RzJTmCWbzHmN32 emGrK2XG6Hh/KNdIjy9jgRpoGiFSA8TAt2BU9SRZFjmUP/UO4798Si8i3lM4/Jcyuyzw UCxpbVcKd3n6d69euzBny+2Am9kL5n+jCQ42UoSf3cp5ktuCREcmJhG/dutXBIlsTwuU JtnFc4oqOXHqjun49hY9Rh6TvqNs1wDo+fF10VBGYrc7hKykJqLok2D6f2aXtFfkcIYl IrIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739853152; x=1740457952; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QaMoKp/08ZfOYxZZIFyKP1+AXjFJ41FwH1Rc4CFQ+5E=; b=LzhVBOMEz96+vO3m8zMvwlk2Y2MxLL7VKRDfpl1OJ6aAhgQLbFfrqHYRxRPxJmUpoZ 3CXjnj9H9ZifS55KJ4wPZQT2RaOBzStHvkHRgLl9LtA2+pECMk0K/OqK08BXlcsTlowW 8QTG5Sq5DSjr6Jki7QviJI3wQKs34XZTaC+8Xp1SOLtBw195GAnfOi11DD3rNTb+oYEx vP8LzQlaYHZwolol1I5GLdQQHsSHTBMSxzIhK/KOkSMM318eRfXl35O1m21I2rYqztGu tZ9szuUz9HSa3YfKA9eX3UCHhjsfpkNUyUT98/LsJRGlUblyV6mtvd8qqEG5zfFSFTt0 XwQQ== X-Gm-Message-State: AOJu0YxGb5T9/V2nQ5Jlz5JgjJXm42G3OgjwucRdqJDTG08eqhs1YI+v 1LSVu4FdJQF7RyQK0vGF2G893JOzKCyjQctEb+ge4o2xDBeT180EPsc4Dg== X-Gm-Gg: ASbGncsJPKK7Q2iTmbnqO7u/xkwjAeXQpAxU85vFnxBxCXvD1BnHAp1MyxW2YTgrpzF 336ekgkdAF5diGdc1oz63cc/KoUdy1m437NC14IJQAOyZkALxBNYAysYeLeClW08dO0sUJPbXkU aZmtuLFxntgGcuy8/E5dyslZONPy6MadgKyIcXhzK4IHU48kXMWnyGgvkWqtbNwm8tpX2hJQpzF jYPb4/7zwFawal6XuiQ95Vuik4ddamc7glkb2eQLGZJpV4GwUUL4j8LCFWvs8IxKoRRW4Eo9Hx0 hMfXqd5XzPnNA3VaObJUHVByj+RhrhyVUcVedWwPApni X-Google-Smtp-Source: AGHT+IH81BRK+IoU2xmJ2VR8pW+yiu7XQx1xaOYfeC3zbTEkMWVoUREJgA6ZNRe8GMYb87DXP21I3g== X-Received: by 2002:a05:6300:8005:b0:1ee:b8bc:3d2e with SMTP id adf61e73a8af0-1eeb8be5abdmr7371630637.8.1739853151741; Mon, 17 Feb 2025 20:32:31 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:304e:ca62:f87b:b334]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7326aef465dsm4907501b3a.177.2025.02.17.20.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Feb 2025 20:32:31 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , Qiang Zhang , Yoshiki Komachi , Jamal Hadi Salim , Jiri Pirko Subject: [Patch net 3/4] flow_dissector: Fix port range key handling in BPF conversion Date: Mon, 17 Feb 2025 20:32:09 -0800 Message-Id: <20250218043210.732959-4-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250218043210.732959-1-xiyou.wangcong@gmail.com> References: <20250218043210.732959-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org Fix how port range keys are handled in __skb_flow_bpf_to_target() by: - Separating PORTS and PORTS_RANGE key handling - Using correct key_ports_range structure for range keys - Properly initializing both key types independently This ensures port range information is correctly stored in its dedicated structure rather than incorrectly using the regular ports key structure. Fixes: 59fb9b62fb6c ("flow_dissector: Fix to use new variables for port ranges in bpf hook") Reported-by: Qiang Zhang Closes: https://lore.kernel.org/netdev/CAPx+-5uvFxkhkz4=j_Xuwkezjn9U6kzKTD5jz4tZ9msSJ0fOJA@mail.gmail.com/ Cc: Yoshiki Komachi Cc: Jamal Hadi Salim Cc: Jiri Pirko Signed-off-by: Cong Wang --- net/core/flow_dissector.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index c33af3ef0b79..9cd8de6bebb5 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -931,6 +931,7 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, struct flow_dissector *flow_dissector, void *target_container) { + struct flow_dissector_key_ports_range *key_ports_range = NULL; struct flow_dissector_key_ports *key_ports = NULL; struct flow_dissector_key_control *key_control; struct flow_dissector_key_basic *key_basic; @@ -975,20 +976,21 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; } - if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) + if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS)) { key_ports = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_PORTS, target_container); - else if (dissector_uses_key(flow_dissector, - FLOW_DISSECTOR_KEY_PORTS_RANGE)) - key_ports = skb_flow_dissector_target(flow_dissector, - FLOW_DISSECTOR_KEY_PORTS_RANGE, - target_container); - - if (key_ports) { key_ports->src = flow_keys->sport; key_ports->dst = flow_keys->dport; } + if (dissector_uses_key(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS_RANGE)) { + key_ports_range = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_PORTS_RANGE, + target_container); + key_ports_range->tp.src = flow_keys->sport; + key_ports_range->tp.dst = flow_keys->dport; + } if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_FLOW_LABEL)) { From patchwork Tue Feb 18 04:32:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13978997 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 435F61ACEBA; Tue, 18 Feb 2025 04:32:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853155; cv=none; b=dgQncC2r9FYGZwXlb5IRqF6wRb2rt3KTXmSmHVwJSRaDNeMFU5V4o+6066rM9SWxa59dwj3Nbsd6zJ3HMmk/h2R33+N+O9vBLk+dupa/ErBj3awq75dXg38f0PJbRk0AxAIXQTElTeRWW/D5yg47utZf6N52OXiqHXexLbmVYEg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739853155; c=relaxed/simple; bh=ZlCxIQ6nLSNKYpFJNe5bVjFTd4IzLJgoQB/l0C4mt9k=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HY8cvZtZ2NqaMUh1vWUi9c9MgQ/erUzdjyK+UCW03jYbtqg36ZlHNkl0NAtS79mlirkaoIXKlCQbmB7jbhU+Si8C2QdxAeAaHlrVbl+ZMYGSQKBeznAYjjgk7y1MsNaZAykZ/AMINXS7s/69ByZ1Osu8rXH/SBE59lUyI/lH92k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T8+MzaHl; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T8+MzaHl" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-221057b6ac4so41065995ad.2; Mon, 17 Feb 2025 20:32:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739853153; x=1740457953; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oXkc5D8zSe0fz724t/KPS1px8hlKa4AQcyFwB/aU3Z4=; b=T8+MzaHluHEFKwbgfU8WXiNXFG8vucAxN+IFdcxrXR3URD7xXv8A253OTRLg+ocPBs mWF3CivfdSItH2DcDcwwbV+l7eJW07OnRjWStLkWuq0aWBmAEtSeBawaT0pDA2cMMo3Q ZurQxF9tvf/ZHscCMegxMl/FXpduEVTv+K5BSBzi65XJZa9g7UTBvrBM66e4EVaGsZX8 C+PU8TPizEGgzXg+NKEJ/QcPnNY/6U1k0Sht/I68sNH+mOSvPA+ukZLwDhkQCNj3VAh6 v9YTB2mvgymCP/mFFugunfXlAUNCKXXePRd1CWkcauVgL3CHZv79wuUBRbd+5ig5kCHs E5dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739853153; x=1740457953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oXkc5D8zSe0fz724t/KPS1px8hlKa4AQcyFwB/aU3Z4=; b=TT9EkApnzGAXbEx4UtFYGt1zqBsrpYRUcSZvhN2buAOEkD9yAKcxrvHDE1xCMBF2kq A6hfKPw8713Fw1eBirKGSkDUg8xavN642TZNZR5YgKBHyNEOuUCorEqSkUaQS9Pki3j7 wx4Fzcnp6wHsA3vbEJdgoAxcp99KcnE96AyTXBQlmZFq/wdb8euKGbE1AkUjDdKMF/jG Ur4AOJQRP1iX9EOF3tALijBTp8rHKssZ+WTQW8N0dWzijfsV0QnaUhlPsYvqfU0fD1YA 4BSlKJkpHLtfgkfSNOv0JA8jZNqDzRRD12BCKpUER1Ett/ji0BpfZRyVNvBRkDyyDR52 xROg== X-Forwarded-Encrypted: i=1; AJvYcCWlAVzqrIAP7MtFm3CaQEKuVZCKPgr7OXoAKW6kcWo3SA4DlfSsqqwyr8aH0Xb8X5kN7f8=@vger.kernel.org X-Gm-Message-State: AOJu0Ywbx86gtyeAmor9Z5W5HPRl4FbY/KwiRcwZtL7C1WBPODbkaKOX 7stQQwXVnirFs7QDzEo2qGmTnIfmmZYOp29FU8Gb32hVqqtmGKCS8jfw7w== X-Gm-Gg: ASbGncsaP7wyyxIoheOHp2+PGYTO6xw+1X3v304/UHhTPgR1WgqxCVL/0dxmJ05gCHo eE+iOultUA1dfcrVWUqyP9Kb3hZAWXt7Y5vRhfDARgrgfIpEqYWLBOndS3PHVRE10+FPEJARNgY PJQPOrZWYUedclfdaF/qLI0fbLZ2CIL9ecblcyEn26/MIsTXyWsFDzQ261h2AIfaVtIHnOpCcrf FElIHUHUUQMAqNmcZ47zySl9QtXelGtQTNK88OTCQV37B+Y2arj5+AO8Ua/S+RIVO34ptUpy45G WPa+T1aedR3JAhM7WpQb6bccgDqGISbv9DsvTTpEOIJ6 X-Google-Smtp-Source: AGHT+IG0PMJ197PoE6O2S7ppmjCksxA0DUXdJ+Abf2BzmR+SqxxroSDzqPMo+/cx0wcElHs9lMqsqw== X-Received: by 2002:a05:6a00:1746:b0:732:535d:bb55 with SMTP id d2e1a72fcca58-732617757demr19112518b3a.4.1739853153078; Mon, 17 Feb 2025 20:32:33 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:304e:ca62:f87b:b334]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7326aef465dsm4907501b3a.177.2025.02.17.20.32.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Feb 2025 20:32:32 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: Cong Wang , bpf@vger.kernel.org, Daniel Borkmann , Andrii Nakryiko Subject: [Patch net 4/4] selftests/bpf: Add a specific dst port matching Date: Mon, 17 Feb 2025 20:32:10 -0800 Message-Id: <20250218043210.732959-5-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250218043210.732959-1-xiyou.wangcong@gmail.com> References: <20250218043210.732959-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org After this patch: #102/1 flow_dissector_classification/ipv4:OK #102/2 flow_dissector_classification/ipv4_continue_dissect:OK #102/3 flow_dissector_classification/ipip:OK #102/4 flow_dissector_classification/gre:OK #102/5 flow_dissector_classification/port_range:OK #102/6 flow_dissector_classification/ipv6:OK #102 flow_dissector_classification:OK Summary: 1/6 PASSED, 0 SKIPPED, 0 FAILED Cc: bpf@vger.kernel.org Cc: Daniel Borkmann Cc: Andrii Nakryiko Signed-off-by: Cong Wang --- .../bpf/prog_tests/flow_dissector_classification.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector_classification.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector_classification.c index 3729fbfd3084..80b153d3ddec 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector_classification.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector_classification.c @@ -542,8 +542,12 @@ static void detach_program(struct bpf_flow *skel, int prog_fd) static int set_port_drop(int pf, bool multi_port) { + char dst_port[16]; + + snprintf(dst_port, sizeof(dst_port), "%d", CFG_PORT_INNER); + SYS(fail, "tc qdisc add dev lo ingress"); - SYS(fail_delete_qdisc, "tc filter add %s %s %s %s %s %s %s %s %s %s", + SYS(fail_delete_qdisc, "tc filter add %s %s %s %s %s %s %s %s %s %s %s %s", "dev lo", "parent FFFF:", "protocol", pf == PF_INET6 ? "ipv6" : "ip", @@ -551,6 +555,7 @@ static int set_port_drop(int pf, bool multi_port) "flower", "ip_proto udp", "src_port", multi_port ? "8-10" : "9", + "dst_port", dst_port, "action drop"); return 0;