On Tue, 2 Jun 2020 at 15:58, Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> Adapt bpf_skb_adjust_room() to pass in BPF_F_ADJ_ROOM_NO_CSUM_RESET flag and
> use the new bpf_csum_level() helper to inc/dec the checksum level by one after
> the encap/decap.
Just to be on the safe side: we go from
| ETH | IP | UDP | GUE | IP | TCP |
to
| ETH | IP | TCP |
by cutting | IP | UDP | GUE | after the Ethernet header.
Since IP is never included in csum_level and because GUE is not eligible for
CHECKSUM_UNNECESSARY we only need to do csum_level-- once, not twice.
If that is correct:
Reviewed-by: Lorenz Bauer <lmb@xxxxxxxxxxxxxx>
>
> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> ---
> tools/testing/selftests/bpf/progs/test_cls_redirect.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> index 1668b993eb86..f0b72e86bee5 100644
> --- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> +++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> @@ -380,9 +380,10 @@ static ret_t accept_locally(struct __sk_buff *skb, encap_headers_t *encap)
> }
>
> if (bpf_skb_adjust_room(skb, -encap_overhead, BPF_ADJ_ROOM_MAC,
> - BPF_F_ADJ_ROOM_FIXED_GSO)) {
> + BPF_F_ADJ_ROOM_FIXED_GSO |
> + BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
> + bpf_csum_level(skb, BPF_CSUM_LEVEL_DEC))
> return TC_ACT_SHOT;
> - }
>
> return bpf_redirect(skb->ifindex, BPF_F_INGRESS);
> }
> @@ -472,7 +473,9 @@ static ret_t forward_with_gre(struct __sk_buff *skb, encap_headers_t *encap,
> }
>
> if (bpf_skb_adjust_room(skb, delta, BPF_ADJ_ROOM_NET,
> - BPF_F_ADJ_ROOM_FIXED_GSO)) {
> + BPF_F_ADJ_ROOM_FIXED_GSO |
> + BPF_F_ADJ_ROOM_NO_CSUM_RESET) ||
> + bpf_csum_level(skb, BPF_CSUM_LEVEL_INC)) {
> metrics->errors_total_encap_adjust_failed++;
> return TC_ACT_SHOT;
> }
> --
> 2.21.0
>
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
