Hello everyone,
I have a question about sk_skb eBPF hook. Specifically my question is
about resizing packets in the sk_skb verdict programs using
`bpf_skb_adjust_room`. The issue is that even though I call this helper
and it returns successfully, after redirecting the packet, the size of
the packet received on the other side of the socket (userspace app) has
the original size.
I believe that this helper works properly and it really increases the
skb room. Also after invoking this helper, the verifier won't complain
about out of packet accesses. I think the issue is that the length would
be overwritten by the value from the stream parser before redirecting
the skb (look at [1]).
Looking at the implementation of `bpf_skb_adjust_room` helper function
(here [2]), it seems that at line [3] the stream parser value is updated
if there is a context for the TLS program. In my test environment this
update is not happening (I checked by adding printk). I am not
interested in kTLS, so it makes sense to me that this branch is not
taken. But it also makes me wonder if there should be a similar thing
for other sk_skb programs. Am I missing a point?
My question is, can a sk_skb verdict program resize the packet it redirects?
Just for the sake of testing, I added some changes to update the stream
parser length value with respect to room adjustment and it solves the
issue. But I wonder if I have missed the point.
[1] https://github.com/torvalds/linux/blob/master/net/core/skmsg.c#L664
[2] https://github.com/torvalds/linux/blob/master/net/core/filter.c#L3536
[3] https://github.com/torvalds/linux/blob/master/net/core/filter.c#L3562
Sincerely,
Farbod
