Currently, bpf_lwt_push_ip_encap() does not update skb->transport_header. When a driver, e.g. ice, reuses the stale skb->transport_header to offload checksum computation to NIC hardware, VxLAN packets encapsulated by bpf_lwt_push_encap() helper may be dropped due to incorrect checksum.
Update skb->transport_header in bpf_lwt_push_ip_encap() whenever the encapsulated packet uses UDP, so checksum offload works correctly. Changes: v2 -> v3: * Drop patch #1 and #2 of v2 that aim to resolve potential issues reported by sashiko (per Alexei). * Check target IP version and UDP tunnel in test (per sashiko). * v2: https://lore.kernel.org/bpf/[email protected]/ v1 -> v2: * Address sashiko's reviews: * Fix TOCTOU issue in lwt to avoid changing hdr after checks. * Add check iph->ihl < 5 in lwt to avoid infinite-loop in MIPS driver. * Update comment style in selftests with BPF comment style. * v1: https://lore.kernel.org/bpf/[email protected]/ Leon Hwang (2): bpf: Update transport_header when encapsulating UDP tunnel in lwt selftests/bpf: Add tests to verify the fix of encapsulating VxLAN in lwt net/core/lwt_bpf.c | 11 ++ .../selftests/bpf/prog_tests/lwt_ip_encap.c | 164 ++++++++++++++++++ .../selftests/bpf/progs/test_lwt_ip_encap.c | 112 ++++++++++++ .../bpf/progs/test_lwt_ip_encap_fix.c | 44 +++++ 4 files changed, 331 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/test_lwt_ip_encap_fix.c -- 2.54.0
