Re: [PATCH bpf-next V11 5/7] bpf: drop MTU check when doing TC-BPF redirect to ingress

Thu, 14 Jan 2021 08:17:18 -0800 

On Thu, 14 Jan 2021 01:03:33 -0800
John Fastabend <john.fastab...@gmail.com> wrote:

> Jesper Dangaard Brouer wrote:
> > The use-case for dropping the MTU check when TC-BPF does redirect to
> > ingress, is described by Eyal Birger in email[0]. The summary is the
> > ability to increase packet size (e.g. with IPv6 headers for NAT64) and
> > ingress redirect packet and let normal netstack fragment packet as needed.
> > 
> > [0] 
> > https://lore.kernel.org/netdev/CAHsH6Gug-hsLGHQ6N0wtixdOa85LDZ3HNRHVd0opR=19qo4...@mail.gmail.com/
> > 
> > V9:
> >  - Make net_device "up" (IFF_UP) check explicit in skb_do_redirect
> > 
> > V4:
> >  - Keep net_device "up" (IFF_UP) check.
> >  - Adjustment to handle bpf_redirect_peer() helper
> > 
> > Signed-off-by: Jesper Dangaard Brouer <bro...@redhat.com>
> > ---
> >  include/linux/netdevice.h |   31 +++++++++++++++++++++++++++++--
> >  net/core/dev.c            |   19 ++-----------------
> >  net/core/filter.c         |   14 +++++++++++---
> >  3 files changed, 42 insertions(+), 22 deletions(-)
> >   
> 
> [...]
> 
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 3f2e593244ca..1908800b671c 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -2083,13 +2083,21 @@ static const struct bpf_func_proto 
> > bpf_csum_level_proto = {
> >  
> >  static inline int __bpf_rx_skb(struct net_device *dev, struct sk_buff *skb)
> >  {
> > -   return dev_forward_skb(dev, skb);  
> 
> > +   int ret = ____dev_forward_skb(dev, skb, false);
> > +
> > +   if (likely(!ret)) {
> > +           skb->protocol = eth_type_trans(skb, dev);
> > +           skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
> > +           ret = netif_rx(skb);
> > +   }
> > +
> > +   return ret;  
> 
> How about putting above block into a dev.c routine call it
> 
>  dev_forward_skb_nomtu(...)
> 
> or something like that. Then we keep this code next to its pair
> with mtu check, dev_forward_skb().
> 
> dev_forward_skb() also uses netif_rx_internal() looks like maybe we should
> just do the same here?

I love the idea.  I'm coding it up and it looks much nicer.  And yes we
obviously can use netif_rx_internal() once the code in core/dev.c

-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  LinkedIn: http://www.linkedin.com/in/brouer

Reply via email to