Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp488643rwb; Thu, 12 Jan 2023 08:31:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXsRDv5BrppN+Q573INI56w4k+2Y1dP5Hnxi2lH5OOy7l5rkoXBOborAjd9NCJ6dVM+j8ABn X-Received: by 2002:a05:6a20:d686:b0:b6:5d9f:cd8c with SMTP id it6-20020a056a20d68600b000b65d9fcd8cmr6496290pzb.54.1673541090062; Thu, 12 Jan 2023 08:31:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673541090; cv=none; d=google.com; s=arc-20160816; b=rhwu73m3jIn7gB6kkL8Iq1PRWzaRPZCpFjJktgTxQmGL0WWsK1s2nDOOdb8U08vWyf TRInZTUOY7lSvX/gEaHKR1uD8Z9vYSwIriBhP9wBvXLML9ZeFxYAMg7XZJR+jAlxsvt9 uXzRsbxPMjwdPegOsjDKCK5G6AJeFs3aFwF0kcSt2WQ+XYEs+fm2hkYSn15pQz3XTi2M nbsdls5m/S+3VkJQg5H+xqS7fB6v3rhqwFf0nd8bjokU7XeVVqtMQvFHmvlQOCkqu6MS deypRheco/mMEKAfvK7XX64wTjwxIKEoUMssqMUllvD8Ym9zRm3HIgiv6JtqG3vg48KT IYYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=27xqJWdcru6xXrx9U2TMVWvDMNXWrOANKcIbhlsNAL4=; b=jdpfpSPPRvks3e41mQhhUwT1XiyIQKf7ImN7473jv0LqKmiwrGDdq6s1Fb9uOfBn9m rh6FHQaXaT31GW2zgZyYGkVuVNgormxU9jBhlCoNrdLvGtYhRlk7m6EWqLdaz4Z3b7Le 4PhTzt9Q1nqr4QdlZfl2hvhGfimwOMapHRYUWw4jsXObOlYt086+AeKTSQY+2Oi6gOgr gE1PTHTDwZCw1RsRXeVrU7EgPAm8luGsPwCvgxJ8dEUYGX2UPsmi2ri1ZUoFVVJRkmIw GxkH2NHxVlmW40H39gp/KSRGM63S7gj7RokJhKZmTBYxdjRhE4CrxN5QFSG3KcezPD0G 4WfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EmEZxVAA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bc22-20020a656d96000000b004ad990a963asi16137617pgb.648.2023.01.12.08.31.23; Thu, 12 Jan 2023 08:31:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=EmEZxVAA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231580AbjALQML (ORCPT + 50 others); Thu, 12 Jan 2023 11:12:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234036AbjALQLo (ORCPT ); Thu, 12 Jan 2023 11:11:44 -0500 Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D04CF120BF for ; Thu, 12 Jan 2023 08:05:36 -0800 (PST) Received: by mail-yb1-xb2c.google.com with SMTP id 203so19193317yby.10 for ; Thu, 12 Jan 2023 08:05:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=27xqJWdcru6xXrx9U2TMVWvDMNXWrOANKcIbhlsNAL4=; b=EmEZxVAAgKHQ/nmPUB4gKobtgXf43rCTC8hXPKl4NmXER2qFaXuEaNbH2usLOKZaqx rDopsVKcV9prVQM6dmU01FHlPOLUN+irqAQVD6YkEW/lbw5a7mghl5bviijzEZX+HsYZ pGt4j4X5YWXHg5QC/zHjzZSjrthanc0OA6NzLHvPgl7lU8kQdlgcX1vroOw6ZGaBChbR TTwQhn3cKS1AXkDIpdACkCrXxSAPqy5c8j0CsDzld9Z8T9R2vRD0Drtd8mm+ZELVZ0MG 9WquxnaElHDqE9fRgxL/EajktTeZf6L+3m59wU/yDjSHzYi5c+G99zOq8oOqCGyNTq2f K2Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=27xqJWdcru6xXrx9U2TMVWvDMNXWrOANKcIbhlsNAL4=; b=O5T4U9gAE9EY+/JSMCVQoJtNmsxxX4edFVkcZD2Cq6oTwszdrqUknwDVgViwAWbKvt +cGaZjPzDtGlAehxW6VExeljjPfGe1ry7sNnf8PvPZHJRC4ck+zBvA1+spp7KdSwsz45 REbSVzzsySwEOtwXRFoR77Sl7pOjrAeSdmjEkJtJFnFY/JTAIaj6WwVJyJOrWRJ9tJqI YK0rYQOzYUeHOncvjXD/8/u8QSxnSVi+5GE6ayMrY14hi+UoMJM6NQKebkOAgRLnSA0D Olehew/xMD7K3C6NCfgrYMin/gaiHj/DSlJovoPd8Nngp2OqCbSYNZXALk2bvaSwI/Zi N9Vg== X-Gm-Message-State: AFqh2kospvM08tYq9jqEOw3dwELKNtitZKSO1DQePJmXb75Sb19HCrYt rhpkta9yie3nykDUqkMdAn+DkO7UqI2S149dnci8KA== X-Received: by 2002:a5b:309:0:b0:703:e000:287 with SMTP id j9-20020a5b0309000000b00703e0000287mr8176328ybp.171.1673539535959; Thu, 12 Jan 2023 08:05:35 -0800 (PST) MIME-Version: 1.0 References: <20230110191725.22675-1-admin@netgeek.ovh> <20230110191725.22675-2-admin@netgeek.ovh> In-Reply-To: <20230110191725.22675-2-admin@netgeek.ovh> From: Willem de Bruijn Date: Thu, 12 Jan 2023 11:04:58 -0500 Message-ID: Subject: Re: [PATCH net 2/2] net/af_packet: fix tx skb network header on SOCK_RAW sockets over VLAN device To: =?UTF-8?Q?Herv=C3=A9_Boisse?= Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 10, 2023 at 2:38 PM Herv=C3=A9 Boisse wrote= : > > When an application sends a packet on a SOCK_RAW socket over a VLAN devic= e, > there is a possibility that the skb network header is incorrectly set. > > The issue happens when the device used to send the packet is a VLAN devic= e > whose underlying device has no VLAN tx hardware offloading support. > In that case, the VLAN driver reports a LL header size increased by 4 byt= es > to take into account the tag that will be added in software. > > However, the socket user has no clue about that and still provides a norm= al > LL header without tag. This is arguably a mistake. A process using PF_PACKET to write to a device must know the link layer typ= e. SOCK_RAW should prepare a header equivalent to dev_hard_header (which prepares it for SOCK_DGRAM). vlan_dev_hard_header clearly adds both the Ethernet header and VLAN tag. If applications assume virtual VLAN device exposes an Ethernet link layer, then net/8021q/vlan_dev.c needs to expose that, including that hard_header_= len. > This results in the network header of the skb being shifted 4 bytes too f= ar > in the packet. This shift makes tc classifiers fail as they point to > incorrect data. > > Move network header right after underlying VLAN device LL header size > without tag, regardless of hardware offloading support. That is, the > expected LL header size from socket user. > > Signed-off-by: Herv=C3=A9 Boisse > --- > net/packet/af_packet.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c > index c18274f65b17..be892fd498a6 100644 > --- a/net/packet/af_packet.c > +++ b/net/packet/af_packet.c > @@ -1933,6 +1933,18 @@ static void packet_parse_headers(struct sk_buff *s= kb, struct socket *sock) > skb->protocol =3D dev_parse_header_protocol(skb); > } > > + /* VLAN device may report bigger LL header size due to reserved r= oom for > + * tag on devices without hardware offloading support > + */ > + if (is_vlan_dev(skb->dev) && > + (sock->type =3D=3D SOCK_RAW || sock->type =3D=3D SOCK_PACKET)= ) { Let's also try very hard to avoid adding branches in the hot path for cases this rare. > + struct net_device *real_dev =3D vlan_dev_real_dev(skb->de= v); > + > + depth =3D real_dev->hard_header_len; > + if (pskb_may_pull(skb, depth)) > + skb_set_network_header(skb, depth); > + } > + > /* Move network header to the right position for VLAN tagged pack= ets */ > if (likely(skb->dev->type =3D=3D ARPHRD_ETHER) && > eth_type_vlan(skb->protocol) && > -- > 2.38.2 >