diff options
author | Maciej Żenczykowski <maze@google.com> | 2020-07-15 20:06:17 +0000 |
---|---|---|
committer | Maciej Zenczykowski <maze@google.com> | 2020-07-16 11:26:09 +0000 |
commit | 59b62e64ce48e585f038780d569001c714b0910f (patch) | |
tree | 00bf302e6b69c9c3b22f2e444bf0c510688dd38d | |
parent | e2ad8628b0244fc7d2b9565369923864b9e3a751 (diff) | |
download | netd-59b62e64ce48e585f038780d569001c714b0910f.tar.gz |
bpf_progs/clatd - do not tx offload ipv4/udp packets with 0 checksum
Test: builds, treehugger
Bug: 160191447
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Original-Change: https://android-review.googlesource.com/1363156
Merged-In: I483f65c16e55dc5851e0bea9b45e8fdfa283d9a9
Change-Id: I483f65c16e55dc5851e0bea9b45e8fdfa283d9a9
-rw-r--r-- | bpf_progs/clatd.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/bpf_progs/clatd.c b/bpf_progs/clatd.c index 102ecd96..e7586928 100644 --- a/bpf_progs/clatd.c +++ b/bpf_progs/clatd.c @@ -26,6 +26,10 @@ #include <stdbool.h> #include <stdint.h> +// bionic kernel uapi linux/udp.h header is munged... +#define __kernel_udphdr udphdr +#include <linux/udp.h> + #include "bpf_helpers.h" #include "bpf_net_helpers.h" #include "netdbpf/bpf_shared.h" @@ -226,9 +230,18 @@ int sched_cls_egress_clat_rawip(struct __sk_buff* skb) { switch (ip4->protocol) { case IPPROTO_TCP: // For TCP & UDP the checksum neutrality of the chosen IPv6 - case IPPROTO_UDP: // address means there is no need to update their checksums. - case IPPROTO_GRE: // We do not need to bother looking at GRE/ESP headers, - case IPPROTO_ESP: // since there is never a checksum to update. + case IPPROTO_GRE: // address means there is no need to update their checksums. + case IPPROTO_ESP: // We do not need to bother looking at GRE/ESP headers, + break; // since there is never a checksum to update. + + case IPPROTO_UDP: // See above comment, but must also have UDP header... + if (data + sizeof(*ip4) + sizeof(struct udphdr) > data_end) return TC_ACT_OK; + const struct udphdr* uh = (const struct udphdr*)(ip4 + 1); + // If IPv4/UDP checksum is 0 then fallback to clatd so it can calculate the + // checksum. Otherwise the network or more likely the NAT64 gateway might + // drop the packet because in most cases IPv6/UDP packets with a zero checksum + // are invalid. See RFC 6935. TODO: calculate checksum via bpf_csum_diff() + if (!uh->check) return TC_ACT_OK; break; default: // do not know how to handle anything else |