diff options
| author | Daniel Borkmann <daniel@iogearbox.net> | 2016-03-16 01:42:51 +0100 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2022-04-19 00:50:11 +0300 |
| commit | d7cb0ec47fc40d3903c884a949dfa78fb170d004 (patch) | |
| tree | de78186f539d8a94e4e09a214c30cb958b5b0772 /net | |
| parent | 49d7a6877aebde96cdc7f369facb260b4ebc6ce5 (diff) | |
ip_tunnels, bpf: define IP_TUNNEL_OPTS_MAX and use it
eBPF defines this as BPF_TUNLEN_MAX and OVS just uses the hard-coded
value inside struct sw_flow_key. Thus, add and use IP_TUNNEL_OPTS_MAX
for this, which makes the code a bit more generic and allows to remove
BPF_TUNLEN_MAX from eBPF code.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chatur27 <jasonbright2709@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/filter.c | 9 | ||||
| -rw-r--r-- | net/ipv4/ip_tunnel_core.c | 6 | ||||
| -rw-r--r-- | net/openvswitch/flow.h | 2 |
3 files changed, 9 insertions, 8 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 22a008313b73..7aeac525fcb0 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1914,8 +1914,6 @@ static const struct bpf_func_proto bpf_skb_set_tunnel_key_proto = { .arg4_type = ARG_ANYTHING, }; -#define BPF_TUNLEN_MAX 255 - static u64 bpf_skb_set_tunnel_opt(u64 r1, u64 r2, u64 size, u64 r4, u64 r5) { struct sk_buff *skb = (struct sk_buff *) (long) r1; @@ -1925,7 +1923,7 @@ static u64 bpf_skb_set_tunnel_opt(u64 r1, u64 r2, u64 size, u64 r4, u64 r5) if (unlikely(info != &md->u.tun_info || (size & (sizeof(u32) - 1)))) return -EINVAL; - if (unlikely(size > BPF_TUNLEN_MAX)) + if (unlikely(size > IP_TUNNEL_OPTS_MAX)) return -ENOMEM; ip_tunnel_info_opts_set(info, from, size); @@ -1946,13 +1944,10 @@ static const struct bpf_func_proto * bpf_get_skb_set_tunnel_proto(enum bpf_func_id which) { if (!md_dst) { - BUILD_BUG_ON(FIELD_SIZEOF(struct ip_tunnel_info, - options_len) != 1); - /* Race is not possible, since it's called from verifier * that is holding verifier mutex. */ - md_dst = metadata_dst_alloc_percpu(BPF_TUNLEN_MAX, + md_dst = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX, GFP_KERNEL); if (!md_dst) return NULL; diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index 4916d1857b75..4d64aa76d285 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -407,6 +407,12 @@ static const struct lwtunnel_encap_ops ip6_tun_lwt_ops = { void __init ip_tunnel_core_init(void) { + /* If you land here, make sure whether increasing ip_tunnel_info's + * options_len is a reasonable choice with its usage in front ends + * (f.e., it's part of flow keys, etc). + */ + BUILD_BUG_ON(IP_TUNNEL_OPTS_MAX != 255); + lwtunnel_encap_add_ops(&ip_tun_lwt_ops, LWTUNNEL_ENCAP_IP); lwtunnel_encap_add_ops(&ip6_tun_lwt_ops, LWTUNNEL_ENCAP_IP6); } diff --git a/net/openvswitch/flow.h b/net/openvswitch/flow.h index 1d055c559eaf..03378e75a67c 100644 --- a/net/openvswitch/flow.h +++ b/net/openvswitch/flow.h @@ -55,7 +55,7 @@ struct ovs_tunnel_info { FIELD_SIZEOF(struct sw_flow_key, recirc_id)) struct sw_flow_key { - u8 tun_opts[255]; + u8 tun_opts[IP_TUNNEL_OPTS_MAX]; u8 tun_opts_len; struct ip_tunnel_key tun_key; /* Encapsulating tunnel key. */ struct { |