CODEWITHSUNDEEP
network-programminglinux-kernelebpfbpf
Deepankur Gupta
Deepankur Gupta

Reputation: 23

Parsing Non linear packet payload in TC BPF programs

We are parsing DHCP packets in TC egress BPF program, In our case, the packet after the UDP header was not present in between skb->data and skb->data_end. On further investigation we found that it lies in non-linear portion. and we have bpf_skb_pull_data(skb,len) to direct access non-linear data.

Few questions based on above:

  1. After call to bpf_skb_pull_data(skb, skb->len); the value of skb->data and skb->data_end pointers changed. Can there be any implication down the stack with change in value of skb->data pointer. Also is this helper function analogous to skb_pull which changes the skb->data pointer and is typically moved when the packet goes up the stack as a result of packet being parsed on that layer? Do we have something similar to skb_linearize() in BPF or any other way to parse non-linear portion?

  2. For our case, packet after the UDP header was in non-linear portion, can it happen that packet after IP header go in non-linear or packet after ethernet-header?

Upvotes: 1

Views: 849

Answers (1)

pchaigno
pchaigno

Reputation: 13103

After call to bpf_skb_pull_data(skb, skb->len); the value of skb->data and skb->data_end pointers changed. Can there be any implication down the stack with change in value of skb->data pointer.

bpf_skb_pull_data ends up calling pskb_expand_head in the kernel, which clarifies the impact:

Expands (or creates identical copy, if @nhead and @ntail are zero) header of @skb. [...] All the pointers pointing into skb header may change and must be reloaded after call to this function.

It is therefore expected that the data and data_end pointers are updated. I can't think of any other implication if you are only consuming the kernel's API (and not making changes to the kernel itself).

Also is this helper function analogous to skb_pull which changes the skb->data pointer

Not really. skb_pull removes data from the start of the packet's memory buffer. bpf_skb_pull_data pulls in non-linear data when you want to perform a direct packet access with BPF.

Do we have something similar to skb_linearize() in BPF or any other way to parse non-linear portion?

As far as I know, the closest is bpf_skb_pull_data. If that helper doesn't address your use case for some reason, I would suggest asking on the BPF mailing list.

For our case, packet after the UDP header was in non-linear portion, can it happen that packet after IP header go in non-linear or packet after ethernet-header?

Yes for the IP payload; It's just a matter of how large your IP header is. It seems unlikely for the Ethernet header.

Upvotes: 3

Related Questions