fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-15 21:48:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
34382 commits 506 branches 615 tags 173 MiB
Commit graph

12 commits

Author SHA1 Message Date
Beniamino Galvani
173dc154a0 bpf: clat: remove commented code 
The rewrite of IPv6 header inside a ICMP error needs to be
implemented. Remove the unused comments for now.
 2026-01-24 09:42:32 +01:00
Beniamino Galvani
e99a6452be bpf: clat: fix error handling for IPv6 packets 
There are 3 possible results from clat_translate_v6():

 1. the packet didn't match the CLAT IPv6 address and must be
   accepted;

 2. the packet matches but it is invalid and so it must be dropped;

 3. the packet matches and it is valid; clat_handle_v6() should
    translate the packet to IPv4;

Before, the function returned TC_ACT_SHOT for both 2 and 3. Therefore,
clat_handle_v6() tried to rewrite also invalid packets.

Fix that by returning TC_ACT_UNSPEC for valid packets, meaning that
there isn't a final verdict yet.
 2026-01-24 09:42:31 +01:00
Beniamino Galvani
232da41572 bpf: clat: don't explicitly inline functions 
BPF handles function calls fine these days. Only leave the inline
qualifier on very small functions like csum_fold_helper().
 2026-01-24 09:42:31 +01:00
Beniamino Galvani
213e9e33da bpf: clat: use the right endian-conversion function 
bpf_ntohl() is more correct because the field is in network byte
order; but there is no actual change in behavior.
 2026-01-24 09:42:30 +01:00
Beniamino Galvani
3af6761655 bpf: clat: fix translation of ICMPv6 Parameter Problem 
According to RFC 6145 5.2, the pointer should be set for code 0, not
1.
 2026-01-24 09:42:29 +01:00
Beniamino Galvani
6273f0afba bpf: clat: add missing "break" statements 2026-01-24 09:42:28 +01:00
Beniamino Galvani
d1351f1219 bpf: clat: remove unused includes 2026-01-24 09:42:27 +01:00
Beniamino Galvani
ade4de22f3 bpf: clat: remove unused variables 2026-01-24 09:42:27 +01:00
Beniamino Galvani
f9cd6e20a5 bpf: clat: fix other verifier errors 
When copying the IPv6 addresses via a direct assignement, the compiler
generates 32-bit operations that the verifier doesn't like:

>   237: (61) r3 = *(u32 *)(r8 +76)       ; frame1: R3_w=pkt(r=0) R8=ctx()
>   ; .saddr = ip6h->saddr, @ clat.bpf.c:124
>   238: (63) *(u32 *)(r10 -64) = r3
>   invalid size of register spill

Use explicit memcpy() for those.

Also, check the packet length before accessing the ICMPv6 header.
 2026-01-24 09:42:26 +01:00
Beniamino Galvani
815a795203 bpf: clat: avoid 32-bit register spills when access skb->data 
The verifier reports this error when accessing skb->data:

  ; void *data     = (void *)(unsigned long long)skb->data; @ clat.bpf.c:625
  (61) r2 = *(u32 *)(r1 +76)       ; frame1: R1=ctx() R2_w=pkt(r=0)
  (63) *(u32 *)(r10 -120) = r2
  invalid size of register spill

Apparently it's trying to spill only 32 bits from the register to the
stack, which is invalid. A similar problem was reported here:
https://github.com/cilium/cilium/pull/25336

Add some macros using inline asm to fix the problem. With this change
now the compiler properly generates 64-bit spills.

 ; src/core/bpf/clat.bpf.c:625
-;     void *data     = (void *)(unsigned long long)skb->data;
+;     void *data     = SKB_DATA(skb);
      137:      61 12 4c 00 00 00 00 00 w2 = *(u32 *)(r1 + 0x4c)
-     138:      63 2a 88 ff 00 00 00 00 *(u32 *)(r10 - 0x78) = w2
+     138:      7b 2a 88 ff 00 00 00 00 *(u64 *)(r10 - 0x78) = r2
 2026-01-24 09:42:25 +01:00
Beniamino Galvani
ebb86ed2dd Add CLAT BPF program and build machinery (fixes) 2026-01-24 09:40:48 +01:00
Mary Strodl
fa9c00b595 Add CLAT BPF program and build machinery 2026-01-24 09:40:47 +01:00