Re: [PATCH bpf-next v3 4/4] selftests/bpf: add icmp_send_unreach kfunc tests

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Martin KaFai Lau <martin.lau@linux•dev>
To: Mahe Tardy <mahe.tardy@gmail•com>
Cc: alexei.starovoitov@gmail•com, andrii@kernel•org, ast@kernel•org,
	bpf@vger•kernel.org, coreteam@netfilter•org,
	daniel@iogearbox•net, fw@strlen•de, john.fastabend@gmail•com,
	netdev@vger•kernel.org, netfilter-devel@vger•kernel.org,
	oe-kbuild-all@lists•linux.dev, pablo@netfilter•org,
	lkp@intel•com
Subject: Re: [PATCH bpf-next v3 4/4] selftests/bpf: add icmp_send_unreach kfunc tests
Date: Tue, 29 Jul 2025 17:01:24 -0700	[thread overview]
Message-ID: <cdd57fe6-ed8c-4cc9-a1dc-8563160a71e4@linux.dev> (raw)
In-Reply-To: <996bb1dd-e72e-4515-a60f-c5f31b840459@linux.dev>

On 7/29/25 4:27 PM, Martin KaFai Lau wrote:
> On 7/29/25 2:09 AM, Mahe Tardy wrote:
>> On Mon, Jul 28, 2025 at 06:18:11PM -0700, Martin KaFai Lau wrote:
>>> On 7/28/25 2:43 AM, Mahe Tardy wrote:
>>>> +SEC("cgroup_skb/egress")
>>>> +int egress(struct __sk_buff *skb)
>>>> +{
>>>> +    void *data = (void *)(long)skb->data;
>>>> +    void *data_end = (void *)(long)skb->data_end;
>>>> +    struct iphdr *iph;
>>>> +    struct tcphdr *tcph;
>>>> +
>>>> +    iph = data;
>>>> +    if ((void *)(iph + 1) > data_end || iph->version != 4 ||
>>>> +        iph->protocol != IPPROTO_TCP || iph->daddr != bpf_htonl(SERVER_IP))
>>>> +        return SK_PASS;
>>>> +
>>>> +    tcph = (void *)iph + iph->ihl * 4;
>>>> +    if ((void *)(tcph + 1) > data_end ||
>>>> +        tcph->dest != bpf_htons(SERVER_PORT))
>>>> +        return SK_PASS;
>>>> +
>>>> +    kfunc_ret = bpf_icmp_send_unreach(skb, unreach_code);
>>>> +
>>>> +    /* returns SK_PASS to execute the test case quicker */
>>>
>>> Do you know why the user space is slower if 0 (SK_DROP) is used?
>>
>> I tried to write my understanding of this in the commit description:
>>
>> "Note that the BPF program returns SK_PASS to let the connection being
>> established to finish the test cases quicker. Otherwise, you have to
>> wait for the TCP three-way handshake to timeout in the kernel and
>> retrieve the errno translated from the unreach code set by the ICMP
>> control message."
> 
> This feels like a bit hacky to let the 3WHS finished while the objective of the 
> patch set is to drop it. It is not unusual for people to directly borrow this 
> code. Does non blocking connect() help?
> 

After reading more on how sk_err_soft is used, non blocking won't help. I think 
I see why tcp rst is better.

next prev parent reply	other threads:[~2025-07-30  0:01 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAADnVQKq_-=N7eJoup6AqFngoocT+D02NF0md_3mi2Vcrw09nQ@mail.gmail.com>
2025-07-25 18:53 ` [PATCH bpf-next v1 0/4] bpf: add icmp_send_unreach kfunc Mahe Tardy
2025-07-25 18:53   ` [PATCH bpf-next v2 1/4] net: move netfilter nf_reject_fill_skb_dst to core ipv4 Mahe Tardy
2025-07-25 18:53   ` [PATCH bpf-next v2 2/4] net: move netfilter nf_reject6_fill_skb_dst to core ipv6 Mahe Tardy
2025-07-25 18:53   ` [PATCH bpf-next v2 3/4] bpf: add bpf_icmp_send_unreach cgroup_skb kfunc Mahe Tardy
2025-07-27  1:49     ` kernel test robot
2025-07-28  9:43       ` [PATCH bpf-next v3 0/4] bpf: add icmp_send_unreach kfunc Mahe Tardy
2025-07-28  9:43         ` [PATCH bpf-next v3 1/4] net: move netfilter nf_reject_fill_skb_dst to core ipv4 Mahe Tardy
2025-07-28  9:43         ` [PATCH bpf-next v3 2/4] net: move netfilter nf_reject6_fill_skb_dst to core ipv6 Mahe Tardy
2025-07-28  9:43         ` [PATCH bpf-next v3 3/4] bpf: add bpf_icmp_send_unreach cgroup_skb kfunc Mahe Tardy
2025-07-28 20:10           ` kernel test robot
2025-07-29  1:05           ` Martin KaFai Lau
2025-07-29 10:06             ` Mahe Tardy
2025-07-29 23:13               ` Martin KaFai Lau
2025-07-28  9:43         ` [PATCH bpf-next v3 4/4] selftests/bpf: add icmp_send_unreach kfunc tests Mahe Tardy
2025-07-28 15:40           ` Yonghong Song
2025-07-28 15:59             ` Mahe Tardy
2025-07-29  1:18           ` Martin KaFai Lau
2025-07-29  9:09             ` Mahe Tardy
2025-07-29 23:27               ` Martin KaFai Lau
2025-07-30  0:01                 ` Martin KaFai Lau [this message]
2025-07-30  0:32                   ` Martin KaFai Lau
2025-08-05 23:26           ` Jordan Rife
2025-07-29  1:21         ` [PATCH bpf-next v3 0/4] bpf: add icmp_send_unreach kfunc Martin KaFai Lau
2025-07-29  9:53           ` Mahe Tardy
2025-07-30  1:54             ` Martin KaFai Lau
2025-08-01 18:50               ` Mahe Tardy
2026-04-20 10:58                 ` [PATCH bpf-next v4 0/6] " Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 1/6] net: move netfilter nf_reject_fill_skb_dst to core ipv4 Mahe Tardy
2026-04-20 11:36                     ` bot+bpf-ci
2026-04-20 13:04                       ` Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 2/6] net: move netfilter nf_reject6_fill_skb_dst to core ipv6 Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 3/6] bpf: add bpf_icmp_send_unreach kfunc Mahe Tardy
2026-04-20 11:36                     ` bot+bpf-ci
2026-04-20 13:07                       ` Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 4/6] selftests/bpf: add icmp_send_unreach kfunc tests Mahe Tardy
2026-04-20 11:36                     ` bot+bpf-ci
2026-04-20 13:08                       ` Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 5/6] selftests/bpf: add icmp_send_unreach kfunc IPv6 tests Mahe Tardy
2026-04-20 10:58                   ` [PATCH bpf-next v4 6/6] selftests/bpf: add icmp_send_unreach_recursion test Mahe Tardy
2025-07-25 18:53   ` [PATCH bpf-next v2 4/4] selftests/bpf: add icmp_send_unreach kfunc tests Mahe Tardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cdd57fe6-ed8c-4cc9-a1dc-8563160a71e4@linux.dev \
    --to=martin.lau@linux$(echo .)dev \
    --cc=alexei.starovoitov@gmail$(echo .)com \
    --cc=andrii@kernel$(echo .)org \
    --cc=ast@kernel$(echo .)org \
    --cc=bpf@vger$(echo .)kernel.org \
    --cc=coreteam@netfilter$(echo .)org \
    --cc=daniel@iogearbox$(echo .)net \
    --cc=fw@strlen$(echo .)de \
    --cc=john.fastabend@gmail$(echo .)com \
    --cc=lkp@intel$(echo .)com \
    --cc=mahe.tardy@gmail$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=netfilter-devel@vger$(echo .)kernel.org \
    --cc=oe-kbuild-all@lists$(echo .)linux.dev \
    --cc=pablo@netfilter$(echo .)org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox