Re: [PATCH bpf-next v2] bpf: Fix bpf_get/setsockopt to tos not take effect when TCP over IPv4 via INET6 API
From: Eric Dumazet
Date: Fri Aug 23 2024 - 09:36:09 EST
On Fri, Aug 23, 2024 at 10:53 AM Feng zhou <zhoufeng.zf@xxxxxxxxxxxxx> wrote:
>
> From: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>
>
> when TCP over IPv4 via INET6 API, bpf_get/setsockopt with ipv4 will
> fail, because sk->sk_family is AF_INET6. With ipv6 will success, not
> take effect, because inet_csk(sk)->icsk_af_ops is ipv6_mapped and
> use ip_queue_xmit, inet_sk(sk)->tos.
>
> So bpf_get/setsockopt needs add the judgment of this case. Just check
> "inet_csk(sk)->icsk_af_ops == &ipv6_mapped".
>
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202408152034.lw9Ilsj6-lkp@xxxxxxxxx/
> Signed-off-by: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>
> ---
> Changelog:
> v1->v2: Addressed comments from kernel test robot
> - Fix compilation error
> Details in here:
> https://lore.kernel.org/bpf/202408152058.YXAnhLgZ-lkp@xxxxxxxxx/T/
>
> include/net/tcp.h | 2 ++
> net/core/filter.c | 6 +++++-
> net/ipv6/tcp_ipv6.c | 6 ++++++
> 3 files changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 2aac11e7e1cc..ea673f88c900 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -493,6 +493,8 @@ struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
> struct tcp_options_received *tcp_opt,
> int mss, u32 tsoff);
>
> +bool is_tcp_sock_ipv6_mapped(struct sock *sk);
> +
> #if IS_ENABLED(CONFIG_BPF)
> struct bpf_tcp_req_attrs {
> u32 rcv_tsval;
> diff --git a/net/core/filter.c b/net/core/filter.c
> index ecf2ddf633bf..02a825e35c4d 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -5399,7 +5399,11 @@ static int sol_ip_sockopt(struct sock *sk, int optname,
> char *optval, int *optlen,
> bool getopt)
> {
> - if (sk->sk_family != AF_INET)
> + if (sk->sk_family != AF_INET
> +#if IS_BUILTIN(CONFIG_IPV6)
> + && !is_tcp_sock_ipv6_mapped(sk)
> +#endif
> + )
> return -EINVAL;
This does not look right to me.
I would remove the test completely.
SOL_IP socket options are available on AF_INET6 sockets just fine.