1. Patchew
  2. linux
  3. View series

[PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test

Suchit Karunakaran posted 1 patch 6 months, 2 weeks ago 
tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
[PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
Posted by Suchit Karunakaran 6 months, 2 weeks ago 
From: Suchit <suchitkarunakaran@gmail.com>

Add validation step to ensure that the UDP payload is
long enough to contain the expected GUE and UNIGUE encapsulation
headers

Signed-off-by: Suchit <suchitkarunakaran@gmail.com>
---

Changes since v2:
- Rebase

 tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
index f344c6835e84..c1d2eaee2e77 100644
--- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
+++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
@@ -978,7 +978,14 @@ int cls_redirect(struct __sk_buff *skb)
 		return TC_ACT_OK;
 	}
 
-	/* TODO Check UDP length? */
+	uint16_t udp_len = bpf_ntohs(encap->udp.len);
+	uint16_t min_encap_len = sizeof(encap->udp) + sizeof(encap->gue) + sizeof(encap->unigue);
+
+	if (udp_len < min_encap_len) {
+		metrics->errors_total_malformed_encapsulation++;
+		return TC_ACT_SHOT;
+	}
+
 	if (encap->udp.dest != ENCAPSULATION_PORT) {
 		return TC_ACT_OK;
 	}
-- 
2.49.0
Re: [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
Posted by Alexei Starovoitov 6 months, 2 weeks ago 
On Mon, Jun 2, 2025 at 10:28 PM Suchit Karunakaran
<suchitkarunakaran@gmail.com> wrote:
>
> From: Suchit <suchitkarunakaran@gmail.com>
>
> Add validation step to ensure that the UDP payload is
> long enough to contain the expected GUE and UNIGUE encapsulation
> headers
>
> Signed-off-by: Suchit <suchitkarunakaran@gmail.com>
> ---
>
> Changes since v2:
> - Rebase
>
>  tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> index f344c6835e84..c1d2eaee2e77 100644
> --- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> +++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> @@ -978,7 +978,14 @@ int cls_redirect(struct __sk_buff *skb)
>                 return TC_ACT_OK;
>         }
>
> -       /* TODO Check UDP length? */
> +       uint16_t udp_len = bpf_ntohs(encap->udp.len);
> +       uint16_t min_encap_len = sizeof(encap->udp) + sizeof(encap->gue) + sizeof(encap->unigue);
> +
> +       if (udp_len < min_encap_len) {
> +               metrics->errors_total_malformed_encapsulation++;
> +               return TC_ACT_SHOT;
> +       }

I don't quite see the point.
This is a test prog. It's not supposed to be used as production code.
Re: [PATCH v2] selftests/bpf: Validate UDP length in cls_redirect test
Posted by Suchit K 6 months, 1 week ago 
> I don't quite see the point.
> This is a test prog. It's not supposed to be used as production code.

It was marked as a TODO and so I sent a patch for it. I'm sorry I
didn't think of the practical implications of it.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.