Have you ever wanted to inject a GSO packet into the Linux kernel from userspace but been foiled by the lack of example code? I have good news!
I have been poking at the innards of the Linux kernel's network offload/acceleration code. I've blogged about a previous aspect - GSO_BY_FRAGS - before. To recap: modern network cards have the ability to take a long data buffer (bigger than the MTU of the link) and segment it in hardware, sticking a set of common headers on the front of each segment. In Linux, GSO - Generic Segmentation Offload - provides a lot of software infrastructure for this sort of offload.
Now normally all of this works automatically at the kernel level, without user intervention.
However, for testing, it can be helpful to be able to construct your own GSO packets. The AF_PACKET socket type allows you to insert GSO packets from userspace using infrastructure from virtio_net. However, I was unable to find any example code on the internet that showed how to actually use an AF_PACKET socket to send a GSO buffer. So after reading a lot of kernel source, I have put together a complete, working example of getting GSO packets from an AF_PACKET socket, into the kernel, and out to the network.
There's a lot more I am hoping to get into that repository soon, but in the short term I'm looking at what the kernel calls GSO_DODGY: GSO packets from an untrusted source, such as userspace. These packets have caused a lot of strife recently as it turns out they're not validated especially well: see e.g. d0c081b49137 ("flow_dissector: properly cap thoff field") and 7c68d1a6b4db ("net: qdisc_pkt_len_init() should be more robust"). I want to explore that a bit more, because the qdisc patch is blocking some other work I want to do. Stay tuned!
I have been poking at the innards of the Linux kernel's network offload/acceleration code. I've blogged about a previous aspect - GSO_BY_FRAGS - before. To recap: modern network cards have the ability to take a long data buffer (bigger than the MTU of the link) and segment it in hardware, sticking a set of common headers on the front of each segment. In Linux, GSO - Generic Segmentation Offload - provides a lot of software infrastructure for this sort of offload.
Now normally all of this works automatically at the kernel level, without user intervention.
However, for testing, it can be helpful to be able to construct your own GSO packets. The AF_PACKET socket type allows you to insert GSO packets from userspace using infrastructure from virtio_net. However, I was unable to find any example code on the internet that showed how to actually use an AF_PACKET socket to send a GSO buffer. So after reading a lot of kernel source, I have put together a complete, working example of getting GSO packets from an AF_PACKET socket, into the kernel, and out to the network.
There's a lot more I am hoping to get into that repository soon, but in the short term I'm looking at what the kernel calls GSO_DODGY: GSO packets from an untrusted source, such as userspace. These packets have caused a lot of strife recently as it turns out they're not validated especially well: see e.g. d0c081b49137 ("flow_dissector: properly cap thoff field") and 7c68d1a6b4db ("net: qdisc_pkt_len_init() should be more robust"). I want to explore that a bit more, because the qdisc patch is blocking some other work I want to do. Stay tuned!
creprionup_fu_2001 Heather Wang https://wakelet.com/wake/AH9RR1iVikjeU9FPeh0S9
ReplyDeletefromiztralvi
Oiniddia_zo Gregg Gant click
ReplyDeletelink
click here
click here
gurgrabelmai
Nplicmi0jumeNew Orleans Jensen Alfonso 4K Video Downloader
ReplyDeleteVisit
Reg Organizer
nodenkirchvab
betiabapu Megan Edwardz get
ReplyDeleteLink
neuturwehrru