PSA backend, xdp helper program is reaplied in case of normal path to kernel #4126
Description
In case of TC based design the xdp-ingress helper program that replaces original ethertype of a packet with 0x0800 is reaplied before sending to the network stack. It results in malformed packets (with wrong ethertype) received on network interface.
To reproduce the bug set up vms using attached Vagrantfile and p4 program in the test.zip archive
$ vagrant up
log in to host1
$ vagrant ssh host1
ping another host to trigger arp requests
host1$ ping 192.168.200.12
in another terminal log in to router
$ vagrant ssh router
tcpdump the interface corresponding to host1 link
router$ sudo tcpdump -exxXXi eth1
malformed arp request can be seen on the dump
15:25:50.641293 08:00:27:44:5c:76 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 60: IP0 (invalid)
0x0000: ffff ffff ffff 0800 2744 5c76 0800 0001 ........'D\v....
0x0010: 0800 0604 0001 0800 2744 5c76 c0a8 640b ........'D\v..d.
0x0020: 0000 0000 0000 c0a8 6401 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
for me a workaround is to check the meta field and skip the substitution of ethertype. Check the patch:
diff --git a/backends/ebpf/psa/xdpHelpProgram.h b/backends/ebpf/psa/xdpHelpProgram.h
index e55a4b8dd..55e49317b 100644
--- a/backends/ebpf/psa/xdpHelpProgram.h
+++ b/backends/ebpf/psa/xdpHelpProgram.h
@@ -45,6 +45,8 @@ class XDPHelpProgram : public EBPFProgram {
" if ((void *)((struct ethhdr *) eth + 1) > data_end) {\n"
" return XDP_ABORTED;\n"
" }\n"
+ " if (meta->pkt_ether_type != 0)"
+ " return XDP_PASS;"
" meta->pkt_ether_type = eth->h_proto;\n"
" eth->h_proto = bpf_htons(0x0800);\n"
"\n"
However I don't know if it is relevant solution and if the problem is related to my setup rather than the compiler bug. Have anyone checked this behavior in some other environment?
test.zip