clat: just return max uint32 from AF_PACKET cbpf filter
kernel's net/packet/af_packet.c packet_rcv() does (paraphrased):
unsigned int snaplen = skb->len;
unsigned int res = run_filter(skb, sk, snaplen);
if (!res) goto drop_n_restore;
if (snaplen > res) snaplen = res;
which makes it clear that cbpf filter returning 0 means drop,
while any other unsigned int (ie. u32) value means capture that
many bytes - but no more than packet length.
Might as well just use the maximum u32 as the snaplen,
since it will be truncated to skb->len as needed.
Of course additionally IPv6 packets can have a payload size of 65535
(which does not include the IPv6 header itself, and assumes we
don't bother with IPv6 jumbograms, which we can't translate to IPv4
anyways), so the L3 mtu should actually be 65535 + 40.
Except that is also too large to translate to ipv4,
so instead the max L3 mtu should be 65535 - 20 + 40 + 8
(which is the max IPv4 packet size - sizeof ipv4 header + sizeof
ipv6 header + sizeof ipv6 fragmentation extension header).
Since the cBPF currently deals with L3 packets it should return
an L3 length (ie. not including L2 headers), but this will change
when we switch to using L2 af_packet sockets (this change will
mean we will not need to change this code at that point in time).
Furthermore, this should have always returned MAXMTU, and not
PACKETLEN, as it does not care about the tun_pi extra header
(which is added later).
ie. this *should* have always been:
#define MAXMTU (0xFFFF + 28)
BPF_STMT(BPF_RET | BPF_K, MAXMTU)
but:
BPF_STMT(BPF_RET | BPF_K, 0xFFFFFFFFu)
is even simpler.
Bug: 259872525
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2cc4960f0092720b5ee196e8716f07826bd7f362
1 file changed