@@ -187,6 +187,7 @@ enum bpf_prog_type {
BPF_PROG_TYPE_STRUCT_OPS,
BPF_PROG_TYPE_EXT,
BPF_PROG_TYPE_LSM,
+ BPF_PROG_TYPE_SK_LOOKUP,
};
enum bpf_attach_type {
@@ -218,6 +219,7 @@ enum bpf_attach_type {
BPF_TRACE_FEXIT,
BPF_MODIFY_RETURN,
BPF_LSM_MAC,
+ BPF_SK_LOOKUP,
__MAX_BPF_ATTACH_TYPE
};
@@ -3041,6 +3043,10 @@ union bpf_attr {
*
* int bpf_sk_assign(struct sk_buff *skb, struct bpf_sock *sk, u64 flags)
* Description
+ * Helper is overloaded depending on BPF program type. This
+ * description applies to **BPF_PROG_TYPE_SCHED_CLS** and
+ * **BPF_PROG_TYPE_SCHED_ACT** programs.
+ *
* Assign the *sk* to the *skb*. When combined with appropriate
* routing configuration to receive the packet towards the socket,
* will cause *skb* to be delivered to the specified socket.
@@ -3061,6 +3067,39 @@ union bpf_attr {
* call from outside of TC ingress.
* * **-ESOCKTNOSUPPORT** Socket type not supported (reuseport).
*
+ * int bpf_sk_assign(struct bpf_sk_lookup *ctx, struct bpf_sock *sk, u64 flags)
+ * Description
+ * Helper is overloaded depending on BPF program type. This
+ * description applies to **BPF_PROG_TYPE_SK_LOOKUP** programs.
+ *
+ * Select the *sk* as a result of a socket lookup.
+ *
+ * For the operation to succeed passed socket must be compatible
+ * with the packet description provided by the *ctx* object.
+ *
+ * L4 protocol (*IPPROTO_TCP* or *IPPROTO_UDP*) must be an exact
+ * match. While IP family (*AF_INET* or *AF_INET6*) must be
+ * compatible, that is IPv6 sockets that are not v6-only can be
+ * selected for IPv4 packets.
+ *
+ * Only full sockets can be selected. However, there is no need to
+ * call bpf_fullsock() before passing a socket as an argument to
+ * this helper.
+ *
+ * The *flags* argument must be zero.
+ * Return
+ * 0 on success, or a negative errno in case of failure.
+ *
+ * **-EAFNOSUPPORT** is socket family (*sk->family*) is not
+ * compatible with packet family (*ctx->family*).
+ *
+ * **-EINVAL** if unsupported flags were specified.
+ *
+ * **-EPROTOTYPE** if socket L4 protocol (*sk->protocol*) doesn't
+ * match packet protocol (*ctx->protocol*).
+ *
+ * **-ESOCKTNOSUPPORT** if socket is not a full socket.
+ *
* u64 bpf_ktime_get_boot_ns(void)
* Description
* Return the time elapsed since system boot, in nanoseconds.
@@ -4012,4 +4051,18 @@ struct bpf_pidns_info {
__u32 pid;
__u32 tgid;
};
+
+/* User accessible data for SK_LOOKUP programs. Add new fields at the end. */
+struct bpf_sk_lookup {
+ __u32 family; /* AF_INET, AF_INET6 */
+ __u32 protocol; /* IPPROTO_TCP, IPPROTO_UDP */
+ /* IP addresses allows 1, 2, and 4 bytes access */
+ __u32 src_ip4;
+ __u32 src_ip6[4];
+ __u32 src_port; /* network byte order */
+ __u32 dst_ip4;
+ __u32 dst_ip6[4];
+ __u32 dst_port; /* host byte order */
+};
+
#endif /* _UAPI__LINUX_BPF_H__ */