From patchwork Wed May 6 12:54:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 960F4C47259 for ; Wed, 6 May 2020 12:55:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 766FD20836 for ; Wed, 6 May 2020 12:55:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="Xd8Rqi9d" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728711AbgEFMz1 (ORCPT ); Wed, 6 May 2020 08:55:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35322 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728681AbgEFMzW (ORCPT ); Wed, 6 May 2020 08:55:22 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEEF8C061A41 for ; Wed, 6 May 2020 05:55:21 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id e16so2069771wra.7 for ; Wed, 06 May 2020 05:55:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=FvXoRuhTO+OxNF0cbAiPa+Gek9SWWsXi4MoNMSh2OYs=; b=Xd8Rqi9daAx3iYnyrr5t/LQBsjNXCh6OSPWaI9M/K3s+TxH5LqpakcBYtZsTyKM4uE Jy2pmxpnXS4RaOha9xrU2R7MpdTkjacg9UQ9k7Iq0txMc59CSIDTA/CL2LmWwXeJjJye bLmHzddGCL5J474DqbL+cG22404VPn7/ldIwU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FvXoRuhTO+OxNF0cbAiPa+Gek9SWWsXi4MoNMSh2OYs=; b=p6VME61wZdwYx43P8AMoUc0Xv+exBJWqt7XwgiZxiFx6kPWvz2m9uhJGpiErYrHW7k 3rdTmHcZf2h+4rKP6kfeBrye7fBgGCPqFZ9/8cqjLH58LCHxDnX0u3ZkZxVH07iyBvcZ U5hU0YIOzl5PRHN7BVtDU8mk9ekQ1JaKctabPc2NyGsBI/s4USktP6hfMzyiUKUo/g0k I+QVyukwW4O3nJqIXwM4JojoJsyrup/nBzyw23J9AfdbUiSmBtv5Xl1pt88BiIoM83Tb NEgSq5VC/pfN6VwJkPKJrjc5nVH0nZXUlj1ONXXXScy8YSAcBXbO9MtBDMeDBM4oGGnT y3gQ== X-Gm-Message-State: AGi0PubiFxBJIAKn3V492lm7PQAnnnXB6gB8/fcUbrfJD9RWGdZK51wr +3dxsRQWn89MIJ4wJMLWG8lbv/5WU+w= X-Google-Smtp-Source: APiQypIw9GWmg8+jYFghcU+u+Ul8dI8H/abrLQvalKNXzcXrvflItoBKf5rx8JTbnK9RGVPl9Mggyw== X-Received: by 2002:a05:6000:1209:: with SMTP id e9mr8969813wrx.45.1588769720299; Wed, 06 May 2020 05:55:20 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id i1sm2647901wrx.22.2020.05.06.05.55.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:19 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski , Lorenz Bauer Subject: [PATCH bpf-next 03/17] inet: Store layer 4 protocol in inet_hashinfo Date: Wed, 6 May 2020 14:54:59 +0200 Message-Id: <20200506125514.1020829-4-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make it possible to identify the protocol of sockets stored in hashinfo without looking up a socket. Subsequent patches make use the new field at the socket lookup time to ensure that BPF program selects only sockets with matching protocol. Reviewed-by: Lorenz Bauer Signed-off-by: Jakub Sitnicki --- include/net/inet_hashtables.h | 3 +++ net/dccp/proto.c | 2 +- net/ipv4/tcp_ipv4.c | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index ad64ba6a057f..6072dfbd1078 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -144,6 +144,9 @@ struct inet_hashinfo { unsigned int lhash2_mask; struct inet_listen_hashbucket *lhash2; + /* Layer 4 protocol of the stored sockets */ + int protocol; + /* All the above members are written once at bootup and * never written again _or_ are predominantly read-access. * diff --git a/net/dccp/proto.c b/net/dccp/proto.c index 4af8a98fe784..c826419e68e6 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -45,7 +45,7 @@ EXPORT_SYMBOL_GPL(dccp_statistics); struct percpu_counter dccp_orphan_count; EXPORT_SYMBOL_GPL(dccp_orphan_count); -struct inet_hashinfo dccp_hashinfo; +struct inet_hashinfo dccp_hashinfo = { .protocol = IPPROTO_DCCP }; EXPORT_SYMBOL_GPL(dccp_hashinfo); /* the maximum queue length for tx in packets. 0 is no limit */ diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 6c05f1ceb538..77e4f4e4c73c 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,7 +87,7 @@ static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); #endif -struct inet_hashinfo tcp_hashinfo; +struct inet_hashinfo tcp_hashinfo = { .protocol = IPPROTO_TCP }; EXPORT_SYMBOL(tcp_hashinfo); static u32 tcp_v4_init_seq(const struct sk_buff *skb) From patchwork Wed May 6 12:55:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A60E3C28CBC for ; Wed, 6 May 2020 12:55:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 86DA82073A for ; Wed, 6 May 2020 12:55:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="subZHrfe" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728728AbgEFMzb (ORCPT ); Wed, 6 May 2020 08:55:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728690AbgEFMzY (ORCPT ); Wed, 6 May 2020 08:55:24 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88E66C061A41 for ; Wed, 6 May 2020 05:55:23 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id z6so2543136wml.2 for ; Wed, 06 May 2020 05:55:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9noGy2vUCBDrAPWtCIVb+XgnFMrL8ORFJKJL+2qZn1o=; b=subZHrfeZrSkhLKvlxF+cgcnZvaZFhQFzfmVPLrwXBschatyTmNWKrbbe562MZumg6 IIi2doG3i+DNThndw/6qYjNKqOIiqzBjl1HmeeKoHjkGdmBqm50iPvDUdvIy5/oeL7iY yH3Iag4R8DLXKOEfYgHp17jOsXKYSaZSbH/UM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9noGy2vUCBDrAPWtCIVb+XgnFMrL8ORFJKJL+2qZn1o=; b=jYb2HNWw7rvxO2gLHvVKFlau83jzwOnO+vceUI+zsjfxyYbAQkIjcKKM0dX3WBoQag yAWKNoIjaCcKainGmqgOFaIQ6GyY7YHeRsRux7jBDJf6UZ3U0Ol/rWp79GC2CpSyzHkJ zRn4bxQcrKG1EQsTXmW42VMkQ+0Ywh+9ttmHqNUbjePb0mIxC/I6B9/iOAOhIeMN3Sqq dhK7wc+r/IkN6BwISIsRtXK8AXCPiMti4jfQ6VHYVJhe4VZadvbM5JF1784cF4FWBIn3 +DL77vNbqIYgLFcKr69GW8DLWIP9IPO+QNYSUxvY9GL0R+MSwGQE55GHHXHZfNwDUsw/ OF/g== X-Gm-Message-State: AGi0Pubup62y8U8voFyk4jGc5BitBk+iEOq8vAME+JXcJbr/Jgtf5OKE AyEjiH3PDYu4n0Q57wDSvyvqsgrOcWo= X-Google-Smtp-Source: APiQypJ1UOHuoN8Fu7Vf0zRSExRkqTtB6p/AZfDaJOIe9cEGDR7TXWpBep19ZVSoGE4+cN7Lv9lFLQ== X-Received: by 2002:a05:600c:2a52:: with SMTP id x18mr4205205wme.37.1588769721770; Wed, 06 May 2020 05:55:21 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id k23sm2681520wmi.46.2020.05.06.05.55.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:21 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski Subject: [PATCH bpf-next 04/17] inet: Extract helper for selecting socket from reuseport group Date: Wed, 6 May 2020 14:55:00 +0200 Message-Id: <20200506125514.1020829-5-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Prepare for calling into reuseport from __inet_lookup_listener as well. Signed-off-by: Jakub Sitnicki --- net/ipv4/inet_hashtables.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 2bbaaf0c7176..ab64834837c8 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -246,6 +246,21 @@ static inline int compute_score(struct sock *sk, struct net *net, return score; } +static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk, + struct sk_buff *skb, int doff, + __be32 saddr, __be16 sport, + __be32 daddr, unsigned short hnum) +{ + struct sock *reuse_sk = NULL; + u32 phash; + + if (sk->sk_reuseport) { + phash = inet_ehashfn(net, daddr, hnum, saddr, sport); + reuse_sk = reuseport_select_sock(sk, phash, skb, doff); + } + return reuse_sk; +} + /* * Here are some nice properties to exploit here. The BSD API * does not allow a listening sock to specify the remote port nor the @@ -265,21 +280,17 @@ static struct sock *inet_lhash2_lookup(struct net *net, struct inet_connection_sock *icsk; struct sock *sk, *result = NULL; int score, hiscore = 0; - u32 phash = 0; inet_lhash2_for_each_icsk_rcu(icsk, &ilb2->head) { sk = (struct sock *)icsk; score = compute_score(sk, net, hnum, daddr, dif, sdif, exact_dif); if (score > hiscore) { - if (sk->sk_reuseport) { - phash = inet_ehashfn(net, daddr, hnum, - saddr, sport); - result = reuseport_select_sock(sk, phash, - skb, doff); - if (result) - return result; - } + result = lookup_reuseport(net, sk, skb, doff, + saddr, sport, daddr, hnum); + if (result) + return result; + result = sk; hiscore = score; } From patchwork Wed May 6 12:55:01 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219780 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F725C38A24 for ; Wed, 6 May 2020 12:56:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E380B2073A for ; Wed, 6 May 2020 12:56:09 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="j4sNptzT" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728775AbgEFM4J (ORCPT ); Wed, 6 May 2020 08:56:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35346 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728704AbgEFMz1 (ORCPT ); Wed, 6 May 2020 08:55:27 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE6B5C061BD3 for ; Wed, 6 May 2020 05:55:24 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id x17so2074275wrt.5 for ; Wed, 06 May 2020 05:55:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=oLe4Rujwy2vUFJip5GQFe5EbeF/yzhx7q0Dlr8Akcec=; b=j4sNptzT+9kPOCQ8TEUHJo/IBR9XVpPN8xn0iIS7qsJyowoCWesuD5pEe6YePoklfs UYbWaTHFnsorW3B0hDSatO19wz3p9keorrDeeFlthNLxK3ZKAyS6b2L+4YZXO4x0WfMe 5IiCKXibn+YpnJEYpSgzGi6yndoD87QYzq7VM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=oLe4Rujwy2vUFJip5GQFe5EbeF/yzhx7q0Dlr8Akcec=; b=l9C/dv94+H/F4gH/Iw3nzYDrsE/iPs1rKCQdzcqWN8KYyw10/738nYuyGSaXHQYvqw ivE2GVHCqXe4T8ISpAmUnVH9emNUSH9OXeGCGtFt/Onod1ZBdmrjwAdA2A7o4R7uBFiy aLs89qWivWrdbIi/it8tX4h7rjGW6/cWhoZzfeOz7TRy9Jxbr8dakWU1noL2YXLQLzfl BIKvII3WH5j/HULgPc6UO8bClMTaU+HUaPh1UO561CEqr0wPGNEPdWU9CNLu+GGfbzsv BjDsIGRA/WkHCJ18HdHm2CmGgko8xZGRIC1W5BYk5HqDHwA8hD3keVDUqxBFjGA8EpOJ a0AQ== X-Gm-Message-State: AGi0PuZQaFFmrTZBVLc+qxLNmQD8isDvedR2WyNn84M0034/LHwaiC+k Jb5z51NWjX9NhRJB42h2R601taHpoQU= X-Google-Smtp-Source: APiQypKOAUfyFWUthAbfYGptMBhI51yOAsOumVS8RM08bvO7mcZ3eo+cgmXvlbaNTc3Ssd0SOB8HOQ== X-Received: by 2002:adf:f1c4:: with SMTP id z4mr10269329wro.25.1588769723224; Wed, 06 May 2020 05:55:23 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id u188sm2969924wmg.37.2020.05.06.05.55.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:22 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski , Marek Majkowski , Lorenz Bauer Subject: [PATCH bpf-next 05/17] inet: Run SK_LOOKUP BPF program on socket lookup Date: Wed, 6 May 2020 14:55:01 +0200 Message-Id: <20200506125514.1020829-6-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Run a BPF program before looking up a listening socket on the receive path. Program selects a listening socket to yield as result of socket lookup by calling bpf_sk_assign() helper and returning BPF_REDIRECT code. Alternatively, program can also fail the lookup by returning with BPF_DROP, or let the lookup continue as usual with BPF_OK on return. This lets the user match packets with listening sockets freely at the last possible point on the receive path, where we know that packets are destined for local delivery after undergoing policing, filtering, and routing. With BPF code selecting the socket, directing packets destined to an IP range or to a port range to a single socket becomes possible. Suggested-by: Marek Majkowski Reviewed-by: Lorenz Bauer Signed-off-by: Jakub Sitnicki --- include/net/inet_hashtables.h | 36 +++++++++++++++++++++++++++++++++++ net/ipv4/inet_hashtables.c | 15 ++++++++++++++- 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h index 6072dfbd1078..3fcbc8f66f88 100644 --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -422,4 +422,40 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, int inet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk); + +static inline struct sock *bpf_sk_lookup_run(struct net *net, + struct bpf_sk_lookup_kern *ctx) +{ + struct bpf_prog *prog; + int ret = BPF_OK; + + rcu_read_lock(); + prog = rcu_dereference(net->sk_lookup_prog); + if (prog) + ret = BPF_PROG_RUN(prog, ctx); + rcu_read_unlock(); + + if (ret == BPF_DROP) + return ERR_PTR(-ECONNREFUSED); + if (ret == BPF_REDIRECT) + return ctx->selected_sk; + return NULL; +} + +static inline struct sock *inet_lookup_run_bpf(struct net *net, u8 protocol, + __be32 saddr, __be16 sport, + __be32 daddr, u16 dport) +{ + struct bpf_sk_lookup_kern ctx = { + .family = AF_INET, + .protocol = protocol, + .v4.saddr = saddr, + .v4.daddr = daddr, + .sport = sport, + .dport = dport, + }; + + return bpf_sk_lookup_run(net, &ctx); +} + #endif /* _INET_HASHTABLES_H */ diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index ab64834837c8..f4d07285591a 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -307,9 +307,22 @@ struct sock *__inet_lookup_listener(struct net *net, const int dif, const int sdif) { struct inet_listen_hashbucket *ilb2; - struct sock *result = NULL; + struct sock *result, *reuse_sk; unsigned int hash2; + /* Lookup redirect from BPF */ + result = inet_lookup_run_bpf(net, hashinfo->protocol, + saddr, sport, daddr, hnum); + if (IS_ERR(result)) + return NULL; + if (result) { + reuse_sk = lookup_reuseport(net, result, skb, doff, + saddr, sport, daddr, hnum); + if (reuse_sk) + result = reuse_sk; + goto done; + } + hash2 = ipv4_portaddr_hash(net, daddr, hnum); ilb2 = inet_lhash2_bucket(hashinfo, hash2); From patchwork Wed May 6 12:55:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C82E0C28CBC for ; Wed, 6 May 2020 12:56:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A77FC2073A for ; Wed, 6 May 2020 12:56:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="gGayzqMn" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728835AbgEFMz6 (ORCPT ); Wed, 6 May 2020 08:55:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728733AbgEFMzd (ORCPT ); Wed, 6 May 2020 08:55:33 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56070C03C1AC for ; Wed, 6 May 2020 05:55:32 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id x25so2486747wmc.0 for ; Wed, 06 May 2020 05:55:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fqZSv5iRURJG8P51i+cIZ/1WA6SqrjwO2OnTuk3Zhrk=; b=gGayzqMnTYhOi5Dq4DF7HLW45jyR+5AnfaSpeDLXgkOPJKLLPwV/a3xscswIL2EEoV xBLLz9GRKnhwaQ7T8Sa9surF0SHZq7THS3ShSEXIEhXCngSNufQy+GwHxnE20Sdh17WJ Rr2q8c3gJ4DAM0syY6J++0HdfKOSgwIDeZVoU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fqZSv5iRURJG8P51i+cIZ/1WA6SqrjwO2OnTuk3Zhrk=; b=lTMzE7G4E6qXOoxMHvzE3sG+Vlv2RV2fOFC6wBTmT6d8FMpWCBfx+Qh8BRRYy4+9EE 5ngwi+2IswH88MyQjfUWaxXHlpkMIXco661+TR/PZGp7647UzRZ4G59fuY+UG/k02A+a rrZHaeCRXA9WxQ6BGOCm+RTgQoWN1PYAqKonRO5TscNDfpsEHUkOqK3azx66cm2cHtPc WuvDOl9+bAOFApdZ2OsojFfRT3+b727vH32+W/PC8PYbVPkI5XyGJmr6clWhmVLU/bFo //4mA89/V3xtm6IcsLQxm8wYNET//1TsB28nl7c4zRgn8Jc1/LWbO6BaYK4mqV3Px5Jn IjmA== X-Gm-Message-State: AGi0PuYS/hmX7VCMumosjwdpzNHdZB1rGOLmCorJqeJNLsPSkhm4VUnU vSxyoUFWJ8DZMz0M7wxO35IfXmGxA4M= X-Google-Smtp-Source: APiQypJHmskS+fbDwY1rZn1h6p3uCoQGMzxBnKonBTVYTkdp6BR9ELW04uugvuZRis+4Bhc6iD/FwQ== X-Received: by 2002:a7b:c390:: with SMTP id s16mr4109377wmj.14.1588769729490; Wed, 06 May 2020 05:55:29 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id s11sm2555763wrp.79.2020.05.06.05.55.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:28 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski Subject: [PATCH bpf-next 09/17] udp: Extract helper for selecting socket from reuseport group Date: Wed, 6 May 2020 14:55:05 +0200 Message-Id: <20200506125514.1020829-10-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Prepare for calling into reuseport from __udp4_lib_lookup as well. Signed-off-by: Jakub Sitnicki --- net/ipv4/udp.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index ce96b1746ddf..d4842f29294a 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -405,6 +405,25 @@ static u32 udp_ehashfn(const struct net *net, const __be32 laddr, udp_ehash_secret + net_hash_mix(net)); } +static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk, + struct sk_buff *skb, + __be32 saddr, __be16 sport, + __be32 daddr, unsigned short hnum) +{ + struct sock *reuse_sk = NULL; + u32 hash; + + if (sk->sk_reuseport && sk->sk_state != TCP_ESTABLISHED) { + hash = udp_ehashfn(net, daddr, hnum, saddr, sport); + reuse_sk = reuseport_select_sock(sk, hash, skb, + sizeof(struct udphdr)); + /* Fall back to scoring if group has connections */ + if (reuseport_has_conns(sk, false)) + return NULL; + } + return reuse_sk; +} + /* called with rcu_read_lock() */ static struct sock *udp4_lib_lookup2(struct net *net, __be32 saddr, __be16 sport, @@ -415,7 +434,6 @@ static struct sock *udp4_lib_lookup2(struct net *net, { struct sock *sk, *result; int score, badness; - u32 hash = 0; result = NULL; badness = 0; @@ -423,15 +441,11 @@ static struct sock *udp4_lib_lookup2(struct net *net, score = compute_score(sk, net, saddr, sport, daddr, hnum, dif, sdif); if (score > badness) { - if (sk->sk_reuseport && - sk->sk_state != TCP_ESTABLISHED) { - hash = udp_ehashfn(net, daddr, hnum, - saddr, sport); - result = reuseport_select_sock(sk, hash, skb, - sizeof(struct udphdr)); - if (result && !reuseport_has_conns(sk, false)) - return result; - } + result = lookup_reuseport(net, sk, skb, + saddr, sport, daddr, hnum); + if (result) + return result; + badness = score; result = sk; } From patchwork Wed May 6 12:55:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2354C28CBC for ; Wed, 6 May 2020 12:55:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8101A2073A for ; Wed, 6 May 2020 12:55:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="NUv7pGLR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728823AbgEFMzz (ORCPT ); Wed, 6 May 2020 08:55:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728739AbgEFMze (ORCPT ); Wed, 6 May 2020 08:55:34 -0400 Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2A95C03C1A7 for ; Wed, 6 May 2020 05:55:33 -0700 (PDT) Received: by mail-wr1-x441.google.com with SMTP id x17so2074834wrt.5 for ; Wed, 06 May 2020 05:55:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0YntHSMaYWhZww4u6NbDT+gNV0qs5iMn1AmJfoZVDYM=; b=NUv7pGLRx/073A2UdDBSLe1useV+sIU/rIVsNzbcEhWj1TCoJ1J6zL+c+lz2Txpro+ EC+eS9x+C2JBI+cX1ZfXZXFceoawAYaM+iJkZyQYjeUahvxtxlydF1pl4IXQMDnGHL/y U4M5iC/awbmlcCyvXMx8b+5sC6Ht8oKDcUTx0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0YntHSMaYWhZww4u6NbDT+gNV0qs5iMn1AmJfoZVDYM=; b=WNPTIz4H+WlbmPv7bUmQswC3wR9OAxwqP+757db5aWH836SrwJWSRGvHHyizb8q7U+ KcpIo8A3/hj2BoKz66gAf81cXOA6J51LXCIIZeqyisDwGZ1n9yV2UDS9eqMRmoShZHky cmx/ownXEORQv3fDi0aGTOwmpvKIR9CWNwN0mSPZhUYDpIx08x5Fxot7ue7Vqx18rP9Y Dwp22a2UJh+0uMuB8Mq40aLVafkXB8sRLaJOrOyh/sxODk2W7BypEH+b0DUA4ueERPsf sDIC8DVw0zQtp2OsnXMyUqncEwsfI86vFDewgizZqMZw2LKOO9O2cNGj1qf4gZHucQgb YEew== X-Gm-Message-State: AGi0PuYDwgofuaK4V5vw4cWy86uViZfyQol+vLlril40o9Gmym95kRxF qPrt88WH3PndR7kfMPIsI39Sotb+hnw= X-Google-Smtp-Source: APiQypJRsTh056Sw4fsyQYnCKOA2Rapj3Ng0f9/oFRMv9+/SYQstnRhPyDe4WgaNyq2MRVPo4yCVCw== X-Received: by 2002:a5d:650b:: with SMTP id x11mr9229157wru.405.1588769732275; Wed, 06 May 2020 05:55:32 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id y63sm3060394wmg.21.2020.05.06.05.55.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:31 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski Subject: [PATCH bpf-next 11/17] udp6: Extract helper for selecting socket from reuseport group Date: Wed, 6 May 2020 14:55:07 +0200 Message-Id: <20200506125514.1020829-12-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Prepare for calling into reuseport from __udp6_lib_lookup as well. Signed-off-by: Jakub Sitnicki --- net/ipv6/udp.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index f7866fded418..ee2073329d25 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -141,6 +141,27 @@ static int compute_score(struct sock *sk, struct net *net, return score; } +static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk, + struct sk_buff *skb, + const struct in6_addr *saddr, + __be16 sport, + const struct in6_addr *daddr, + unsigned int hnum) +{ + struct sock *reuse_sk = NULL; + u32 hash; + + if (sk->sk_reuseport && sk->sk_state != TCP_ESTABLISHED) { + hash = udp6_ehashfn(net, daddr, hnum, saddr, sport); + reuse_sk = reuseport_select_sock(sk, hash, skb, + sizeof(struct udphdr)); + /* Fall back to scoring if group has connections */ + if (reuseport_has_conns(sk, false)) + return NULL; + } + return reuse_sk; +} + /* called with rcu_read_lock() */ static struct sock *udp6_lib_lookup2(struct net *net, const struct in6_addr *saddr, __be16 sport, @@ -150,7 +171,6 @@ static struct sock *udp6_lib_lookup2(struct net *net, { struct sock *sk, *result; int score, badness; - u32 hash = 0; result = NULL; badness = -1; @@ -158,16 +178,11 @@ static struct sock *udp6_lib_lookup2(struct net *net, score = compute_score(sk, net, saddr, sport, daddr, hnum, dif, sdif); if (score > badness) { - if (sk->sk_reuseport && - sk->sk_state != TCP_ESTABLISHED) { - hash = udp6_ehashfn(net, daddr, hnum, - saddr, sport); - - result = reuseport_select_sock(sk, hash, skb, - sizeof(struct udphdr)); - if (result && !reuseport_has_conns(sk, false)) - return result; - } + result = lookup_reuseport(net, sk, skb, + saddr, sport, daddr, hnum); + if (result) + return result; + result = sk; badness = score; } From patchwork Wed May 6 12:55:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A471BC38A2A for ; Wed, 6 May 2020 12:55:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 843612080D for ; Wed, 6 May 2020 12:55:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="oGYr+6Tt" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728777AbgEFMzj (ORCPT ); Wed, 6 May 2020 08:55:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728760AbgEFMzh (ORCPT ); Wed, 6 May 2020 08:55:37 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B721C061A41 for ; Wed, 6 May 2020 05:55:37 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id y3so2100989wrt.1 for ; Wed, 06 May 2020 05:55:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=YelX9xe5NPz/K8++I+zq6dls9u4E670M00sFKh/zNQA=; b=oGYr+6TtS+u83oUfmFGux8JeqLf5MF/hTMXNwAQxCJh5b+m9Lh/rEtqqxApbsWwoOQ fAHvMZQGtx3uDeuFOlv2KlOO2Yfepf71r5I5nryZj677yPXJa5+vxUxiZ/6pl3NIBHhs EZigWlFkL8PwFwgbnEHno7kUcPjBYME/wBGgs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=YelX9xe5NPz/K8++I+zq6dls9u4E670M00sFKh/zNQA=; b=YO34Q5N3j1hN/Eg4AwfCaJuNGkBc/w+VbniSBUseY+3MSeEMGyhgChp0JDUmTIGYk0 T/c63bR6YFK5PY97scuRXpb7sU3iyK5EOUReqn9G7pymrfZVNIvpbMSgO79nmvFrSDtU jTcYV4nmsiTgMOYZBZfqYY2dojaCFyhjVXZsd9AqZL6xtwD2UprUFnqnBq3n63v9Heg4 /Lg3LO8Tu8lm4qF7AXzEbLcj6Tl3jJ6AGpIfWU9xrgOYrBhbKm6FPt+s06DPXN6Baflc 6XQiGjA31NEHtHxGsQWkgcIf5oVm21s44Nd5JUW23CFqdYROzZ8OAnSxaHi2x7BtmZIY n/Kg== X-Gm-Message-State: AGi0PubhM20D2vtawVJ6UaObC1SkuX0OQJ2pZ5Rf0p16ym95GieTnT0r FVtpY3WNdVlNXKlPskT2cJQjNKRZOGE= X-Google-Smtp-Source: APiQypLAo8p0umAKOJxB6sZm2MVMxMPDzD3jqIFBkRqQ0HAwMrmZ02D7TOaa64S9IKbcrj7xrZ/Qzw== X-Received: by 2002:a5d:6a85:: with SMTP id s5mr9299102wru.122.1588769735238; Wed, 06 May 2020 05:55:35 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id i74sm2668726wri.49.2020.05.06.05.55.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:34 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski , Lorenz Bauer Subject: [PATCH bpf-next 13/17] bpf: Sync linux/bpf.h to tools/ Date: Wed, 6 May 2020 14:55:09 +0200 Message-Id: <20200506125514.1020829-14-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Newly added program, context type and helper is used by tests in a subsequent patch. Synchronize the header file. Reviewed-by: Lorenz Bauer Signed-off-by: Jakub Sitnicki --- tools/include/uapi/linux/bpf.h | 53 ++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index b3643e27e264..e4c61b63d4bc 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -187,6 +187,7 @@ enum bpf_prog_type { BPF_PROG_TYPE_STRUCT_OPS, BPF_PROG_TYPE_EXT, BPF_PROG_TYPE_LSM, + BPF_PROG_TYPE_SK_LOOKUP, }; enum bpf_attach_type { @@ -218,6 +219,7 @@ enum bpf_attach_type { BPF_TRACE_FEXIT, BPF_MODIFY_RETURN, BPF_LSM_MAC, + BPF_SK_LOOKUP, __MAX_BPF_ATTACH_TYPE }; @@ -3041,6 +3043,10 @@ union bpf_attr { * * int bpf_sk_assign(struct sk_buff *skb, struct bpf_sock *sk, u64 flags) * Description + * Helper is overloaded depending on BPF program type. This + * description applies to **BPF_PROG_TYPE_SCHED_CLS** and + * **BPF_PROG_TYPE_SCHED_ACT** programs. + * * Assign the *sk* to the *skb*. When combined with appropriate * routing configuration to receive the packet towards the socket, * will cause *skb* to be delivered to the specified socket. @@ -3061,6 +3067,39 @@ union bpf_attr { * call from outside of TC ingress. * * **-ESOCKTNOSUPPORT** Socket type not supported (reuseport). * + * int bpf_sk_assign(struct bpf_sk_lookup *ctx, struct bpf_sock *sk, u64 flags) + * Description + * Helper is overloaded depending on BPF program type. This + * description applies to **BPF_PROG_TYPE_SK_LOOKUP** programs. + * + * Select the *sk* as a result of a socket lookup. + * + * For the operation to succeed passed socket must be compatible + * with the packet description provided by the *ctx* object. + * + * L4 protocol (*IPPROTO_TCP* or *IPPROTO_UDP*) must be an exact + * match. While IP family (*AF_INET* or *AF_INET6*) must be + * compatible, that is IPv6 sockets that are not v6-only can be + * selected for IPv4 packets. + * + * Only full sockets can be selected. However, there is no need to + * call bpf_fullsock() before passing a socket as an argument to + * this helper. + * + * The *flags* argument must be zero. + * Return + * 0 on success, or a negative errno in case of failure. + * + * **-EAFNOSUPPORT** is socket family (*sk->family*) is not + * compatible with packet family (*ctx->family*). + * + * **-EINVAL** if unsupported flags were specified. + * + * **-EPROTOTYPE** if socket L4 protocol (*sk->protocol*) doesn't + * match packet protocol (*ctx->protocol*). + * + * **-ESOCKTNOSUPPORT** if socket is not a full socket. + * * u64 bpf_ktime_get_boot_ns(void) * Description * Return the time elapsed since system boot, in nanoseconds. @@ -4012,4 +4051,18 @@ struct bpf_pidns_info { __u32 pid; __u32 tgid; }; + +/* User accessible data for SK_LOOKUP programs. Add new fields at the end. */ +struct bpf_sk_lookup { + __u32 family; /* AF_INET, AF_INET6 */ + __u32 protocol; /* IPPROTO_TCP, IPPROTO_UDP */ + /* IP addresses allows 1, 2, and 4 bytes access */ + __u32 src_ip4; + __u32 src_ip6[4]; + __u32 src_port; /* network byte order */ + __u32 dst_ip4; + __u32 dst_ip6[4]; + __u32 dst_port; /* host byte order */ +}; + #endif /* _UAPI__LINUX_BPF_H__ */ From patchwork Wed May 6 12:55:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9A1CC38A24 for ; Wed, 6 May 2020 12:55:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9333F2073A for ; Wed, 6 May 2020 12:55:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="VTDDjKm0" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728796AbgEFMzm (ORCPT ); Wed, 6 May 2020 08:55:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35418 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728774AbgEFMzj (ORCPT ); Wed, 6 May 2020 08:55:39 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34AB3C0610D5 for ; Wed, 6 May 2020 05:55:38 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id u127so2539942wmg.1 for ; Wed, 06 May 2020 05:55:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8MMXgY0TXvd+/8Bf5r+9pGjHTsnA2fHOT0fRA7c4wXg=; b=VTDDjKm0TNiaYyKf9a7lvt3iTreBuPSQUKI4jsKuA2L3Pa0Z71HqJyZ0jfeBaTMAqa +i9s+C7LQQe/+SzedTjjFVxxRSYIouSnwFIF2gpyVwqh9jjkG2Ks/Q+tZn6jA9dalZoz gW9T4TqUhcWsYWYBDi941/KCSF7UrXVJjP8NY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8MMXgY0TXvd+/8Bf5r+9pGjHTsnA2fHOT0fRA7c4wXg=; b=EUrg+Kq7RvOLj18hU4yB5QNvFR5RuQNWw5sCX/0UUXauO45MzVSHnUZ1W4ngabaJTq NRunTTHYUJlbc2PLTcyuA3REJrf2XtQC9jKHeNTrKpS0NcLm8HLtnVCUpyJEv8bpdJrQ 4Tttv8nOOVIfvjJX0tT84e0lTaeLazZWNF2MRUZcvua+wxisIM7bsxRp4EkaSY8Ua1B5 5oa2M+kUqe9hYnVZ7K4Shzib4aOv3jEUX2pj/Zku9quBP9IyFNx4dTCTDsr7qCG+ui2m +/eE8QCPNvja1iV8MGvOIcQvxQIPJve5RZQFRBpGIf3HBrIZwxNf4mp8UxVKpAqCRJSE goqg== X-Gm-Message-State: AGi0Pua06oCirofDIPZB8NX2hRNx0o3wC0F/64oyyXphzD/3og4tpmmM DQdRy21iFtzzh5Kcdf/UNwT4+tmDsso= X-Google-Smtp-Source: APiQypIBZTUzwyZq0r81vrVDEDqOQr7MdwHx8+Rw0PY51qr+jvbJbKi9RyKjx6xy4f28h/W0tfEzhA== X-Received: by 2002:a7b:c190:: with SMTP id y16mr4694417wmi.50.1588769736672; Wed, 06 May 2020 05:55:36 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id a15sm2700717wrw.56.2020.05.06.05.55.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:36 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski Subject: [PATCH bpf-next 14/17] libbpf: Add support for SK_LOOKUP program type Date: Wed, 6 May 2020 14:55:10 +0200 Message-Id: <20200506125514.1020829-15-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Make libbpf aware of the newly added program type, and assign it a section name. Signed-off-by: Jakub Sitnicki --- tools/lib/bpf/libbpf.c | 3 +++ tools/lib/bpf/libbpf.h | 2 ++ tools/lib/bpf/libbpf.map | 2 ++ tools/lib/bpf/libbpf_probes.c | 1 + 4 files changed, 8 insertions(+) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 977add1b73e2..74f4a15dc19e 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -6524,6 +6524,7 @@ BPF_PROG_TYPE_FNS(perf_event, BPF_PROG_TYPE_PERF_EVENT); BPF_PROG_TYPE_FNS(tracing, BPF_PROG_TYPE_TRACING); BPF_PROG_TYPE_FNS(struct_ops, BPF_PROG_TYPE_STRUCT_OPS); BPF_PROG_TYPE_FNS(extension, BPF_PROG_TYPE_EXT); +BPF_PROG_TYPE_FNS(sk_lookup, BPF_PROG_TYPE_SK_LOOKUP); enum bpf_attach_type bpf_program__get_expected_attach_type(struct bpf_program *prog) @@ -6684,6 +6685,8 @@ static const struct bpf_sec_def section_defs[] = { BPF_EAPROG_SEC("cgroup/setsockopt", BPF_PROG_TYPE_CGROUP_SOCKOPT, BPF_CGROUP_SETSOCKOPT), BPF_PROG_SEC("struct_ops", BPF_PROG_TYPE_STRUCT_OPS), + BPF_EAPROG_SEC("sk_lookup", BPF_PROG_TYPE_SK_LOOKUP, + BPF_SK_LOOKUP), }; #undef BPF_PROG_SEC_IMPL diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h index f1dacecb1619..8373fbacbba3 100644 --- a/tools/lib/bpf/libbpf.h +++ b/tools/lib/bpf/libbpf.h @@ -337,6 +337,7 @@ LIBBPF_API int bpf_program__set_perf_event(struct bpf_program *prog); LIBBPF_API int bpf_program__set_tracing(struct bpf_program *prog); LIBBPF_API int bpf_program__set_struct_ops(struct bpf_program *prog); LIBBPF_API int bpf_program__set_extension(struct bpf_program *prog); +LIBBPF_API int bpf_program__set_sk_lookup(struct bpf_program *prog); LIBBPF_API enum bpf_prog_type bpf_program__get_type(struct bpf_program *prog); LIBBPF_API void bpf_program__set_type(struct bpf_program *prog, @@ -364,6 +365,7 @@ LIBBPF_API bool bpf_program__is_perf_event(const struct bpf_program *prog); LIBBPF_API bool bpf_program__is_tracing(const struct bpf_program *prog); LIBBPF_API bool bpf_program__is_struct_ops(const struct bpf_program *prog); LIBBPF_API bool bpf_program__is_extension(const struct bpf_program *prog); +LIBBPF_API bool bpf_program__is_sk_lookup(const struct bpf_program *prog); /* * No need for __attribute__((packed)), all members of 'bpf_map_def' diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map index e03bd4db827e..113ac0a669c2 100644 --- a/tools/lib/bpf/libbpf.map +++ b/tools/lib/bpf/libbpf.map @@ -253,6 +253,8 @@ LIBBPF_0.0.8 { bpf_program__set_attach_target; bpf_program__set_lsm; bpf_set_link_xdp_fd_opts; + bpf_program__is_sk_lookup; + bpf_program__set_sk_lookup; } LIBBPF_0.0.7; LIBBPF_0.0.9 { diff --git a/tools/lib/bpf/libbpf_probes.c b/tools/lib/bpf/libbpf_probes.c index 2c92059c0c90..5c6d3e49f254 100644 --- a/tools/lib/bpf/libbpf_probes.c +++ b/tools/lib/bpf/libbpf_probes.c @@ -109,6 +109,7 @@ probe_load(enum bpf_prog_type prog_type, const struct bpf_insn *insns, case BPF_PROG_TYPE_STRUCT_OPS: case BPF_PROG_TYPE_EXT: case BPF_PROG_TYPE_LSM: + case BPF_PROG_TYPE_SK_LOOKUP: default: break; } From patchwork Wed May 6 12:55:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 219784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D306CC38A24 for ; Wed, 6 May 2020 12:55:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B1EEB20769 for ; Wed, 6 May 2020 12:55:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="Zx2p/C9h" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728815AbgEFMzo (ORCPT ); Wed, 6 May 2020 08:55:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1728794AbgEFMzl (ORCPT ); Wed, 6 May 2020 08:55:41 -0400 Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 38304C0610D6 for ; Wed, 6 May 2020 05:55:41 -0700 (PDT) Received: by mail-wr1-x441.google.com with SMTP id g13so2067526wrb.8 for ; Wed, 06 May 2020 05:55:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8DCoKl1/gaqXVRh80rwnARoKd5SOhiqEFIXtMsss+EA=; b=Zx2p/C9hj15+qgcVJRFWGUkWhPZBmn7s3xTUeUlwAFGrbu69FjVxlJOezY+biAfdrm BYyu/VuT3Dfl+StE+iSN2PvixBf88F3i8noAtwPCSUhANnvshvTCSWIs/IqPIT5pOZDS P+UZ6TR4AB6R8T+kxR7yuBQkH/+sJM5ZhmY2Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8DCoKl1/gaqXVRh80rwnARoKd5SOhiqEFIXtMsss+EA=; b=dLwGmUZagqPi7WylcUJzYR65GQ0eDjgxxNlAECCB8Qx8VvlaA4KlAl6I2w3KQcbaae B67wcAKglfr9aQyxRAByXrvMZd6m74cSah2YCwmK61KRt6znbE3KrABnMfRTvA45KtQ6 SjCs8rQT1uvLupX31EvwQuWGVtR2ijL60oPoOAYEZX1iCLLXav7/pOsHDOblmmizl8Rb GMdT36whypJRYJChQq/3ctrCWSZbD1uq56t6sA5T49+wMdL4qG6d7kbhJYKYbs2dm3L8 4DKpRjP3U4ZpA0n3xcM520IaXl4JIGMzCNkhgfmEdVlk66cIcIzbV4DlULXLyNHn5LcA 9a+A== X-Gm-Message-State: AGi0PuZdggS05f/+8JogesSF/E7YeYrSAkEbFlis/R2V4qYRsM49q8bZ 5IwhrF37KJ5loNCed/Q960zE/nnKdLU= X-Google-Smtp-Source: APiQypLBOnq5gamj0J8plk0NnUuN/zwsYh5Hj7hWEu/0YXLir2P+QthCsBdoqAAh8D0iUEovO5kuHg== X-Received: by 2002:adf:b301:: with SMTP id j1mr9265960wrd.221.1588769739725; Wed, 06 May 2020 05:55:39 -0700 (PDT) Received: from cloudflare.com ([2a02:a310:c262:aa00:b35e:8938:2c2a:ba8b]) by smtp.gmail.com with ESMTPSA id p7sm2776520wrf.31.2020.05.06.05.55.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2020 05:55:39 -0700 (PDT) From: Jakub Sitnicki To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov , Daniel Borkmann , "David S. Miller" , Eric Dumazet , Gerrit Renker , Jakub Kicinski Subject: [PATCH bpf-next 16/17] selftests/bpf: Rename test_sk_lookup_kern.c to test_ref_track_kern.c Date: Wed, 6 May 2020 14:55:12 +0200 Message-Id: <20200506125514.1020829-17-jakub@cloudflare.com> X-Mailer: git-send-email 2.25.3 In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> References: <20200506125514.1020829-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Name the BPF C file after the test case that uses it. This frees up "test_sk_lookup" namespace for BPF sk_lookup program tests introduced by the following patch. Signed-off-by: Jakub Sitnicki --- tools/testing/selftests/bpf/prog_tests/reference_tracking.c | 2 +- .../bpf/progs/{test_sk_lookup_kern.c => test_ref_track_kern.c} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename tools/testing/selftests/bpf/progs/{test_sk_lookup_kern.c => test_ref_track_kern.c} (100%) diff --git a/tools/testing/selftests/bpf/prog_tests/reference_tracking.c b/tools/testing/selftests/bpf/prog_tests/reference_tracking.c index fc0d7f4f02cf..106ca8bb2a8f 100644 --- a/tools/testing/selftests/bpf/prog_tests/reference_tracking.c +++ b/tools/testing/selftests/bpf/prog_tests/reference_tracking.c @@ -3,7 +3,7 @@ void test_reference_tracking(void) { - const char *file = "test_sk_lookup_kern.o"; + const char *file = "test_ref_track_kern.o"; const char *obj_name = "ref_track"; DECLARE_LIBBPF_OPTS(bpf_object_open_opts, open_opts, .object_name = obj_name, diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c b/tools/testing/selftests/bpf/progs/test_ref_track_kern.c similarity index 100% rename from tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c rename to tools/testing/selftests/bpf/progs/test_ref_track_kern.c