From: Jakub Sitnicki <jakub@cloudflare.com> To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: dccp@vger.kernel.org, kernel-team@cloudflare.com, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Gerrit Renker <gerrit@erg.abdn.ac.uk>, Jakub Kicinski <kuba@kernel.org>, Marek Majkowski <marek@cloudflare.com>, Lorenz Bauer <lmb@cloudflare.com> Subject: [PATCH bpf-next 07/17] inet6: Run SK_LOOKUP BPF program on socket lookup Date: Wed, 6 May 2020 14:55:03 +0200 [thread overview] Message-ID: <20200506125514.1020829-8-jakub@cloudflare.com> (raw) In-Reply-To: <20200506125514.1020829-1-jakub@cloudflare.com> Following ipv4 stack changes, run a BPF program attached to netns before looking up a listening socket. Program can return a listening socket to use as result of socket lookup, fail the lookup, or take no action. Suggested-by: Marek Majkowski <marek@cloudflare.com> Reviewed-by: Lorenz Bauer <lmb@cloudflare.com> Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com> --- include/net/inet6_hashtables.h | 20 ++++++++++++++++++++ net/ipv6/inet6_hashtables.c | 15 ++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h index 81b965953036..8b8c0cb92ea8 100644 --- a/include/net/inet6_hashtables.h +++ b/include/net/inet6_hashtables.h @@ -21,6 +21,7 @@ #include <net/ipv6.h> #include <net/netns/hash.h> +#include <net/inet_hashtables.h> struct inet_hashinfo; @@ -103,6 +104,25 @@ struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo, const int dif); int inet6_hash(struct sock *sk); + +static inline struct sock *inet6_lookup_run_bpf(struct net *net, u8 protocol, + const struct in6_addr *saddr, + __be16 sport, + const struct in6_addr *daddr, + u16 dport) +{ + struct bpf_sk_lookup_kern ctx = { + .family = AF_INET6, + .protocol = protocol, + .v6.saddr = *saddr, + .v6.daddr = *daddr, + .sport = sport, + .dport = dport, + }; + + return bpf_sk_lookup_run(net, &ctx); +} + #endif /* IS_ENABLED(CONFIG_IPV6) */ #define INET6_MATCH(__sk, __net, __saddr, __daddr, __ports, __dif, __sdif) \ diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index 03942eef8ab6..6d91de89fd2b 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -167,9 +167,22 @@ struct sock *inet6_lookup_listener(struct net *net, const unsigned short hnum, const int dif, const int sdif) { struct inet_listen_hashbucket *ilb2; - struct sock *result = NULL; + struct sock *result, *reuse_sk; unsigned int hash2; + /* Lookup redirect from BPF */ + result = inet6_lookup_run_bpf(net, hashinfo->protocol, + saddr, sport, daddr, hnum); + if (IS_ERR(result)) + return NULL; + if (result) { + reuse_sk = lookup_reuseport(net, result, skb, doff, + saddr, sport, daddr, hnum); + if (reuse_sk) + result = reuse_sk; + goto done; + } + hash2 = ipv6_portaddr_hash(net, daddr, hnum); ilb2 = inet_lhash2_bucket(hashinfo, hash2); -- 2.25.3
WARNING: multiple messages have this Message-ID (diff)
From: Jakub Sitnicki <jakub@cloudflare.com> To: dccp@vger.kernel.org Subject: [PATCH bpf-next 07/17] inet6: Run SK_LOOKUP BPF program on socket lookup Date: Wed, 06 May 2020 12:55:03 +0000 [thread overview] Message-ID: <20200506125514.1020829-8-jakub@cloudflare.com> (raw) Following ipv4 stack changes, run a BPF program attached to netns before looking up a listening socket. Program can return a listening socket to use as result of socket lookup, fail the lookup, or take no action. Suggested-by: Marek Majkowski <marek@cloudflare.com> Reviewed-by: Lorenz Bauer <lmb@cloudflare.com> Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com> --- include/net/inet6_hashtables.h | 20 ++++++++++++++++++++ net/ipv6/inet6_hashtables.c | 15 ++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h index 81b965953036..8b8c0cb92ea8 100644 --- a/include/net/inet6_hashtables.h +++ b/include/net/inet6_hashtables.h @@ -21,6 +21,7 @@ #include <net/ipv6.h> #include <net/netns/hash.h> +#include <net/inet_hashtables.h> struct inet_hashinfo; @@ -103,6 +104,25 @@ struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo, const int dif); int inet6_hash(struct sock *sk); + +static inline struct sock *inet6_lookup_run_bpf(struct net *net, u8 protocol, + const struct in6_addr *saddr, + __be16 sport, + const struct in6_addr *daddr, + u16 dport) +{ + struct bpf_sk_lookup_kern ctx = { + .family = AF_INET6, + .protocol = protocol, + .v6.saddr = *saddr, + .v6.daddr = *daddr, + .sport = sport, + .dport = dport, + }; + + return bpf_sk_lookup_run(net, &ctx); +} + #endif /* IS_ENABLED(CONFIG_IPV6) */ #define INET6_MATCH(__sk, __net, __saddr, __daddr, __ports, __dif, __sdif) \ diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index 03942eef8ab6..6d91de89fd2b 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -167,9 +167,22 @@ struct sock *inet6_lookup_listener(struct net *net, const unsigned short hnum, const int dif, const int sdif) { struct inet_listen_hashbucket *ilb2; - struct sock *result = NULL; + struct sock *result, *reuse_sk; unsigned int hash2; + /* Lookup redirect from BPF */ + result = inet6_lookup_run_bpf(net, hashinfo->protocol, + saddr, sport, daddr, hnum); + if (IS_ERR(result)) + return NULL; + if (result) { + reuse_sk = lookup_reuseport(net, result, skb, doff, + saddr, sport, daddr, hnum); + if (reuse_sk) + result = reuse_sk; + goto done; + } + hash2 = ipv6_portaddr_hash(net, daddr, hnum); ilb2 = inet_lhash2_bucket(hashinfo, hash2); -- 2.25.3
next prev parent reply other threads:[~2020-05-06 12:55 UTC|newest] Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-05-06 12:54 [PATCH bpf-next 00/17] Run a BPF program on socket lookup Jakub Sitnicki 2020-05-06 12:54 ` Jakub Sitnicki 2020-05-06 12:54 ` [PATCH bpf-next 01/17] flow_dissector: Extract attach/detach/query helpers Jakub Sitnicki 2020-05-06 12:54 ` Jakub Sitnicki 2020-05-06 12:54 ` [PATCH bpf-next 02/17] bpf: Introduce SK_LOOKUP program type with a dedicated attach point Jakub Sitnicki 2020-05-06 12:54 ` Jakub Sitnicki 2020-05-06 13:16 ` Lorenz Bauer 2020-05-06 13:16 ` Lorenz Bauer 2020-05-06 13:53 ` Jakub Sitnicki 2020-05-06 13:53 ` Jakub Sitnicki 2020-05-07 20:55 ` Martin KaFai Lau 2020-05-07 20:55 ` Martin KaFai Lau 2020-05-08 8:54 ` Jakub Sitnicki 2020-05-08 8:54 ` Jakub Sitnicki 2020-05-08 7:06 ` Martin KaFai Lau 2020-05-08 7:06 ` Martin KaFai Lau 2020-05-08 10:45 ` Jakub Sitnicki 2020-05-08 10:45 ` Jakub Sitnicki 2020-05-08 18:39 ` Martin KaFai Lau 2020-05-08 18:39 ` Martin KaFai Lau 2020-05-11 9:08 ` Jakub Sitnicki 2020-05-11 9:08 ` Jakub Sitnicki 2020-05-11 18:59 ` Martin KaFai Lau 2020-05-11 18:59 ` Martin KaFai Lau 2020-05-11 19:26 ` Jakub Sitnicki 2020-05-11 19:26 ` Jakub Sitnicki 2020-05-11 20:54 ` Martin KaFai Lau 2020-05-11 20:54 ` Martin KaFai Lau 2020-05-12 14:16 ` Jakub Sitnicki 2020-05-12 14:16 ` Jakub Sitnicki 2020-05-06 12:54 ` [PATCH bpf-next 03/17] inet: Store layer 4 protocol in inet_hashinfo Jakub Sitnicki 2020-05-06 12:54 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 04/17] inet: Extract helper for selecting socket from reuseport group Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 05/17] inet: Run SK_LOOKUP BPF program on socket lookup Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 06/17] inet6: Extract helper for selecting socket from reuseport group Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki [this message] 2020-05-06 12:55 ` [PATCH bpf-next 07/17] inet6: Run SK_LOOKUP BPF program on socket lookup Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 08/17] udp: Store layer 4 protocol in udp_table Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 09/17] udp: Extract helper for selecting socket from reuseport group Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 10/17] udp: Run SK_LOOKUP BPF program on socket lookup Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 11/17] udp6: Extract helper for selecting socket from reuseport group Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 12/17] udp6: Run SK_LOOKUP BPF program on socket lookup Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 13/17] bpf: Sync linux/bpf.h to tools/ Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 14/17] libbpf: Add support for SK_LOOKUP program type Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-08 17:41 ` Andrii Nakryiko 2020-05-08 17:41 ` Andrii Nakryiko 2020-05-08 17:52 ` Yonghong Song 2020-05-08 17:52 ` Yonghong Song 2020-05-08 17:59 ` Andrii Nakryiko 2020-05-08 17:59 ` Andrii Nakryiko 2020-05-11 8:12 ` Jakub Sitnicki 2020-05-11 8:12 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 15/17] selftests/bpf: Add verifier tests for bpf_sk_lookup context access Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 16/17] selftests/bpf: Rename test_sk_lookup_kern.c to test_ref_track_kern.c Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki 2020-05-06 12:55 ` [PATCH bpf-next 17/17] selftests/bpf: Tests for BPF_SK_LOOKUP attach point Jakub Sitnicki 2020-05-06 12:55 ` Jakub Sitnicki
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200506125514.1020829-8-jakub@cloudflare.com \ --to=jakub@cloudflare.com \ --cc=ast@kernel.org \ --cc=bpf@vger.kernel.org \ --cc=daniel@iogearbox.net \ --cc=davem@davemloft.net \ --cc=dccp@vger.kernel.org \ --cc=edumazet@google.com \ --cc=gerrit@erg.abdn.ac.uk \ --cc=kernel-team@cloudflare.com \ --cc=kuba@kernel.org \ --cc=lmb@cloudflare.com \ --cc=marek@cloudflare.com \ --cc=netdev@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.