From: Yonghong Song <yhs@fb.com>
To: <bpf@vger.kernel.org>, <netdev@vger.kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>, <kernel-team@fb.com>,
Martin KaFai Lau <kafai@fb.com>
Subject: [PATCH bpf-next v3 02/15] net: bpf: implement bpf iterator for tcp
Date: Mon, 22 Jun 2020 17:36:27 -0700 [thread overview]
Message-ID: <20200623003627.3073022-1-yhs@fb.com> (raw)
In-Reply-To: <20200623003626.3072825-1-yhs@fb.com>
The bpf iterator for tcp is implemented. Both tcp4 and tcp6
sockets will be traversed. It is up to bpf program to
filter for tcp4 or tcp6 only, or both families of sockets.
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
---
net/ipv4/tcp_ipv4.c | 123 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 123 insertions(+)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 9cb65ee4ec63..ea0df9fd7618 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2613,6 +2613,74 @@ static int tcp4_seq_show(struct seq_file *seq, void *v)
return 0;
}
+#ifdef CONFIG_BPF_SYSCALL
+struct bpf_iter__tcp {
+ __bpf_md_ptr(struct bpf_iter_meta *, meta);
+ __bpf_md_ptr(struct sock_common *, sk_common);
+ uid_t uid __aligned(8);
+};
+
+static int tcp_prog_seq_show(struct bpf_prog *prog, struct bpf_iter_meta *meta,
+ struct sock_common *sk_common, uid_t uid)
+{
+ struct bpf_iter__tcp ctx;
+
+ meta->seq_num--; /* skip SEQ_START_TOKEN */
+ ctx.meta = meta;
+ ctx.sk_common = sk_common;
+ ctx.uid = uid;
+ return bpf_iter_run_prog(prog, &ctx);
+}
+
+static int bpf_iter_tcp_seq_show(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_meta meta;
+ struct bpf_prog *prog;
+ struct sock *sk = v;
+ uid_t uid;
+
+ if (v == SEQ_START_TOKEN)
+ return 0;
+
+ if (sk->sk_state == TCP_TIME_WAIT) {
+ uid = 0;
+ } else if (sk->sk_state == TCP_NEW_SYN_RECV) {
+ const struct request_sock *req = v;
+
+ uid = from_kuid_munged(seq_user_ns(seq),
+ sock_i_uid(req->rsk_listener));
+ } else {
+ uid = from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk));
+ }
+
+ meta.seq = seq;
+ prog = bpf_iter_get_info(&meta, false);
+ return tcp_prog_seq_show(prog, &meta, v, uid);
+}
+
+static void bpf_iter_tcp_seq_stop(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_meta meta;
+ struct bpf_prog *prog;
+
+ if (!v) {
+ meta.seq = seq;
+ prog = bpf_iter_get_info(&meta, true);
+ if (prog)
+ (void)tcp_prog_seq_show(prog, &meta, v, 0);
+ }
+
+ tcp_seq_stop(seq, v);
+}
+
+static const struct seq_operations bpf_iter_tcp_seq_ops = {
+ .show = bpf_iter_tcp_seq_show,
+ .start = tcp_seq_start,
+ .next = tcp_seq_next,
+ .stop = bpf_iter_tcp_seq_stop,
+};
+#endif
+
static const struct seq_operations tcp4_seq_ops = {
.show = tcp4_seq_show,
.start = tcp_seq_start,
@@ -2844,8 +2912,63 @@ static struct pernet_operations __net_initdata tcp_sk_ops = {
.exit_batch = tcp_sk_exit_batch,
};
+#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
+DEFINE_BPF_ITER_FUNC(tcp, struct bpf_iter_meta *meta,
+ struct sock_common *sk_common, uid_t uid)
+
+static int bpf_iter_init_tcp(void *priv_data)
+{
+ struct tcp_iter_state *st = priv_data;
+ struct tcp_seq_afinfo *afinfo;
+ int ret;
+
+ afinfo = kmalloc(sizeof(*afinfo), GFP_USER | __GFP_NOWARN);
+ if (!afinfo)
+ return -ENOMEM;
+
+ afinfo->family = AF_UNSPEC;
+ st->bpf_seq_afinfo = afinfo;
+ ret = bpf_iter_init_seq_net(priv_data);
+ if (ret)
+ kfree(afinfo);
+ return ret;
+}
+
+static void bpf_iter_fini_tcp(void *priv_data)
+{
+ struct tcp_iter_state *st = priv_data;
+
+ kfree(st->bpf_seq_afinfo);
+ bpf_iter_fini_seq_net(priv_data);
+}
+
+static const struct bpf_iter_reg tcp_reg_info = {
+ .target = "tcp",
+ .seq_ops = &bpf_iter_tcp_seq_ops,
+ .init_seq_private = bpf_iter_init_tcp,
+ .fini_seq_private = bpf_iter_fini_tcp,
+ .seq_priv_size = sizeof(struct tcp_iter_state),
+ .ctx_arg_info_size = 1,
+ .ctx_arg_info = {
+ { offsetof(struct bpf_iter__tcp, sk_common),
+ PTR_TO_BTF_ID_OR_NULL },
+ },
+};
+
+static void __init bpf_iter_register(void)
+{
+ if (bpf_iter_reg_target(&tcp_reg_info))
+ pr_warn("Warning: could not register bpf iterator tcp\n");
+}
+
+#endif
+
void __init tcp_v4_init(void)
{
if (register_pernet_subsys(&tcp_sk_ops))
panic("Failed to create the TCP control socket.\n");
+
+#if defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_PROC_FS)
+ bpf_iter_register();
+#endif
}
--
2.24.1
next prev parent reply other threads:[~2020-06-23 0:37 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 0:36 [PATCH bpf-next v3 00/15] implement bpf iterator for tcp and udp sockets Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 01/15] net: bpf: add bpf_seq_afinfo in tcp_iter_state Yonghong Song
2020-06-23 0:36 ` Yonghong Song [this message]
2020-06-23 0:36 ` [PATCH bpf-next v3 03/15] bpf: support 'X' in bpf_seq_printf() helper Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 04/15] bpf: allow tracing programs to use bpf_jiffies64() helper Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 05/15] bpf: add bpf_skc_to_tcp6_sock() helper Yonghong Song
2020-06-23 5:46 ` kernel test robot
2020-06-23 5:46 ` kernel test robot
2020-06-23 5:53 ` kernel test robot
2020-06-23 5:53 ` kernel test robot
2020-06-23 6:39 ` Andrii Nakryiko
2020-06-23 14:52 ` Yonghong Song
2020-06-23 18:23 ` Andrii Nakryiko
2020-06-23 19:45 ` Yonghong Song
2020-06-23 20:11 ` Andrii Nakryiko
2020-06-23 20:46 ` Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 06/15] bpf: add bpf_skc_to_{tcp,tcp_timewait,tcp_request}_sock() helpers Yonghong Song
2020-06-23 5:18 ` kernel test robot
2020-06-23 5:18 ` [PATCH bpf-next v3 06/15] bpf: add bpf_skc_to_{tcp, tcp_timewait, tcp_request}_sock() helpers kernel test robot
2020-06-23 6:39 ` [PATCH bpf-next v3 06/15] bpf: add bpf_skc_to_{tcp,tcp_timewait,tcp_request}_sock() helpers kernel test robot
2020-06-23 6:39 ` [PATCH bpf-next v3 06/15] bpf: add bpf_skc_to_{tcp, tcp_timewait, tcp_request}_sock() helpers kernel test robot
2020-06-23 0:36 ` [PATCH bpf-next v3 07/15] net: bpf: add bpf_seq_afinfo in udp_iter_state Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 08/15] net: bpf: implement bpf iterator for udp Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 09/15] bpf: add bpf_skc_to_udp6_sock() helper Yonghong Song
2020-06-23 1:47 ` Eric Dumazet
2020-06-23 2:22 ` Yonghong Song
2020-06-23 16:27 ` Eric Dumazet
2020-06-23 17:03 ` Yonghong Song
2020-06-23 22:11 ` Eric Dumazet
2020-06-23 22:44 ` Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 10/15] bpf/selftests: move newer bpf_iter_* type redefining to a new header file Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 11/15] tools/bpf: refactor some net macros to libbpf bpf_tracing_net.h Yonghong Song
2020-06-23 6:45 ` Andrii Nakryiko
2020-06-23 14:56 ` Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 12/15] tools/libbpf: add more common macros to bpf_tracing_net.h Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 13/15] tools/bpf: selftests: implement sample tcp/tcp6 bpf_iter programs Yonghong Song
2020-06-23 6:56 ` Andrii Nakryiko
2020-06-23 15:03 ` Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 14/15] tools/bpf: add udp4/udp6 bpf iterator Yonghong Song
2020-06-23 6:57 ` Andrii Nakryiko
2020-06-23 15:03 ` Yonghong Song
2020-06-23 0:36 ` [PATCH bpf-next v3 15/15] bpf/selftests: add tcp/udp iterator programs to selftests Yonghong Song
2020-06-23 6:59 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623003627.3073022-1-yhs@fb.com \
--to=yhs@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kafai@fb.com \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.