Message ID | 20230426085122.376768-2-gilad9366@gmail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 6e98730bc0b44acaf86eccc75f823128aa9c9e79 |
Headers | show |
Series | Socket lookup BPF API from tc/xdp ingress does not respect VRF bindings. | expand |
On 04/26, Gilad Sever wrote: > Change BPF helper socket lookup functions to use TC specific variants: > bpf_tc_sk_lookup_tcp() / bpf_tc_sk_lookup_udp() / bpf_tc_skc_lookup_tcp() > instead of sharing implementation with the cg / sk_skb hooking points. > This allows introducing a separate logic for the TC flow. > > The tc functions are identical to the original code. > > Reviewed-by: Shmulik Ladkani <shmulik.ladkani@gmail.com> > Reviewed-by: Eyal Birger <eyal.birger@gmail.com> > Signed-off-by: Gilad Sever <gilad9366@gmail.com> Acked-by: Stanislav Fomichev <sdf@google.com> > --- > net/core/filter.c | 63 ++++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 60 insertions(+), 3 deletions(-) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 1d6f165923bf..5910956f4e0d 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -6701,6 +6701,63 @@ static const struct bpf_func_proto bpf_sk_lookup_udp_proto = { > .arg5_type = ARG_ANYTHING, > }; > > +BPF_CALL_5(bpf_tc_skc_lookup_tcp, struct sk_buff *, skb, > + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) > +{ > + return (unsigned long)bpf_skc_lookup(skb, tuple, len, IPPROTO_TCP, > + netns_id, flags); > +} > + > +static const struct bpf_func_proto bpf_tc_skc_lookup_tcp_proto = { > + .func = bpf_tc_skc_lookup_tcp, > + .gpl_only = false, > + .pkt_access = true, > + .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, > + .arg1_type = ARG_PTR_TO_CTX, > + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, > + .arg3_type = ARG_CONST_SIZE, > + .arg4_type = ARG_ANYTHING, > + .arg5_type = ARG_ANYTHING, > +}; > + > +BPF_CALL_5(bpf_tc_sk_lookup_tcp, struct sk_buff *, skb, > + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) > +{ > + return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_TCP, > + netns_id, flags); > +} > + > +static const struct bpf_func_proto bpf_tc_sk_lookup_tcp_proto = { > + .func = bpf_tc_sk_lookup_tcp, > + .gpl_only = false, > + .pkt_access = true, > + .ret_type = RET_PTR_TO_SOCKET_OR_NULL, > + .arg1_type = ARG_PTR_TO_CTX, > + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, > + .arg3_type = ARG_CONST_SIZE, > + .arg4_type = ARG_ANYTHING, > + .arg5_type = ARG_ANYTHING, > +}; > + > +BPF_CALL_5(bpf_tc_sk_lookup_udp, struct sk_buff *, skb, > + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) > +{ > + return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_UDP, > + netns_id, flags); > +} > + > +static const struct bpf_func_proto bpf_tc_sk_lookup_udp_proto = { > + .func = bpf_tc_sk_lookup_udp, > + .gpl_only = false, > + .pkt_access = true, > + .ret_type = RET_PTR_TO_SOCKET_OR_NULL, > + .arg1_type = ARG_PTR_TO_CTX, > + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, > + .arg3_type = ARG_CONST_SIZE, > + .arg4_type = ARG_ANYTHING, > + .arg5_type = ARG_ANYTHING, > +}; > + > BPF_CALL_1(bpf_sk_release, struct sock *, sk) > { > if (sk && sk_is_refcounted(sk)) > @@ -7954,9 +8011,9 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > #endif > #ifdef CONFIG_INET > case BPF_FUNC_sk_lookup_tcp: > - return &bpf_sk_lookup_tcp_proto; > + return &bpf_tc_sk_lookup_tcp_proto; > case BPF_FUNC_sk_lookup_udp: > - return &bpf_sk_lookup_udp_proto; > + return &bpf_tc_sk_lookup_udp_proto; > case BPF_FUNC_sk_release: > return &bpf_sk_release_proto; > case BPF_FUNC_tcp_sock: > @@ -7964,7 +8021,7 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > case BPF_FUNC_get_listener_sock: > return &bpf_get_listener_sock_proto; > case BPF_FUNC_skc_lookup_tcp: > - return &bpf_skc_lookup_tcp_proto; > + return &bpf_tc_skc_lookup_tcp_proto; > case BPF_FUNC_tcp_check_syncookie: > return &bpf_tcp_check_syncookie_proto; > case BPF_FUNC_skb_ecn_set_ce: > -- > 2.34.1 >
diff --git a/net/core/filter.c b/net/core/filter.c index 1d6f165923bf..5910956f4e0d 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6701,6 +6701,63 @@ static const struct bpf_func_proto bpf_sk_lookup_udp_proto = { .arg5_type = ARG_ANYTHING, }; +BPF_CALL_5(bpf_tc_skc_lookup_tcp, struct sk_buff *, skb, + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) +{ + return (unsigned long)bpf_skc_lookup(skb, tuple, len, IPPROTO_TCP, + netns_id, flags); +} + +static const struct bpf_func_proto bpf_tc_skc_lookup_tcp_proto = { + .func = bpf_tc_skc_lookup_tcp, + .gpl_only = false, + .pkt_access = true, + .ret_type = RET_PTR_TO_SOCK_COMMON_OR_NULL, + .arg1_type = ARG_PTR_TO_CTX, + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, + .arg3_type = ARG_CONST_SIZE, + .arg4_type = ARG_ANYTHING, + .arg5_type = ARG_ANYTHING, +}; + +BPF_CALL_5(bpf_tc_sk_lookup_tcp, struct sk_buff *, skb, + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) +{ + return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_TCP, + netns_id, flags); +} + +static const struct bpf_func_proto bpf_tc_sk_lookup_tcp_proto = { + .func = bpf_tc_sk_lookup_tcp, + .gpl_only = false, + .pkt_access = true, + .ret_type = RET_PTR_TO_SOCKET_OR_NULL, + .arg1_type = ARG_PTR_TO_CTX, + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, + .arg3_type = ARG_CONST_SIZE, + .arg4_type = ARG_ANYTHING, + .arg5_type = ARG_ANYTHING, +}; + +BPF_CALL_5(bpf_tc_sk_lookup_udp, struct sk_buff *, skb, + struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags) +{ + return (unsigned long)bpf_sk_lookup(skb, tuple, len, IPPROTO_UDP, + netns_id, flags); +} + +static const struct bpf_func_proto bpf_tc_sk_lookup_udp_proto = { + .func = bpf_tc_sk_lookup_udp, + .gpl_only = false, + .pkt_access = true, + .ret_type = RET_PTR_TO_SOCKET_OR_NULL, + .arg1_type = ARG_PTR_TO_CTX, + .arg2_type = ARG_PTR_TO_MEM | MEM_RDONLY, + .arg3_type = ARG_CONST_SIZE, + .arg4_type = ARG_ANYTHING, + .arg5_type = ARG_ANYTHING, +}; + BPF_CALL_1(bpf_sk_release, struct sock *, sk) { if (sk && sk_is_refcounted(sk)) @@ -7954,9 +8011,9 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) #endif #ifdef CONFIG_INET case BPF_FUNC_sk_lookup_tcp: - return &bpf_sk_lookup_tcp_proto; + return &bpf_tc_sk_lookup_tcp_proto; case BPF_FUNC_sk_lookup_udp: - return &bpf_sk_lookup_udp_proto; + return &bpf_tc_sk_lookup_udp_proto; case BPF_FUNC_sk_release: return &bpf_sk_release_proto; case BPF_FUNC_tcp_sock: @@ -7964,7 +8021,7 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) case BPF_FUNC_get_listener_sock: return &bpf_get_listener_sock_proto; case BPF_FUNC_skc_lookup_tcp: - return &bpf_skc_lookup_tcp_proto; + return &bpf_tc_skc_lookup_tcp_proto; case BPF_FUNC_tcp_check_syncookie: return &bpf_tcp_check_syncookie_proto; case BPF_FUNC_skb_ecn_set_ce: