@@ -141,6 +141,7 @@ enum bpf_prog_type {
141141 BPF_PROG_TYPE_SK_MSG ,
142142 BPF_PROG_TYPE_RAW_TRACEPOINT ,
143143 BPF_PROG_TYPE_CGROUP_SOCK_ADDR ,
144+ BPF_PROG_TYPE_LWT_SEG6LOCAL ,
144145};
145146
146147enum bpf_attach_type {
@@ -1902,6 +1903,90 @@ union bpf_attr {
19021903 * egress otherwise). This is the only flag supported for now.
19031904 * Return
19041905 * **SK_PASS** on success, or **SK_DROP** on error.
1906+ *
1907+ * int bpf_lwt_push_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len)
1908+ * Description
1909+ * Encapsulate the packet associated to *skb* within a Layer 3
1910+ * protocol header. This header is provided in the buffer at
1911+ * address *hdr*, with *len* its size in bytes. *type* indicates
1912+ * the protocol of the header and can be one of:
1913+ *
1914+ * **BPF_LWT_ENCAP_SEG6**
1915+ * IPv6 encapsulation with Segment Routing Header
1916+ * (**struct ipv6_sr_hdr**). *hdr* only contains the SRH,
1917+ * the IPv6 header is computed by the kernel.
1918+ * **BPF_LWT_ENCAP_SEG6_INLINE**
1919+ * Only works if *skb* contains an IPv6 packet. Insert a
1920+ * Segment Routing Header (**struct ipv6_sr_hdr**) inside
1921+ * the IPv6 header.
1922+ *
1923+ * A call to this helper is susceptible to change the underlaying
1924+ * packet buffer. Therefore, at load time, all checks on pointers
1925+ * previously done by the verifier are invalidated and must be
1926+ * performed again, if the helper is used in combination with
1927+ * direct packet access.
1928+ * Return
1929+ * 0 on success, or a negative error in case of failure.
1930+ *
1931+ * int bpf_lwt_seg6_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len)
1932+ * Description
1933+ * Store *len* bytes from address *from* into the packet
1934+ * associated to *skb*, at *offset*. Only the flags, tag and TLVs
1935+ * inside the outermost IPv6 Segment Routing Header can be
1936+ * modified through this helper.
1937+ *
1938+ * A call to this helper is susceptible to change the underlaying
1939+ * packet buffer. Therefore, at load time, all checks on pointers
1940+ * previously done by the verifier are invalidated and must be
1941+ * performed again, if the helper is used in combination with
1942+ * direct packet access.
1943+ * Return
1944+ * 0 on success, or a negative error in case of failure.
1945+ *
1946+ * int bpf_lwt_seg6_adjust_srh(struct sk_buff *skb, u32 offset, s32 delta)
1947+ * Description
1948+ * Adjust the size allocated to TLVs in the outermost IPv6
1949+ * Segment Routing Header contained in the packet associated to
1950+ * *skb*, at position *offset* by *delta* bytes. Only offsets
1951+ * after the segments are accepted. *delta* can be as well
1952+ * positive (growing) as negative (shrinking).
1953+ *
1954+ * A call to this helper is susceptible to change the underlaying
1955+ * packet buffer. Therefore, at load time, all checks on pointers
1956+ * previously done by the verifier are invalidated and must be
1957+ * performed again, if the helper is used in combination with
1958+ * direct packet access.
1959+ * Return
1960+ * 0 on success, or a negative error in case of failure.
1961+ *
1962+ * int bpf_lwt_seg6_action(struct sk_buff *skb, u32 action, void *param, u32 param_len)
1963+ * Description
1964+ * Apply an IPv6 Segment Routing action of type *action* to the
1965+ * packet associated to *skb*. Each action takes a parameter
1966+ * contained at address *param*, and of length *param_len* bytes.
1967+ * *action* can be one of:
1968+ *
1969+ * **SEG6_LOCAL_ACTION_END_X**
1970+ * End.X action: Endpoint with Layer-3 cross-connect.
1971+ * Type of *param*: **struct in6_addr**.
1972+ * **SEG6_LOCAL_ACTION_END_T**
1973+ * End.T action: Endpoint with specific IPv6 table lookup.
1974+ * Type of *param*: **int**.
1975+ * **SEG6_LOCAL_ACTION_END_B6**
1976+ * End.B6 action: Endpoint bound to an SRv6 policy.
1977+ * Type of param: **struct ipv6_sr_hdr**.
1978+ * **SEG6_LOCAL_ACTION_END_B6_ENCAP**
1979+ * End.B6.Encap action: Endpoint bound to an SRv6
1980+ * encapsulation policy.
1981+ * Type of param: **struct ipv6_sr_hdr**.
1982+ *
1983+ * A call to this helper is susceptible to change the underlaying
1984+ * packet buffer. Therefore, at load time, all checks on pointers
1985+ * previously done by the verifier are invalidated and must be
1986+ * performed again, if the helper is used in combination with
1987+ * direct packet access.
1988+ * Return
1989+ * 0 on success, or a negative error in case of failure.
19051990 */
19061991#define __BPF_FUNC_MAPPER (FN ) \
19071992 FN(unspec), \
@@ -1976,7 +2061,11 @@ union bpf_attr {
19762061 FN(fib_lookup), \
19772062 FN(sock_hash_update), \
19782063 FN(msg_redirect_hash), \
1979- FN(sk_redirect_hash),
2064+ FN(sk_redirect_hash), \
2065+ FN(lwt_push_encap), \
2066+ FN(lwt_seg6_store_bytes), \
2067+ FN(lwt_seg6_adjust_srh), \
2068+ FN(lwt_seg6_action),
19802069
19812070/* integer value in 'imm' field of BPF_CALL instruction selects which helper
19822071 * function eBPF program intends to call
@@ -2043,6 +2132,12 @@ enum bpf_hdr_start_off {
20432132 BPF_HDR_START_NET ,
20442133};
20452134
2135+ /* Encapsulation type for BPF_FUNC_lwt_push_encap helper. */
2136+ enum bpf_lwt_encap_mode {
2137+ BPF_LWT_ENCAP_SEG6 ,
2138+ BPF_LWT_ENCAP_SEG6_INLINE
2139+ };
2140+
20462141/* user accessible mirror of in-kernel sk_buff.
20472142 * new fields can only be added to the end of this structure
20482143 */
0 commit comments