Skip to content

Commit d04fb13

Browse files
author
Alexei Starovoitov
committed
Merge branch 'sockmap_and_ktls'
Daniel Borkmann says: ==================== This work adds a generic sk_msg layer and converts both sockmap and later ktls over to make use of it as a common data structure for application data (similarly as sk_buff for network packets). With that in place the sk_msg framework spans accross ULP layer in the kernel and allows for introspection or filtering of L7 data with the help of BPF programs operating on a common input context. In a second step, we enable the latter for ktls which was previously not possible, meaning, ktls and sk_msg verdict programs were mutually exclusive in the ULP layer which created challenges for the orchestrator when trying to apply TCP based policy, for example. Leveraging the prior consolidation we can finally overcome this limitation. Note, there's no change in behavior when ktls is not used in combination with BPF, and also no change in behavior for stand alone sockmap. The kselftest suites for ktls, sockmap and ktls with sockmap combined also runs through successfully. For further details please see individual patches. Thanks! v1 -> v2: - Removed leftover comment spotted by Alexei - Improved commit messages, rebase ==================== Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 parents 67e89ac + eea0d2a commit d04fb13

File tree

27 files changed

+3666
-3392
lines changed

27 files changed

+3666
-3392
lines changed

MAINTAINERS

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8188,6 +8188,16 @@ S: Maintained
81888188
F: net/l3mdev
81898189
F: include/net/l3mdev.h
81908190

8191+
L7 BPF FRAMEWORK
8192+
M: John Fastabend <john.fastabend@gmail.com>
8193+
M: Daniel Borkmann <daniel@iogearbox.net>
8194+
L: netdev@vger.kernel.org
8195+
S: Maintained
8196+
F: include/linux/skmsg.h
8197+
F: net/core/skmsg.c
8198+
F: net/core/sock_map.c
8199+
F: net/ipv4/tcp_bpf.c
8200+
81918201
LANTIQ / INTEL Ethernet drivers
81928202
M: Hauke Mehrtens <hauke@hauke-m.de>
81938203
L: netdev@vger.kernel.org

include/linux/bpf.h

Lines changed: 11 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -737,33 +737,18 @@ static inline void bpf_map_offload_map_free(struct bpf_map *map)
737737
}
738738
#endif /* CONFIG_NET && CONFIG_BPF_SYSCALL */
739739

740-
#if defined(CONFIG_STREAM_PARSER) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_INET)
741-
struct sock *__sock_map_lookup_elem(struct bpf_map *map, u32 key);
742-
struct sock *__sock_hash_lookup_elem(struct bpf_map *map, void *key);
743-
int sock_map_prog(struct bpf_map *map, struct bpf_prog *prog, u32 type);
744-
int sockmap_get_from_fd(const union bpf_attr *attr, int type,
745-
struct bpf_prog *prog);
740+
#if defined(CONFIG_BPF_STREAM_PARSER)
741+
int sock_map_prog_update(struct bpf_map *map, struct bpf_prog *prog, u32 which);
742+
int sock_map_get_from_fd(const union bpf_attr *attr, struct bpf_prog *prog);
746743
#else
747-
static inline struct sock *__sock_map_lookup_elem(struct bpf_map *map, u32 key)
748-
{
749-
return NULL;
750-
}
751-
752-
static inline struct sock *__sock_hash_lookup_elem(struct bpf_map *map,
753-
void *key)
754-
{
755-
return NULL;
756-
}
757-
758-
static inline int sock_map_prog(struct bpf_map *map,
759-
struct bpf_prog *prog,
760-
u32 type)
744+
static inline int sock_map_prog_update(struct bpf_map *map,
745+
struct bpf_prog *prog, u32 which)
761746
{
762747
return -EOPNOTSUPP;
763748
}
764749

765-
static inline int sockmap_get_from_fd(const union bpf_attr *attr, int type,
766-
struct bpf_prog *prog)
750+
static inline int sock_map_get_from_fd(const union bpf_attr *attr,
751+
struct bpf_prog *prog)
767752
{
768753
return -EINVAL;
769754
}
@@ -839,6 +824,10 @@ extern const struct bpf_func_proto bpf_get_stack_proto;
839824
extern const struct bpf_func_proto bpf_sock_map_update_proto;
840825
extern const struct bpf_func_proto bpf_sock_hash_update_proto;
841826
extern const struct bpf_func_proto bpf_get_current_cgroup_id_proto;
827+
extern const struct bpf_func_proto bpf_msg_redirect_hash_proto;
828+
extern const struct bpf_func_proto bpf_msg_redirect_map_proto;
829+
extern const struct bpf_func_proto bpf_sk_redirect_hash_proto;
830+
extern const struct bpf_func_proto bpf_sk_redirect_map_proto;
842831

843832
extern const struct bpf_func_proto bpf_get_local_storage_proto;
844833

include/linux/bpf_types.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_ARRAY_OF_MAPS, array_of_maps_map_ops)
5757
BPF_MAP_TYPE(BPF_MAP_TYPE_HASH_OF_MAPS, htab_of_maps_map_ops)
5858
#ifdef CONFIG_NET
5959
BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP, dev_map_ops)
60-
#if defined(CONFIG_STREAM_PARSER) && defined(CONFIG_INET)
60+
#if defined(CONFIG_BPF_STREAM_PARSER)
6161
BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKMAP, sock_map_ops)
6262
BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKHASH, sock_hash_ops)
6363
#endif

include/linux/filter.h

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -520,24 +520,6 @@ struct bpf_skb_data_end {
520520
void *data_end;
521521
};
522522

523-
struct sk_msg_buff {
524-
void *data;
525-
void *data_end;
526-
__u32 apply_bytes;
527-
__u32 cork_bytes;
528-
int sg_copybreak;
529-
int sg_start;
530-
int sg_curr;
531-
int sg_end;
532-
struct scatterlist sg_data[MAX_SKB_FRAGS];
533-
bool sg_copy[MAX_SKB_FRAGS];
534-
__u32 flags;
535-
struct sock *sk_redir;
536-
struct sock *sk;
537-
struct sk_buff *skb;
538-
struct list_head list;
539-
};
540-
541523
struct bpf_redirect_info {
542524
u32 ifindex;
543525
u32 flags;
@@ -833,9 +815,6 @@ void xdp_do_flush_map(void);
833815

834816
void bpf_warn_invalid_xdp_action(u32 act);
835817

836-
struct sock *do_sk_redirect_map(struct sk_buff *skb);
837-
struct sock *do_msg_redirect_map(struct sk_msg_buff *md);
838-
839818
#ifdef CONFIG_INET
840819
struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
841820
struct bpf_prog *prog, struct sk_buff *skb,

0 commit comments

Comments
 (0)