* [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions
@ 2018-08-30 14:51 Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 1/2] new options for bpf_(set|get)sockopt Nikita V. Shirokov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Nikita V. Shirokov @ 2018-08-30 14:51 UTC (permalink / raw)
To: ast, brakmo, daniel; +Cc: netdev, Nikita V. Shirokov
adding supprot for two new bpf's tcp sockopts:
TCP_SAVE_SYN (set) and TCP_SAVED_SYN (get)
this would allow for tcp-bpf program to build some logic based on fields from
ingress syn packet (e.g. doing tcp's tos/tclass reflection (see sample prog))
and do it transparently from userspace program point of view
v2->v3:
- make patch series public
v1->v2:
- adding proper SPDX license
Nikita V. Shirokov (2):
new options for bpf_(set|get)sockopt
new sample bpf prog
net/core/filter.c | 25 +++++++--
samples/bpf/Makefile | 1 +
samples/bpf/tcp_tos_reflect_kern.c | 87 ++++++++++++++++++++++++++++++
3 files changed, 109 insertions(+), 4 deletions(-)
create mode 100644 samples/bpf/tcp_tos_reflect_kern.c
--
2.17.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v3 bpf-next 1/2] new options for bpf_(set|get)sockopt
2018-08-30 14:51 [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Nikita V. Shirokov
@ 2018-08-30 14:51 ` Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 2/2] new sample bpf prog Nikita V. Shirokov
2018-08-31 3:00 ` [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Nikita V. Shirokov @ 2018-08-30 14:51 UTC (permalink / raw)
To: ast, brakmo, daniel; +Cc: netdev, Nikita V. Shirokov
adding support for two new bpf's get/set sockopts: TCP_SAVE_SYN (set)
and TCP_SAVED_SYN (get). this would allow for bpf program to build
logic based on data from ingress SYN packet
Signed-off-by: Nikita V. Shirokov <tehnerd@fb•com>
---
net/core/filter.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index c25eb36f1320..feb578506009 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4007,6 +4007,12 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
tp->snd_ssthresh = val;
}
break;
+ case TCP_SAVE_SYN:
+ if (val < 0 || val > 1)
+ ret = -EINVAL;
+ else
+ tp->save_syn = val;
+ break;
default:
ret = -EINVAL;
}
@@ -4032,21 +4038,32 @@ static const struct bpf_func_proto bpf_setsockopt_proto = {
BPF_CALL_5(bpf_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,
int, level, int, optname, char *, optval, int, optlen)
{
+ struct inet_connection_sock *icsk;
struct sock *sk = bpf_sock->sk;
+ struct tcp_sock *tp;
if (!sk_fullsock(sk))
goto err_clear;
-
#ifdef CONFIG_INET
if (level == SOL_TCP && sk->sk_prot->getsockopt == tcp_getsockopt) {
- if (optname == TCP_CONGESTION) {
- struct inet_connection_sock *icsk = inet_csk(sk);
+ switch (optname) {
+ case TCP_CONGESTION:
+ icsk = inet_csk(sk);
if (!icsk->icsk_ca_ops || optlen <= 1)
goto err_clear;
strncpy(optval, icsk->icsk_ca_ops->name, optlen);
optval[optlen - 1] = 0;
- } else {
+ break;
+ case TCP_SAVED_SYN:
+ tp = tcp_sk(sk);
+
+ if (optlen <= 0 || !tp->saved_syn ||
+ optlen > tp->saved_syn[0])
+ goto err_clear;
+ memcpy(optval, tp->saved_syn + 1, optlen);
+ break;
+ default:
goto err_clear;
}
} else if (level == SOL_IP) {
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v3 bpf-next 2/2] new sample bpf prog
2018-08-30 14:51 [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 1/2] new options for bpf_(set|get)sockopt Nikita V. Shirokov
@ 2018-08-30 14:51 ` Nikita V. Shirokov
2018-08-31 3:00 ` [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Nikita V. Shirokov @ 2018-08-30 14:51 UTC (permalink / raw)
To: ast, brakmo, daniel; +Cc: netdev, Nikita V. Shirokov
sample program which shows TCP_SAVE_SYN/TCP_SAVED_SYN usage example:
bpf's program which is doing TOS/TCLASS reflection (server would reply
with a same TOS/TCLASS as client)
Signed-off-by: Nikita V. Shirokov <tehnerd@fb•com>
---
samples/bpf/Makefile | 1 +
samples/bpf/tcp_tos_reflect_kern.c | 87 ++++++++++++++++++++++++++++++
2 files changed, 88 insertions(+)
create mode 100644 samples/bpf/tcp_tos_reflect_kern.c
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index 36f9f41d094b..be0a961450bc 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -153,6 +153,7 @@ always += tcp_cong_kern.o
always += tcp_iw_kern.o
always += tcp_clamp_kern.o
always += tcp_basertt_kern.o
+always += tcp_tos_reflect_kern.o
always += xdp_redirect_kern.o
always += xdp_redirect_map_kern.o
always += xdp_redirect_cpu_kern.o
diff --git a/samples/bpf/tcp_tos_reflect_kern.c b/samples/bpf/tcp_tos_reflect_kern.c
new file mode 100644
index 000000000000..d51dab19eca6
--- /dev/null
+++ b/samples/bpf/tcp_tos_reflect_kern.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2018 Facebook
+ *
+ * BPF program to automatically reflect TOS option from received syn packet
+ *
+ * Use load_sock_ops to load this BPF program.
+ */
+
+#include <uapi/linux/bpf.h>
+#include <uapi/linux/tcp.h>
+#include <uapi/linux/if_ether.h>
+#include <uapi/linux/if_packet.h>
+#include <uapi/linux/ip.h>
+#include <uapi/linux/ipv6.h>
+#include <uapi/linux/in.h>
+#include <linux/socket.h>
+#include "bpf_helpers.h"
+#include "bpf_endian.h"
+
+#define DEBUG 1
+
+#define bpf_printk(fmt, ...) \
+({ \
+ char ____fmt[] = fmt; \
+ bpf_trace_printk(____fmt, sizeof(____fmt), \
+ ##__VA_ARGS__); \
+})
+
+SEC("sockops")
+int bpf_basertt(struct bpf_sock_ops *skops)
+{
+ char header[sizeof(struct ipv6hdr)];
+ struct ipv6hdr *hdr6;
+ struct iphdr *hdr;
+ int hdr_size = 0;
+ int save_syn = 1;
+ int tos = 0;
+ int rv = 0;
+ int op;
+
+ op = (int) skops->op;
+
+#ifdef DEBUG
+ bpf_printk("BPF command: %d\n", op);
+#endif
+ switch (op) {
+ case BPF_SOCK_OPS_TCP_LISTEN_CB:
+ rv = bpf_setsockopt(skops, SOL_TCP, TCP_SAVE_SYN,
+ &save_syn, sizeof(save_syn));
+ break;
+ case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
+ if (skops->family == AF_INET)
+ hdr_size = sizeof(struct iphdr);
+ else
+ hdr_size = sizeof(struct ipv6hdr);
+ rv = bpf_getsockopt(skops, SOL_TCP, TCP_SAVED_SYN,
+ header, hdr_size);
+ if (!rv) {
+ if (skops->family == AF_INET) {
+ hdr = (struct iphdr *) header;
+ tos = hdr->tos;
+ if (tos != 0)
+ bpf_setsockopt(skops, SOL_IP, IP_TOS,
+ &tos, sizeof(tos));
+ } else {
+ hdr6 = (struct ipv6hdr *) header;
+ tos = ((hdr6->priority) << 4 |
+ (hdr6->flow_lbl[0]) >> 4);
+ if (tos)
+ bpf_setsockopt(skops, SOL_IPV6,
+ IPV6_TCLASS,
+ &tos, sizeof(tos));
+ }
+ rv = 0;
+ }
+ break;
+ default:
+ rv = -1;
+ }
+#ifdef DEBUG
+ bpf_printk("Returning %d\n", rv);
+#endif
+ skops->reply = rv;
+ return 1;
+}
+char _license[] SEC("license") = "GPL";
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions
2018-08-30 14:51 [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 1/2] new options for bpf_(set|get)sockopt Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 2/2] new sample bpf prog Nikita V. Shirokov
@ 2018-08-31 3:00 ` Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Alexei Starovoitov @ 2018-08-31 3:00 UTC (permalink / raw)
To: Nikita V. Shirokov; +Cc: ast, brakmo, daniel, netdev
On Thu, Aug 30, 2018 at 07:51:52AM -0700, Nikita V. Shirokov wrote:
>
> adding supprot for two new bpf's tcp sockopts:
> TCP_SAVE_SYN (set) and TCP_SAVED_SYN (get)
> this would allow for tcp-bpf program to build some logic based on fields from
> ingress syn packet (e.g. doing tcp's tos/tclass reflection (see sample prog))
> and do it transparently from userspace program point of view
Applied, Thanks
but please convert the sample code into selftest.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-31 7:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-30 14:51 [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 1/2] new options for bpf_(set|get)sockopt Nikita V. Shirokov
2018-08-30 14:51 ` [PATCH v3 bpf-next 2/2] new sample bpf prog Nikita V. Shirokov
2018-08-31 3:00 ` [PATCH v3 bpf-next 0/2] bpf tcp save syn set/get sockoptions Alexei Starovoitov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox