Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6c49e65e authored by Andrey Ignatov's avatar Andrey Ignatov Committed by Alexei Starovoitov
Browse files

bpf: Support socket lookup in CGROUP_SOCK_ADDR progs 



Make bpf_sk_lookup_tcp, bpf_sk_lookup_udp and bpf_sk_release helpers
available in programs of type BPF_PROG_TYPE_CGROUP_SOCK_ADDR.

Such programs operate on sockets and have access to socket and struct
sockaddr passed by user to system calls such as sys_bind, sys_connect,
sys_sendmsg.

It's useful to be able to lookup other sockets from these programs.
E.g. sys_connect may lookup IP:port endpoint and if there is a server
socket bound to that endpoint ("server" can be defined by saddr & sport
being zero), redirect client connection to it by rewriting IP:port in
sockaddr passed to sys_connect.

Signed-off-by: default avatarAndrey Ignatov <rdna@fb.com>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent cac6cc2f

net/core/filter.c

+45 −0
Original line number Diff line number Diff line
@@ -5042,6 +5042,43 @@ static const struct bpf_func_proto bpf_xdp_sk_lookup_tcp_proto = { 
	.arg4_type      = ARG_ANYTHING,

	.arg5_type      = ARG_ANYTHING,

};



BPF_CALL_5(bpf_sock_addr_sk_lookup_tcp, struct bpf_sock_addr_kern *, ctx,

	   struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)

{

	return __bpf_sk_lookup(NULL, tuple, len, sock_net(ctx->sk), 0,

			       IPPROTO_TCP, netns_id, flags);

}



static const struct bpf_func_proto bpf_sock_addr_sk_lookup_tcp_proto = {

	.func		= bpf_sock_addr_sk_lookup_tcp,

	.gpl_only	= false,

	.ret_type	= RET_PTR_TO_SOCKET_OR_NULL,

	.arg1_type	= ARG_PTR_TO_CTX,

	.arg2_type	= ARG_PTR_TO_MEM,

	.arg3_type	= ARG_CONST_SIZE,

	.arg4_type	= ARG_ANYTHING,

	.arg5_type	= ARG_ANYTHING,

};



BPF_CALL_5(bpf_sock_addr_sk_lookup_udp, struct bpf_sock_addr_kern *, ctx,

	   struct bpf_sock_tuple *, tuple, u32, len, u64, netns_id, u64, flags)

{

	return __bpf_sk_lookup(NULL, tuple, len, sock_net(ctx->sk), 0,

			       IPPROTO_UDP, netns_id, flags);

}



static const struct bpf_func_proto bpf_sock_addr_sk_lookup_udp_proto = {

	.func		= bpf_sock_addr_sk_lookup_udp,

	.gpl_only	= false,

	.ret_type	= RET_PTR_TO_SOCKET_OR_NULL,

	.arg1_type	= ARG_PTR_TO_CTX,

	.arg2_type	= ARG_PTR_TO_MEM,

	.arg3_type	= ARG_CONST_SIZE,

	.arg4_type	= ARG_ANYTHING,

	.arg5_type	= ARG_ANYTHING,

};



#endif /* CONFIG_INET */



bool bpf_helper_changes_pkt_data(void *func)
@@ -5148,6 +5185,14 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) 
		return &bpf_get_socket_cookie_sock_addr_proto;

	case BPF_FUNC_get_local_storage:

		return &bpf_get_local_storage_proto;

#ifdef CONFIG_INET

	case BPF_FUNC_sk_lookup_tcp:

		return &bpf_sock_addr_sk_lookup_tcp_proto;

	case BPF_FUNC_sk_lookup_udp:

		return &bpf_sock_addr_sk_lookup_udp_proto;

	case BPF_FUNC_sk_release:

		return &bpf_sk_release_proto;

#endif /* CONFIG_INET */

	default:

		return bpf_base_func_proto(func_id);

	}