Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5b26ace6 authored by Daniel Borkmann's avatar Daniel Borkmann
Browse files

Merge branch 'bpf-sock-hashmap' 



John Fastabend says:

====================
In the original sockmap implementation we got away with using an
array similar to devmap. However, unlike devmap where an ifindex
has a nice 1:1 function into the map we have found some use cases
with sockets that need to be referenced using longer keys.

This series adds support for a sockhash map reusing as much of
the sockmap code as possible. I made the decision to add sockhash
specific helpers vs trying to generalize the existing helpers
because (a) they have sockmap in the name and (b) the keys are
different types. I prefer to be explicit here rather than play
type games or do something else tricky.

To test this we duplicate all the sockmap testing except swap out
the sockmap with a sockhash.

v2: fix file stats and add v2 tag
v3: move tool updates into test patch, move bpftool updates into
    its own patch, and fixup the test patch stats to catch the
    renamed file and provide only diffs ± on that.
v4: Add documentation to UAPI bpf.h
v5: Add documentation to tools UAPI bpf.h
v6: 'git add' test_sockhash_kern.c which was previously missing
    but was not causing issues because of typo in test script,
    noticed by Daniel. After this the git format-patch -M option
    no longer tracks the rename of the test_sockmap_kern files for
    some reason. I guess the diff has exceeded some threshold.
====================

Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parents f2467c2d 62c52d1f

include/linux/bpf.h

+8 −0
Original line number Diff line number Diff line
@@ -668,6 +668,7 @@ static inline void bpf_map_offload_map_free(struct bpf_map *map) 


#if defined(CONFIG_STREAM_PARSER) && defined(CONFIG_BPF_SYSCALL) && defined(CONFIG_INET)

struct sock  *__sock_map_lookup_elem(struct bpf_map *map, u32 key);

struct sock  *__sock_hash_lookup_elem(struct bpf_map *map, void *key);

int sock_map_prog(struct bpf_map *map, struct bpf_prog *prog, u32 type);

#else

static inline struct sock  *__sock_map_lookup_elem(struct bpf_map *map, u32 key)
@@ -675,6 +676,12 @@ static inline struct sock *__sock_map_lookup_elem(struct bpf_map *map, u32 key) 
	return NULL;

}



static inline struct sock  *__sock_hash_lookup_elem(struct bpf_map *map,

						    void *key)

{

	return NULL;

}



static inline int sock_map_prog(struct bpf_map *map,

				struct bpf_prog *prog,

				u32 type)
@@ -724,6 +731,7 @@ extern const struct bpf_func_proto bpf_get_current_comm_proto; 
extern const struct bpf_func_proto bpf_get_stackid_proto;

extern const struct bpf_func_proto bpf_get_stack_proto;

extern const struct bpf_func_proto bpf_sock_map_update_proto;

extern const struct bpf_func_proto bpf_sock_hash_update_proto;



/* Shared helpers among cBPF and eBPF. */

void bpf_user_rnd_init_once(void);

include/linux/bpf_types.h

+1 −0
Original line number Diff line number Diff line
@@ -47,6 +47,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_HASH_OF_MAPS, htab_of_maps_map_ops) 
BPF_MAP_TYPE(BPF_MAP_TYPE_DEVMAP, dev_map_ops)

#if defined(CONFIG_STREAM_PARSER) && defined(CONFIG_INET)

BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKMAP, sock_map_ops)

BPF_MAP_TYPE(BPF_MAP_TYPE_SOCKHASH, sock_hash_ops)

#endif

BPF_MAP_TYPE(BPF_MAP_TYPE_CPUMAP, cpu_map_ops)

#if defined(CONFIG_XDP_SOCKETS)

include/linux/filter.h

+1 −2
Original line number Diff line number Diff line
@@ -515,9 +515,8 @@ struct sk_msg_buff { 
	int sg_end;

	struct scatterlist sg_data[MAX_SKB_FRAGS];

	bool sg_copy[MAX_SKB_FRAGS];

	__u32 key;

	__u32 flags;

	struct bpf_map *map;

	struct sock *sk_redir;

	struct sk_buff *skb;

	struct list_head list;

};

include/net/tcp.h

+1 −2
Original line number Diff line number Diff line
@@ -814,9 +814,8 @@ struct tcp_skb_cb { 
#endif

		} header;	/* For incoming skbs */

		struct {

			__u32 key;

			__u32 flags;

			struct bpf_map *map;

			struct sock *sk_redir;

			void *data_end;

		} bpf;

	};

include/uapi/linux/bpf.h

+52 −2
Original line number Diff line number Diff line
@@ -118,6 +118,7 @@ enum bpf_map_type { 
	BPF_MAP_TYPE_SOCKMAP,

	BPF_MAP_TYPE_CPUMAP,

	BPF_MAP_TYPE_XSKMAP,

	BPF_MAP_TYPE_SOCKHASH,

};



enum bpf_prog_type {
@@ -1828,7 +1829,6 @@ union bpf_attr { 
 * 	Return

 * 		0 on success, or a negative error in case of failure.

 *

 *

 * int bpf_fib_lookup(void *ctx, struct bpf_fib_lookup *params, int plen, u32 flags)

 *	Description

 *		Do FIB lookup in kernel tables using parameters in *params*.
@@ -1855,6 +1855,53 @@ union bpf_attr { 
 *             Egress device index on success, 0 if packet needs to continue

 *             up the stack for further processing or a negative error in case

 *             of failure.

 *

 * int bpf_sock_hash_update(struct bpf_sock_ops_kern *skops, struct bpf_map *map, void *key, u64 flags)

 *	Description

 *		Add an entry to, or update a sockhash *map* referencing sockets.

 *		The *skops* is used as a new value for the entry associated to

 *		*key*. *flags* is one of:

 *

 *		**BPF_NOEXIST**

 *			The entry for *key* must not exist in the map.

 *		**BPF_EXIST**

 *			The entry for *key* must already exist in the map.

 *		**BPF_ANY**

 *			No condition on the existence of the entry for *key*.

 *

 *		If the *map* has eBPF programs (parser and verdict), those will

 *		be inherited by the socket being added. If the socket is

 *		already attached to eBPF programs, this results in an error.

 *	Return

 *		0 on success, or a negative error in case of failure.

 *

 * int bpf_msg_redirect_hash(struct sk_msg_buff *msg, struct bpf_map *map, void *key, u64 flags)

 *	Description

 *		This helper is used in programs implementing policies at the

 *		socket level. If the message *msg* is allowed to pass (i.e. if

 *		the verdict eBPF program returns **SK_PASS**), redirect it to

 *		the socket referenced by *map* (of type

 *		**BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and

 *		egress interfaces can be used for redirection. The

 *		**BPF_F_INGRESS** value in *flags* is used to make the

 *		distinction (ingress path is selected if the flag is present,

 *		egress path otherwise). This is the only flag supported for now.

 *	Return

 *		**SK_PASS** on success, or **SK_DROP** on error.

 *

 * int bpf_sk_redirect_hash(struct sk_buff *skb, struct bpf_map *map, void *key, u64 flags)

 *	Description

 *		This helper is used in programs implementing policies at the

 *		skb socket level. If the sk_buff *skb* is allowed to pass (i.e.

 *		if the verdeict eBPF program returns **SK_PASS**), redirect it

 *		to the socket referenced by *map* (of type

 *		**BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and

 *		egress interfaces can be used for redirection. The

 *		**BPF_F_INGRESS** value in *flags* is used to make the

 *		distinction (ingress path is selected if the flag is present,

 *		egress otherwise). This is the only flag supported for now.

 *	Return

 *		**SK_PASS** on success, or **SK_DROP** on error.

 */

#define __BPF_FUNC_MAPPER(FN)		\

	FN(unspec),			\
@@ -1926,7 +1973,10 @@ union bpf_attr { 
	FN(skb_get_xfrm_state),		\

	FN(get_stack),			\

	FN(skb_load_bytes_relative),	\

	FN(fib_lookup),

	FN(fib_lookup),			\

	FN(sock_hash_update),		\

	FN(msg_redirect_hash),		\

	FN(sk_redirect_hash),



/* integer value in 'imm' field of BPF_CALL instruction selects which helper

 * function eBPF program intends to call