Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4018ab18 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller
Browse files

bpf: support flow label for bpf_skb_{set, get}_tunnel_key 



This patch extends bpf_tunnel_key with a tunnel_label member, that maps
to ip_tunnel_key's label so underlying backends like vxlan and geneve
can propagate the label to udp_tunnel6_xmit_skb(), where it's being set
in the IPv6 header. It allows for having 20 more bits to encode/decode
flow related meta information programmatically. Tested with vxlan and
geneve.

Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8eb3b995

include/uapi/linux/bpf.h

+1 −0
Original line number Diff line number Diff line
@@ -375,6 +375,7 @@ struct bpf_tunnel_key { 
	};

	__u8 tunnel_tos;

	__u8 tunnel_ttl;

	__u32 tunnel_label;

};



#endif /* _UAPI__LINUX_BPF_H__ */

net/core/filter.c

+12 −2
Original line number Diff line number Diff line
@@ -1770,12 +1770,15 @@ static u64 bpf_skb_get_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5) 
		return -EPROTO;

	if (unlikely(size != sizeof(struct bpf_tunnel_key))) {

		switch (size) {

		case offsetof(struct bpf_tunnel_key, tunnel_label):

			goto set_compat;

		case offsetof(struct bpf_tunnel_key, remote_ipv6[1]):

			/* Fixup deprecated structure layouts here, so we have

			 * a common path later on.

			 */

			if (ip_tunnel_info_af(info) != AF_INET)

				return -EINVAL;

set_compat:

			to = (struct bpf_tunnel_key *)compat;

			break;

		default:
@@ -1787,11 +1790,13 @@ static u64 bpf_skb_get_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5) 
	to->tunnel_tos = info->key.tos;

	to->tunnel_ttl = info->key.ttl;



	if (flags & BPF_F_TUNINFO_IPV6)

	if (flags & BPF_F_TUNINFO_IPV6) {

		memcpy(to->remote_ipv6, &info->key.u.ipv6.src,

		       sizeof(to->remote_ipv6));

	else

		to->tunnel_label = be32_to_cpu(info->key.label);

	} else {

		to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src);

	}



	if (unlikely(size != sizeof(struct bpf_tunnel_key)))

		memcpy((void *)(long) r2, to, size);
@@ -1850,6 +1855,7 @@ static u64 bpf_skb_set_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5) 
		return -EINVAL;

	if (unlikely(size != sizeof(struct bpf_tunnel_key))) {

		switch (size) {

		case offsetof(struct bpf_tunnel_key, tunnel_label):

		case offsetof(struct bpf_tunnel_key, remote_ipv6[1]):

			/* Fixup deprecated structure layouts here, so we have

			 * a common path later on.
@@ -1862,6 +1868,8 @@ static u64 bpf_skb_set_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5) 
			return -EINVAL;

		}

	}

	if (unlikely(!(flags & BPF_F_TUNINFO_IPV6) && from->tunnel_label))

		return -EINVAL;



	skb_dst_drop(skb);

	dst_hold((struct dst_entry *) md);
@@ -1882,6 +1890,8 @@ static u64 bpf_skb_set_tunnel_key(u64 r1, u64 r2, u64 size, u64 flags, u64 r5) 
		info->mode |= IP_TUNNEL_INFO_IPV6;

		memcpy(&info->key.u.ipv6.dst, from->remote_ipv6,

		       sizeof(from->remote_ipv6));

		info->key.label = cpu_to_be32(from->tunnel_label) &

				  IPV6_FLOWLABEL_MASK;

	} else {

		info->key.u.ipv4.dst = cpu_to_be32(from->remote_ipv4);

		if (flags & BPF_F_ZERO_CSUM_TX)