kernel_optimize_test/net/ipv6
Andrey Ignatov 1cedee13d2 bpf: Hooks for sys_sendmsg
In addition to already existing BPF hooks for sys_bind and sys_connect,
the patch provides new hooks for sys_sendmsg.

It leverages existing BPF program type `BPF_PROG_TYPE_CGROUP_SOCK_ADDR`
that provides access to socket itlself (properties like family, type,
protocol) and user-passed `struct sockaddr *` so that BPF program can
override destination IP and port for system calls such as sendto(2) or
sendmsg(2) and/or assign source IP to the socket.

The hooks are implemented as two new attach types:
`BPF_CGROUP_UDP4_SENDMSG` and `BPF_CGROUP_UDP6_SENDMSG` for UDPv4 and
UDPv6 correspondingly.

UDPv4 and UDPv6 separate attach types for same reason as sys_bind and
sys_connect hooks, i.e. to prevent reading from / writing to e.g.
user_ip6 fields when user passes sockaddr_in since it'd be out-of-bound.

The difference with already existing hooks is sys_sendmsg are
implemented only for unconnected UDP.

For TCP it doesn't make sense to change user-provided `struct sockaddr *`
at sendto(2)/sendmsg(2) time since socket either was already connected
and has source/destination set or wasn't connected and call to
sendto(2)/sendmsg(2) would lead to ENOTCONN anyway.

Connected UDP is already handled by sys_connect hooks that can override
source/destination at connect time and use fast-path later, i.e. these
hooks don't affect UDP fast-path.

Rewriting source IP is implemented differently than that in sys_connect
hooks. When sys_sendmsg is used with unconnected UDP it doesn't work to
just bind socket to desired local IP address since source IP can be set
on per-packet basis by using ancillary data (cmsg(3)). So no matter if
socket is bound or not, source IP has to be rewritten on every call to
sys_sendmsg.

To do so two new fields are added to UAPI `struct bpf_sock_addr`;
* `msg_src_ip4` to set source IPv4 for UDPv4;
* `msg_src_ip6` to set source IPv6 for UDPv6.

Signed-off-by: Andrey Ignatov <rdna@fb.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-05-28 17:41:02 +02:00
..
ila net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-05-23 16:37:11 -04:00
addrconf_core.c net/ipv6: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
addrconf.c ipv6: addrconf: don't evaluate keep_addr_on_down twice 2018-04-25 13:03:37 -04:00
addrlabel.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
af_inet6.c net/ipv6: Add helper to return path MTU based on fib result 2018-05-22 10:51:09 +02:00
ah6.c
anycast.c net/ipv6: Remove aca_idev 2018-04-19 15:40:13 -04:00
calipso.c
datagram.c ipv6: add a wrapper for ip6_dst_store() with flowi6 checks 2018-04-04 11:31:57 -04:00
esp6_offload.c
esp6.c
exthdrs_core.c net: ipv6: Fix typo in ipv6_find_hdr() documentation 2018-05-07 23:50:27 -04:00
exthdrs_offload.c
exthdrs.c ipv6: Count interface receive statistics on the ingress netdev 2018-04-17 13:39:51 -04:00
fib6_notifier.c
fib6_rules.c net/ipv6: Add fib6_lookup 2018-05-11 00:10:56 +02:00
fou6.c
icmp.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c net/ipv6: Simplify route replace and appending into multipath route 2018-05-22 14:44:18 -04:00
ip6_flowlabel.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-21 16:01:54 -04:00
ip6_icmp.c
ip6_input.c ipv6: Count interface receive statistics on the ingress netdev 2018-04-17 13:39:51 -04:00
ip6_offload.c udp: add udp gso 2018-04-26 15:07:42 -04:00
ip6_offload.h
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-21 16:01:54 -04:00
ip6_tunnel.c ip6_tunnel: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
ip6_udp_tunnel.c
ip6_vti.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-11 20:53:22 -04:00
ip6mr.c net: fib_rules: add extack support 2018-04-23 10:21:24 -04:00
ipcomp6.c
ipv6_sockglue.c
Kconfig bpf: Add IPv6 Segment Routing helpers 2018-05-24 11:57:35 +02:00
Makefile
mcast_snoop.c
mcast.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
mip6.c
ndisc.c net/ipv6: Rename fib6_info struct elements 2018-04-19 15:40:12 -04:00
netfilter.c
output_core.c
ping.c ipv6: allow to cache dst for a connected sk in ip6_sk_dst_lookup_flow() 2018-04-04 11:31:57 -04:00
proc.c inet: frags: break the 2GB limit for frags storage 2018-03-31 23:25:39 -04:00
protocol.c
raw.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
reassembly.c ipv6: frags: fix a lockdep false positive 2018-04-18 23:19:39 -04:00
route.c net/ipv6: Udate fib6_table_lookup tracepoint 2018-05-24 23:01:15 -04:00
seg6_hmac.c
seg6_iptunnel.c ipv6: sr: extract the right key values for "seg6_make_flowlabel" 2018-04-30 12:13:43 -04:00
seg6_local.c ipv6: sr: Add seg6local action End.BPF 2018-05-24 11:57:36 +02:00
seg6.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
sit.c ipv6: sit: better validate user provided tunnel names 2018-04-05 15:16:15 -04:00
syncookies.c net/ipv4: disable SMC TCP option with SYN Cookies 2018-03-25 20:53:54 -04:00
sysctl_net_ipv6.c ipv6: sr: Compute flowlabel for outer IPv6 header of seg6 encap mode 2018-04-25 13:02:15 -04:00
tcp_ipv6.c tcp: Add mark for TIMEWAIT sockets 2018-05-10 17:44:52 -04:00
tcpv6_offload.c
tunnel6.c
udp_impl.h
udp_offload.c udp: Add support for software checksum and GSO_PARTIAL with GSO offload 2018-05-08 22:30:06 -04:00
udp.c bpf: Hooks for sys_sendmsg 2018-05-28 17:41:02 +02:00
udplite.c net: Drop pernet_operations::async 2018-03-27 13:18:09 -04:00
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c net/ipv6: Remove unused code and variables for rt6_info 2018-04-17 23:41:18 -04:00
xfrm6_protocol.c
xfrm6_state.c xfrm: remove VLA usage in __xfrm6_sort() 2018-04-26 07:51:48 +02:00
xfrm6_tunnel.c xfrm: Fix warning in xfrm6_tunnel_net_exit. 2018-04-16 07:50:09 +02:00