bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap
This patch adds all needed plumbing in preparation to allowing bpf programs to do IP encapping via bpf_lwt_push_encap. Actual implementation is added in the next patch in the patchset. Of note: - bpf_lwt_push_encap can now be called from BPF_PROG_TYPE_LWT_XMIT prog types in addition to BPF_PROG_TYPE_LWT_IN; - if the skb being encapped has GSO set, encapsulation is limited to IPIP/IP+GRE/IP+GUE (both IPv4 and IPv6); - as route lookups are different for ingress vs egress, the single external bpf_lwt_push_encap BPF helper is routed internally to either bpf_lwt_in_push_encap or bpf_lwt_xmit_push_encap BPF_CALLs, depending on prog type. v8 changes: fixed a typo. Signed-off-by: Peter Oskolkov <posk@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Peter Oskolkov
committed by
Alexei Starovoitov
Alexei Starovoitov
parent
dd27c2e3d0
commit
3e0bd37ce0
@@ -2016,6 +2016,19 @@ union bpf_attr {
|
||||
* Only works if *skb* contains an IPv6 packet. Insert a
|
||||
* Segment Routing Header (**struct ipv6_sr_hdr**) inside
|
||||
* the IPv6 header.
|
||||
* **BPF_LWT_ENCAP_IP**
|
||||
* IP encapsulation (GRE/GUE/IPIP/etc). The outer header
|
||||
* must be IPv4 or IPv6, followed by zero or more
|
||||
* additional headers, up to LWT_BPF_MAX_HEADROOM total
|
||||
* bytes in all prepended headers. Please note that
|
||||
* if skb_is_gso(skb) is true, no more than two headers
|
||||
* can be prepended, and the inner header, if present,
|
||||
* should be either GRE or UDP/GUE.
|
||||
*
|
||||
* BPF_LWT_ENCAP_SEG6*** types can be called by bpf programs of
|
||||
* type BPF_PROG_TYPE_LWT_IN; BPF_LWT_ENCAP_IP type can be called
|
||||
* by bpf programs of types BPF_PROG_TYPE_LWT_IN and
|
||||
* BPF_PROG_TYPE_LWT_XMIT.
|
||||
*
|
||||
* A call to this helper is susceptible to change the underlaying
|
||||
* packet buffer. Therefore, at load time, all checks on pointers
|
||||
@@ -2517,7 +2530,8 @@ enum bpf_hdr_start_off {
|
||||
/* Encapsulation type for BPF_FUNC_lwt_push_encap helper. */
|
||||
enum bpf_lwt_encap_mode {
|
||||
BPF_LWT_ENCAP_SEG6,
|
||||
BPF_LWT_ENCAP_SEG6_INLINE
|
||||
BPF_LWT_ENCAP_SEG6_INLINE,
|
||||
BPF_LWT_ENCAP_IP,
|
||||
};
|
||||
|
||||
#define __bpf_md_ptr(type, name) \
|
||||
@@ -2606,7 +2620,15 @@ enum bpf_ret_code {
|
||||
BPF_DROP = 2,
|
||||
/* 3-6 reserved */
|
||||
BPF_REDIRECT = 7,
|
||||
/* >127 are reserved for prog type specific return codes */
|
||||
/* >127 are reserved for prog type specific return codes.
|
||||
*
|
||||
* BPF_LWT_REROUTE: used by BPF_PROG_TYPE_LWT_IN and
|
||||
* BPF_PROG_TYPE_LWT_XMIT to indicate that skb had been
|
||||
* changed and should be routed based on its new L3 header.
|
||||
* (This is an L3 redirect, as opposed to L2 redirect
|
||||
* represented by BPF_REDIRECT above).
|
||||
*/
|
||||
BPF_LWT_REROUTE = 128,
|
||||
};
|
||||
|
||||
struct bpf_sock {
|
||||
|
||||
Reference in New Issue
Block a user