Message ID | 1504217150-16151-2-git-send-email-dsahern@gmail.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Series | bpf: Add option to set mark and priority in cgroup sock programs | expand |
On 09/01/2017 12:05 AM, David Ahern wrote: > Add socket mark and priority to fields that can be set by > ebpf program when a socket is created. > > Signed-off-by: David Ahern <dsahern@gmail.com> > Acked-by: Alexei Starovoitov <ast@kernel.org> > --- > include/uapi/linux/bpf.h | 2 ++ > net/core/filter.c | 26 ++++++++++++++++++++++++++ > 2 files changed, 28 insertions(+) > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > index d46cf326b95f..e9c89e20adff 100644 > --- a/include/uapi/linux/bpf.h > +++ b/include/uapi/linux/bpf.h > @@ -758,6 +758,8 @@ struct bpf_sock { > __u32 family; > __u32 type; > __u32 protocol; > + __u32 mark; > + __u32 priority; > }; > > #define XDP_PACKET_HEADROOM 256 > diff --git a/net/core/filter.c b/net/core/filter.c > index c6a37fe0285b..f51b9690adf3 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -3455,6 +3455,10 @@ static bool sock_filter_is_valid_access(int off, int size, > switch (off) { > case offsetof(struct bpf_sock, bound_dev_if): > break; > + case offsetof(struct bpf_sock, mark): > + break; > + case offsetof(struct bpf_sock, priority): > + break; Can also be follow-up, but please do keep this consistent to all the other *_is_valid_access() helpers, meaning: switch (off) { case offsetof(struct bpf_sock, bound_dev_if): case offsetof(struct bpf_sock, mark): case offsetof(struct bpf_sock, priority): break; default: return false; } Rest: Acked-by: Daniel Borkmann <daniel@iogearbox.net>
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index d46cf326b95f..e9c89e20adff 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -758,6 +758,8 @@ struct bpf_sock { __u32 family; __u32 type; __u32 protocol; + __u32 mark; + __u32 priority; }; #define XDP_PACKET_HEADROOM 256 diff --git a/net/core/filter.c b/net/core/filter.c index c6a37fe0285b..f51b9690adf3 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3455,6 +3455,10 @@ static bool sock_filter_is_valid_access(int off, int size, switch (off) { case offsetof(struct bpf_sock, bound_dev_if): break; + case offsetof(struct bpf_sock, mark): + break; + case offsetof(struct bpf_sock, priority): + break; default: return false; } @@ -3958,6 +3962,28 @@ static u32 sock_filter_convert_ctx_access(enum bpf_access_type type, offsetof(struct sock, sk_bound_dev_if)); break; + case offsetof(struct bpf_sock, mark): + BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_mark) != 4); + + if (type == BPF_WRITE) + *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_mark)); + else + *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_mark)); + break; + + case offsetof(struct bpf_sock, priority): + BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_priority) != 4); + + if (type == BPF_WRITE) + *insn++ = BPF_STX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_priority)); + else + *insn++ = BPF_LDX_MEM(BPF_W, si->dst_reg, si->src_reg, + offsetof(struct sock, sk_priority)); + break; + case offsetof(struct bpf_sock, family): BUILD_BUG_ON(FIELD_SIZEOF(struct sock, sk_family) != 2);