From patchwork Tue Aug 11 09:35:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Rybowski X-Patchwork-Id: 1343225 X-Patchwork-Delegate: matthieu.baerts@tessares.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.01.org (client-ip=198.145.21.10; helo=ml01.01.org; envelope-from=mptcp-bounces@lists.01.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=tessares.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=tessares-net.20150623.gappssmtp.com header.i=@tessares-net.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=FKGO5kbj; dkim-atps=neutral Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BQnmN55QYz9sTM for ; Tue, 11 Aug 2020 19:37:08 +1000 (AEST) Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id A505312F10D19; Tue, 11 Aug 2020 02:37:06 -0700 (PDT) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::644; helo=mail-ej1-x644.google.com; envelope-from=nicolas.rybowski@tessares.net; receiver= Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D363912F088E3 for ; Tue, 11 Aug 2020 02:37:03 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id d6so12371621ejr.5 for ; Tue, 11 Aug 2020 02:37:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=feNQy4HaOBB3oHc8oiXYrtw1QKxUgNHYoWbfFfLPrhE=; b=FKGO5kbjNFy5+AQO/lN55aiDIAuW/zjfsNPGYtFBUuF7TeESj4YfUc/KiiO8xIvsjM 6Tl0SurNYdYeaix8zTXhb+4sV88d+MXgPwm5GiospwtOd0B9Mo0U2CCNJn8aEeMN5aF6 fdqYLPQJc/5nw8nylgk1RddvTgZJuQUMm5Ek9nHRsVV5TIgd0Xz6eNk4VQfPL0jxHenh TlMPzhIbEOQlBvqRwkp3lgfebT/1pyaujm1rRfUyxeeXsrD+W4MjeIWVzwHaAvucbvYi 2/BZ7YmjuJphF7LVnTMtY03KSe32kBAZ7Ua4E4pxv1PQ1Ic9wdTg6p3rzG/P0SbmQvuX exdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=feNQy4HaOBB3oHc8oiXYrtw1QKxUgNHYoWbfFfLPrhE=; b=i0/evWhNXt3xVKN4Dk8nXGyrUtWN5oL6+OGTxTQlNEv1MaRgwBPKuj0tBGEmJFndzI 9E6ohTEG6A0lIYYnaWJGCEmpK+tDqfmZFcwONZZInxFrbiVcAckiRn3l2wv1HENKNamR sKFHUo0lzl65g18rwshiGIQ/TUlfTI+AEPF7sFQWmDDIdSvrTdB0MuR+1ZtdIu6XYICl Nt0lF+owNGCfW/XhCdWwzqy9Ctn5DVMaZ7Y+i1G7t+osJV8VMrGMl3X5CzN87UAg1CDA xtbtgP2tvFJMbx3S0pYFMnOyJl1HQQunvGAyFOeOhrLHznaAp9QQ/BADHAyKP/IToGd0 UWJA== X-Gm-Message-State: AOAM5332QVqM99lMBG2WLNSFUrEMxGpdyCaah3CaIYzB/8dyalhK9mn6 Db0hiv0BKcufJqfqcikWQeOlaonB4vyfzg== X-Google-Smtp-Source: ABdhPJySjMsupEKrHKtegQhHzNMiVtqmGO5Pnbk0MJoCqGsJAOXMuRDISB3fR/iHta/72YZkmoRcDw== X-Received: by 2002:a17:906:5f8f:: with SMTP id a15mr20356426eju.291.1597138621873; Tue, 11 Aug 2020 02:37:01 -0700 (PDT) Received: from localhost.localdomain (223.60-242-81.adsl-dyn.isp.belgacom.be. [81.242.60.223]) by smtp.gmail.com with ESMTPSA id z10sm14649456eje.122.2020.08.11.02.37.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Aug 2020 02:37:01 -0700 (PDT) From: Nicolas Rybowski To: mptcp@lists.01.org Date: Tue, 11 Aug 2020 11:35:29 +0200 Message-Id: <20200811093531.27768-2-nicolas.rybowski@tessares.net> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200811093531.27768-1-nicolas.rybowski@tessares.net> References: <20200811093531.27768-1-nicolas.rybowski@tessares.net> MIME-Version: 1.0 Message-ID-Hash: RR2HYUZCIA2IP45H7ZUV2XO6GQ2EAHUK X-Message-ID-Hash: RR2HYUZCIA2IP45H7ZUV2XO6GQ2EAHUK X-MailFrom: nicolas.rybowski@tessares.net X-Mailman-Rule-Hits: member-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address CC: gregory.detal@tessares.net, Nicolas Rybowski X-Mailman-Version: 3.1.1 Precedence: list Subject: [MPTCP] [PATCH mptcp-next v2 1/3] bpf: expose is_mptcp flag to bpf_tcp_sock List-Id: Discussions regarding MPTCP upstreaming Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: is_mptcp is a field from struct tcp_sock used to indicate that the current tcp_sock is part of the MPTCP protocol. In this protocol, a first socket (mptcp_sock) is created with sk_protocol set to IPPROTO_MPTCP (=262) for control purpose but it isn't directly on the wire. This is the role of the subflow (kernel) sockets which are classical tcp_sock with sk_protocol set to IPPROTO_TCP. The only way to differentiate such sockets from plain TCP sockets is the is_mptcp field from tcp_sock. Such an exposure in BPF is thus required to be able to differentiate plain TCP sockets from MPTCP subflow sockets in BPF_PROG_TYPE_SOCK_OPS programs. The choice has been made to silently pass the case when CONFIG_MPTCP is unset by defaulting is_mptcp to 0 in order to make BPF independent of the MPTCP configuration. Another solution is to make the verifier fail in 'bpf_tcp_sock_is_valid_ctx_access' but this will add an additional '#ifdef CONFIG_MPTCP' in the BPF code and a same injected BPF program will not run if MPTCP is not set. An example use-case is provided in https://github.com/multipath-tcp/mptcp_net-next/tree/scripts/bpf/examples Suggested-by: Matthieu Baerts Acked-by: Matthieu Baerts Signed-off-by: Nicolas Rybowski --- include/uapi/linux/bpf.h | 1 + net/core/filter.c | 9 ++++++++- tools/include/uapi/linux/bpf.h | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b134e679e9db..1a0caa4abc2d 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3864,6 +3864,7 @@ struct bpf_tcp_sock { __u32 delivered; /* Total data packets delivered incl. rexmits */ __u32 delivered_ce; /* Like the above but only ECE marked packets */ __u32 icsk_retransmits; /* Number of unrecovered [RTO] timeouts */ + __u32 is_mptcp; /* Is MPTCP subflow? */ }; struct bpf_sock_tuple { diff --git a/net/core/filter.c b/net/core/filter.c index 7124f0fe6974..ce83e1ec5259 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5742,7 +5742,7 @@ bool bpf_tcp_sock_is_valid_access(int off, int size, enum bpf_access_type type, struct bpf_insn_access_aux *info) { if (off < 0 || off >= offsetofend(struct bpf_tcp_sock, - icsk_retransmits)) + is_mptcp)) return false; if (off % size != 0) @@ -5876,6 +5876,13 @@ u32 bpf_tcp_sock_convert_ctx_access(enum bpf_access_type type, case offsetof(struct bpf_tcp_sock, icsk_retransmits): BPF_INET_SOCK_GET_COMMON(icsk_retransmits); break; + case offsetof(struct bpf_tcp_sock, is_mptcp): +#ifdef CONFIG_MPTCP + BPF_TCP_SOCK_GET_COMMON(is_mptcp); +#else + *insn++ = BPF_MOV32_IMM(si->dst_reg, 0); +#endif + break; } return insn - insn_buf; diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index b134e679e9db..1a0caa4abc2d 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -3864,6 +3864,7 @@ struct bpf_tcp_sock { __u32 delivered; /* Total data packets delivered incl. rexmits */ __u32 delivered_ce; /* Like the above but only ECE marked packets */ __u32 icsk_retransmits; /* Number of unrecovered [RTO] timeouts */ + __u32 is_mptcp; /* Is MPTCP subflow? */ }; struct bpf_sock_tuple {