From patchwork Wed Jan 30 23:51:31 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Oskolkov <posk@google.com>
X-Patchwork-Id: 1033835
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none)
	header.from=google.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=google.com header.i=@google.com
	header.b="dxUiwLws"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43qgBT0y6yz9s9h
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 31 Jan 2019 10:51:45 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726802AbfA3Xvn (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 30 Jan 2019 18:51:43 -0500
Received: from mail-yb1-f202.google.com ([209.85.219.202]:45431 "EHLO
	mail-yb1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1725811AbfA3Xvn (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 30 Jan 2019 18:51:43 -0500
Received: by mail-yb1-f202.google.com with SMTP id d15so716128ybk.12
	for <netdev@vger.kernel.org>; Wed, 30 Jan 2019 15:51:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=date:message-id:mime-version:subject:from:to:cc;
	bh=gFXHtlKc5oIF6T7jjgz+pdH3beJmIGXdyzcNbYBH04g=;
	b=dxUiwLwsn7zc0Oy9VY6NCvulorjTsGxiVgpVHu1Fa7pLikdjUINbJlMYEag29VZ4fs
	OuAtBeRwsYMAajSlmaWdfq1uyEjN+O1yNMp+RVBkAQFE2HJvek7ZwILyIZiKoAq6TIhO
	BbLOD6ZyPq0VSzx7ZikiEr4ocf814Wlc6D9pdn+sfxAFenpuYMEdk0QJVtDLCt9pTBFa
	nFztncCWeuI07HHLi7xXNLMf/bH2NvyUklzErpplHyH9QI8eaW0nA5pQClyR/mR1g5xJ
	58hUZV78RlPigy1EKSUY6L1Hay0Uf1SV0HSCfkjJhjvxEtSqGXx1ImU+tcOgLjy5nXfZ
	Wy4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
	bh=gFXHtlKc5oIF6T7jjgz+pdH3beJmIGXdyzcNbYBH04g=;
	b=R8V98mbiSYEGPzcDxanUKYWyNcUE60z5MeUlnCoT9tOtbN8eaW5cCMX6ItGR4W00Ld
	+vnoyjnjxjZ55gJPgMIOkAII7q17g5uClzKIjv/FWGTPcEIDKQpmOTALlJxVLDHWGtUC
	WP9meGBaEyQH15m5pOVlwZXAQ8ysmf4Nj0F0YWG6H3GNXfNhRMzWxW11CAGG1L5doNwM
	B1OWsVTljkgwahubcmgIRza/BiaWDxiCLWbUnMhRhqEw00aZOXj4zZY1YjF8baeH8Si5
	PVuOL+tEvxD7JcFRdLkOAxrQnq9G9J4n/mMZj4uscYnK5fniarAC3G5g4xLgKGtE1Afl
	R8iw==
X-Gm-Message-State: AHQUAubWleEmNIIq54XXh+EMZ/DZ7nsC9A8CSk8nrjpUqVyCO5Hope4d
	na56lZeH7Si/2o8hf7WYQPW/kBMM
X-Google-Smtp-Source: 
 AHgI3IZuV5Zq+2ZzvicZdal5xgh1nBtTbjhTFB6XDJL09vqwG9JIirdDVLfXApkXb+fDUI62fuvoMUfE
X-Received: by 2002:a25:8712:: with SMTP id a18mr5126108ybl.91.1548892302609;
	Wed, 30 Jan 2019 15:51:42 -0800 (PST)
Date: Wed, 30 Jan 2019 15:51:31 -0800
Message-Id: <20190130235136.136527-1-posk@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.20.1.495.gaa96b0ce6b-goog
Subject: [PATCH bpf-next v5 0/5] bpf: add BPF_LWT_ENCAP_IP option to
	bpf_lwt_push_encap
From: Peter Oskolkov <posk@google.com>
To: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org
Cc: Peter Oskolkov <posk.devel@gmail.com>, David Ahern <dsahern@gmail.com>,
	Peter Oskolkov <posk@google.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN
and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers
to packets (e.g. IP/GRE, GUE, IPIP).

This is useful when thousands of different short-lived flows should be
encapped, each with different and dynamically determined destination.
Although lwtunnels can be used in some of these scenarios, the ability
to dynamically generate encap headers adds more flexibility, e.g.
when routing depends on the state of the host (reflected in global bpf
maps).

V2 changes: Added flowi-based route lookup, IPv6 encapping, and
   encapping on ingress.

V3 changes: incorporated David Ahern's suggestions:
   - added l3mdev check/oif (patch 2)
   - sync bpf.h from include/uapi into tools/include/uapi
   - selftest tweaks

V4 changes: moved route lookup/dst change from bpf_push_ip_encap
   to when BPF_LWT_REROUTE is handled, as suggested by David Ahern.

V5 changes: added a check in lwt_xmit that skb->protocol stays the
   same if the skb is to be passed back to the stack (ret == BPF_OK).
   Again, suggested by David Ahern.

Peter Oskolkov (5):
  bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap
  bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
  bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c
  bpf: sync <kdir>/<uapi>/bpf.h with tools/<uapi>/bpf.h
  selftests: bpf: add test_lwt_ip_encap selftest

 include/net/lwtunnel.h                        |   3 +
 include/uapi/linux/bpf.h                      |  23 +-
 net/core/filter.c                             |  47 ++-
 net/core/lwt_bpf.c                            | 184 +++++++++++
 tools/include/uapi/linux/bpf.h                |  23 +-
 tools/testing/selftests/bpf/Makefile          |   5 +-
 .../testing/selftests/bpf/test_lwt_ip_encap.c |  85 +++++
 .../selftests/bpf/test_lwt_ip_encap.sh        | 311 ++++++++++++++++++
 8 files changed, 670 insertions(+), 11 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/test_lwt_ip_encap.c
 create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh
Reviewed-by: David Ahern <dsahern@gmail.com>