lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210203041636.38555-1-xiyou.wangcong@gmail.com>
Date:   Tue,  2 Feb 2021 20:16:17 -0800
From:   Cong Wang <xiyou.wangcong@...il.com>
To:     netdev@...r.kernel.org
Cc:     bpf@...r.kernel.org, duanxiongchun@...edance.com,
        wangdongdong.6@...edance.com, jiang.wang@...edance.com,
        Cong Wang <cong.wang@...edance.com>
Subject: [Patch bpf-next 00/19] sock_map: add non-TCP and cross-protocol support

From: Cong Wang <cong.wang@...edance.com>

Currently sockmap only fully supports TCP, UDP is partially supported
as it is only allowed to add into sockmap. This patch extends sockmap
with: 1) full UDP support; 2) full AF_UNIX dgram support; 3) cross
protocol support. Our goal is to allow socket splice between AF_UNIX
dgram and UDP.

On the high level, ->sendmsg_locked() and ->read_sock() are required
for each protocol to support sockmap redirection, and in order to do
sock proto update, a new ops ->update_proto() is introduced, which is
also required to implement. It is slightly harder for AF_UNIX, as it
does not have a full struct proto implementation and redirection.

In order to support cross protocol, we have to make skb independent
of protocols, which is extremely hard given how creatively UDP uses
dev_scratch. Fortunately, we can pass skmsg instead of skb when
redirecting to ingress, the only thing needs to add is a new
->recvmsg() to retrieve skmsg. On the egress side, a new skb is
allocated behind skb_send_sock_locked(), it comes for free.
Another big barrier is skb CB, which was hard-coded as TCP_CB(),
I switch it to skb ext to solve this problem. Please see patch 3 for
more details.

This patchset passed all tests, the existing ones and the new ones I
add within this patchset.

---

Cong Wang (19):
  bpf: rename BPF_STREAM_PARSER to BPF_SOCK_MAP
  skmsg: get rid of struct sk_psock_parser
  skmsg: use skb ext instead of TCP_SKB_CB
  sock_map: rename skb_parser and skb_verdict
  sock_map: introduce BPF_SK_SKB_VERDICT
  sock: introduce sk_prot->update_proto()
  udp: implement ->sendmsg_locked()
  udp: implement ->read_sock() for sockmap
  udp: add ->read_sock() and ->sendmsg_locked() to ipv6
  af_unix: implement ->sendmsg_locked for dgram socket
  af_unix: implement ->read_sock() for sockmap
  af_unix: implement ->update_proto()
  af_unix: set TCP_ESTABLISHED for datagram sockets too
  skmsg: extract __tcp_bpf_recvmsg() and tcp_bpf_wait_data()
  udp: implement udp_bpf_recvmsg() for sockmap
  af_unix: implement unix_dgram_bpf_recvmsg()
  sock_map: update sock type checks
  selftests/bpf: add test cases for unix and udp sockmap
  selftests/bpf: add test case for redirection between udp and unix

 MAINTAINERS                                   |   1 +
 include/linux/bpf.h                           |   4 +-
 include/linux/bpf_types.h                     |   2 +-
 include/linux/skbuff.h                        |   4 +
 include/linux/skmsg.h                         |  90 +++-
 include/net/af_unix.h                         |  13 +
 include/net/ipv6.h                            |   1 +
 include/net/sock.h                            |   3 +
 include/net/tcp.h                             |  33 +-
 include/net/udp.h                             |   9 +-
 include/uapi/linux/bpf.h                      |   1 +
 kernel/bpf/syscall.c                          |   1 +
 net/Kconfig                                   |  14 +-
 net/core/Makefile                             |   2 +-
 net/core/filter.c                             |   3 +-
 net/core/skbuff.c                             |   7 +
 net/core/skmsg.c                              | 223 +++++---
 net/core/sock_map.c                           | 128 ++---
 net/ipv4/Makefile                             |   2 +-
 net/ipv4/af_inet.c                            |   2 +
 net/ipv4/tcp_bpf.c                            | 130 +----
 net/ipv4/tcp_ipv4.c                           |   3 +
 net/ipv4/udp.c                                |  68 ++-
 net/ipv4/udp_bpf.c                            |  78 ++-
 net/ipv6/af_inet6.c                           |   2 +
 net/ipv6/tcp_ipv6.c                           |   3 +
 net/ipv6/udp.c                                |  30 +-
 net/tls/tls_sw.c                              |   4 +-
 net/unix/Makefile                             |   1 +
 net/unix/af_unix.c                            | 105 +++-
 net/unix/unix_bpf.c                           |  99 ++++
 tools/bpf/bpftool/common.c                    |   1 +
 tools/bpf/bpftool/prog.c                      |   1 +
 tools/include/uapi/linux/bpf.h                |   1 +
 .../selftests/bpf/prog_tests/sockmap_listen.c | 475 +++++++++++++++++-
 .../selftests/bpf/progs/test_sockmap_listen.c |  24 +-
 36 files changed, 1233 insertions(+), 335 deletions(-)
 create mode 100644 net/unix/unix_bpf.c

-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ