[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <358c0c74-3c01-4de2-95e0-750fa800d362@linux.dev>
Date: Tue, 16 Jan 2024 17:55:12 -0800
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: Kuniyuki Iwashima <kuni1840@...il.com>, bpf@...r.kernel.org,
netdev@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>,
Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Subject: Re: [PATCH v8 bpf-next 5/6] bpf: tcp: Support arbitrary SYN Cookie.
On 1/15/24 12:55 PM, Kuniyuki Iwashima wrote:
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 8c9f67c81e22..647d04171b7e 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -11837,6 +11837,106 @@ __bpf_kfunc int bpf_sock_addr_set_sun_path(struct bpf_sock_addr_kern *sa_kern,
>
> return 0;
> }
> +
> +__bpf_kfunc int bpf_sk_assign_tcp_reqsk(struct sk_buff *skb, struct sock *sk,
> + struct bpf_tcp_req_attrs *attrs, int attrs__sz)
> +{
> +#if IS_ENABLED(CONFIG_SYN_COOKIES)
> + const struct request_sock_ops *ops;
> + struct inet_request_sock *ireq;
> + struct tcp_request_sock *treq;
> + struct request_sock *req;
> + struct net *net;
> + __u16 min_mss;
> + u32 tsoff = 0;
> +
> + if (attrs__sz != sizeof(*attrs) ||
> + attrs->reserved[0] || attrs->reserved[1] || attrs->reserved[2])
> + return -EINVAL;
> +
> + if (!sk)
I removed this "!sk" check, the verifier will check for it,
and ...
> +BTF_SET8_START(bpf_kfunc_check_set_tcp_reqsk)
> +BTF_ID_FLAGS(func, bpf_sk_assign_tcp_reqsk)
... limited it to KF_TRUSTED_ARGS. The arg "sk" must be from "bpf_sk*_lookup_*"
or from "bpf_map_lookup_elem(&sock_map,...)". Both of them have
"reg->ref_obj_id" (i.e. the verifier tracks the refcnt acquire/release) and it
is as good as trusted ptr.
The above is some final details I noticed. Applied. Thanks.
> +BTF_SET8_END(bpf_kfunc_check_set_tcp_reqsk)
Powered by blists - more mailing lists