• Joe Stringer's avatar
    bpf: Add socket assign support · cf7fbe66
    Joe Stringer authored
    Add support for TPROXY via a new bpf helper, bpf_sk_assign().
    
    This helper requires the BPF program to discover the socket via a call
    to bpf_sk*_lookup_*(), then pass this socket to the new helper. The
    helper takes its own reference to the socket in addition to any existing
    reference that may or may not currently be obtained for the duration of
    BPF processing. For the destination socket to receive the traffic, the
    traffic must be routed towards that socket via local route. The
    simplest example route is below, but in practice you may want to route
    traffic more narrowly (eg by CIDR):
    
      $ ip route add local default dev lo
    
    This patch avoids trying to introduce an extra bit into the skb->sk, as
    that would require more invasive changes to all code interacting with
    the socket to ensure that the bit is handled correctly, such as all
    error-handling cases along the path from the helper in BPF through to
    the orphan path in the input. Instead, we opt to use the destructor
    variable to switch on the prefetch of the socket.
    Signed-off-by: default avatarJoe Stringer <joe@wand.net.nz>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
    Link: https://lore.kernel.org/bpf/20200329225342.16317-2-joe@wand.net.nz
    cf7fbe66
sock.c 87.2 KB