• Daniel Borkmann's avatar
    bpf, sockmap: convert to generic sk_msg interface · 604326b4
    Daniel Borkmann authored
    Add a generic sk_msg layer, and convert current sockmap and later
    kTLS over to make use of it. While sk_buff handles network packet
    representation from netdevice up to socket, sk_msg handles data
    representation from application to socket layer.
    
    This means that sk_msg framework spans across ULP users in the
    kernel, and enables features such as introspection or filtering
    of data with the help of BPF programs that operate on this data
    structure.
    
    Latter becomes in particular useful for kTLS where data encryption
    is deferred into the kernel, and as such enabling the kernel to
    perform L7 introspection and policy based on BPF for TLS connections
    where the record is being encrypted after BPF has run and came to
    a verdict. In order to get there, first step is to transform open
    coding of scatter-gather list handling into a common core framework
    that subsystems can use.
    
    The code itself has been split and refactored into three bigger
    pieces: i) the generic sk_msg API which deals with managing the
    scatter gather ring, providing helpers for walking and mangling,
    transferring application data from user space into it, and preparing
    it for BPF pre/post-processing, ii) the plain sock map itself
    where sockets can be attached to or detached from; these bits
    are independent of i) which can now be used also without sock
    map, and iii) the integration with plain TCP as one protocol
    to be used for processing L7 application data (later this could
    e.g. also be extended to other protocols like UDP). The semantics
    are the same with the old sock map code and therefore no change
    of user facing behavior or APIs. While pursuing this work it
    also helped finding a number of bugs in the old sockmap code
    that we've fixed already in earlier commits. The test_sockmap
    kselftest suite passes through fine as well.
    
    Joint work with John.
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    604326b4
tcp_bpf.c 14.7 KB