• Thomas Graf's avatar
    bpf: BPF for lightweight tunnel infrastructure · 3a0af8fd
    Thomas Graf authored
    Registers new BPF program types which correspond to the LWT hooks:
      - BPF_PROG_TYPE_LWT_IN   => dst_input()
      - BPF_PROG_TYPE_LWT_OUT  => dst_output()
      - BPF_PROG_TYPE_LWT_XMIT => lwtunnel_xmit()
    
    The separate program types are required to differentiate between the
    capabilities each LWT hook allows:
    
     * Programs attached to dst_input() or dst_output() are restricted and
       may only read the data of an skb. This prevent modification and
       possible invalidation of already validated packet headers on receive
       and the construction of illegal headers while the IP headers are
       still being assembled.
    
     * Programs attached to lwtunnel_xmit() are allowed to modify packet
       content as well as prepending an L2 header via a newly introduced
       helper bpf_skb_change_head(). This is safe as lwtunnel_xmit() is
       invoked after the IP header has been assembled completely.
    
    All BPF programs receive an skb with L3 headers attached and may return
    one of the following error codes:
    
     BPF_OK - Continue routing as per nexthop
     BPF_DROP - Drop skb and return EPERM
     BPF_REDIRECT - Redirect skb to device as per redirect() helper.
                    (Only valid in lwtunnel_xmit() context)
    
    The return codes are binary compatible with their TC_ACT_
    relatives to ease compatibility.
    Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3a0af8fd
lwt_bpf.c 8.82 KB