Commit 01b35711 authored by Liu Jian's avatar Liu Jian
Browse files

net: add local_skb parameter to identify local tcp connection 

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I7DNAP


CVE: N/A

----------------------------------------------------

Add the local_skb parameter to struct sk_buff to identify the local
connection. Currently, this function is used only on
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB and BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB
to help the sockops bpf program check whether the current connection is a
local connection. Updating the local_skb variable only when the ACK packet
is sent is sufficient for this function to work.

Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
parent 2fd050db

include/linux/filter.h

+1 −0
Original line number Diff line number Diff line
@@ -1284,6 +1284,7 @@ struct bpf_sock_ops_kern { 
	u8	op;

	u8	is_fullsock;

	u8	remaining_opt_len;

	u8	local_skb;

	u64	temp;			/* temp and everything after is not

					 * initialized to 0 before calling

					 * the BPF program. New fields that

include/linux/skbuff.h

+1 −1
Original line number Diff line number Diff line
@@ -922,7 +922,7 @@ struct sk_buff { 
	__u32			headers_end[0];

	/* public: */



	KABI_USE(1, __u8 scm_io_uring:1)

	KABI_USE2(1, __u8 scm_io_uring:1, __u8 local_skb:1)

	KABI_RESERVE(2)

	KABI_RESERVE(3)

	KABI_RESERVE(4)

include/uapi/linux/bpf.h

+1 −0
Original line number Diff line number Diff line
@@ -4707,6 +4707,7 @@ struct bpf_sock_ops { 
				 * the outgoing header has not

				 * been written yet.

				 */

	__u32 local_skb;

};



/* Definitions for bpf_sock_ops_cb_flags */

net/core/filter.c

+7 −0
Original line number Diff line number Diff line
@@ -9670,6 +9670,13 @@ static u32 sock_ops_convert_ctx_access(enum bpf_access_type type, 
						       tcp_flags),

				      si->dst_reg, si->dst_reg, off);

		break;

	case offsetof(struct bpf_sock_ops, local_skb):

		*insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_sock_ops_kern,

						       local_skb),

				      si->dst_reg, si->src_reg,

				      offsetof(struct bpf_sock_ops_kern,

					       local_skb));

		break;

	}

	return insn - insn_buf;

}

net/ipv4/tcp_input.c

+3 −1
Original line number Diff line number Diff line
@@ -185,8 +185,10 @@ static void bpf_skops_established(struct sock *sk, int bpf_op, 
	sock_ops.is_fullsock = 1;

	sock_ops.sk = sk;

	/* sk with TCP_REPAIR_ON does not have skb in tcp_finish_connect */

	if (skb)

	if (skb) {

		bpf_skops_init_skb(&sock_ops, skb, tcp_hdrlen(skb));

		sock_ops.local_skb = skb->local_skb;

	}



	BPF_CGROUP_RUN_PROG_SOCK_OPS(&sock_ops);

}