linux/net
Daniel Borkmann de8f3a83b0 bpf: add meta pointer for direct access
This work enables generic transfer of metadata from XDP into skb. The
basic idea is that we can make use of the fact that the resulting skb
must be linear and already comes with a larger headroom for supporting
bpf_xdp_adjust_head(), which mangles xdp->data. Here, we base our work
on a similar principle and introduce a small helper bpf_xdp_adjust_meta()
for adjusting a new pointer called xdp->data_meta. Thus, the packet has
a flexible and programmable room for meta data, followed by the actual
packet data. struct xdp_buff is therefore laid out that we first point
to data_hard_start, then data_meta directly prepended to data followed
by data_end marking the end of packet. bpf_xdp_adjust_head() takes into
account whether we have meta data already prepended and if so, memmove()s
this along with the given offset provided there's enough room.

xdp->data_meta is optional and programs are not required to use it. The
rationale is that when we process the packet in XDP (e.g. as DoS filter),
we can push further meta data along with it for the XDP_PASS case, and
give the guarantee that a clsact ingress BPF program on the same device
can pick this up for further post-processing. Since we work with skb
there, we can also set skb->mark, skb->priority or other skb meta data
out of BPF, thus having this scratch space generic and programmable
allows for more flexibility than defining a direct 1:1 transfer of
potentially new XDP members into skb (it's also more efficient as we
don't need to initialize/handle each of such new members). The facility
also works together with GRO aggregation. The scratch space at the head
of the packet can be multiple of 4 byte up to 32 byte large. Drivers not
yet supporting xdp->data_meta can simply be set up with xdp->data_meta
as xdp->data + 1 as bpf_xdp_adjust_meta() will detect this and bail out,
such that the subsequent match against xdp->data for later access is
guaranteed to fail.

The verifier treats xdp->data_meta/xdp->data the same way as we treat
xdp->data/xdp->data_end pointer comparisons. The requirement for doing
the compare against xdp->data is that it hasn't been modified from it's
original address we got from ctx access. It may have a range marking
already from prior successful xdp->data/xdp->data_end pointer comparisons
though.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-26 13:36:44 -07:00
..
6lowpan
9p net/9p: switch p9_fd_read to kernel_write 2017-09-04 19:05:16 -04:00
802 net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
8021q net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
appletalk networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
atm net: atm: make atmdev_ops const 2017-08-09 22:43:50 -07:00
ax25 net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t 2017-07-04 22:35:19 +01:00
batman-adv net: Remove useless function skb_header_release 2017-09-22 20:43:13 -07:00
bluetooth Bluetooth: Properly check L2CAP config option output buffer length 2017-09-09 17:56:05 -07:00
bpf bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
bridge bridge: trigger RTM_NEWLINK when interface is modified by bridge ioctl 2017-09-21 15:45:12 -07:00
caif net: convert sock.sk_wmem_alloc from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
can rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
ceph libceph: don't allow bidirectional swap of pg-upmap-items 2017-09-19 20:34:29 +02:00
core bpf: add meta pointer for direct access 2017-09-26 13:36:44 -07:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp net: dccp: Add handling of IPV6_PKTOPTIONS to dccp_v6_do_rcv() 2017-08-31 11:43:47 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
dns_resolver
dsa net: dsa: add port enable and disable helpers 2017-09-25 20:22:46 -07:00
ethernet networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
hsr net/hsr: Check skb_put_padto() return value 2017-08-22 13:40:23 -07:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-05 20:03:35 -07:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-23 10:16:53 -07:00
ipv6 ipv6: Remove redundant unlikely() 2017-09-26 09:54:06 -07:00
ipx net, ipx: convert ipx_route.refcnt from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
iucv iucv: Convert sk_wmem_alloc accesses to refcount_t. 2017-07-03 02:31:22 -07:00
kcm kcm: Remove redundant unlikely() 2017-09-26 09:54:06 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-15 20:23:23 -07:00
l2tp l2tp: pass tunnel pointer to ->session_create() 2017-09-03 11:04:21 -07:00
l3mdev
lapb net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
llc net, llc: convert llc_sap.refcnt from atomic_t to refcount_t 2017-07-04 22:35:15 +01:00
mac80211 mac80211: fix deadlock in driver-managed RX BA session start 2017-09-06 15:22:02 +02:00
mac802154 mac802154: Fix MAC header and payload encrypted 2017-09-20 13:37:16 +02:00
mpls rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
ncsi net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references 2017-09-05 09:11:45 -07:00
netfilter netfilter: ipset: ipset list may return wrong member count for set with timeout 2017-09-18 17:35:32 +02:00
netlabel
netlink netlink: access nlk groups safely in netlink bind and getname 2017-09-06 21:22:54 -07:00
netrom net, netrom: convert nr_node.refcount from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
nfc net: nfc: llcp_core: use setup_timer() helper. 2017-09-25 13:19:20 -07:00
nsh nsh: add GSO support 2017-08-29 15:16:52 -07:00
openvswitch openvswitch: Fix an error handling path in 'ovs_nla_init_match_and_action()' 2017-09-12 20:37:31 -07:00
packet net: af_packet: use setup_timer() helper. 2017-09-25 13:19:19 -07:00
phonet rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
psample networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
qrtr rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
rds rds: Fix incorrect statistics counting 2017-09-07 20:07:13 -07:00
rfkill
rose
rxrpc rxrpc: Make service connection lookup always check for retry 2017-09-05 14:39:17 -07:00
sched bpf: rename bpf_compute_data_end into bpf_compute_data_pointers 2017-09-26 13:36:44 -07:00
sctp sctp: do not mark sk dumped when inet_sctp_diag_fill returns err 2017-09-15 14:51:15 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-23 10:16:53 -07:00
strparser strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
sunrpc NFS client updates for Linux 4.14 2017-09-11 22:01:44 -07:00
switchdev net: switchdev: Remove bridge bypass support from switchdev 2017-08-07 14:48:48 -07:00
tipc tipc: remove unnecessary call to dev_net() 2017-09-06 21:25:52 -07:00
tls tls: make tls_sw_free_resources static 2017-09-14 09:55:21 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-21 17:06:42 -07:00
vmw_vsock vsock: vmci: Remove unneeded linux/miscdevice.h include 2017-09-19 13:51:57 -07:00
wimax
wireless nl80211: fix null-ptr dereference on invalid mesh configuration 2017-09-18 22:51:07 +02:00
x25 X25: constify null_x25_address 2017-08-03 09:13:51 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
compat.c net: compat: assert the size of cmsg copied in is as expected 2017-09-20 15:36:18 -07:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile nsh: add GSO support 2017-08-29 15:16:52 -07:00
socket.c net: fixes for skb_send_sock 2017-08-16 11:27:52 -07:00
sysctl_net.c