forked from Minki/linux
bpf: add TCP_SAVE_SYN/TCP_SAVED_SYN options for bpf_(set|get)sockopt
Adding support for two new bpf get/set sockopts: TCP_SAVE_SYN (set) and TCP_SAVED_SYN (get). This would allow for bpf program to build logic based on data from ingress SYN packet (e.g. doing tcp's tos/ tclass reflection (see sample prog)) and do it transparently from userspace program point of view. Signed-off-by: Nikita V. Shirokov <tehnerd@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This commit is contained in:
parent
7296216776
commit
1e215300f1
@ -4007,6 +4007,12 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
|
|||||||
tp->snd_ssthresh = val;
|
tp->snd_ssthresh = val;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case TCP_SAVE_SYN:
|
||||||
|
if (val < 0 || val > 1)
|
||||||
|
ret = -EINVAL;
|
||||||
|
else
|
||||||
|
tp->save_syn = val;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
ret = -EINVAL;
|
ret = -EINVAL;
|
||||||
}
|
}
|
||||||
@ -4032,21 +4038,32 @@ static const struct bpf_func_proto bpf_setsockopt_proto = {
|
|||||||
BPF_CALL_5(bpf_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,
|
BPF_CALL_5(bpf_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,
|
||||||
int, level, int, optname, char *, optval, int, optlen)
|
int, level, int, optname, char *, optval, int, optlen)
|
||||||
{
|
{
|
||||||
|
struct inet_connection_sock *icsk;
|
||||||
struct sock *sk = bpf_sock->sk;
|
struct sock *sk = bpf_sock->sk;
|
||||||
|
struct tcp_sock *tp;
|
||||||
|
|
||||||
if (!sk_fullsock(sk))
|
if (!sk_fullsock(sk))
|
||||||
goto err_clear;
|
goto err_clear;
|
||||||
|
|
||||||
#ifdef CONFIG_INET
|
#ifdef CONFIG_INET
|
||||||
if (level == SOL_TCP && sk->sk_prot->getsockopt == tcp_getsockopt) {
|
if (level == SOL_TCP && sk->sk_prot->getsockopt == tcp_getsockopt) {
|
||||||
if (optname == TCP_CONGESTION) {
|
switch (optname) {
|
||||||
struct inet_connection_sock *icsk = inet_csk(sk);
|
case TCP_CONGESTION:
|
||||||
|
icsk = inet_csk(sk);
|
||||||
|
|
||||||
if (!icsk->icsk_ca_ops || optlen <= 1)
|
if (!icsk->icsk_ca_ops || optlen <= 1)
|
||||||
goto err_clear;
|
goto err_clear;
|
||||||
strncpy(optval, icsk->icsk_ca_ops->name, optlen);
|
strncpy(optval, icsk->icsk_ca_ops->name, optlen);
|
||||||
optval[optlen - 1] = 0;
|
optval[optlen - 1] = 0;
|
||||||
} else {
|
break;
|
||||||
|
case TCP_SAVED_SYN:
|
||||||
|
tp = tcp_sk(sk);
|
||||||
|
|
||||||
|
if (optlen <= 0 || !tp->saved_syn ||
|
||||||
|
optlen > tp->saved_syn[0])
|
||||||
|
goto err_clear;
|
||||||
|
memcpy(optval, tp->saved_syn + 1, optlen);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
goto err_clear;
|
goto err_clear;
|
||||||
}
|
}
|
||||||
} else if (level == SOL_IP) {
|
} else if (level == SOL_IP) {
|
||||||
|
Loading…
Reference in New Issue
Block a user