linux/scripts
Jakub Sitnicki e9ddbb7707 bpf: Introduce SK_LOOKUP program type with a dedicated attach point
Add a new program type BPF_PROG_TYPE_SK_LOOKUP with a dedicated attach type
BPF_SK_LOOKUP. The new program kind is to be invoked by the transport layer
when looking up a listening socket for a new connection request for
connection oriented protocols, or when looking up an unconnected socket for
a packet for connection-less protocols.

When called, SK_LOOKUP BPF program can select a socket that will receive
the packet. This serves as a mechanism to overcome the limits of what
bind() API allows to express. Two use-cases driving this work are:

 (1) steer packets destined to an IP range, on fixed port to a socket

     192.0.2.0/24, port 80 -> NGINX socket

 (2) steer packets destined to an IP address, on any port to a socket

     198.51.100.1, any port -> L7 proxy socket

In its run-time context program receives information about the packet that
triggered the socket lookup. Namely IP version, L4 protocol identifier, and
address 4-tuple. Context can be further extended to include ingress
interface identifier.

To select a socket BPF program fetches it from a map holding socket
references, like SOCKMAP or SOCKHASH, and calls bpf_sk_assign(ctx, sk, ...)
helper to record the selection. Transport layer then uses the selected
socket as a result of socket lookup.

In its basic form, SK_LOOKUP acts as a filter and hence must return either
SK_PASS or SK_DROP. If the program returns with SK_PASS, transport should
look for a socket to receive the packet, or use the one selected by the
program if available, while SK_DROP informs the transport layer that the
lookup should fail.

This patch only enables the user to attach an SK_LOOKUP program to a
network namespace. Subsequent patches hook it up to run on local delivery
path in ipv4 and ipv6 stacks.

Suggested-by: Marek Majkowski <marek@cloudflare.com>
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200717103536.397595-3-jakub@cloudflare.com
2020-07-17 20:18:16 -07:00
..
atomic locking/atomics: Provide the arch_atomic_ interface to generic code 2020-06-25 08:23:22 -07:00
basic modpost,fixdep: Replace zero-length array with flexible-array 2020-05-26 00:03:16 +09:00
coccinelle net: remove newlines in NL_SET_ERR_MSG_MOD 2020-05-07 17:56:14 -07:00
dtc scripts/dtc: Update to upstream version v1.6.0-11-g9d7888cbf19c 2020-06-30 08:42:26 -06:00
dummy-tools kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig 2020-04-09 00:13:45 +09:00
gcc-plugins gcc-plugins: fix gcc-plugins directory path in documentation 2020-06-28 12:16:55 +09:00
gdb scripts/gdb: repair rb_first() and rb_last() 2020-05-07 19:27:20 -07:00
genksyms .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
kconfig kconfig: qconf: parse newer types at debug info 2020-07-02 00:11:06 +09:00
ksymoops
mod Kbuild updates for v5.8 2020-06-06 12:00:25 -07:00
package kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables 2020-06-11 20:14:41 +09:00
selinux SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
tracing treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
adjust_autoksyms.sh kbuild: split adjust_autoksyms.sh in two parts 2020-03-03 20:49:21 +09:00
asn1_compiler.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
bin2c.c kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
bloat-o-meter bloat-o-meter: ignore __addressable_ symbols 2018-12-28 12:11:44 -08:00
bootgraph.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 391 2019-06-05 17:37:11 +02:00
bpf_helpers_doc.py bpf: Introduce SK_LOOKUP program type with a dedicated attach point 2020-07-17 20:18:16 -07:00
cc-can-link.sh bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
check_extable.sh
check-sysctl-docs docs: add a script to check sysctl docs 2020-02-25 03:35:16 -07:00
checkincludes.pl
checkkconfigsymbols.py treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
checkpatch.pl The Kernel Concurrency Sanitizer (KCSAN) 2020-06-11 18:55:43 -07:00
checkstack.pl scripts/checkstack.pl: fix arm sp regex 2020-05-26 00:03:16 +09:00
checksyscalls.sh checksyscalls: fix up mq_timedreceive and stat exceptions 2019-02-19 21:27:53 +01:00
checkversion.pl
clang-version.sh kbuild: update comment block of scripts/clang-version.sh 2019-03-04 22:34:54 +09:00
cleanfile
cleanpatch
coccicheck coccicheck: return proper error code on fail 2018-08-14 08:58:56 +09:00
config scripts/config: allow colons in option strings for sed 2020-04-23 01:10:16 +09:00
const_structs.checkpatch
decode_stacktrace.sh scripts/decode_stacktrace: warn when modpath is needed but is unset 2020-06-15 15:37:24 -07:00
decodecode scripts/decodecode: fix trapping instruction formatting 2020-05-07 19:27:20 -07:00
depmod.sh kbuild: modules_install: warn when missing System.map file 2018-09-09 09:14:07 +09:00
diffconfig
documentation-file-ref-check scripts: documentation-file-ref-check: Add line break before exit 2020-04-15 15:13:13 -06:00
export_report.pl modpost: move the namespace field in Module.symvers last 2020-03-17 08:59:03 +09:00
extract_xc3028.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 339 2019-06-05 17:37:07 +02:00
extract-cert.c
extract-ikconfig
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 378 2019-06-05 17:37:10 +02:00
faddr2line scripts/faddr2line: fix location of start_kernel in comment 2018-11-18 10:15:09 -08:00
file-size.sh
find-unused-docs.sh scripts/find-unused-docs: Fix massive false positives 2020-01-27 14:25:06 -07:00
gcc-goto.sh jump_label: move 'asm goto' support test to Kconfig 2019-01-06 09:46:51 +09:00
gcc-ld
gcc-plugin.sh gcc-plugins: drop support for GCC <= 4.7 2020-04-09 00:13:45 +09:00
gcc-version.sh kbuild: clean up scripts/gcc-version.sh 2019-03-04 22:35:04 +09:00
gcc-x86_32-has-stack-protector.sh stack-protector: test compiler capability in Kconfig and drop AUTO mode 2018-06-08 18:56:00 +09:00
gcc-x86_64-has-stack-protector.sh stack-protector: Fix test with 32-bit userland and CONFIG_64BIT=y 2018-06-25 23:21:13 +09:00
gen_autoksyms.sh kbuild: generate autoksyms.h early 2020-03-03 20:49:21 +09:00
gen_compile_commands.py gen_compile_commands: lower the entry count threshold 2019-07-27 12:18:19 +09:00
gen_ksymdeps.sh kbuild: simplify dependency generation for CONFIG_TRIM_UNUSED_KSYMS 2018-12-01 23:13:14 +09:00
get_abi.pl doc: ABI scripts: add a SPDX header file 2019-06-21 16:58:37 +02:00
get_dvb_firmware treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
get_maintainer.pl get_maintainer: fix unexpected behavior for path/to//file (double slashes) 2020-06-04 19:06:24 -07:00
gfp-translate treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
headerdep.pl
headers_check.pl
headers_install.sh scripts: Fix typo in headers_install.sh 2020-06-17 10:44:55 +09:00
insert-sys-cert.c
jobserver-exec docs, parallelism: Rearrange how jobserver reservations are made 2019-11-22 10:35:18 -07:00
kallsyms.c gcc-10 warnings: fix low-hanging fruit 2020-05-04 09:16:37 -07:00
Kbuild.include kbuild: improve cc-option to clean up all temporary files 2020-06-17 10:20:21 +09:00
Kconfig.include kconfig: unify cc-option and as-option 2020-06-17 10:38:42 +09:00
kernel-doc Replace HTTP links with HTTPS ones: documentation 2020-06-08 09:30:19 -06:00
ld-version.sh
leaking_addresses.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
Lindent
link-vmlinux.sh bpf: Resolve BTF IDs in vmlinux image 2020-07-13 10:42:02 -07:00
Makefile kbuild: remove -I$(srctree)/tools/include from scripts/Makefile 2020-04-09 00:13:45 +09:00
Makefile.asm-generic kbuild: force all architectures except um to include mandatory-y 2019-03-17 12:56:32 +09:00
Makefile.build kbuild: update modules.order only when contained modules are updated 2020-06-03 13:22:17 +09:00
Makefile.clean kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
Makefile.dtbinst kbuild: refactor Makefile.dtbinst more 2020-03-25 10:19:43 +09:00
Makefile.extrawarn kbuild: Move -Wtype-limits to W=2 2020-07-09 18:00:56 -07:00
Makefile.gcc-plugins gcc-plugins: structleak: Generalize to all variable types 2019-03-04 09:29:41 -08:00
Makefile.headersinst kbuild: move headers_check rule to usr/include/Makefile 2019-11-15 00:23:10 +09:00
Makefile.host kbuild: use -MMD instead of -MD to exclude system headers from dependency 2020-05-12 13:28:33 +09:00
Makefile.kasan kasan/arm64: fix CONFIG_KASAN_SW_TAGS && KASAN_INLINE 2019-08-15 13:24:04 +01:00
Makefile.kcov treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile.kcsan kcsan: Pass option tsan-instrument-read-before-write to Clang 2020-06-11 20:04:01 +02:00
Makefile.lib dt-bindings: copy process-schema-examples.yaml to process-schema.yaml 2020-06-30 08:42:26 -06:00
Makefile.modfinal kbuild: move modkern_{c,a}flags to Makefile.lib from Makefile.build 2019-08-22 01:14:11 +09:00
Makefile.modinst kbuild: modinst: read modules.order instead of $(MODVERDIR)/*.mod 2019-07-17 22:39:27 +09:00
Makefile.modpost modpost: move -d option in scripts/Makefile.modpost 2020-06-06 23:38:13 +09:00
Makefile.modsign kbuild: modsign: read modules.order instead of $(MODVERDIR)/*.mod 2019-07-17 22:39:27 +09:00
Makefile.package kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables 2020-06-11 20:14:41 +09:00
Makefile.ubsan ubsan: split "bounds" checker from other options 2020-04-07 10:43:44 -07:00
Makefile.userprogs kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
makelst
markup_oops.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 373 2019-06-05 17:37:10 +02:00
mkcompile_h kbuild: use CONFIG_CC_VERSION_TEXT to construct LINUX_COMPILER macro 2020-05-12 13:28:33 +09:00
mkmakefile kbuild: get rid of $(realpath ...) from scripts/mkmakefile 2019-08-29 23:54:29 +09:00
mksysmap mksysmap: Fix the mismatch of '.L' symbols in System.map 2020-06-06 23:39:20 +09:00
mkuboot.sh
module-common.lds
modules-check.sh kbuild: make module name conflict fatal error 2020-05-26 00:03:16 +09:00
namespace.pl namespace: fix namespace.pl script to support relative paths 2019-10-05 15:29:49 +09:00
nsdeps scripts/nsdeps: support nsdeps for external module builds 2019-11-11 20:10:01 +09:00
objdiff treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 199 2019-05-30 11:29:23 -07:00
parse-maintainers.pl parse-maintainers: Do not sort section content by default 2020-03-26 15:08:27 -07:00
patch-kernel
profile2linkerlist.pl
prune-kernel
recordmcount.c ARM: 8950/1: ftrace/recordmcount: filter relocation types 2020-01-19 16:08:25 +00:00
recordmcount.h recordmcount: support >64k sections 2020-06-16 21:21:00 -04:00
recordmcount.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
setlocalversion scripts: setlocalversion: replace backquote to dollar parenthesis 2019-11-11 20:10:01 +09:00
show_delta treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 438 2019-06-05 17:37:17 +02:00
sign-file.c
sorttable.c scripts/sorttable: Implement build-time ORC unwind table sorting 2019-12-13 10:47:58 +01:00
sorttable.h scripts/sorttable: Implement build-time ORC unwind table sorting 2019-12-13 10:47:58 +01:00
spdxcheck-test.sh scripts: add spdxcheck.py self test 2018-12-28 12:11:44 -08:00
spdxcheck.py spdxcheck.py: fix directory structures 2019-06-01 15:51:31 -07:00
spelling.txt scripts/spelling: add a few more typos 2020-06-10 19:14:17 -07:00
sphinx-pre-install scripts: sphinx-pre-install: change the output order 2020-04-28 12:52:52 -06:00
split-man.pl MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
stackdelta
stackusage
subarch.include selftests: add headers_install to lib.mk 2018-09-05 08:12:09 -06:00
tags.sh kbuild: add a flag to force absolute path for srctree 2019-07-11 00:05:09 +09:00
tools-support-relr.sh scripts/tools-support-relr.sh: un-quote variables 2019-11-13 10:52:05 +00:00
unifdef.c unifdef: use memcpy instead of strncpy 2018-11-30 14:45:01 -08:00
ver_linux ver_linux: Query ld cache for versions of libc/libcpp run-time 2020-02-10 13:35:15 -08:00
xen-hypercalls.sh
xz_wrap.sh kbuild: add variables for compression tools 2020-06-06 23:42:01 +09:00