bpf: Add sockmap hooks for UDP sockets

Add basic psock hooks for UDP sockets. This allows adding and
removing sockets, as well as automatic removal on unhash and close.

Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200309111243.6982-8-lmb@cloudflare.com

diff --git a/MAINTAINERS b/MAINTAINERS
index c23884e..14554bd 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -9370,6 +9370,7 @@ F:        include/linux/skmsg.h
 F:     net/core/skmsg.c
 F:     net/core/sock_map.c
 F:     net/ipv4/tcp_bpf.c
+F:     net/ipv4/udp_bpf.c
 
 LANTIQ / INTEL Ethernet drivers
 M:     Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/include/net/udp.h b/include/net/udp.h
index e55d5f7..a8fa6c0 100644 (file)
--- a/include/net/udp.h
+++ b/include/net/udp.h
@@ -503,4 +503,9 @@ static inline struct sk_buff *udp_rcv_segment(struct sock *sk,
        return segs;
 }
 
+#ifdef CONFIG_BPF_STREAM_PARSER
+struct sk_psock;
+struct proto *udp_bpf_get_proto(struct sock *sk, struct sk_psock *psock);
+#endif /* BPF_STREAM_PARSER */
+
 #endif /* _UDP_H */

diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index 9d97bac..9e1a186 100644 (file)
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -61,6 +61,7 @@ obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o
 obj-$(CONFIG_TCP_CONG_YEAH) += tcp_yeah.o
 obj-$(CONFIG_TCP_CONG_ILLINOIS) += tcp_illinois.o
 obj-$(CONFIG_NET_SOCK_MSG) += tcp_bpf.o
+obj-$(CONFIG_BPF_STREAM_PARSER) += udp_bpf.o
 obj-$(CONFIG_NETLABEL) += cipso_ipv4.o
 
 obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \

diff --git a/net/ipv4/udp_bpf.c b/net/ipv4/udp_bpf.c
new file mode 100644 (file)
index 0000000..eddd973
--- /dev/null
+++ b/net/ipv4/udp_bpf.c
@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2020 Cloudflare Ltd https://cloudflare.com */
+
+#include <linux/skmsg.h>
+#include <net/sock.h>
+#include <net/udp.h>
+
+enum {
+       UDP_BPF_IPV4,
+       UDP_BPF_IPV6,
+       UDP_BPF_NUM_PROTS,
+};
+
+static struct proto *udpv6_prot_saved __read_mostly;
+static DEFINE_SPINLOCK(udpv6_prot_lock);
+static struct proto udp_bpf_prots[UDP_BPF_NUM_PROTS];
+
+static void udp_bpf_rebuild_protos(struct proto *prot, const struct proto *base)
+{
+       *prot        = *base;
+       prot->unhash = sock_map_unhash;
+       prot->close  = sock_map_close;
+}
+
+static void udp_bpf_check_v6_needs_rebuild(struct sock *sk, struct proto *ops)
+{
+       if (sk->sk_family == AF_INET6 &&
+           unlikely(ops != smp_load_acquire(&udpv6_prot_saved))) {
+               spin_lock_bh(&udpv6_prot_lock);
+               if (likely(ops != udpv6_prot_saved)) {
+                       udp_bpf_rebuild_protos(&udp_bpf_prots[UDP_BPF_IPV6], ops);
+                       smp_store_release(&udpv6_prot_saved, ops);
+               }
+               spin_unlock_bh(&udpv6_prot_lock);
+       }
+}
+
+static int __init udp_bpf_v4_build_proto(void)
+{
+       udp_bpf_rebuild_protos(&udp_bpf_prots[UDP_BPF_IPV4], &udp_prot);
+       return 0;
+}
+core_initcall(udp_bpf_v4_build_proto);
+
+struct proto *udp_bpf_get_proto(struct sock *sk, struct sk_psock *psock)
+{
+       int family = sk->sk_family == AF_INET ? UDP_BPF_IPV4 : UDP_BPF_IPV6;
+
+       if (!psock->sk_proto)
+               udp_bpf_check_v6_needs_rebuild(sk, READ_ONCE(sk->sk_prot));
+
+       return &udp_bpf_prots[family];
+}