From: Geliang Tang <geliang.tang@suse.com>
To: Matthieu Baerts <matthieu.baerts@tessares.net>
Cc: mptcp@lists.linux.dev
Subject: Re: [PATCH mptcp-next 2/4] bpf: Add bpf_mptcpify helper
Date: Mon, 3 Jul 2023 14:54:11 +0800 [thread overview]
Message-ID: <20230703065411.GA22455@bogon> (raw)
In-Reply-To: <72dce095-9e4e-b9e2-0ce8-dfcfe58f7ed2@tessares.net>
On Thu, Jun 29, 2023 at 07:43:50PM +0200, Matthieu Baerts wrote:
> Hi Geliang,
>
> On 29/06/2023 04:12, Geliang Tang wrote:
> > This patch implements a new struct bpf_func_proto bpf_mptcpify_proto. And
> > define a new helper bpf_mptcpify() to mptcpify a TCP socket dynamically as
> > an MPTCP one.
>
> Nice feature, thank you for working on that!
>
> Is it linked to what Nicolas Rybowski looked at a few years ago? I think
> he put info in a Github ticket. Was there not an issue with this
> technique? Did you see it and fix it?
>
> I didn't look at the patchset in detail but I have one question, please
> see below:
>
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 968139f4a1ac..e439f8b5f203 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -11587,6 +11587,24 @@ const struct bpf_func_proto bpf_skc_to_mptcp_sock_proto = {
> > .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_MPTCP],
> > };
> >
> > +BPF_CALL_1(bpf_mptcpify, struct sock *, sk)
> > +{
> > + if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP) {
> > + sk->sk_protocol = IPPROTO_MPTCP;
> > + return (unsigned long)sk;
> > + }
>
> How do we ensure such modifications are done at the right moment? I
> mean: we can only change the protocol ID in very few places, before even
> creating the socket (__sock_create()?). If we change it after, we will
> break stuff: tcp ops, security labels, etc.
You're right, Matt, we need to do the modifications at the very beginning
of sys_socket(). In v3, a new wrapper socket_create() is added, it's the
right place to do the modifications.
The v3 works well now. We can get three MP_CAPABLEs in the log.
Thanks,
-Geliang
>
> I thought it was not possible to hook at the right place when Nicolas
> looked at that and/or ensure the restriction was done but I might be
> mistaken and the situation has probably changed.
>
> Cheers,
> Matt
> --
> Tessares | Belgium | Hybrid Access Solutions
> www.tessares.net
next prev parent reply other threads:[~2023-07-03 6:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 2:12 [PATCH mptcp-next 0/4] BPF 'force to MPTCP' Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 1/4] Squash to "selftests/bpf: add two mptcp netns helpers" Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 2/4] bpf: Add bpf_mptcpify helper Geliang Tang
2023-06-29 17:43 ` Matthieu Baerts
2023-07-01 13:08 ` Geliang Tang
2023-07-03 6:54 ` Geliang Tang [this message]
2023-07-03 12:58 ` Matthieu Baerts
2023-07-05 8:15 ` Geliang Tang
2023-07-05 8:19 ` Matthieu Baerts
2023-06-29 2:12 ` [PATCH mptcp-next 3/4] selftests/bpf: Test " Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 4/4] selftests/bpf: Add mptcpify selftest Geliang Tang
2023-06-29 18:16 ` selftests/bpf: Add mptcpify selftest: Tests Results MPTCP CI
2023-06-29 20:32 ` MPTCP CI
2023-07-03 15:18 ` [PATCH mptcp-next 0/4] BPF 'force to MPTCP' Paolo Abeni
2023-07-03 15:44 ` Matthieu Baerts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230703065411.GA22455@bogon \
--to=geliang.tang@suse.com \
--cc=matthieu.baerts@tessares.net \
--cc=mptcp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.