From: Daniel Borkmann <daniel@iogearbox.net>
To: Thomas Graf <tgraf@suug.ch>, davem@davemloft.net
Cc: netdev@vger.kernel.org, alexei.starovoitov@gmail.com,
tom@herbertland.com, roopa@cumulusnetworks.com,
hannes@stressinduktion.org
Subject: Re: [PATCH net-next v4 3/4] bpf: BPF for lightweight tunnel infrastructure
Date: Thu, 01 Dec 2016 13:08:44 +0100 [thread overview]
Message-ID: <584012CC.4030004@iogearbox.net> (raw)
In-Reply-To: <950bbc4f82150683dd87e26dbd41412c26a38eba.1480522144.git.tgraf@suug.ch>
On 11/30/2016 05:10 PM, Thomas Graf wrote:
> Registers new BPF program types which correspond to the LWT hooks:
> - BPF_PROG_TYPE_LWT_IN => dst_input()
> - BPF_PROG_TYPE_LWT_OUT => dst_output()
> - BPF_PROG_TYPE_LWT_XMIT => lwtunnel_xmit()
>
> The separate program types are required to differentiate between the
> capabilities each LWT hook allows:
>
> * Programs attached to dst_input() or dst_output() are restricted and
> may only read the data of an skb. This prevent modification and
> possible invalidation of already validated packet headers on receive
> and the construction of illegal headers while the IP headers are
> still being assembled.
>
> * Programs attached to lwtunnel_xmit() are allowed to modify packet
> content as well as prepending an L2 header via a newly introduced
> helper bpf_skb_change_head(). This is safe as lwtunnel_xmit() is
> invoked after the IP header has been assembled completely.
[...]
>
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
LGTMAFAICT, so:
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
For the verifier change in may_access_direct_pkt_data(), would be
great if you could later on follow up with a selftest-suite case,
one where BPF_PROG_TYPE_LWT_IN/OUT prog tries to write and fails,
and one where BPF_PROG_TYPE_LWT_IN/OUT prog uses pkt data to pass
to helpers, for example, so that we can keep testing it when future
changes in that area are made. Thanks.
next prev parent reply other threads:[~2016-12-01 12:08 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-30 16:10 [PATCH net-next v4 0/4] bpf: BPF for lightweight tunnel encapsulation Thomas Graf
2016-11-30 16:10 ` [PATCH net-next v4 1/4] route: Set orig_output when redirecting to lwt on locally generated traffic Thomas Graf
2016-11-30 16:10 ` [PATCH net-next v4 2/4] route: Set lwtstate for local traffic and cached input dsts Thomas Graf
2016-11-30 16:10 ` [PATCH net-next v4 3/4] bpf: BPF for lightweight tunnel infrastructure Thomas Graf
2016-11-30 23:43 ` Alexei Starovoitov
2016-12-01 12:08 ` Daniel Borkmann [this message]
2016-12-01 16:28 ` Thomas Graf
2016-11-30 16:10 ` [PATCH net-next v4 4/4] bpf: Add tests and samples for LWT-BPF Thomas Graf
2016-11-30 23:46 ` Alexei Starovoitov
2016-12-02 16:57 ` [PATCH net-next v4 0/4] bpf: BPF for lightweight tunnel encapsulation David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=584012CC.4030004@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=alexei.starovoitov@gmail.com \
--cc=davem@davemloft.net \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
--cc=roopa@cumulusnetworks.com \
--cc=tgraf@suug.ch \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.