From: Geliang Tang <geliang.tang@suse.com>
To: Matthieu Baerts <matthieu.baerts@tessares.net>
Cc: mptcp@lists.linux.dev
Subject: Re: [PATCH mptcp-next 2/4] bpf: Add bpf_mptcpify helper
Date: Mon, 3 Jul 2023 14:54:11 +0800 [thread overview]
Message-ID: <20230703065411.GA22455@bogon> (raw)
In-Reply-To: <72dce095-9e4e-b9e2-0ce8-dfcfe58f7ed2@tessares.net>
On Thu, Jun 29, 2023 at 07:43:50PM +0200, Matthieu Baerts wrote:
> Hi Geliang,
>
> On 29/06/2023 04:12, Geliang Tang wrote:
> > This patch implements a new struct bpf_func_proto bpf_mptcpify_proto. And
> > define a new helper bpf_mptcpify() to mptcpify a TCP socket dynamically as
> > an MPTCP one.
>
> Nice feature, thank you for working on that!
>
> Is it linked to what Nicolas Rybowski looked at a few years ago? I think
> he put info in a Github ticket. Was there not an issue with this
> technique? Did you see it and fix it?
>
> I didn't look at the patchset in detail but I have one question, please
> see below:
>
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 968139f4a1ac..e439f8b5f203 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -11587,6 +11587,24 @@ const struct bpf_func_proto bpf_skc_to_mptcp_sock_proto = {
> > .ret_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_MPTCP],
> > };
> >
> > +BPF_CALL_1(bpf_mptcpify, struct sock *, sk)
> > +{
> > + if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP) {
> > + sk->sk_protocol = IPPROTO_MPTCP;
> > + return (unsigned long)sk;
> > + }
>
> How do we ensure such modifications are done at the right moment? I
> mean: we can only change the protocol ID in very few places, before even
> creating the socket (__sock_create()?). If we change it after, we will
> break stuff: tcp ops, security labels, etc.
You're right, Matt, we need to do the modifications at the very beginning
of sys_socket(). In v3, a new wrapper socket_create() is added, it's the
right place to do the modifications.
The v3 works well now. We can get three MP_CAPABLEs in the log.
Thanks,
-Geliang
>
> I thought it was not possible to hook at the right place when Nicolas
> looked at that and/or ensure the restriction was done but I might be
> mistaken and the situation has probably changed.
>
> Cheers,
> Matt
> --
> Tessares | Belgium | Hybrid Access Solutions
> www.tessares.net
next prev parent reply other threads:[~2023-07-03 6:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 2:12 [PATCH mptcp-next 0/4] BPF 'force to MPTCP' Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 1/4] Squash to "selftests/bpf: add two mptcp netns helpers" Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 2/4] bpf: Add bpf_mptcpify helper Geliang Tang
2023-06-29 17:43 ` Matthieu Baerts
2023-07-01 13:08 ` Geliang Tang
2023-07-03 6:54 ` Geliang Tang [this message]
2023-07-03 12:58 ` Matthieu Baerts
2023-07-05 8:15 ` Geliang Tang
2023-07-05 8:19 ` Matthieu Baerts
2023-06-29 2:12 ` [PATCH mptcp-next 3/4] selftests/bpf: Test " Geliang Tang
2023-06-29 2:12 ` [PATCH mptcp-next 4/4] selftests/bpf: Add mptcpify selftest Geliang Tang
2023-06-29 18:16 ` selftests/bpf: Add mptcpify selftest: Tests Results MPTCP CI
2023-06-29 20:32 ` MPTCP CI
2023-07-03 15:18 ` [PATCH mptcp-next 0/4] BPF 'force to MPTCP' Paolo Abeni
2023-07-03 15:44 ` Matthieu Baerts
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230703065411.GA22455@bogon \
--to=geliang.tang@suse.com \
--cc=matthieu.baerts@tessares.net \
--cc=mptcp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox