From: Daniel Borkmann <daniel@iogearbox.net>
To: alexei.starovoitov@gmail.com
Cc: john.fastabend@gmail.com, davejwatson@fb.com,
netdev@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH bpf-next 0/8] sockmap integration for ktls
Date: Thu, 11 Oct 2018 02:45:39 +0200 [thread overview]
Message-ID: <20181011004547.16662-1-daniel@iogearbox.net> (raw)
This work adds a generic sk_msg layer and converts both sockmap
and later ktls over to make use of it as a common data structure
for application data (similarly as sk_buff for network packets).
With that in place the sk_msg framework spans accross ULP layer
in the kernel and allows for introspection or filtering of L7
data with the help of BPF programs operating on a common input
context.
In a second step, we enable the latter for ktls which was previously
not possible, meaning, ktls and sk_msg verdict programs were
mutually exclusive in the ULP layer which created challenges for
the orchestrator when trying to apply TCP based policy, for
example. Leveraging the prior consolidation we can finally overcome
this limitation.
Note, there's no change in behavior when ktls is not used in
combination with BPF, and also no change in behavior for stand
alone sockmap. The kselftest suites for ktls, sockmap and ktls
with sockmap combined also runs through successfully. For further
details please see individual patches.
Thanks!
Daniel Borkmann (5):
tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup
tcp, ulp: remove ulp bits from sockmap
bpf, sockmap: convert to generic sk_msg interface
tls: convert to generic sk_msg interface
bpf, doc: add maintainers entry to related files
John Fastabend (3):
tls: replace poll implementation with read hook
tls: add bpf support to sk_msg handling
bpf: add tls support for testing in test_sockmap
MAINTAINERS | 10 +
include/linux/bpf.h | 33 +-
include/linux/bpf_types.h | 2 +-
include/linux/filter.h | 21 -
include/linux/skmsg.h | 410 +++++
include/net/sock.h | 4 -
include/net/tcp.h | 28 +-
include/net/tls.h | 24 +-
kernel/bpf/Makefile | 5 -
kernel/bpf/core.c | 2 -
kernel/bpf/sockmap.c | 2629 ----------------------------
kernel/bpf/syscall.c | 6 +-
net/Kconfig | 11 +
net/core/Makefile | 2 +
net/core/filter.c | 270 +--
net/core/skmsg.c | 802 +++++++++
net/core/sock.c | 61 -
net/core/sock_map.c | 1002 +++++++++++
net/ipv4/Makefile | 1 +
net/ipv4/tcp_bpf.c | 655 +++++++
net/ipv4/tcp_ulp.c | 73 +-
net/strparser/Kconfig | 4 +-
net/tls/Kconfig | 1 +
net/tls/tls_device.c | 2 +-
net/tls/tls_main.c | 11 +-
net/tls/tls_sw.c | 900 ++++++----
tools/testing/selftests/bpf/test_sockmap.c | 89 +
27 files changed, 3666 insertions(+), 3392 deletions(-)
create mode 100644 include/linux/skmsg.h
delete mode 100644 kernel/bpf/sockmap.c
create mode 100644 net/core/skmsg.c
create mode 100644 net/core/sock_map.c
create mode 100644 net/ipv4/tcp_bpf.c
--
2.9.5
next reply other threads:[~2018-10-11 8:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 0:45 Daniel Borkmann [this message]
2018-10-11 0:45 ` [PATCH bpf-next 1/8] tcp, ulp: enforce sock_owned_by_me upon ulp init and cleanup Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 2/8] tcp, ulp: remove ulp bits from sockmap Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 3/8] bpf, sockmap: convert to generic sk_msg interface Daniel Borkmann
2018-10-11 22:57 ` Alexei Starovoitov
2018-10-12 4:56 ` John Fastabend
2018-10-11 0:45 ` [PATCH bpf-next 4/8] tls: " Daniel Borkmann
2018-10-12 20:16 ` Dave Watson
2018-10-12 21:51 ` Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 5/8] tls: replace poll implementation with read hook Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 6/8] tls: add bpf support to sk_msg handling Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 7/8] bpf: add tls support for testing in test_sockmap Daniel Borkmann
2018-10-11 0:45 ` [PATCH bpf-next 8/8] bpf, doc: add maintainers entry to related files Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181011004547.16662-1-daniel@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=alexei.starovoitov@gmail.com \
--cc=davejwatson@fb.com \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).