From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CAD6BC282D8 for ; Fri, 1 Feb 2019 17:22:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9AA52218AC for ; Fri, 1 Feb 2019 17:22:39 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="QbRvT6/i" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730275AbfBARWi (ORCPT ); Fri, 1 Feb 2019 12:22:38 -0500 Received: from mail-io1-f73.google.com ([209.85.166.73]:42142 "EHLO mail-io1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729009AbfBARWh (ORCPT ); Fri, 1 Feb 2019 12:22:37 -0500 Received: by mail-io1-f73.google.com with SMTP id a2so6193657ioq.9 for ; Fri, 01 Feb 2019 09:22:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=Vzl0kjFoEGT7Uqu67IX+Hkua4yvhHCL/cXWko+AzdP0=; b=QbRvT6/i/OMSiy/5kAsZHmCt+nWgEjmYiXT2ZNe64l1SDdEqWxFNu/0T+G345XODb1 Xib04JptFBau37wcCiEhNxLZiN0q2aHqQ2kTLjFkcUDPwrz2R0ttERFyUvK8SiOzao0G L2MdrrGZBQIIrfbtAB46+wIM6penLsQC9zfJpSll0G75PB2zlwdvYMeXOhUFYnpRqrec Y1fUG4GNM2vNNbVp4DKuSIGyvQ4No8vEuhss0R09Ig1jdb4i1ifiK6pGHeAHLJiE1T9D sHIWO1zY8huhbnabSy3VVFh8KxbnKUmtTVYlHTOKBXMOYO6ndq7z6nCUm9gnwCQlVa4v b3OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=Vzl0kjFoEGT7Uqu67IX+Hkua4yvhHCL/cXWko+AzdP0=; b=QeF645F9EMGUThDl0CipcGRlV30XJgVUgDnfJiZ5GFHS1jFEaEDeovHO2wluz+CFG/ F1uE+87B6HbIQhzrO+t18x2oZzfvWLyST27MQd4TVwUfn9/9i0DrBfg/tVv5jGNJxMIu XqFSZO8Es/KMf5HC4Ne3HqiWQfb+90pLwsNUWh3883KW1MvvfqOMSdr+nyzjNLit3Y4P pbBPqkM1XCsxGlO4j66/uhHgVcm6sAurtRLuFY9C1aBOWWw7L5Fae7qzGtFPP78tzDJw X6vcw8q912AR0YGG67p1ihuWd2AVkKcTuP8XQ6/+rJ2/yqLfLyCG6d26gAh+y7n4LHuo nt8g== X-Gm-Message-State: AHQUAuZxyYvJOdWhlPRjDWJu//YNkk5cYpfBeb0C4OVhd92Wc0p0n3lU Qlx+pMoTfz2m3BU449d34gJh0pHv X-Google-Smtp-Source: AHgI3IZV1HTOfRHKZt12v2x+qRI+KGfWnEu71Oc2TIhzVRtrEyuFIRZ/uYZMi49I3FtXO/8N7FyeBHmb X-Received: by 2002:a24:15:: with SMTP id 21mr3410702ita.27.1549041756729; Fri, 01 Feb 2019 09:22:36 -0800 (PST) Date: Fri, 1 Feb 2019 09:22:24 -0800 Message-Id: <20190201172229.108867-1-posk@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.20.1.611.gfbb209baf1-goog Subject: [PATCH bpf-next v6 0/5] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap From: Peter Oskolkov To: Alexei Starovoitov , Daniel Borkmann , netdev@vger.kernel.org Cc: Peter Oskolkov , David Ahern , Willem de Bruijn , Peter Oskolkov Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers to packets (e.g. IP/GRE, GUE, IPIP). This is useful when thousands of different short-lived flows should be encapped, each with different and dynamically determined destination. Although lwtunnels can be used in some of these scenarios, the ability to dynamically generate encap headers adds more flexibility, e.g. when routing depends on the state of the host (reflected in global bpf maps). V2 changes: Added flowi-based route lookup, IPv6 encapping, and encapping on ingress. V3 changes: incorporated David Ahern's suggestions: - added l3mdev check/oif (patch 2) - sync bpf.h from include/uapi into tools/include/uapi - selftest tweaks V4 changes: moved route lookup/dst change from bpf_push_ip_encap to when BPF_LWT_REROUTE is handled, as suggested by David Ahern. V5 changes: added a check in lwt_xmit that skb->protocol stays the same if the skb is to be passed back to the stack (ret == BPF_OK). Again, suggested by David Ahern. V6 changes: reject skb_is_gso() packets. A follow-up patch(set) will process GSO packets more intelligently. Peter Oskolkov (5): bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c bpf: sync //bpf.h with tools//bpf.h selftests: bpf: add test_lwt_ip_encap selftest include/net/lwtunnel.h | 3 + include/uapi/linux/bpf.h | 23 +- net/core/filter.c | 47 ++- net/core/lwt_bpf.c | 188 +++++++++++ tools/include/uapi/linux/bpf.h | 23 +- tools/testing/selftests/bpf/Makefile | 5 +- .../testing/selftests/bpf/test_lwt_ip_encap.c | 85 +++++ .../selftests/bpf/test_lwt_ip_encap.sh | 311 ++++++++++++++++++ 8 files changed, 674 insertions(+), 11 deletions(-) create mode 100644 tools/testing/selftests/bpf/test_lwt_ip_encap.c create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh -- 2.20.1.611.gfbb209baf1-goog