From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 56B31C169C4 for ; Thu, 7 Feb 2019 00:37:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1B29D2175B for ; Thu, 7 Feb 2019 00:37:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="df0hFHQF" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726733AbfBGAh0 (ORCPT ); Wed, 6 Feb 2019 19:37:26 -0500 Received: from mail-ot1-f73.google.com ([209.85.210.73]:43335 "EHLO mail-ot1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726424AbfBGAh0 (ORCPT ); Wed, 6 Feb 2019 19:37:26 -0500 Received: by mail-ot1-f73.google.com with SMTP id z6so7826616otm.10 for ; Wed, 06 Feb 2019 16:37:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=8z2+zA+Mp92xXd90o7WrgwT/D7wuAVSvZp3PjBsjpC8=; b=df0hFHQF6UYURmInJanWXaKhCVKnqUZe2bY9I3VyERnKzbbNrx5QBh9h9l+4VrPw81 dzIJwLnKWOD8BK6bAM7e2rnef2mNDSPi8H4c+0qrBI9ABBz/d18gIJ5Zwc9MMk5MQ5Fj vvG3g4wr1DbVHZpGwntcm6AiHmE8QvH/VTqe1rBKxEjy5Qtnb8zAL15wGf+7t1CtFbeb TgiCC0NqFgrSOWcTpW24icJcl1ao4O7LhRX6dCHZun7zy5aohio2vjIblNqIr59CVe2i pUhGZLYWH0yXdXBuxNjtev2i53bjEk/Sg3VMOLU8+DkuCSL7cb3eQmdz5jSl2884/6F0 1JKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=8z2+zA+Mp92xXd90o7WrgwT/D7wuAVSvZp3PjBsjpC8=; b=UQcrTPBUHvkpKUdDDo/31aLVoy2Pu4S5Rk/C63d/Fg+pEE9areu8FaNesO88WPaqSy 6y/vmmJ6bgOrkcD8/wwBFxOXeV3L1pMWPezVZMWv+47zVQfd+xIYkvOhaWCVIZKf2tiW +cWTH5fQLqjja3ZNr8vDVz9M59pSdgEaI6pmPmMoSMfR1E/KYtO/ysJ4UpmOeHKtuhLV 54iM2aQC8ISQF9c3P1/yRjjboO+7z9aaZx7EqlUrH2TrBLy5W5QqCTQ5mSQniFUEzgb5 n0iba0UKRAAQgqrtzaH4T8pjVp3m1BvmZAIP3Nm+0+7/LcTt7wfvwod7EIomtD9o8zPe s5zQ== X-Gm-Message-State: AHQUAuaGhy9VIA85M+V//o7k8t5130Z/VwlWVs/eDtxlYOkwf7364dnR 2lMlSDxaPE2twklPKu6guoDRPvSw X-Google-Smtp-Source: AHgI3IZtzUHKHB0f8N961YvwvUS342MYxfAQS2OOT0DZZSeX97VEDfhCxgIxAsrHTdiRjZ3ANAYxFLdz X-Received: by 2002:a05:6830:49:: with SMTP id d9mr7511347otp.16.1549499845327; Wed, 06 Feb 2019 16:37:25 -0800 (PST) Date: Wed, 6 Feb 2019 16:37:14 -0800 Message-Id: <20190207003720.51096-1-posk@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.20.1.611.gfbb209baf1-goog Subject: [PATCH bpf-next v7 0/6] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap From: Peter Oskolkov To: Alexei Starovoitov , Daniel Borkmann , netdev@vger.kernel.org Cc: Peter Oskolkov , David Ahern , Willem de Bruijn , Peter Oskolkov Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers to packets (e.g. IP/GRE, GUE, IPIP). This is useful when thousands of different short-lived flows should be encapped, each with different and dynamically determined destination. Although lwtunnels can be used in some of these scenarios, the ability to dynamically generate encap headers adds more flexibility, e.g. when routing depends on the state of the host (reflected in global bpf maps). V2 changes: Added flowi-based route lookup, IPv6 encapping, and encapping on ingress. V3 changes: incorporated David Ahern's suggestions: - added l3mdev check/oif (patch 2) - sync bpf.h from include/uapi into tools/include/uapi - selftest tweaks V4 changes: moved route lookup/dst change from bpf_push_ip_encap to when BPF_LWT_REROUTE is handled, as suggested by David Ahern. V5 changes: added a check in lwt_xmit that skb->protocol stays the same if the skb is to be passed back to the stack (ret == BPF_OK). Again, suggested by David Ahern. V6 changes: abandoned. V7 changes: added handling of GSO packets (patch 3 in the patchset added). Peter Oskolkov (6): bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap bpf: handle GSO in bpf_lwt_push_encap bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c bpf: sync /include/.../bpf.h with tools/include/.../bpf.h selftests: bpf: add test_lwt_ip_encap selftest include/net/lwtunnel.h | 3 + include/uapi/linux/bpf.h | 26 +- net/core/filter.c | 47 ++- net/core/lwt_bpf.c | 246 ++++++++++++++ tools/include/uapi/linux/bpf.h | 26 +- tools/testing/selftests/bpf/Makefile | 6 +- .../testing/selftests/bpf/test_lwt_ip_encap.c | 85 +++++ .../selftests/bpf/test_lwt_ip_encap.sh | 311 ++++++++++++++++++ 8 files changed, 739 insertions(+), 11 deletions(-) create mode 100644 tools/testing/selftests/bpf/test_lwt_ip_encap.c create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh -- 2.20.1.611.gfbb209baf1-goog