From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=PbpV=QU=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D9DAFC282C2
	for <netdev@archiver.kernel.org>; Wed, 13 Feb 2019 19:53:48 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id A6DFA222CF
	for <netdev@archiver.kernel.org>; Wed, 13 Feb 2019 19:53:48 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Vh8LGefL"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389303AbfBMTxr (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Wed, 13 Feb 2019 14:53:47 -0500
Received: from mail-qt1-f201.google.com ([209.85.160.201]:48503 "EHLO
        mail-qt1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726291AbfBMTxr (ORCPT
        <rfc822;netdev@vger.kernel.org>); Wed, 13 Feb 2019 14:53:47 -0500
Received: by mail-qt1-f201.google.com with SMTP id q3so3321902qtq.15
        for <netdev@vger.kernel.org>; Wed, 13 Feb 2019 11:53:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:message-id:mime-version:subject:from:to:cc;
        bh=xCZ5SGjVvN+AwZm7GLqejgxPojoi04wKtcdDPlfIxGE=;
        b=Vh8LGefLp/CvSZCStHJVFe3Qz7hVfSUicombD6fxn+xSTR6Ty3QyJJ3he4XQcaTcC7
         J3rsKF7SKb2Z3R9r5UTLLwA9ozPcErg68UsQ8aerrkRSVTs6wj4eihAOM7cv7oqdE6KG
         T7FGo6ZkEiEW7sKV7UF0zTAfT3WHc+IUEFJHs4tekm1ZcDXFMY2ZdGPxNMD1aOhprne/
         cuZmNxHyrsjNlPGTR3s/+owRHzpVJRK53CnYxIAvRFEJB8pJ1xHpwVlPYC1dWiZi4buf
         EZrirjKKRRXGae9V5ZU+HXIZAidzpN3OMfNu491zWmNrgY4TJIWS6W0fjM+xqMk6i7Iv
         gXvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc;
        bh=xCZ5SGjVvN+AwZm7GLqejgxPojoi04wKtcdDPlfIxGE=;
        b=IJ3Dh08FU8Mj682sfCLzoXjpA+AqIAjf5SCN9f8rol7qgV7VostDzHgkB8NVDu0hD7
         FIyNp0X6tDh3EFNOqgNzzHsJM4L3zSVI/g2ln8MxzaiWe0xGuoSjnNsqb15gCk6t1iAu
         XruWANwE6ZjxnRcg7eNHnXZC7Air2fRTDNVcsHC07jGiCGCB+pguk8vqNRGSaoH8ONsU
         3WQ6wnsyRINIn/dynhHevNSTYkl0PDUNgiJJjManNRQtD5X4eq+RIy24OYRzxp3kslFA
         OqTO6i0xakqs8nRdF03eTThYuziZ/uPi4EuZnA3qIvVqaPoGQB0sc5OBvHiSKW5GKlrO
         k8Hg==
X-Gm-Message-State: AHQUAuaJDPlBSwOWTx4XW33Bx8ibaQ/dVyLusGTFl7ADAmUSv3OB/KMr
        UuyZMMxLIIEy93MUTqldTsdpP6B7
X-Google-Smtp-Source: AHgI3IahklrnI1ZH6VlwfPHHCkU3UpfsrPxZpfMIm77KB8EypUzUH0j2ZJjlfPYFcWXqaRO+n+JAGFqG
X-Received: by 2002:a05:6214:1048:: with SMTP id l8mr731502qvr.46.1550087625816;
 Wed, 13 Feb 2019 11:53:45 -0800 (PST)
Date:   Wed, 13 Feb 2019 11:53:34 -0800
Message-Id: <20190213195341.184969-1-posk@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.20.1.791.gb4d0f1c61a-goog
Subject: [PATCH bpf-next v11 0/7] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap
From:   Peter Oskolkov <posk@google.com>
To:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org
Cc:     Peter Oskolkov <posk@posk.io>, David Ahern <dsahern@gmail.com>,
        Willem de Bruijn <willemb@google.com>,
        Peter Oskolkov <posk@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN
and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers
to packets (e.g. IP/GRE, GUE, IPIP).

This is useful when thousands of different short-lived flows should be
encapped, each with different and dynamically determined destination.
Although lwtunnels can be used in some of these scenarios, the ability
to dynamically generate encap headers adds more flexibility, e.g.
when routing depends on the state of the host (reflected in global bpf
maps).

V2 changes: added flowi-based route lookup, IPv6 encapping, and
   encapping on ingress.

V3 changes: incorporated David Ahern's suggestions:
   - added l3mdev check/oif (patch 2)
   - sync bpf.h from include/uapi into tools/include/uapi
   - selftest tweaks

V4 changes: moved route lookup/dst change from bpf_push_ip_encap
   to when BPF_LWT_REROUTE is handled, as suggested by David Ahern.

V5 changes: added a check in lwt_xmit that skb->protocol stays the
   same if the skb is to be passed back to the stack (ret == BPF_OK).
   Again, suggested by David Ahern.

V6 changes: abandoned.

V7 changes: added handling of GSO packets (patch 3 in the patchset added),
   as suggested by BPF maintainers.

V8 changes:
   - fixed build errors when LWT or IPV6 are not enabled;
   - whitelisted TCP GSO instead of blacklisting SCTP and UDP GSO, as
     suggested by Willem de Bruijn;
   - added validation that pushed length cover needed headers when GRE/UDP
     encap is detected, as suggested by Willem de Bruijn;
   - a couple of minor/stylistic tweaks/fixed typos.

V9 changes:
   - fixed a kbuild test robot compiler warning;
   - added ipv6_route_input to ipv6_stub (patch 4 in the patchset
     added), and IPv6 routing functions are now invoked via ipv6_stub,
     as suggested by David Ahern.

V10 changes:
   - removed unnecessary IS_ENABLED and pr_warn_once from patch 5.

V11 changes: fixed a potential dst leak in patch 5, as suggested by
    David Ahern.

Peter Oskolkov (7):
  bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap
  bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
  bpf: handle GSO in bpf_lwt_push_encap
  ipv6_stub: add ipv6_route_input stub/proxy.
  bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c
  bpf: sync <kdir>/include/.../bpf.h with tools/include/.../bpf.h
  selftests: bpf: add test_lwt_ip_encap selftest

 include/net/addrconf.h                        |   1 +
 include/net/lwtunnel.h                        |   2 +
 include/uapi/linux/bpf.h                      |  26 +-
 net/core/filter.c                             |  49 ++-
 net/core/lwt_bpf.c                            | 254 +++++++++++++-
 net/ipv6/addrconf_core.c                      |   6 +
 net/ipv6/af_inet6.c                           |   7 +
 tools/include/uapi/linux/bpf.h                |  26 +-
 tools/testing/selftests/bpf/Makefile          |   3 +-
 .../selftests/bpf/progs/test_lwt_ip_encap.c   |  85 +++++
 .../selftests/bpf/test_lwt_ip_encap.sh        | 311 ++++++++++++++++++
 11 files changed, 758 insertions(+), 12 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/progs/test_lwt_ip_encap.c
 create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh

-- 
2.20.1.791.gb4d0f1c61a-goog