1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-24 09:13:20 -05:00
No description
Find a file
Jakub Sitnicki 1559b4aa1d inet: Run SK_LOOKUP BPF program on socket lookup
Run a BPF program before looking up a listening socket on the receive path.
Program selects a listening socket to yield as result of socket lookup by
calling bpf_sk_assign() helper and returning SK_PASS code. Program can
revert its decision by assigning a NULL socket with bpf_sk_assign().

Alternatively, BPF program can also fail the lookup by returning with
SK_DROP, or let the lookup continue as usual with SK_PASS on return, when
no socket has been selected with bpf_sk_assign().

This lets the user match packets with listening sockets freely at the last
possible point on the receive path, where we know that packets are destined
for local delivery after undergoing policing, filtering, and routing.

With BPF code selecting the socket, directing packets destined to an IP
range or to a port range to a single socket becomes possible.

In case multiple programs are attached, they are run in series in the order
in which they were attached. The end result is determined from return codes
of all the programs according to following rules:

 1. If any program returned SK_PASS and selected a valid socket, the socket
    is used as result of socket lookup.
 2. If more than one program returned SK_PASS and selected a socket,
    last selection takes effect.
 3. If any program returned SK_DROP, and no program returned SK_PASS and
    selected a socket, socket lookup fails with -ECONNREFUSED.
 4. If all programs returned SK_PASS and none of them selected a socket,
    socket lookup continues to htable-based lookup.

Suggested-by: Marek Majkowski <marek@cloudflare.com>
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200717103536.397595-5-jakub@cloudflare.com
2020-07-17 20:18:16 -07:00
arch
block
certs
crypto
Documentation docs: networking: timestamping: add section for stacked PHC devices 2020-07-15 17:51:30 -07:00
drivers drivers: net: wan: Fix trivial spelling 2020-07-15 18:18:21 -07:00
fs
include inet: Run SK_LOOKUP BPF program on socket lookup 2020-07-17 20:18:16 -07:00
init
ipc
kernel inet: Run SK_LOOKUP BPF program on socket lookup 2020-07-17 20:18:16 -07:00
lib bpf: revert "test_bpf: Flag tests that cannot be jited on s390" 2020-07-16 20:52:43 +02:00
LICENSES
mm
net inet: Run SK_LOOKUP BPF program on socket lookup 2020-07-17 20:18:16 -07:00
samples samples/bpf: xdp_redirect_cpu: Load a eBPF program on cpumap 2020-07-16 17:00:32 +02:00
scripts bpf: Introduce SK_LOOKUP program type with a dedicated attach point 2020-07-17 20:18:16 -07:00
security
sound
tools bpf: Drop duplicated words in uapi helper comments 2020-07-16 21:00:09 +02:00
usr
virt
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.