diff options
| author | Mathieu Xhonneux <m.xhonneux@gmail.com> | 2018-05-20 09:58:14 -0400 |
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2018-05-24 05:57:35 -0400 |
| commit | fe94cc290f535709d3c5ebd1e472dfd0aec7ee79 (patch) | |
| tree | 85cc8894caf482721004fa0010cab2f5727ce1e3 /include/uapi | |
| parent | 1c1e761ef1a08a878a040e67979711015cfc163e (diff) | |
bpf: Add IPv6 Segment Routing helpers
The BPF seg6local hook should be powerful enough to enable users to
implement most of the use-cases one could think of. After some thinking,
we figured out that the following actions should be possible on a SRv6
packet, requiring 3 specific helpers :
- bpf_lwt_seg6_store_bytes: Modify non-sensitive fields of the SRH
- bpf_lwt_seg6_adjust_srh: Allow to grow or shrink a SRH
(to add/delete TLVs)
- bpf_lwt_seg6_action: Apply some SRv6 network programming actions
(specifically End.X, End.T, End.B6 and
End.B6.Encap)
The specifications of these helpers are provided in the patch (see
include/uapi/linux/bpf.h).
The non-sensitive fields of the SRH are the following : flags, tag and
TLVs. The other fields can not be modified, to maintain the SRH
integrity. Flags, tag and TLVs can easily be modified as their validity
can be checked afterwards via seg6_validate_srh. It is not allowed to
modify the segments directly. If one wants to add segments on the path,
he should stack a new SRH using the End.B6 action via
bpf_lwt_seg6_action.
Growing, shrinking or editing TLVs via the helpers will flag the SRH as
invalid, and it will have to be re-validated before re-entering the IPv6
layer. This flag is stored in a per-CPU buffer, along with the current
header length in bytes.
Storing the SRH len in bytes in the control block is mandatory when using
bpf_lwt_seg6_adjust_srh. The Header Ext. Length field contains the SRH
len rounded to 8 bytes (a padding TLV can be inserted to ensure the 8-bytes
boundary). When adding/deleting TLVs within the BPF program, the SRH may
temporary be in an invalid state where its length cannot be rounded to 8
bytes without remainder, hence the need to store the length in bytes
separately. The caller of the BPF program can then ensure that the SRH's
final length is valid using this value. Again, a final SRH modified by a
BPF program which doesn’t respect the 8-bytes boundary will be discarded
as it will be considered as invalid.
Finally, a fourth helper is provided, bpf_lwt_push_encap, which is
available from the LWT BPF IN hook, but not from the seg6local BPF one.
This helper allows to encapsulate a Segment Routing Header (either with
a new outer IPv6 header, or by inlining it directly in the existing IPv6
header) into a non-SRv6 packet. This helper is required if we want to
offer the possibility to dynamically encapsulate a SRH for non-SRv6 packet,
as the BPF seg6local hook only works on traffic already containing a SRH.
This is the BPF equivalent of the seg6 LWT infrastructure, which achieves
the same purpose but with a static SRH per route.
These helpers require CONFIG_IPV6=y (and not =m).
Signed-off-by: Mathieu Xhonneux <m.xhonneux@gmail.com>
Acked-by: David Lebrun <dlebrun@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/bpf.h | 96 |
1 files changed, 95 insertions, 1 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 344d2ddcef49..fdaf6a0bfa5b 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h | |||
| @@ -1902,6 +1902,90 @@ union bpf_attr { | |||
| 1902 | * egress otherwise). This is the only flag supported for now. | 1902 | * egress otherwise). This is the only flag supported for now. |
| 1903 | * Return | 1903 | * Return |
| 1904 | * **SK_PASS** on success, or **SK_DROP** on error. | 1904 | * **SK_PASS** on success, or **SK_DROP** on error. |
| 1905 | * | ||
| 1906 | * int bpf_lwt_push_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len) | ||
| 1907 | * Description | ||
| 1908 | * Encapsulate the packet associated to *skb* within a Layer 3 | ||
| 1909 | * protocol header. This header is provided in the buffer at | ||
| 1910 | * address *hdr*, with *len* its size in bytes. *type* indicates | ||
| 1911 | * the protocol of the header and can be one of: | ||
| 1912 | * | ||
| 1913 | * **BPF_LWT_ENCAP_SEG6** | ||
| 1914 | * IPv6 encapsulation with Segment Routing Header | ||
| 1915 | * (**struct ipv6_sr_hdr**). *hdr* only contains the SRH, | ||
| 1916 | * the IPv6 header is computed by the kernel. | ||
| 1917 | * **BPF_LWT_ENCAP_SEG6_INLINE** | ||
| 1918 | * Only works if *skb* contains an IPv6 packet. Insert a | ||
| 1919 | * Segment Routing Header (**struct ipv6_sr_hdr**) inside | ||
| 1920 | * the IPv6 header. | ||
| 1921 | * | ||
| 1922 | * A call to this helper is susceptible to change the underlaying | ||
| 1923 | * packet buffer. Therefore, at load time, all checks on pointers | ||
| 1924 | * previously done by the verifier are invalidated and must be | ||
| 1925 | * performed again, if the helper is used in combination with | ||
| 1926 | * direct packet access. | ||
| 1927 | * Return | ||
| 1928 | * 0 on success, or a negative error in case of failure. | ||
| 1929 | * | ||
| 1930 | * int bpf_lwt_seg6_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len) | ||
| 1931 | * Description | ||
| 1932 | * Store *len* bytes from address *from* into the packet | ||
| 1933 | * associated to *skb*, at *offset*. Only the flags, tag and TLVs | ||
| 1934 | * inside the outermost IPv6 Segment Routing Header can be | ||
| 1935 | * modified through this helper. | ||
| 1936 | * | ||
| 1937 | * A call to this helper is susceptible to change the underlaying | ||
| 1938 | * packet buffer. Therefore, at load time, all checks on pointers | ||
| 1939 | * previously done by the verifier are invalidated and must be | ||
| 1940 | * performed again, if the helper is used in combination with | ||
| 1941 | * direct packet access. | ||
| 1942 | * Return | ||
| 1943 | * 0 on success, or a negative error in case of failure. | ||
| 1944 | * | ||
| 1945 | * int bpf_lwt_seg6_adjust_srh(struct sk_buff *skb, u32 offset, s32 delta) | ||
| 1946 | * Description | ||
| 1947 | * Adjust the size allocated to TLVs in the outermost IPv6 | ||
| 1948 | * Segment Routing Header contained in the packet associated to | ||
| 1949 | * *skb*, at position *offset* by *delta* bytes. Only offsets | ||
| 1950 | * after the segments are accepted. *delta* can be as well | ||
| 1951 | * positive (growing) as negative (shrinking). | ||
| 1952 | * | ||
| 1953 | * A call to this helper is susceptible to change the underlaying | ||
| 1954 | * packet buffer. Therefore, at load time, all checks on pointers | ||
| 1955 | * previously done by the verifier are invalidated and must be | ||
| 1956 | * performed again, if the helper is used in combination with | ||
| 1957 | * direct packet access. | ||
| 1958 | * Return | ||
| 1959 | * 0 on success, or a negative error in case of failure. | ||
| 1960 | * | ||
| 1961 | * int bpf_lwt_seg6_action(struct sk_buff *skb, u32 action, void *param, u32 param_len) | ||
| 1962 | * Description | ||
| 1963 | * Apply an IPv6 Segment Routing action of type *action* to the | ||
| 1964 | * packet associated to *skb*. Each action takes a parameter | ||
| 1965 | * contained at address *param*, and of length *param_len* bytes. | ||
| 1966 | * *action* can be one of: | ||
| 1967 | * | ||
| 1968 | * **SEG6_LOCAL_ACTION_END_X** | ||
| 1969 | * End.X action: Endpoint with Layer-3 cross-connect. | ||
| 1970 | * Type of *param*: **struct in6_addr**. | ||
| 1971 | * **SEG6_LOCAL_ACTION_END_T** | ||
| 1972 | * End.T action: Endpoint with specific IPv6 table lookup. | ||
| 1973 | * Type of *param*: **int**. | ||
| 1974 | * **SEG6_LOCAL_ACTION_END_B6** | ||
| 1975 | * End.B6 action: Endpoint bound to an SRv6 policy. | ||
| 1976 | * Type of param: **struct ipv6_sr_hdr**. | ||
| 1977 | * **SEG6_LOCAL_ACTION_END_B6_ENCAP** | ||
| 1978 | * End.B6.Encap action: Endpoint bound to an SRv6 | ||
| 1979 | * encapsulation policy. | ||
| 1980 | * Type of param: **struct ipv6_sr_hdr**. | ||
| 1981 | * | ||
| 1982 | * A call to this helper is susceptible to change the underlaying | ||
| 1983 | * packet buffer. Therefore, at load time, all checks on pointers | ||
| 1984 | * previously done by the verifier are invalidated and must be | ||
| 1985 | * performed again, if the helper is used in combination with | ||
| 1986 | * direct packet access. | ||
| 1987 | * Return | ||
| 1988 | * 0 on success, or a negative error in case of failure. | ||
| 1905 | */ | 1989 | */ |
| 1906 | #define __BPF_FUNC_MAPPER(FN) \ | 1990 | #define __BPF_FUNC_MAPPER(FN) \ |
| 1907 | FN(unspec), \ | 1991 | FN(unspec), \ |
| @@ -1976,7 +2060,11 @@ union bpf_attr { | |||
| 1976 | FN(fib_lookup), \ | 2060 | FN(fib_lookup), \ |
| 1977 | FN(sock_hash_update), \ | 2061 | FN(sock_hash_update), \ |
| 1978 | FN(msg_redirect_hash), \ | 2062 | FN(msg_redirect_hash), \ |
| 1979 | FN(sk_redirect_hash), | 2063 | FN(sk_redirect_hash), \ |
| 2064 | FN(lwt_push_encap), \ | ||
| 2065 | FN(lwt_seg6_store_bytes), \ | ||
| 2066 | FN(lwt_seg6_adjust_srh), \ | ||
| 2067 | FN(lwt_seg6_action), | ||
| 1980 | 2068 | ||
| 1981 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper | 2069 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper |
| 1982 | * function eBPF program intends to call | 2070 | * function eBPF program intends to call |
| @@ -2043,6 +2131,12 @@ enum bpf_hdr_start_off { | |||
| 2043 | BPF_HDR_START_NET, | 2131 | BPF_HDR_START_NET, |
| 2044 | }; | 2132 | }; |
| 2045 | 2133 | ||
| 2134 | /* Encapsulation type for BPF_FUNC_lwt_push_encap helper. */ | ||
| 2135 | enum bpf_lwt_encap_mode { | ||
| 2136 | BPF_LWT_ENCAP_SEG6, | ||
| 2137 | BPF_LWT_ENCAP_SEG6_INLINE | ||
| 2138 | }; | ||
| 2139 | |||
| 2046 | /* user accessible mirror of in-kernel sk_buff. | 2140 | /* user accessible mirror of in-kernel sk_buff. |
| 2047 | * new fields can only be added to the end of this structure | 2141 | * new fields can only be added to the end of this structure |
| 2048 | */ | 2142 | */ |