bpf: Hooks for sys_sendmsg

In addition to already existing BPF hooks for sys_bind and sys_connect,
the patch provides new hooks for sys_sendmsg.

It leverages existing BPF program type `BPF_PROG_TYPE_CGROUP_SOCK_ADDR`
that provides access to socket itlself (properties like family, type,
protocol) and user-passed `struct sockaddr *` so that BPF program can
override destination IP and port for system calls such as sendto(2) or
sendmsg(2) and/or assign source IP to the socket.

The hooks are implemented as two new attach types:
`BPF_CGROUP_UDP4_SENDMSG` and `BPF_CGROUP_UDP6_SENDMSG` for UDPv4 and
UDPv6 correspondingly.

UDPv4 and UDPv6 separate attach types for same reason as sys_bind and
sys_connect hooks, i.e. to prevent reading from / writing to e.g.
user_ip6 fields when user passes sockaddr_in since it'd be out-of-bound.

The difference with already existing hooks is sys_sendmsg are
implemented only for unconnected UDP.

For TCP it doesn't make sense to change user-provided `struct sockaddr *`
at sendto(2)/sendmsg(2) time since socket either was already connected
and has source/destination set or wasn't connected and call to
sendto(2)/sendmsg(2) would lead to ENOTCONN anyway.

Connected UDP is already handled by sys_connect hooks that can override
source/destination at connect time and use fast-path later, i.e. these
hooks don't affect UDP fast-path.

Rewriting source IP is implemented differently than that in sys_connect
hooks. When sys_sendmsg is used with unconnected UDP it doesn't work to
just bind socket to desired local IP address since source IP can be set
on per-packet basis by using ancillary data (cmsg(3)). So no matter if
socket is bound or not, source IP has to be rewritten on every call to
sys_sendmsg.

To do so two new fields are added to UAPI `struct bpf_sock_addr`;
* `msg_src_ip4` to set source IPv4 for UDPv4;
* `msg_src_ip6` to set source IPv6 for UDPv6.

Signed-off-by: Andrey Ignatov <rdna@fb.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

1 files changed, 8 insertions, 0 deletions

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 388d4feda348..e254526d6744 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1249,6 +1249,8 @@ bpf_prog_load_check_attach_type(enum bpf_prog_type prog_type,
                 case BPF_CGROUP_INET6_BIND:
                 case BPF_CGROUP_INET4_CONNECT:
                 case BPF_CGROUP_INET6_CONNECT:
+                case BPF_CGROUP_UDP4_SENDMSG:
+                case BPF_CGROUP_UDP6_SENDMSG:
                         return 0;
                 default:
                         return -EINVAL;
@@ -1565,6 +1567,8 @@ static int bpf_prog_attach(const union bpf_attr *attr)
         case BPF_CGROUP_INET6_BIND:
         case BPF_CGROUP_INET4_CONNECT:
         case BPF_CGROUP_INET6_CONNECT:
+        case BPF_CGROUP_UDP4_SENDMSG:
+        case BPF_CGROUP_UDP6_SENDMSG:
                 ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
                 break;
         case BPF_CGROUP_SOCK_OPS:
@@ -1635,6 +1639,8 @@ static int bpf_prog_detach(const union bpf_attr *attr)
         case BPF_CGROUP_INET6_BIND:
         case BPF_CGROUP_INET4_CONNECT:
         case BPF_CGROUP_INET6_CONNECT:
+        case BPF_CGROUP_UDP4_SENDMSG:
+        case BPF_CGROUP_UDP6_SENDMSG:
                 ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
                 break;
         case BPF_CGROUP_SOCK_OPS:
@@ -1692,6 +1698,8 @@ static int bpf_prog_query(const union bpf_attr *attr,
         case BPF_CGROUP_INET6_POST_BIND:
         case BPF_CGROUP_INET4_CONNECT:
         case BPF_CGROUP_INET6_CONNECT:
+        case BPF_CGROUP_UDP4_SENDMSG:
+        case BPF_CGROUP_UDP6_SENDMSG:
         case BPF_CGROUP_SOCK_OPS:
         case BPF_CGROUP_DEVICE:
                 break;