1 files changed, 99 insertions, 5 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index b7db3261c62d..66917a4eba27 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -75,6 +75,11 @@ struct bpf_lpm_trie_key {
        __u8    data[0];        /* Arbitrary size */
 };
+struct bpf_cgroup_storage_key {
+        __u64   cgroup_inode_id;        /* cgroup inode id */
+        __u32   attach_type;            /* program attach type */
+};
 /* BPF syscall commands, see bpf(2) man-page for details. */
 enum bpf_cmd {
        BPF_MAP_CREATE,
@@ -120,6 +125,8 @@ enum bpf_map_type {
        BPF_MAP_TYPE_CPUMAP,
        BPF_MAP_TYPE_XSKMAP,
        BPF_MAP_TYPE_SOCKHASH,
+        BPF_MAP_TYPE_CGROUP_STORAGE,
+        BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
 };
 enum bpf_prog_type {
@@ -144,6 +151,7 @@ enum bpf_prog_type {
        BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
        BPF_PROG_TYPE_LWT_SEG6LOCAL,
        BPF_PROG_TYPE_LIRC_MODE2,
+        BPF_PROG_TYPE_SK_REUSEPORT,
 };
 enum bpf_attach_type {
@@ -1371,6 +1379,20 @@ union bpf_attr {
 *              A 8-byte long non-decreasing number on success, or 0 if the
 *              socket field is missing inside *skb*.
 *
+ * u64 bpf_get_socket_cookie(struct bpf_sock_addr *ctx)
+ *      Description
+ *              Equivalent to bpf_get_socket_cookie() helper that accepts
+ *              *skb*, but gets socket from **struct bpf_sock_addr** contex.
+ *      Return
+ *              A 8-byte long non-decreasing number.
+ *
+ * u64 bpf_get_socket_cookie(struct bpf_sock_ops *ctx)
+ *      Description
+ *              Equivalent to bpf_get_socket_cookie() helper that accepts
+ *              *skb*, but gets socket from **struct bpf_sock_ops** contex.
+ *      Return
+ *              A 8-byte long non-decreasing number.
+ *
 * u32 bpf_get_socket_uid(struct sk_buff *skb)
 *      Return
 *              The owner UID of the socket associated to *skb*. If the socket
@@ -1826,7 +1848,7 @@ union bpf_attr {
 *              A non-negative value equal to or less than *size* on success,
 *              or a negative error in case of failure.
 *
- * int skb_load_bytes_relative(const struct sk_buff *skb, u32 offset, void *to, u32 len, u32 start_header)
+ * int bpf_skb_load_bytes_relative(const struct sk_buff *skb, u32 offset, void *to, u32 len, u32 start_header)
 *      Description
 *              This helper is similar to **bpf_skb_load_bytes**\ () in that
 *              it provides an easy way to load *len* bytes from *offset*
@@ -1877,7 +1899,7 @@ union bpf_attr {
 *              * < 0 if any input argument is invalid
 *              *   0 on success (packet is forwarded, nexthop neighbor exists)
 *              * > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the
- *              *     packet is not forwarded or needs assist from full stack
+ *                packet is not forwarded or needs assist from full stack
 *
 * int bpf_sock_hash_update(struct bpf_sock_ops_kern *skops, struct bpf_map *map, void *key, u64 flags)
 *      Description
@@ -2033,7 +2055,6 @@ union bpf_attr {
 *              This helper is only available is the kernel was compiled with
 *              the **CONFIG_BPF_LIRC_MODE2** configuration option set to
 *              "**y**".
- *
 *      Return
 *              0
 *
@@ -2053,7 +2074,6 @@ union bpf_attr {
 *              This helper is only available is the kernel was compiled with
 *              the **CONFIG_BPF_LIRC_MODE2** configuration option set to
 *              "**y**".
- *
 *      Return
 *              0
 *
@@ -2073,10 +2093,54 @@ union bpf_attr {
 *      Return
 *              The id is returned or 0 in case the id could not be retrieved.
 *
+ * u64 bpf_skb_ancestor_cgroup_id(struct sk_buff *skb, int ancestor_level)
+ *      Description
+ *              Return id of cgroup v2 that is ancestor of cgroup associated
+ *              with the *skb* at the *ancestor_level*.  The root cgroup is at
+ *              *ancestor_level* zero and each step down the hierarchy
+ *              increments the level. If *ancestor_level* == level of cgroup
+ *              associated with *skb*, then return value will be same as that
+ *              of **bpf_skb_cgroup_id**\ ().
+ *
+ *              The helper is useful to implement policies based on cgroups
+ *              that are upper in hierarchy than immediate cgroup associated
+ *              with *skb*.
+ *
+ *              The format of returned id and helper limitations are same as in
+ *              **bpf_skb_cgroup_id**\ ().
+ *      Return
+ *              The id is returned or 0 in case the id could not be retrieved.
+ *
 * u64 bpf_get_current_cgroup_id(void)
 *      Return
 *              A 64-bit integer containing the current cgroup id based
 *              on the cgroup within which the current task is running.
+ *
+ * void* get_local_storage(void *map, u64 flags)
+ *      Description
+ *              Get the pointer to the local storage area.
+ *              The type and the size of the local storage is defined
+ *              by the *map* argument.
+ *              The *flags* meaning is specific for each map type,
+ *              and has to be 0 for cgroup local storage.
+ *
+ *              Depending on the bpf program type, a local storage area
+ *              can be shared between multiple instances of the bpf program,
+ *              running simultaneously.
+ *
+ *              A user should care about the synchronization by himself.
+ *              For example, by using the BPF_STX_XADD instruction to alter
+ *              the shared data.
+ *      Return
+ *              Pointer to the local storage area.
+ *
+ * int bpf_sk_select_reuseport(struct sk_reuseport_md *reuse, struct bpf_map *map, void *key, u64 flags)
+ *      Description
+ *              Select a SO_REUSEPORT sk from a BPF_MAP_TYPE_REUSEPORT_ARRAY map
+ *              It checks the selected sk is matching the incoming
+ *              request in the skb.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
 */
 #define __BPF_FUNC_MAPPER(FN)           \
        FN(unspec),                     \
@@ -2159,7 +2223,10 @@ union bpf_attr {
        FN(rc_repeat),                  \
        FN(rc_keydown),                 \
        FN(skb_cgroup_id),              \
-        FN(get_current_cgroup_id),
+        FN(get_current_cgroup_id),      \
+        FN(get_local_storage),          \
+        FN(sk_select_reuseport),        \
+        FN(skb_ancestor_cgroup_id),
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
 * function eBPF program intends to call
@@ -2376,6 +2443,30 @@ struct sk_msg_md {
        __u32 local_port;       /* stored in host byte order */
 };
+struct sk_reuseport_md {
+        /*
+         * Start of directly accessible data. It begins from
+         * the tcp/udp header.
+         */
+        void *data;
+        void *data_end;         /* End of directly accessible data */
+        /*
+         * Total length of packet (starting from the tcp/udp header).
+         * Note that the directly accessible bytes (data_end - data)
+         * could be less than this "len".  Those bytes could be
+         * indirectly read by a helper "bpf_skb_load_bytes()".
+         */
+        __u32 len;
+        /*
+         * Eth protocol in the mac header (network byte order). e.g.
+         * ETH_P_IP(0x0800) and ETH_P_IPV6(0x86DD)
+         */
+        __u32 eth_protocol;
+        __u32 ip_protocol;      /* IP protocol. e.g. IPPROTO_TCP, IPPROTO_UDP */
+        __u32 bind_inany;       /* Is sock bound to an INANY address? */
+        __u32 hash;             /* A hash of the packet 4 tuples */
+};
 #define BPF_TAG_SIZE    8
 struct bpf_prog_info {
@@ -2557,6 +2648,9 @@ enum {
                                         * Arg1: old_state
                                         * Arg2: new_state
                                         */
+        BPF_SOCK_OPS_TCP_LISTEN_CB,     /* Called on listen(2), right after
+                                         * socket transition to LISTEN state.
+                                         */
 };
 /* List of TCP states. There is a build check in net/ipv4/tcp.c to detect

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b7db3261c62d..66917a4eba27 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h
@@ -75,6 +75,11 @@ struct bpf_lpm_trie_key {
75	__u8 data[0]; /* Arbitrary size */	75	__u8 data[0]; /* Arbitrary size */
76	};	76	};
77		77
		78	struct bpf_cgroup_storage_key {
		79	__u64 cgroup_inode_id; /* cgroup inode id */
		80	__u32 attach_type; /* program attach type */
		81	};
		82
78	/* BPF syscall commands, see bpf(2) man-page for details. */	83	/* BPF syscall commands, see bpf(2) man-page for details. */
79	enum bpf_cmd {	84	enum bpf_cmd {
80	BPF_MAP_CREATE,	85	BPF_MAP_CREATE,
@@ -120,6 +125,8 @@ enum bpf_map_type {
120	BPF_MAP_TYPE_CPUMAP,	125	BPF_MAP_TYPE_CPUMAP,
121	BPF_MAP_TYPE_XSKMAP,	126	BPF_MAP_TYPE_XSKMAP,
122	BPF_MAP_TYPE_SOCKHASH,	127	BPF_MAP_TYPE_SOCKHASH,
		128	BPF_MAP_TYPE_CGROUP_STORAGE,
		129	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
123	};	130	};
124		131
125	enum bpf_prog_type {	132	enum bpf_prog_type {
@@ -144,6 +151,7 @@ enum bpf_prog_type {
144	BPF_PROG_TYPE_CGROUP_SOCK_ADDR,	151	BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
145	BPF_PROG_TYPE_LWT_SEG6LOCAL,	152	BPF_PROG_TYPE_LWT_SEG6LOCAL,
146	BPF_PROG_TYPE_LIRC_MODE2,	153	BPF_PROG_TYPE_LIRC_MODE2,
		154	BPF_PROG_TYPE_SK_REUSEPORT,
147	};	155	};
148		156
149	enum bpf_attach_type {	157	enum bpf_attach_type {
@@ -1371,6 +1379,20 @@ union bpf_attr {
1371	* A 8-byte long non-decreasing number on success, or 0 if the	1379	* A 8-byte long non-decreasing number on success, or 0 if the
1372	* socket field is missing inside skb.	1380	* socket field is missing inside skb.
1373	*	1381	*
		1382	* u64 bpf_get_socket_cookie(struct bpf_sock_addr *ctx)
		1383	* Description
		1384	* Equivalent to bpf_get_socket_cookie() helper that accepts
		1385	* skb, but gets socket from struct bpf_sock_addr contex.
		1386	* Return
		1387	* A 8-byte long non-decreasing number.
		1388	*
		1389	* u64 bpf_get_socket_cookie(struct bpf_sock_ops *ctx)
		1390	* Description
		1391	* Equivalent to bpf_get_socket_cookie() helper that accepts
		1392	* skb, but gets socket from struct bpf_sock_ops contex.
		1393	* Return
		1394	* A 8-byte long non-decreasing number.
		1395	*
1374	* u32 bpf_get_socket_uid(struct sk_buff *skb)	1396	* u32 bpf_get_socket_uid(struct sk_buff *skb)
1375	* Return	1397	* Return
1376	* The owner UID of the socket associated to skb. If the socket	1398	* The owner UID of the socket associated to skb. If the socket
@@ -1826,7 +1848,7 @@ union bpf_attr {
1826	* A non-negative value equal to or less than size on success,	1848	* A non-negative value equal to or less than size on success,
1827	* or a negative error in case of failure.	1849	* or a negative error in case of failure.
1828	*	1850	*
1829	* int skb_load_bytes_relative(const struct sk_buff skb, u32 offset, void to, u32 len, u32 start_header)	1851	* int bpf_skb_load_bytes_relative(const struct sk_buff skb, u32 offset, void to, u32 len, u32 start_header)
1830	* Description	1852	* Description
1831	* This helper is similar to bpf_skb_load_bytes\ () in that	1853	* This helper is similar to bpf_skb_load_bytes\ () in that
1832	* it provides an easy way to load len bytes from offset	1854	* it provides an easy way to load len bytes from offset
@@ -1877,7 +1899,7 @@ union bpf_attr {
1877	* * < 0 if any input argument is invalid	1899	* * < 0 if any input argument is invalid
1878	* * 0 on success (packet is forwarded, nexthop neighbor exists)	1900	* * 0 on success (packet is forwarded, nexthop neighbor exists)
1879	* * > 0 one of BPF_FIB_LKUP_RET_ codes explaining why the	1901	* * > 0 one of BPF_FIB_LKUP_RET_ codes explaining why the
1880	* * packet is not forwarded or needs assist from full stack	1902	* packet is not forwarded or needs assist from full stack
1881	*	1903	*
1882	* int bpf_sock_hash_update(struct bpf_sock_ops_kern skops, struct bpf_map map, void *key, u64 flags)	1904	* int bpf_sock_hash_update(struct bpf_sock_ops_kern skops, struct bpf_map map, void *key, u64 flags)
1883	* Description	1905	* Description
@@ -2033,7 +2055,6 @@ union bpf_attr {
2033	* This helper is only available is the kernel was compiled with	2055	* This helper is only available is the kernel was compiled with
2034	* the CONFIG_BPF_LIRC_MODE2 configuration option set to	2056	* the CONFIG_BPF_LIRC_MODE2 configuration option set to
2035	* "y".	2057	* "y".
2036	*
2037	* Return	2058	* Return
2038	* 0	2059	* 0
2039	*	2060	*
@@ -2053,7 +2074,6 @@ union bpf_attr {
2053	* This helper is only available is the kernel was compiled with	2074	* This helper is only available is the kernel was compiled with
2054	* the CONFIG_BPF_LIRC_MODE2 configuration option set to	2075	* the CONFIG_BPF_LIRC_MODE2 configuration option set to
2055	* "y".	2076	* "y".
2056	*
2057	* Return	2077	* Return
2058	* 0	2078	* 0
2059	*	2079	*
@@ -2073,10 +2093,54 @@ union bpf_attr {
2073	* Return	2093	* Return
2074	* The id is returned or 0 in case the id could not be retrieved.	2094	* The id is returned or 0 in case the id could not be retrieved.
2075	*	2095	*
		2096	* u64 bpf_skb_ancestor_cgroup_id(struct sk_buff *skb, int ancestor_level)
		2097	* Description
		2098	* Return id of cgroup v2 that is ancestor of cgroup associated
		2099	* with the skb at the ancestor_level. The root cgroup is at
		2100	* ancestor_level zero and each step down the hierarchy
		2101	* increments the level. If ancestor_level == level of cgroup
		2102	* associated with skb, then return value will be same as that
		2103	* of bpf_skb_cgroup_id\ ().
		2104	*
		2105	* The helper is useful to implement policies based on cgroups
		2106	* that are upper in hierarchy than immediate cgroup associated
		2107	* with skb.
		2108	*
		2109	* The format of returned id and helper limitations are same as in
		2110	* bpf_skb_cgroup_id\ ().
		2111	* Return
		2112	* The id is returned or 0 in case the id could not be retrieved.
		2113	*
2076	* u64 bpf_get_current_cgroup_id(void)	2114	* u64 bpf_get_current_cgroup_id(void)
2077	* Return	2115	* Return
2078	* A 64-bit integer containing the current cgroup id based	2116	* A 64-bit integer containing the current cgroup id based
2079	* on the cgroup within which the current task is running.	2117	* on the cgroup within which the current task is running.
		2118	*
		2119	* void* get_local_storage(void *map, u64 flags)
		2120	* Description
		2121	* Get the pointer to the local storage area.
		2122	* The type and the size of the local storage is defined
		2123	* by the map argument.
		2124	* The flags meaning is specific for each map type,
		2125	* and has to be 0 for cgroup local storage.
		2126	*
		2127	* Depending on the bpf program type, a local storage area
		2128	* can be shared between multiple instances of the bpf program,
		2129	* running simultaneously.
		2130	*
		2131	* A user should care about the synchronization by himself.
		2132	* For example, by using the BPF_STX_XADD instruction to alter
		2133	* the shared data.
		2134	* Return
		2135	* Pointer to the local storage area.
		2136	*
		2137	* int bpf_sk_select_reuseport(struct sk_reuseport_md reuse, struct bpf_map map, void *key, u64 flags)
		2138	* Description
		2139	* Select a SO_REUSEPORT sk from a BPF_MAP_TYPE_REUSEPORT_ARRAY map
		2140	* It checks the selected sk is matching the incoming
		2141	* request in the skb.
		2142	* Return
		2143	* 0 on success, or a negative error in case of failure.
2080	*/	2144	*/
2081	#define __BPF_FUNC_MAPPER(FN) \	2145	#define __BPF_FUNC_MAPPER(FN) \
2082	FN(unspec), \	2146	FN(unspec), \
@@ -2159,7 +2223,10 @@ union bpf_attr {
2159	FN(rc_repeat), \	2223	FN(rc_repeat), \
2160	FN(rc_keydown), \	2224	FN(rc_keydown), \
2161	FN(skb_cgroup_id), \	2225	FN(skb_cgroup_id), \
2162	FN(get_current_cgroup_id),	2226	FN(get_current_cgroup_id), \
		2227	FN(get_local_storage), \
		2228	FN(sk_select_reuseport), \
		2229	FN(skb_ancestor_cgroup_id),
2163		2230
2164	/* integer value in 'imm' field of BPF_CALL instruction selects which helper	2231	/* integer value in 'imm' field of BPF_CALL instruction selects which helper
2165	* function eBPF program intends to call	2232	* function eBPF program intends to call
@@ -2376,6 +2443,30 @@ struct sk_msg_md {
2376	__u32 local_port; /* stored in host byte order */	2443	__u32 local_port; /* stored in host byte order */
2377	};	2444	};
2378		2445
		2446	struct sk_reuseport_md {
		2447	/*
		2448	* Start of directly accessible data. It begins from
		2449	* the tcp/udp header.
		2450	*/
		2451	void *data;
		2452	void data_end; / End of directly accessible data */
		2453	/*
		2454	* Total length of packet (starting from the tcp/udp header).
		2455	* Note that the directly accessible bytes (data_end - data)
		2456	* could be less than this "len". Those bytes could be
		2457	* indirectly read by a helper "bpf_skb_load_bytes()".
		2458	*/
		2459	__u32 len;
		2460	/*
		2461	* Eth protocol in the mac header (network byte order). e.g.
		2462	* ETH_P_IP(0x0800) and ETH_P_IPV6(0x86DD)
		2463	*/
		2464	__u32 eth_protocol;
		2465	__u32 ip_protocol; /* IP protocol. e.g. IPPROTO_TCP, IPPROTO_UDP */
		2466	__u32 bind_inany; /* Is sock bound to an INANY address? */
		2467	__u32 hash; /* A hash of the packet 4 tuples */
		2468	};
		2469
2379	#define BPF_TAG_SIZE 8	2470	#define BPF_TAG_SIZE 8
2380		2471
2381	struct bpf_prog_info {	2472	struct bpf_prog_info {
@@ -2557,6 +2648,9 @@ enum {
2557	* Arg1: old_state	2648	* Arg1: old_state
2558	* Arg2: new_state	2649	* Arg2: new_state
2559	*/	2650	*/
		2651	BPF_SOCK_OPS_TCP_LISTEN_CB, /* Called on listen(2), right after
		2652	* socket transition to LISTEN state.
		2653	*/
2560	};	2654	};
2561		2655
2562	/* List of TCP states. There is a build check in net/ipv4/tcp.c to detect	2656	/* List of TCP states. There is a build check in net/ipv4/tcp.c to detect