From: Xuesen Huang <[email protected]>
bpf_skb_adjust_room sets the inner_protocol as skb->protocol for packets
encapsulation. But that is not appropriate when pushing Ethernet header.
Add an option to further specify encap L2 type and set the inner_protocol
as ETH_P_TEB.
v3:
- Fix the code format.
v2:
Suggested-by: Willem de Bruijn <[email protected]>
- Add a new flag to specify the type of the inner packet.
Suggested-by: Willem de Bruijn <[email protected]>
Signed-off-by: Xuesen Huang <[email protected]>
Signed-off-by: Zhiyong Cheng <[email protected]>
Signed-off-by: Li Wang <[email protected]>
---
include/uapi/linux/bpf.h | 5 +++++
net/core/filter.c | 11 ++++++++++-
tools/include/uapi/linux/bpf.h | 5 +++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 77d7c1b..d791596 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1751,6 +1751,10 @@ struct bpf_stack_build_id {
* Use with ENCAP_L3/L4 flags to further specify the tunnel
* type; *len* is the length of the inner MAC header.
*
+ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**:
+ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
+ * L2 type as Ethernet.
+ *
* A call to this helper is susceptible to change the underlying
* packet buffer. Therefore, at load time, all checks on pointers
* previously done by the verifier are invalidated and must be
@@ -4088,6 +4092,7 @@ enum {
BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3),
BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4),
BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5),
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6),
};
enum {
diff --git a/net/core/filter.c b/net/core/filter.c
index 255aeee..8d1fb61 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3412,6 +3412,7 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
BPF_F_ADJ_ROOM_ENCAP_L4_UDP | \
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH | \
BPF_F_ADJ_ROOM_ENCAP_L2( \
BPF_ADJ_ROOM_ENCAP_L2_MASK))
@@ -3448,6 +3449,10 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
return -EINVAL;
+ if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH &&
+ inner_mac_len < ETH_HLEN)
+ return -EINVAL;
+
if (skb->encapsulation)
return -EALREADY;
@@ -3466,7 +3471,11 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
skb->inner_mac_header = inner_net - inner_mac_len;
skb->inner_network_header = inner_net;
skb->inner_transport_header = inner_trans;
- skb_set_inner_protocol(skb, skb->protocol);
+
+ if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH)
+ skb_set_inner_protocol(skb, htons(ETH_P_TEB));
+ else
+ skb_set_inner_protocol(skb, skb->protocol);
skb->encapsulation = 1;
skb_set_network_header(skb, mac_len);
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 77d7c1b..d791596 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1751,6 +1751,10 @@ struct bpf_stack_build_id {
* Use with ENCAP_L3/L4 flags to further specify the tunnel
* type; *len* is the length of the inner MAC header.
*
+ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**:
+ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
+ * L2 type as Ethernet.
+ *
* A call to this helper is susceptible to change the underlying
* packet buffer. Therefore, at load time, all checks on pointers
* previously done by the verifier are invalidated and must be
@@ -4088,6 +4092,7 @@ enum {
BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3),
BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4),
BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5),
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6),
};
enum {
--
1.8.3.1
On Thu, Feb 25, 2021 at 7:59 PM Xuesen Huang <[email protected]> wrote:
> v3:
> - Fix the code format.
>
> v2:
> Suggested-by: Willem de Bruijn <[email protected]>
> - Add a new flag to specify the type of the inner packet.
These need to be moved after '---', otherwise it would be merged
into the final git log.
>
> Suggested-by: Willem de Bruijn <[email protected]>
> Signed-off-by: Xuesen Huang <[email protected]>
> Signed-off-by: Zhiyong Cheng <[email protected]>
> Signed-off-by: Li Wang <[email protected]>
> ---
> include/uapi/linux/bpf.h | 5 +++++
> net/core/filter.c | 11 ++++++++++-
> tools/include/uapi/linux/bpf.h | 5 +++++
> 3 files changed, 20 insertions(+), 1 deletion(-)
As a good practice, please add a test case for this in
tools/testing/selftests/bpf/progs/test_tc_tunnel.c.
Thanks.
On Fri, Feb 26, 2021 at 3:15 PM Cong Wang <[email protected]> wrote:
>
> On Thu, Feb 25, 2021 at 7:59 PM Xuesen Huang <[email protected]> wrote:
> > v3:
> > - Fix the code format.
> >
> > v2:
> > Suggested-by: Willem de Bruijn <[email protected]>
> > - Add a new flag to specify the type of the inner packet.
>
> These need to be moved after '---', otherwise it would be merged
> into the final git log.
>
> >
> > Suggested-by: Willem de Bruijn <[email protected]>
> > Signed-off-by: Xuesen Huang <[email protected]>
> > Signed-off-by: Zhiyong Cheng <[email protected]>
> > Signed-off-by: Li Wang <[email protected]>
> > ---
> > include/uapi/linux/bpf.h | 5 +++++
> > net/core/filter.c | 11 ++++++++++-
> > tools/include/uapi/linux/bpf.h | 5 +++++
> > 3 files changed, 20 insertions(+), 1 deletion(-)
>
> As a good practice, please add a test case for this in
> tools/testing/selftests/bpf/progs/test_tc_tunnel.c.
That's a great idea. This function covers a lot of cases. Can use the
code coverage against regressions.
With that caveat, looks great to me, thanks.