From: huangxuesen <[email protected]>
bpf_skb_adjust_room sets the inner_protocol as skb->protocol for packets
encapsulation. But that is not appropriate when pushing Ethernet header.
Add an option to further specify encap L2 type and set the inner_protocol
as ETH_P_TEB.
Suggested-by: Willem de Bruijn <[email protected]>
Signed-off-by: huangxuesen <[email protected]>
Signed-off-by: chengzhiyong <[email protected]>
Signed-off-by: wangli <[email protected]>
---
include/uapi/linux/bpf.h | 5 +++++
net/core/filter.c | 11 ++++++++++-
tools/include/uapi/linux/bpf.h | 5 +++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 77d7c1b..d791596 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1751,6 +1751,10 @@ struct bpf_stack_build_id {
* Use with ENCAP_L3/L4 flags to further specify the tunnel
* type; *len* is the length of the inner MAC header.
*
+ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**:
+ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
+ * L2 type as Ethernet.
+ *
* A call to this helper is susceptible to change the underlying
* packet buffer. Therefore, at load time, all checks on pointers
* previously done by the verifier are invalidated and must be
@@ -4088,6 +4092,7 @@ enum {
BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3),
BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4),
BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5),
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6),
};
enum {
diff --git a/net/core/filter.c b/net/core/filter.c
index 255aeee..8d1fb61 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3412,6 +3412,7 @@ static u32 bpf_skb_net_base_len(const struct sk_buff *skb)
BPF_F_ADJ_ROOM_ENCAP_L3_MASK | \
BPF_F_ADJ_ROOM_ENCAP_L4_GRE | \
BPF_F_ADJ_ROOM_ENCAP_L4_UDP | \
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH | \
BPF_F_ADJ_ROOM_ENCAP_L2( \
BPF_ADJ_ROOM_ENCAP_L2_MASK))
@@ -3448,6 +3449,10 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
flags & BPF_F_ADJ_ROOM_ENCAP_L4_UDP)
return -EINVAL;
+ if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH &&
+ inner_mac_len < ETH_HLEN)
+ return -EINVAL;
+
if (skb->encapsulation)
return -EALREADY;
@@ -3466,7 +3471,11 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
skb->inner_mac_header = inner_net - inner_mac_len;
skb->inner_network_header = inner_net;
skb->inner_transport_header = inner_trans;
- skb_set_inner_protocol(skb, skb->protocol);
+
+ if (flags & BPF_F_ADJ_ROOM_ENCAP_L2_ETH)
+ skb_set_inner_protocol(skb, htons(ETH_P_TEB));
+ else
+ skb_set_inner_protocol(skb, skb->protocol);
skb->encapsulation = 1;
skb_set_network_header(skb, mac_len);
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 77d7c1b..d791596 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1751,6 +1751,10 @@ struct bpf_stack_build_id {
* Use with ENCAP_L3/L4 flags to further specify the tunnel
* type; *len* is the length of the inner MAC header.
*
+ * * **BPF_F_ADJ_ROOM_ENCAP_L2_ETH**:
+ * Use with BPF_F_ADJ_ROOM_ENCAP_L2 flag to further specify the
+ * L2 type as Ethernet.
+ *
* A call to this helper is susceptible to change the underlying
* packet buffer. Therefore, at load time, all checks on pointers
* previously done by the verifier are invalidated and must be
@@ -4088,6 +4092,7 @@ enum {
BPF_F_ADJ_ROOM_ENCAP_L4_GRE = (1ULL << 3),
BPF_F_ADJ_ROOM_ENCAP_L4_UDP = (1ULL << 4),
BPF_F_ADJ_ROOM_NO_CSUM_RESET = (1ULL << 5),
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = (1ULL << 6),
};
enum {
--
1.8.3.1
On Wed, Feb 10, 2021 at 1:59 AM huangxuesen <[email protected]> wrote:
>
> From: huangxuesen <[email protected]>
>
> bpf_skb_adjust_room sets the inner_protocol as skb->protocol for packets
> encapsulation. But that is not appropriate when pushing Ethernet header.
>
> Add an option to further specify encap L2 type and set the inner_protocol
> as ETH_P_TEB.
>
> Suggested-by: Willem de Bruijn <[email protected]>
> Signed-off-by: huangxuesen <[email protected]>
> Signed-off-by: chengzhiyong <[email protected]>
> Signed-off-by: wangli <[email protected]>
Thanks, this is exactly what I meant.
Acked-by: Willem de Bruijn <[email protected]>
One small point regarding Signed-off-by: It is customary to capitalize
family and given names.
On 2/10/21 3:50 PM, Willem de Bruijn wrote:
> On Wed, Feb 10, 2021 at 1:59 AM huangxuesen <[email protected]> wrote:
>>
>> From: huangxuesen <[email protected]>
>>
>> bpf_skb_adjust_room sets the inner_protocol as skb->protocol for packets
>> encapsulation. But that is not appropriate when pushing Ethernet header.
>>
>> Add an option to further specify encap L2 type and set the inner_protocol
>> as ETH_P_TEB.
>>
>> Suggested-by: Willem de Bruijn <[email protected]>
>> Signed-off-by: huangxuesen <[email protected]>
>> Signed-off-by: chengzhiyong <[email protected]>
>> Signed-off-by: wangli <[email protected]>
>
> Thanks, this is exactly what I meant.
>
> Acked-by: Willem de Bruijn <[email protected]>
>
> One small point regarding Signed-off-by: It is customary to capitalize
> family and given names.
+1, huangxuesen, would be great if you could resubmit with capitalized names in
your SoB as well as From (both seem affected).
Thanks,
Daniel
Thanks Daniel and Willem!
So sorry to reply to you late for I just took the Chinese Spring Festival vacation.
I will resubmit this patch.
Thanks again!
> 2021年2月11日 下午11:26,Daniel Borkmann <[email protected]> 写道:
>
> On 2/10/21 3:50 PM, Willem de Bruijn wrote:
>> On Wed, Feb 10, 2021 at 1:59 AM huangxuesen <[email protected]> wrote:
>>>
>>> From: huangxuesen <[email protected]>
>>>
>>> bpf_skb_adjust_room sets the inner_protocol as skb->protocol for packets
>>> encapsulation. But that is not appropriate when pushing Ethernet header.
>>>
>>> Add an option to further specify encap L2 type and set the inner_protocol
>>> as ETH_P_TEB.
>>>
>>> Suggested-by: Willem de Bruijn <[email protected]>
>>> Signed-off-by: huangxuesen <[email protected]>
>>> Signed-off-by: chengzhiyong <[email protected]>
>>> Signed-off-by: wangli <[email protected]>
>> Thanks, this is exactly what I meant.
>> Acked-by: Willem de Bruijn <[email protected]>
>> One small point regarding Signed-off-by: It is customary to capitalize
>> family and given names.
>
> +1, huangxuesen, would be great if you could resubmit with capitalized names in
> your SoB as well as From (both seem affected).
>
> Thanks,
> Daniel