Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp448991lqd; Wed, 24 Apr 2024 07:15:28 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXhDMGFkDbx9GRF0zAH7zfwGn62kffKdyBJC3ZURNin0bHvPdF76WWMp9JlnAsjpKZ27CS/lGSgTUN4p9171Hd2d1av956Oy27wqQflPw== X-Google-Smtp-Source: AGHT+IFKIafwPf78+WUUpauhy1N8yu8E7wXNttjN8cJK8bLW76wzoYo9DGN5m6DApybypCf58tMP X-Received: by 2002:a05:6a00:2e24:b0:6ea:74d4:a01c with SMTP id fc36-20020a056a002e2400b006ea74d4a01cmr3159773pfb.14.1713968127714; Wed, 24 Apr 2024 07:15:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713968127; cv=pass; d=google.com; s=arc-20160816; b=HUMzwfsjbhX2EZlhw6IHzfRJ8sMCxBVVwoWvu/NQEgb4ILbtp7PjfNCrYI9PVFsdil HxfvfvPlXFgtPApMAADPJCPLwrQ6ROTSWAY2IGfYmCmm+ba0K0i+bvg1/QGXWFygQxws 4dDMpFVTp7W8W2ztKMdeDsPuxbpFD+uzU0rQ3BrPxt707HpyZ5wNiULC5D7olGa8LFGy sEHiBosxyJuN9wsaXM4v81HzqoS20TD1iVJZ182pTWhV6j6Kl8oy905xuRPekwWEhYhL aP8WsCiYzN7ErVeNvHOUh3F2I8toWWtpYDYsAknadKtagIoOkJ7FUcGrDptTd4JHRrll HNKA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mvfMKL+8UkJyc+6NdO80ILmMaNmzG0sr9rlaAL4MQIg=; fh=AKe4zb8iHebTq93ekqvCUEmhPBufn7Oi/3BJ7k8EHGs=; b=seKm9WK40Ifl0KgZyR+b9OUhnWKdJKa76g8zA0DZYp07fhJL38vMjiMeeaiRUfhVt8 819ku2nV+KcK26Cto5cwRtL8qsrTiKwT0+wgbTtxFihu8MLWq7FY3/FkGsi9kymLVnM6 pvKnYbr/AhPIN5tRKUOuD1H4LZc0BGB1ypUr4pT+OZlF2dZFH/bCBOe1CFeTnigILHa/ qC1GzJdnIwDSlnAqiiTRb/fae7p2r++UnzuFoKI9ZIdePMg6u0ENiyT4O0UAg9rz7QRl 6Sq4k/A/cdQux3ZjEV5aoC25OAdiTkcfpSgkBaJM1Ob3MxkHMyONUMrSEIqVE1thmlx/ dSjQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UBEzUrLY; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-157018-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157018-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id ko21-20020a056a00461500b006e6bc5376a1si11643579pfb.20.2024.04.24.07.15.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Apr 2024 07:15:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-157018-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UBEzUrLY; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-157018-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-157018-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id F0ACBB26592 for ; Wed, 24 Apr 2024 13:55:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5C2DC15E1FE; Wed, 24 Apr 2024 13:54:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="UBEzUrLY" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC2FC15E7EE for ; Wed, 24 Apr 2024 13:54:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713966882; cv=none; b=L4E0AWzk6af/PmLDHPrZqf5QDXa2ob4iFwXqKVN4fQBXYYVQ+yer0/6YiM/HemBSnU7i+s0p3d+xsc5MdTlkjKW6lQomHam+f/5RwSKInHF0/Ay+zlPucqX+iiKSgY0QZpsWuEylprd0pRTuL9a2HKVcbybynPMCwltYW+zFlCE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713966882; c=relaxed/simple; bh=gxTGezLHWXY8b7sIhgnJbShbHkUHWXR6geF6I6OEDao=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Qpr3Cm07VbxBIViC/UXZTUGqROv7hr/0daoaP0upqUf1SBkZhLhAIxNxLuDxi2VwAvIjJGhu63RWtfAeIY6QoN/3EZ98JOZ+KZrwhpfvG6aAEvfrJD5b19WnwhPkdBBnmY36IySFjVFzcFB1EY5kX2+M7ruDpBd3iR1VplbvbtA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=UBEzUrLY; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1713966880; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mvfMKL+8UkJyc+6NdO80ILmMaNmzG0sr9rlaAL4MQIg=; b=UBEzUrLYP1KsCFrnT3zjqKBcErNlcII2ybg9kYZuWE1D9WXCpPYP6nMDljzrqdhSvAkgZL xPx76MNATkXz6G5gUG2WPzZbtZht3pWXUeqmIBATJVnc6MH7HZNHQAuQ3WQKecb2mD/SlV HsS18hsDTFvssmfqdBxqDW1L43ugV2o= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-651-tSYvXOl7N2OL-BBPH0PrrQ-1; Wed, 24 Apr 2024 09:54:35 -0400 X-MC-Unique: tSYvXOl7N2OL-BBPH0PrrQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 148D73C0252B; Wed, 24 Apr 2024 13:54:35 +0000 (UTC) Received: from antares.redhat.com (unknown [10.39.193.98]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3B8881C0F120; Wed, 24 Apr 2024 13:54:33 +0000 (UTC) From: Adrian Moreno To: netdev@vger.kernel.org Cc: aconole@redhat.com, echaudro@redhat.com, horms@kernel.org, i.maximets@ovn.org, Adrian Moreno , Yotam Gigi , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-kernel@vger.kernel.org Subject: [PATCH net-next 2/8] net: psample: add multicast filtering on group_id Date: Wed, 24 Apr 2024 15:50:49 +0200 Message-ID: <20240424135109.3524355-3-amorenoz@redhat.com> In-Reply-To: <20240424135109.3524355-1-amorenoz@redhat.com> References: <20240424135109.3524355-1-amorenoz@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 Packet samples can come from several places (e.g: different tc sample actions), typically using the sample group (PSAMPLE_ATTR_SAMPLE_GROUP) to differentiate them. Likewise, sample consumers that listen on the multicast group may only be interested on a single group. However, they are currently forced to receive all samples and discard the ones that are not relevant, causing unnecessary overhead. Allow users to filter on the desired group_id by adding a new command PSAMPLE_SET_FILTER that can be used to pass the desired group id. Store this filter on the per-socket private pointer and use it for filtering multicasted samples. Signed-off-by: Adrian Moreno --- include/uapi/linux/psample.h | 1 + net/psample/psample.c | 110 +++++++++++++++++++++++++++++++++-- 2 files changed, 105 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/psample.h b/include/uapi/linux/psample.h index e585db5bf2d2..9d62983af0a4 100644 --- a/include/uapi/linux/psample.h +++ b/include/uapi/linux/psample.h @@ -28,6 +28,7 @@ enum psample_command { PSAMPLE_CMD_GET_GROUP, PSAMPLE_CMD_NEW_GROUP, PSAMPLE_CMD_DEL_GROUP, + PSAMPLE_CMD_SET_FILTER, }; enum psample_tunnel_key_attr { diff --git a/net/psample/psample.c b/net/psample/psample.c index a5d9b8446f77..f5f77515b969 100644 --- a/net/psample/psample.c +++ b/net/psample/psample.c @@ -98,13 +98,77 @@ static int psample_nl_cmd_get_group_dumpit(struct sk_buff *msg, return msg->len; } -static const struct genl_small_ops psample_nl_ops[] = { +struct psample_obj_desc { + struct rcu_head rcu; + u32 group_num; +}; + +struct psample_nl_sock_priv { + struct psample_obj_desc __rcu *filter; + spinlock_t filter_lock; /* Protects filter. */ +}; + +static void psample_nl_sock_priv_init(void *priv) +{ + struct psample_nl_sock_priv *sk_priv = priv; + + spin_lock_init(&sk_priv->filter_lock); +} + +static void psample_nl_sock_priv_destroy(void *priv) +{ + struct psample_nl_sock_priv *sk_priv = priv; + struct psample_obj_desc *filter; + + filter = rcu_dereference_protected(sk_priv->filter, true); + kfree_rcu(filter, rcu); +} + +static int psample_nl_set_filter_doit(struct sk_buff *skb, + struct genl_info *info) +{ + struct psample_obj_desc *filter = NULL; + struct psample_nl_sock_priv *sk_priv; + struct nlattr **attrs = info->attrs; + + if (attrs[PSAMPLE_ATTR_SAMPLE_GROUP]) { + filter = kzalloc(sizeof(*filter), GFP_KERNEL); + filter->group_num = + nla_get_u32(attrs[PSAMPLE_ATTR_SAMPLE_GROUP]); + } + + sk_priv = genl_sk_priv_get(&psample_nl_family, NETLINK_CB(skb).sk); + if (IS_ERR(sk_priv)) { + kfree(filter); + return PTR_ERR(sk_priv); + } + + spin_lock(&sk_priv->filter_lock); + filter = rcu_replace_pointer(sk_priv->filter, filter, + lockdep_is_held(&sk_priv->filter_lock)); + spin_unlock(&sk_priv->filter_lock); + kfree_rcu(filter, rcu); + return 0; +} + +static const struct nla_policy +psample_set_filter_policy[PSAMPLE_ATTR_SAMPLE_GROUP + 1] = { + [PSAMPLE_ATTR_SAMPLE_GROUP] = { .type = NLA_U32, }, +}; + +static const struct genl_ops psample_nl_ops[] = { { .cmd = PSAMPLE_CMD_GET_GROUP, .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, .dumpit = psample_nl_cmd_get_group_dumpit, /* can be retrieved by unprivileged users */ - } + }, + { + .cmd = PSAMPLE_CMD_SET_FILTER, + .doit = psample_nl_set_filter_doit, + .policy = psample_set_filter_policy, + .flags = 0, + }, }; static struct genl_family psample_nl_family __ro_after_init = { @@ -114,10 +178,13 @@ static struct genl_family psample_nl_family __ro_after_init = { .netnsok = true, .module = THIS_MODULE, .mcgrps = psample_nl_mcgrps, - .small_ops = psample_nl_ops, - .n_small_ops = ARRAY_SIZE(psample_nl_ops), + .ops = psample_nl_ops, + .n_ops = ARRAY_SIZE(psample_nl_ops), .resv_start_op = PSAMPLE_CMD_GET_GROUP + 1, .n_mcgrps = ARRAY_SIZE(psample_nl_mcgrps), + .sock_priv_size = sizeof(struct psample_nl_sock_priv), + .sock_priv_init = psample_nl_sock_priv_init, + .sock_priv_destroy = psample_nl_sock_priv_destroy, }; static void psample_group_notify(struct psample_group *group, @@ -360,6 +427,32 @@ static int psample_tunnel_meta_len(struct ip_tunnel_info *tun_info) } #endif +static inline void psample_nl_obj_desc_init(struct psample_obj_desc *desc, + u32 group_num) +{ + memset(desc, 0, sizeof(*desc)); + desc->group_num = group_num; +} + +static int psample_nl_sample_filter(struct sock *dsk, struct sk_buff *skb, + void *data) +{ + struct psample_obj_desc *desc = data; + struct psample_nl_sock_priv *sk_priv; + struct psample_obj_desc *filter; + int ret = 0; + + rcu_read_lock(); + sk_priv = __genl_sk_priv_get(&psample_nl_family, dsk); + if (!IS_ERR_OR_NULL(sk_priv)) { + filter = rcu_dereference(sk_priv->filter); + if (filter && desc) + ret = (filter->group_num != desc->group_num); + } + rcu_read_unlock(); + return ret; +} + void psample_sample_packet(struct psample_group *group, struct sk_buff *skb, u32 sample_rate, const struct psample_metadata *md) { @@ -370,6 +463,7 @@ void psample_sample_packet(struct psample_group *group, struct sk_buff *skb, #ifdef CONFIG_INET struct ip_tunnel_info *tun_info; #endif + struct psample_obj_desc desc; struct sk_buff *nl_skb; int data_len; int meta_len; @@ -487,8 +581,12 @@ void psample_sample_packet(struct psample_group *group, struct sk_buff *skb, #endif genlmsg_end(nl_skb, data); - genlmsg_multicast_netns(&psample_nl_family, group->net, nl_skb, 0, - PSAMPLE_NL_MCGRP_SAMPLE, GFP_ATOMIC); + psample_nl_obj_desc_init(&desc, group->group_num); + genlmsg_multicast_netns_filtered(&psample_nl_family, + group->net, nl_skb, 0, + PSAMPLE_NL_MCGRP_SAMPLE, + GFP_ATOMIC, psample_nl_sample_filter, + &desc); return; error: -- 2.44.0