On 4/13/22 3:41 PM, Maxim Mikityanskiy wrote: [...]
/* integer value in 'imm' field of BPF_CALL instruction selects which helper diff --git a/net/core/filter.c b/net/core/filter.c index 7446b0ba4e38..428cc63ecdf7 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -7425,6 +7425,124 @@ static const struct bpf_func_proto bpf_skb_set_tstamp_proto = { .arg3_type = ARG_ANYTHING, }; +BPF_CALL_3(bpf_tcp_raw_gen_syncookie_ipv4, struct iphdr *, iph,
struct tcphdr *, th, u32, th_len)+{ +#ifdef CONFIG_SYN_COOKIES
- u32 cookie;
- u16 mss;
- if (unlikely(th_len < sizeof(*th) || th_len != th->doff * 4))
return -EINVAL;- mss = tcp_parse_mss_option(th, 0) ?: TCP_MSS_DEFAULT;
- cookie = __cookie_v4_init_sequence(iph, th, &mss);
- return cookie | ((u64)mss << 32);
+#else
- return -EOPNOTSUPP;
+#endif /* CONFIG_SYN_COOKIES */
This (and for other added helpers below) will be rather tricky to probe for availability e.g. via `bpftool feature probe [...]`. Much better if you wrap the ifdef CONFIG_SYN_COOKIES around the {xdp,tc_cls_act}_func_proto() instead as we do elsewhere.
+}
+static const struct bpf_func_proto bpf_tcp_raw_gen_syncookie_ipv4_proto = {
- .func = bpf_tcp_raw_gen_syncookie_ipv4,
- .gpl_only = true, /* __cookie_v4_init_sequence() is GPL */
- .pkt_access = true,
- .ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
- .arg1_size = sizeof(struct iphdr),
- .arg2_type = ARG_PTR_TO_MEM,
- .arg3_type = ARG_CONST_SIZE,
+};
+BPF_CALL_3(bpf_tcp_raw_gen_syncookie_ipv6, struct ipv6hdr *, iph,
struct tcphdr *, th, u32, th_len)+{ +#ifndef CONFIG_SYN_COOKIES
- return -EOPNOTSUPP;
+#elif !IS_BUILTIN(CONFIG_IPV6)
- return -EPROTONOSUPPORT;
+#else
- const u16 mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
sizeof(struct ipv6hdr);- u32 cookie;
- u16 mss;
- if (unlikely(th_len < sizeof(*th) || th_len != th->doff * 4))
return -EINVAL;- mss = tcp_parse_mss_option(th, 0) ?: mss_clamp;
- cookie = __cookie_v6_init_sequence(iph, th, &mss);
- return cookie | ((u64)mss << 32);
+#endif +}
+static const struct bpf_func_proto bpf_tcp_raw_gen_syncookie_ipv6_proto = {
- .func = bpf_tcp_raw_gen_syncookie_ipv6,
- .gpl_only = true, /* __cookie_v6_init_sequence() is GPL */
- .pkt_access = true,
- .ret_type = RET_INTEGER,
- .arg1_type = ARG_PTR_TO_MEM,
- .arg1_size = sizeof(struct ipv6hdr),
- .arg2_type = ARG_PTR_TO_MEM,
- .arg3_type = ARG_CONST_SIZE,
+};
[...]
bool bpf_helper_changes_pkt_data(void *func) @@ -7837,6 +7955,14 @@ xdp_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_tcp_check_syncookie_proto; case BPF_FUNC_tcp_gen_syncookie: return &bpf_tcp_gen_syncookie_proto;
- case BPF_FUNC_tcp_raw_gen_syncookie_ipv4:
return &bpf_tcp_raw_gen_syncookie_ipv4_proto;- case BPF_FUNC_tcp_raw_gen_syncookie_ipv6:
return &bpf_tcp_raw_gen_syncookie_ipv6_proto;- case BPF_FUNC_tcp_raw_check_syncookie_ipv4:
return &bpf_tcp_raw_check_syncookie_ipv4_proto;- case BPF_FUNC_tcp_raw_check_syncookie_ipv6:
return &bpf_tcp_raw_check_syncookie_ipv6_proto;