mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-16 00:56:49 +07:00
40304b2a15
Created a new BPF program type, BPF_PROG_TYPE_SOCK_OPS, and a corresponding
struct that allows BPF programs of this type to access some of the
socket's fields (such as IP addresses, ports, etc.). It uses the
existing bpf cgroups infrastructure so the programs can be attached per
cgroup with full inheritance support. The program will be called at
appropriate times to set relevant connections parameters such as buffer
sizes, SYN and SYN-ACK RTOs, etc., based on connection information such
as IP addresses, port numbers, etc.
Alghough there are already 3 mechanisms to set parameters (sysctls,
route metrics and setsockopts), this new mechanism provides some
distinct advantages. Unlike sysctls, it can set parameters per
connection. In contrast to route metrics, it can also use port numbers
and information provided by a user level program. In addition, it could
set parameters probabilistically for evaluation purposes (i.e. do
something different on 10% of the flows and compare results with the
other 90% of the flows). Also, in cases where IPv6 addresses contain
geographic information, the rules to make changes based on the distance
(or RTT) between the hosts are much easier than route metric rules and
can be global. Finally, unlike setsockopt, it oes not require
application changes and it can be updated easily at any time.
Although the bpf cgroup framework already contains a sock related
program type (BPF_PROG_TYPE_CGROUP_SOCK), I created the new type
(BPF_PROG_TYPE_SOCK_OPS) beccause the existing type expects to be called
only once during the connections's lifetime. In contrast, the new
program type will be called multiple times from different places in the
network stack code. For example, before sending SYN and SYN-ACKs to set
an appropriate timeout, when the connection is established to set
congestion control, etc. As a result it has "op" field to specify the
type of operation requested.
The purpose of this new program type is to simplify setting connection
parameters, such as buffer sizes, TCP's SYN RTO, etc. For example, it is
easy to use facebook's internal IPv6 addresses to determine if both hosts
of a connection are in the same datacenter. Therefore, it is easy to
write a BPF program to choose a small SYN RTO value when both hosts are
in the same datacenter.
This patch only contains the framework to support the new BPF program
type, following patches add the functionality to set various connection
parameters.
This patch defines a new BPF program type: BPF_PROG_TYPE_SOCKET_OPS
and a new bpf syscall command to load a new program of this type:
BPF_PROG_LOAD_SOCKET_OPS.
Two new corresponding structs (one for the kernel one for the user/BPF
program):
/* kernel version */
struct bpf_sock_ops_kern {
struct sock *sk;
__u32 op;
union {
__u32 reply;
__u32 replylong[4];
};
};
/* user version
* Some fields are in network byte order reflecting the sock struct
* Use the bpf_ntohl helper macro in samples/bpf/bpf_endian.h to
* convert them to host byte order.
*/
struct bpf_sock_ops {
__u32 op;
union {
__u32 reply;
__u32 replylong[4];
};
__u32 family;
__u32 remote_ip4; /* In network byte order */
__u32 local_ip4; /* In network byte order */
__u32 remote_ip6[4]; /* In network byte order */
__u32 local_ip6[4]; /* In network byte order */
__u32 remote_port; /* In network byte order */
__u32 local_port; /* In host byte horder */
};
Currently there are two types of ops. The first type expects the BPF
program to return a value which is then used by the caller (or a
negative value to indicate the operation is not supported). The second
type expects state changes to be done by the BPF program, for example
through a setsockopt BPF helper function, and they ignore the return
value.
The reply fields of the bpf_sockt_ops struct are there in case a bpf
program needs to return a value larger than an integer.
Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|---|---|---|
| .. | ||
| 9p | ||
| bluetooth | ||
| caif | ||
| irda | ||
| iucv | ||
| netfilter | ||
| netns | ||
| nfc | ||
| phonet | ||
| sctp | ||
| tc_act | ||
| 6lowpan.h | ||
| act_api.h | ||
| addrconf.h | ||
| af_ieee802154.h | ||
| af_rxrpc.h | ||
| af_unix.h | ||
| af_vsock.h | ||
| ah.h | ||
| arp.h | ||
| atmclip.h | ||
| ax25.h | ||
| ax88796.h | ||
| bond_3ad.h | ||
| bond_alb.h | ||
| bond_options.h | ||
| bonding.h | ||
| busy_poll.h | ||
| calipso.h | ||
| cfg80211-wext.h | ||
| cfg80211.h | ||
| cfg802154.h | ||
| checksum.h | ||
| cipso_ipv4.h | ||
| cls_cgroup.h | ||
| codel_impl.h | ||
| codel_qdisc.h | ||
| codel.h | ||
| compat.h | ||
| datalink.h | ||
| dcbevent.h | ||
| dcbnl.h | ||
| devlink.h | ||
| dn_dev.h | ||
| dn_fib.h | ||
| dn_neigh.h | ||
| dn_nsp.h | ||
| dn_route.h | ||
| dn.h | ||
| dsa.h | ||
| dsfield.h | ||
| dst_cache.h | ||
| dst_metadata.h | ||
| dst_ops.h | ||
| dst.h | ||
| esp.h | ||
| ethoc.h | ||
| fib_rules.h | ||
| firewire.h | ||
| flow_dissector.h | ||
| flow.h | ||
| flowcache.h | ||
| fou.h | ||
| fq_impl.h | ||
| fq.h | ||
| garp.h | ||
| gen_stats.h | ||
| genetlink.h | ||
| geneve.h | ||
| gre.h | ||
| gro_cells.h | ||
| gtp.h | ||
| gue.h | ||
| hwbm.h | ||
| icmp.h | ||
| ieee80211_radiotap.h | ||
| ieee802154_netdev.h | ||
| if_inet6.h | ||
| ife.h | ||
| ila.h | ||
| inet6_connection_sock.h | ||
| inet6_hashtables.h | ||
| inet_common.h | ||
| inet_connection_sock.h | ||
| inet_ecn.h | ||
| inet_frag.h | ||
| inet_hashtables.h | ||
| inet_sock.h | ||
| inet_timewait_sock.h | ||
| inetpeer.h | ||
| ip6_checksum.h | ||
| ip6_fib.h | ||
| ip6_route.h | ||
| ip6_tunnel.h | ||
| ip_fib.h | ||
| ip_tunnels.h | ||
| ip_vs.h | ||
| ip.h | ||
| ipcomp.h | ||
| ipconfig.h | ||
| ipv6.h | ||
| ipx.h | ||
| iw_handler.h | ||
| kcm.h | ||
| l3mdev.h | ||
| lapb.h | ||
| lib80211.h | ||
| llc_c_ac.h | ||
| llc_c_ev.h | ||
| llc_c_st.h | ||
| llc_conn.h | ||
| llc_if.h | ||
| llc_pdu.h | ||
| llc_s_ac.h | ||
| llc_s_ev.h | ||
| llc_s_st.h | ||
| llc_sap.h | ||
| llc.h | ||
| lwtunnel.h | ||
| mac80211.h | ||
| mac802154.h | ||
| mip6.h | ||
| mld.h | ||
| mpls_iptunnel.h | ||
| mpls.h | ||
| mrp.h | ||
| ncsi.h | ||
| ndisc.h | ||
| neighbour.h | ||
| net_namespace.h | ||
| net_ratelimit.h | ||
| netevent.h | ||
| netlabel.h | ||
| netlink.h | ||
| netprio_cgroup.h | ||
| netrom.h | ||
| nexthop.h | ||
| nl802154.h | ||
| p8022.h | ||
| ping.h | ||
| pkt_cls.h | ||
| pkt_sched.h | ||
| pptp.h | ||
| protocol.h | ||
| psample.h | ||
| psnap.h | ||
| raw.h | ||
| rawv6.h | ||
| red.h | ||
| regulatory.h | ||
| request_sock.h | ||
| rose.h | ||
| route.h | ||
| rtnetlink.h | ||
| sch_generic.h | ||
| scm.h | ||
| secure_seq.h | ||
| seg6_hmac.h | ||
| seg6.h | ||
| slhc_vj.h | ||
| smc.h | ||
| snmp.h | ||
| sock_reuseport.h | ||
| sock.h | ||
| Space.h | ||
| stp.h | ||
| strparser.h | ||
| switchdev.h | ||
| tcp_states.h | ||
| tcp.h | ||
| timewait_sock.h | ||
| tls.h | ||
| transp_v6.h | ||
| tso.h | ||
| udp_tunnel.h | ||
| udp.h | ||
| udplite.h | ||
| vsock_addr.h | ||
| vxlan.h | ||
| wext.h | ||
| wimax.h | ||
| x25.h | ||
| x25device.h | ||
| xfrm.h | ||