| Message ID | 20230613-so-reuseport-v2-0-b7c69a342613@isovalent.com |
|---|---|
| Headers | show |
| Series | Add SO_REUSEPORT support for TC bpf_sk_assign | expand |
On Tue, Jun 13, 2023 at 4:33 PM Simon Horman <simon.horman@corigine.com> wrote: > > > > +INDIRECT_CALLABLE_DECLARE(u32 udp_ehashfn(const struct net *, > > + const __be32, const __u16, > > + const __be32, const __be16)); > > + > > Hi Lorenz, > > Would this be better placed in a header file? > GCC complains that in udp.c this function is neither static nor > has a prototype. Hi Simon, The problem is that I don't want to pull in udp.h in inet_hashtables.c, but that is the natural place to define that function. I was hoping the macro magic would solve the problem, but oh well. How do you make gcc complain, and what is the full error message? Thanks Lorenz
On Wed, Jun 14, 2023 at 04:42:45PM +0100, Lorenz Bauer wrote: > On Tue, Jun 13, 2023 at 4:33 PM Simon Horman <simon.horman@corigine.com> wrote: > > > > > > +INDIRECT_CALLABLE_DECLARE(u32 udp_ehashfn(const struct net *, > > > + const __be32, const __u16, > > > + const __be32, const __be16)); > > > + > > > > Hi Lorenz, > > > > Would this be better placed in a header file? > > GCC complains that in udp.c this function is neither static nor > > has a prototype. > > Hi Simon, > > The problem is that I don't want to pull in udp.h in > inet_hashtables.c, but that is the natural place to define that > function. I was hoping the macro magic would solve the problem, but oh > well. How do you make gcc complain, and what is the full error > message? Hi Lorenz, sorry for the bother. With gcc 12.3.0 [1] on x86_64 I see: $ make allmodconfig $ make W=1 net/ipv4/udp.o net/ipv4/udp.c:410:5: error: no previous prototype for 'udp_ehashfn' [-Werror=missing-prototypes] 410 | u32 udp_ehashfn(const struct net *net, const __be32 laddr, const __u16 lport, | ^~~~~~~~~~~ [1] https://mirrors.edge.kernel.org/pub/tools/crosstool/
We want to replace iptables TPROXY with a BPF program at TC ingress. To make this work in all cases we need to assign a SO_REUSEPORT socket to an skb, which is currently prohibited. This series adds support for such sockets to bpf_sk_assing. See patch 5 for details. I did some refactoring to cut down on the amount of duplicate code. The key to this is to use INDIRECT_CALL in the reuseport helpers. To show that this approach is not just beneficial to TC sk_assign I removed duplicate code for bpf_sk_lookup as well. Changes from v1: - Correct commit abbrev length (Kuniyuki) - Reduce duplication (Kuniyuki) - Add checks on sk_state (Martin) - Split exporting inet[6]_lookup_reuseport into separate patch (Eric) Joint work with Daniel Borkmann. Signed-off-by: Lorenz Bauer <lmb@isovalent.com> --- Daniel Borkmann (1): selftests/bpf: Test that SO_REUSEPORT can be used with sk_assign helper Lorenz Bauer (5): net: export inet_lookup_reuseport and inet6_lookup_reuseport net: document inet[6]_lookup_reuseport sk_state requirements net: remove duplicate reuseport_lookup functions net: remove duplicate sk_lookup helpers bpf, net: Support SO_REUSEPORT sockets with bpf_sk_assign include/net/inet6_hashtables.h | 84 ++++++++- include/net/inet_hashtables.h | 77 +++++++- include/net/sock.h | 7 +- include/uapi/linux/bpf.h | 3 - net/core/filter.c | 2 - net/ipv4/inet_hashtables.c | 69 +++++--- net/ipv4/udp.c | 73 +++----- net/ipv6/inet6_hashtables.c | 71 +++++--- net/ipv6/udp.c | 85 +++------ tools/include/uapi/linux/bpf.h | 3 - tools/testing/selftests/bpf/network_helpers.c | 3 + .../selftests/bpf/prog_tests/assign_reuse.c | 197 +++++++++++++++++++++ .../selftests/bpf/progs/test_assign_reuse.c | 142 +++++++++++++++ 13 files changed, 637 insertions(+), 179 deletions(-) --- base-commit: 25085b4e9251c77758964a8e8651338972353642 change-id: 20230613-so-reuseport-e92c526173ee Best regards,