mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 13:22:57 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/core
History
Martynas Pumputis dab4e1f06c bpf: Derive source IP addr via bpf_*_fib_lookup() 
Extend the bpf_fib_lookup() helper by making it to return the source
IPv4/IPv6 address if the BPF_FIB_LOOKUP_SRC flag is set.

For example, the following snippet can be used to derive the desired
source IP address:

    struct bpf_fib_lookup p = { .ipv4_dst = ip4->daddr };

    ret = bpf_skb_fib_lookup(skb, p, sizeof(p),
            BPF_FIB_LOOKUP_SRC | BPF_FIB_LOOKUP_SKIP_NEIGH);
    if (ret != BPF_FIB_LKUP_RET_SUCCESS)
        return TC_ACT_SHOT;

    /* the p.ipv4_src now contains the source address */

The inability to derive the proper source address may cause malfunctions
in BPF-based dataplanes for hosts containing netdevs with more than one
routable IP address or for multi-homed hosts.

For example, Cilium implements packet masquerading in BPF. If an
egressing netdev to which the Cilium's BPF prog is attached has
multiple IP addresses, then only one [hardcoded] IP address can be used for
masquerading. This breaks connectivity if any other IP address should have
been selected instead, for example, when a public and private addresses
are attached to the same egress interface.

The change was tested with Cilium [1].

Nikolay Aleksandrov helped to figure out the IPv6 addr selection.

[1]: https://github.com/cilium/cilium/pull/28283

Signed-off-by: Martynas Pumputis <m@lambda.lt>
Link: https://lore.kernel.org/r/20231007081415.33502-2-m@lambda.lt
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
2023-10-09 16:28:35 -07:00
..
bpf_sk_storage.c bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing 2023-07-27 10:07:56 -07:00
datagram.c net: datagram: fix data-races in datagram_poll() 2023-05-10 19:06:49 -07:00
dev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-09-21 21:49:45 +02:00
dev.h net-sysctl: factor-out rpm mask manipulation helpers 2023-02-09 17:45:55 -08:00
dev_addr_lists.c
dev_addr_lists_test.c
dev_ioctl.c net: omit ndo_hwtstamp_get() call when possible in dev_set_hwtstamp_phylib() 2023-08-06 13:25:10 +01:00
drop_monitor.c net: extend drop reasons for multiple subsystems 2023-04-20 20:20:49 -07:00
dst.c net: dst: remove unnecessary input parameter in dst_alloc and dst_init 2023-09-12 11:42:25 +02:00
dst_cache.c
failover.c
fib_notifier.c
fib_rules.c
filter.c bpf: Derive source IP addr via bpf_*_fib_lookup() 2023-10-09 16:28:35 -07:00
flow_dissector.c net/core: Fix ETH_P_1588 flow dissector 2023-09-15 10:40:04 +01:00
flow_offload.c tc: flower: Enable offload support IPSEC SPI field. 2023-08-02 10:09:32 +01:00
gen_estimator.c
gen_stats.c
gro.c gro: move the tc_ext comparison to a helper 2023-06-18 18:08:35 +01:00
gro_cells.c
gso.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
hwbm.c
link_watch.c
lwt_bpf.c lwt: Fix return values of BPF xmit ops 2023-08-18 16:05:26 +02:00
lwtunnel.c
Makefile net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
neighbour.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
net-procfs.c net-sysfs: display two backlog queue len separately 2023-03-22 12:03:52 +01:00
net-sysfs.c net: move struct netdev_rx_queue out of netdevice.h 2023-08-03 08:38:07 -07:00
net-sysfs.h
net-traces.c udp6: add a missing call into udp_fail_queue_rcv_skb tracepoint 2023-07-07 09:16:52 +01:00
net_namespace.c lib/ref_tracker: improve printing stats 2023-06-05 15:28:42 -07:00
netclassid_cgroup.c
netdev-genl-gen.c net: ynl: prefix uAPI header include with uapi/ 2023-05-26 10:30:14 +01:00
netdev-genl-gen.h net: ynl: prefix uAPI header include with uapi/ 2023-05-26 10:30:14 +01:00
netdev-genl.c bpf: expose information about supported xdp metadata kfunc 2023-09-15 11:26:58 -07:00
netevent.c
netpoll.c netpoll: allocate netdev tracker right away 2023-06-15 08:21:11 +01:00
netprio_cgroup.c
of_net.c net: Explicitly include correct DT includes 2023-07-27 20:33:16 -07:00
page_pool.c page_pool: add a lockdep check for recycling in hardirq 2023-08-07 13:05:53 -07:00
pktgen.c net: introduce and use skb_frag_fill_page_desc() 2023-05-13 19:47:56 +01:00
ptp_classifier.c
request_sock.c
rtnetlink.c netdev: expose DPLL pin handle for netdevice 2023-09-17 11:50:20 +01:00
scm.c net: annotate data-races around sock->ops 2023-08-09 15:32:43 -07:00
secure_seq.c
selftests.c
skbuff.c net: add truesize debug checks in skb_{add|coalesce}_rx_frag() 2023-09-16 10:10:27 +01:00
skmsg.c bpf, sockmap: Fix skb refcnt race after locking changes 2023-09-04 09:53:35 +02:00
sock.c net: use indirect call helpers for sk->sk_prot->release_cb() 2023-09-16 10:09:43 +01:00
sock_destructor.h
sock_diag.c
sock_map.c bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t 2023-08-30 09:58:42 +02:00
sock_reuseport.c
stream.c net: deal with most data-races in sk_wait_event() 2023-05-10 10:03:32 +01:00
sysctl_net_core.c networking: Update to register_net_sysctl_sz 2023-08-15 15:26:18 -07:00
timestamping.c
tso.c
utils.c
xdp.c bpf: expose information about supported xdp metadata kfunc 2023-09-15 11:26:58 -07:00