1. 03 Jun, 2018 17 commits
  2. 02 Jun, 2018 9 commits
  3. 30 May, 2018 7 commits
  4. 29 May, 2018 4 commits
  5. 28 May, 2018 3 commits
    • Daniel Borkmann's avatar
      Merge branch 'bpf-sendmsg-hook' · f198222f
      Daniel Borkmann authored
      Andrey Ignatov says:
      
      ====================
      v3 -> v4:
      * handle static key correctly for CONFIG_CGROUP_BPF=n.
      
      v2 -> v3:
      * place BPF logic under static key in udp_sendmsg, udpv6_sendmsg;
      * rebase.
      
      v1 -> v2:
      * return ENOTSUPP if bpf_prog rewrote IPv6-only with IPv4-mapped IPv6;
      * add test for IPv4-mapped IPv6 use-case;
      * fix build for CONFIG_CGROUP_BPF=n;
      * rebase.
      
      This path set adds BPF hooks for sys_sendmsg similar to existing hooks for
      sys_bind and sys_connect.
      
      Hooks allow to override source IP (including the case when it's set via
      cmsg(3)) and destination IP:port for unconnected UDP (slow path). TCP and
      connected UDP (fast path) are not affected. This makes UDP support
      complete: connected UDP is handled by sys_connect hooks, unconnected by
      sys_sendmsg ones.
      
      Similar to sys_connect hooks, sys_sendmsg ones can be used to make system
      calls such as sendmsg(2) and sendto(2) return EPERM.
      
      Please see patch 0002 for more details.
      ====================
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      f198222f
    • Andrey Ignatov's avatar
      selftests/bpf: Selftest for sys_sendmsg hooks · 04b6ab73
      Andrey Ignatov authored
      Add selftest for BPF_CGROUP_UDP4_SENDMSG and BPF_CGROUP_UDP6_SENDMSG
      attach types.
      
      Try to sendmsg(2) to specific IP:port and test that:
      * source IP is overridden as expected.
      * remote IP:port pair is overridden as expected;
      
      Both UDPv4 and UDPv6 are tested.
      
      Output:
        # test_sock_addr.sh 2>/dev/null
        Wait for testing IPv4/IPv6 to become available ... OK
        ... pre-existing test-cases skipped ...
        Test case: sendmsg4: load prog with wrong expected attach type .. [PASS]
        Test case: sendmsg4: attach prog with wrong attach type .. [PASS]
        Test case: sendmsg4: rewrite IP & port (asm) .. [PASS]
        Test case: sendmsg4: rewrite IP & port (C) .. [PASS]
        Test case: sendmsg4: deny call .. [PASS]
        Test case: sendmsg6: load prog with wrong expected attach type .. [PASS]
        Test case: sendmsg6: attach prog with wrong attach type .. [PASS]
        Test case: sendmsg6: rewrite IP & port (asm) .. [PASS]
        Test case: sendmsg6: rewrite IP & port (C) .. [PASS]
        Test case: sendmsg6: IPv4-mapped IPv6 .. [PASS]
        Test case: sendmsg6: deny call .. [PASS]
        Summary: 27 PASSED, 0 FAILED
      Signed-off-by: default avatarAndrey Ignatov <rdna@fb.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      04b6ab73
    • Andrey Ignatov's avatar
      selftests/bpf: Prepare test_sock_addr for extension · 9be71aa6
      Andrey Ignatov authored
      test_sock_addr was not easy to extend since it was focused on sys_bind
      and sys_connect quite a bit.
      
      Reorganized it so that it'll be easier to cover new test-cases for
      `BPF_PROG_TYPE_CGROUP_SOCK_ADDR`:
      
      - decouple test-cases so that only one BPF prog is tested at a time;
      
      - check programmatically that local IP:port for sys_bind, source IP and
        destination IP:port for sys_connect are rewritten property by tested
        BPF programs.
      
      The output of new version:
        # test_sock_addr.sh 2>/dev/null
        Wait for testing IPv4/IPv6 to become available ... OK
        Test case: bind4: load prog with wrong expected attach type .. [PASS]
        Test case: bind4: attach prog with wrong attach type .. [PASS]
        Test case: bind4: rewrite IP & TCP port in .. [PASS]
        Test case: bind4: rewrite IP & UDP port in .. [PASS]
        Test case: bind6: load prog with wrong expected attach type .. [PASS]
        Test case: bind6: attach prog with wrong attach type .. [PASS]
        Test case: bind6: rewrite IP & TCP port in .. [PASS]
        Test case: bind6: rewrite IP & UDP port in .. [PASS]
        Test case: connect4: load prog with wrong expected attach type .. [PASS]
        Test case: connect4: attach prog with wrong attach type .. [PASS]
        Test case: connect4: rewrite IP & TCP port .. [PASS]
        Test case: connect4: rewrite IP & UDP port .. [PASS]
        Test case: connect6: load prog with wrong expected attach type .. [PASS]
        Test case: connect6: attach prog with wrong attach type .. [PASS]
        Test case: connect6: rewrite IP & TCP port .. [PASS]
        Test case: connect6: rewrite IP & UDP port .. [PASS]
        Summary: 16 PASSED, 0 FAILED
      
      (stderr contains errors from libbpf when testing load/attach with
      invalid arguments)
      Signed-off-by: default avatarAndrey Ignatov <rdna@fb.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      9be71aa6