linux/samples
Lawrence Brakmo 40304b2a15 bpf: BPF support for sock_ops
Created a new BPF program type, BPF_PROG_TYPE_SOCK_OPS, and a corresponding
struct that allows BPF programs of this type to access some of the
socket's fields (such as IP addresses, ports, etc.). It uses the
existing bpf cgroups infrastructure so the programs can be attached per
cgroup with full inheritance support. The program will be called at
appropriate times to set relevant connections parameters such as buffer
sizes, SYN and SYN-ACK RTOs, etc., based on connection information such
as IP addresses, port numbers, etc.

Alghough there are already 3 mechanisms to set parameters (sysctls,
route metrics and setsockopts), this new mechanism provides some
distinct advantages. Unlike sysctls, it can set parameters per
connection. In contrast to route metrics, it can also use port numbers
and information provided by a user level program. In addition, it could
set parameters probabilistically for evaluation purposes (i.e. do
something different on 10% of the flows and compare results with the
other 90% of the flows). Also, in cases where IPv6 addresses contain
geographic information, the rules to make changes based on the distance
(or RTT) between the hosts are much easier than route metric rules and
can be global. Finally, unlike setsockopt, it oes not require
application changes and it can be updated easily at any time.

Although the bpf cgroup framework already contains a sock related
program type (BPF_PROG_TYPE_CGROUP_SOCK), I created the new type
(BPF_PROG_TYPE_SOCK_OPS) beccause the existing type expects to be called
only once during the connections's lifetime. In contrast, the new
program type will be called multiple times from different places in the
network stack code.  For example, before sending SYN and SYN-ACKs to set
an appropriate timeout, when the connection is established to set
congestion control, etc. As a result it has "op" field to specify the
type of operation requested.

The purpose of this new program type is to simplify setting connection
parameters, such as buffer sizes, TCP's SYN RTO, etc. For example, it is
easy to use facebook's internal IPv6 addresses to determine if both hosts
of a connection are in the same datacenter. Therefore, it is easy to
write a BPF program to choose a small SYN RTO value when both hosts are
in the same datacenter.

This patch only contains the framework to support the new BPF program
type, following patches add the functionality to set various connection
parameters.

This patch defines a new BPF program type: BPF_PROG_TYPE_SOCKET_OPS
and a new bpf syscall command to load a new program of this type:
BPF_PROG_LOAD_SOCKET_OPS.

Two new corresponding structs (one for the kernel one for the user/BPF
program):

/* kernel version */
struct bpf_sock_ops_kern {
        struct sock *sk;
        __u32  op;
        union {
                __u32 reply;
                __u32 replylong[4];
        };
};

/* user version
 * Some fields are in network byte order reflecting the sock struct
 * Use the bpf_ntohl helper macro in samples/bpf/bpf_endian.h to
 * convert them to host byte order.
 */
struct bpf_sock_ops {
        __u32 op;
        union {
                __u32 reply;
                __u32 replylong[4];
        };
        __u32 family;
        __u32 remote_ip4;     /* In network byte order */
        __u32 local_ip4;      /* In network byte order */
        __u32 remote_ip6[4];  /* In network byte order */
        __u32 local_ip6[4];   /* In network byte order */
        __u32 remote_port;    /* In network byte order */
        __u32 local_port;     /* In host byte horder */
};

Currently there are two types of ops. The first type expects the BPF
program to return a value which is then used by the caller (or a
negative value to indicate the operation is not supported). The second
type expects state changes to be done by the BPF program, for example
through a setsockopt BPF helper function, and they ignore the return
value.

The reply fields of the bpf_sockt_ops struct are there in case a bpf
program needs to return a value larger than an integer.

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-01 16:15:13 -07:00
..
auxdisplay samples: move auxdisplay example code from Documentation 2016-09-23 11:52:32 -06:00
blackfin samples: move blackfin gptimers-example from Documentation 2016-10-10 07:12:02 -06:00
bpf bpf: BPF support for sock_ops 2017-07-01 16:15:13 -07:00
configfs configfs: remove old API 2015-10-13 22:17:57 -07:00
connector make use of make variable CURDIR instead of calling pwd 2016-12-11 12:12:56 +01:00
hidraw HID: samples/hidraw: make it possible to select device 2015-03-15 10:11:21 -04:00
hw_breakpoint perf: Add context field to perf_event 2011-07-01 11:06:38 +02:00
kdb kdb: Add kdb kernel module sample 2010-10-29 13:14:39 -05:00
kfifo kfifo API type safety 2013-11-15 09:32:23 +09:00
kobject samples/kobject: be explicit in the module license 2015-03-25 13:41:42 +01:00
kprobes samples/kretprobe: fix the wrong type 2016-08-04 08:50:07 -04:00
livepatch livepatch: allow removal of a disabled patch 2017-03-08 09:38:43 +01:00
mei mei: drop the TODO from samples 2017-04-26 11:38:56 +02:00
mic/mpssd samples: move mic/mpssd example code from Documentation 2016-09-20 12:38:48 -06:00
pktgen pktgen: Specify the index of first thread 2017-06-16 12:32:34 -04:00
rpmsg rpmsg: Allow callback to return errors 2016-09-08 22:15:25 -07:00
seccomp samples/seccomp: fix 64-bit comparison macros 2017-01-09 17:22:03 +11:00
statx statx: Include a mask for stx_attributes in struct statx 2017-04-03 01:06:00 -04:00
timers samples: move timers example code from Documentation 2016-09-23 11:51:58 -06:00
trace_events sched/core: Remove the tsk_cpus_allowed() wrapper 2017-03-02 08:42:24 +01:00
trace_printk tracing: Add trace_printk sample code 2016-06-20 09:54:21 -04:00
uhid HID: uhid: improve uhid example client 2013-09-04 11:35:14 +02:00
v4l [media] vb2: replace void *alloc_ctxs by struct device *alloc_devs 2016-07-08 14:45:07 -03:00
vfio-mdev vfio-mdev: remove some dead code 2017-01-11 12:12:37 -07:00
watchdog samples: move watchdog example code from Documentation 2016-09-23 11:52:14 -06:00
Kconfig statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00
Makefile statx: Add a system call to make enhanced file info available 2017-03-02 20:51:15 -05:00