bpf: Add sock_ops R/W access to tclass

Adds direct write access to sk_txhash and access to tclass for ipv6
flows through getsockopt and setsockopt. Sample usage for tclass:

  bpf_getsockopt(skops, SOL_IPV6, IPV6_TCLASS, &v, sizeof(v))

where skops is a pointer to the ctx (struct bpf_sock_ops).

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/net/core/filter.c b/net/core/filter.c
index a858ebc4ece43d4c9202e7b4f9f915b70ae603b2..fe2c7937351f5ae5bfdd3e4b2a288cd5c2c4bc37 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3232,6 +3232,29 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
                        ret = -EINVAL;
                }
 #ifdef CONFIG_INET
+#if IS_ENABLED(CONFIG_IPV6)
+       } else if (level == SOL_IPV6) {
+               if (optlen != sizeof(int) || sk->sk_family != AF_INET6)
+                       return -EINVAL;
+
+               val = *((int *)optval);
+               /* Only some options are supported */
+               switch (optname) {
+               case IPV6_TCLASS:
+                       if (val < -1 || val > 0xff) {
+                               ret = -EINVAL;
+                       } else {
+                               struct ipv6_pinfo *np = inet6_sk(sk);
+
+                               if (val == -1)
+                                       val = 0;
+                               np->tclass = val;
+                       }
+                       break;
+               default:
+                       ret = -EINVAL;
+               }
+#endif
        } else if (level == SOL_TCP &&
                   sk->sk_prot->setsockopt == tcp_setsockopt) {
                if (optname == TCP_CONGESTION) {
@@ -3241,7 +3264,8 @@ BPF_CALL_5(bpf_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
                        strncpy(name, optval, min_t(long, optlen,
                                                    TCP_CA_NAME_MAX-1));
                        name[TCP_CA_NAME_MAX-1] = 0;
-                       ret = tcp_set_congestion_control(sk, name, false, reinit);
+                       ret = tcp_set_congestion_control(sk, name, false,
+                                                        reinit);
                } else {
                        struct tcp_sock *tp = tcp_sk(sk);
 
@@ -3307,6 +3331,22 @@ BPF_CALL_5(bpf_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,
                } else {
                        goto err_clear;
                }
+#if IS_ENABLED(CONFIG_IPV6)
+       } else if (level == SOL_IPV6) {
+               struct ipv6_pinfo *np = inet6_sk(sk);
+
+               if (optlen != sizeof(int) || sk->sk_family != AF_INET6)
+                       goto err_clear;
+
+               /* Only some options are supported */
+               switch (optname) {
+               case IPV6_TCLASS:
+                       *((int *)optval) = (int)np->tclass;
+                       break;
+               default:
+                       goto err_clear;
+               }
+#endif
        } else {
                goto err_clear;
        }
@@ -3871,6 +3911,7 @@ static bool sock_ops_is_valid_access(int off, int size,
        if (type == BPF_WRITE) {
                switch (off) {
                case offsetof(struct bpf_sock_ops, reply):
+               case offsetof(struct bpf_sock_ops, sk_txhash):
                        if (size != size_default)
                                return false;
                        break;
@@ -4690,7 +4731,8 @@ static u32 sock_ops_convert_ctx_access(enum bpf_access_type type,
                break;
 
        case offsetof(struct bpf_sock_ops, sk_txhash):
-               SOCK_OPS_GET_FIELD(sk_txhash, sk_txhash, struct sock);
+               SOCK_OPS_GET_OR_SET_FIELD(sk_txhash, sk_txhash,
+                                         struct sock, type);
                break;
 
        case offsetof(struct bpf_sock_ops, bytes_received):
@@ -4701,6 +4743,7 @@ static u32 sock_ops_convert_ctx_access(enum bpf_access_type type,
        case offsetof(struct bpf_sock_ops, bytes_acked):
                SOCK_OPS_GET_FIELD(bytes_acked, bytes_acked, struct tcp_sock);
                break;
+
        }
        return insn - insn_buf;
 }