bpf: Update BPF_CGROUP_RUN_PROG_INET_EGRESS calls

Update BPF_CGROUP_RUN_PROG_INET_EGRESS() callers to support returning
congestion notifications from the BPF programs.

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index bfd0ca554977a79fc3f231aaf6bbf77e28b2ebbf..1217a53381c21ed623401d7aab42edf3fdce1577 100644 (file)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -287,16 +287,9 @@ static int ip_finish_output_gso(struct net *net, struct sock *sk,
        return ret;
 }
 
-static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
+static int __ip_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
        unsigned int mtu;
-       int ret;
-
-       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
-               kfree_skb(skb);
-               return ret;
-       }
 
 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
        /* Policy lookup after SNAT yielded a new policy */
@@ -315,18 +308,37 @@ static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff *sk
        return ip_finish_output2(net, sk, skb);
 }
 
+static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
+{
+       int ret;
+
+       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return __ip_finish_output(net, sk, skb);
+       case NET_XMIT_CN:
+               return __ip_finish_output(net, sk, skb) ? : ret;
+       default:
+               kfree_skb(skb);
+               return ret;
+       }
+}
+
 static int ip_mc_finish_output(struct net *net, struct sock *sk,
                               struct sk_buff *skb)
 {
        int ret;
 
        ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return dev_loopback_xmit(net, sk, skb);
+       case NET_XMIT_CN:
+               return dev_loopback_xmit(net, sk, skb) ? : ret;
+       default:
                kfree_skb(skb);
                return ret;
        }
-
-       return dev_loopback_xmit(net, sk, skb);
 }
 
 int ip_mc_output(struct net *net, struct sock *sk, struct sk_buff *skb)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index adef2236abe2e767602a9d4afbf23fc6db5750dd..a75bc21d8c88eff9104ce2e30767d261042e364e 100644 (file)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -128,16 +128,8 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *
        return -EINVAL;
 }
 
-static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
+static int __ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
-       int ret;
-
-       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
-               kfree_skb(skb);
-               return ret;
-       }
-
 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
        /* Policy lookup after SNAT yielded a new policy */
        if (skb_dst(skb)->xfrm) {
@@ -154,6 +146,22 @@ static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *s
                return ip6_finish_output2(net, sk, skb);
 }
 
+static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
+{
+       int ret;
+
+       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return __ip6_finish_output(net, sk, skb);
+       case NET_XMIT_CN:
+               return __ip6_finish_output(net, sk, skb) ? : ret;
+       default:
+               kfree_skb(skb);
+               return ret;
+       }
+}
+
 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
        struct net_device *dev = skb_dst(skb)->dev;