On 1/15/24 12:55 PM, Kuniyuki Iwashima wrote:
diff --git a/net/core/filter.c b/net/core/filter.c
index 8c9f67c81e22..647d04171b7e 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -11837,6 +11837,106 @@ __bpf_kfunc int bpf_sock_addr_set_sun_path(struct bpf_sock_addr_kern *sa_kern,
return 0;
}
+
+__bpf_kfunc int bpf_sk_assign_tcp_reqsk(struct sk_buff *skb, struct sock *sk,
+ struct bpf_tcp_req_attrs *attrs, int attrs__sz)
+{
+#if IS_ENABLED(CONFIG_SYN_COOKIES)
+ const struct request_sock_ops *ops;
+ struct inet_request_sock *ireq;
+ struct tcp_request_sock *treq;
+ struct request_sock *req;
+ struct net *net;
+ __u16 min_mss;
+ u32 tsoff = 0;
+
+ if (attrs__sz != sizeof(*attrs) ||
+ attrs->reserved[0] || attrs->reserved[1] || attrs->reserved[2])
+ return -EINVAL;
+
+ if (!sk)
I removed this "!sk" check, the verifier will check for it,
and ...
+BTF_SET8_START(bpf_kfunc_check_set_tcp_reqsk)
+BTF_ID_FLAGS(func, bpf_sk_assign_tcp_reqsk)
... limited it to KF_TRUSTED_ARGS. The arg "sk" must be from "bpf_sk*_lookup_*"
or from "bpf_map_lookup_elem(&sock_map,...)". Both of them have
"reg->ref_obj_id" (i.e. the verifier tracks the refcnt acquire/release) and it
is as good as trusted ptr.
The above is some final details I noticed. Applied. Thanks.
+BTF_SET8_END(bpf_kfunc_check_set_tcp_reqsk)
