Jakub Sitnicki wrote: > White-list map lookup for SOCKMAP/SOCKHASH from BPF. Lookup returns a > pointer to a full socket and acquires a reference if necessary. > > To support it we need to extend the verifier to know that: > > (1) register storing the lookup result holds a pointer to socket, if > lookup was done on SOCKMAP/SOCKHASH, and that > > (2) map lookup on SOCKMAP/SOCKHASH is a reference acquiring operation, > which needs a corresponding reference release with bpf_sk_release. > > On sock_map side, lookup handlers exposed via bpf_map_ops now bump > sk_refcnt if socket is reference counted. In turn, bpf_sk_select_reuseport, > the only in-kernel user of SOCKMAP/SOCKHASH ops->map_lookup_elem, was > updated to release the reference. > > Sockets fetched from a map can be used in the same way as ones returned by > BPF socket lookup helpers, such as bpf_sk_lookup_tcp. In particular, they > can be used with bpf_sk_assign to direct packets toward a socket on TC > ingress path. > > Suggested-by: Lorenz Bauer <lmb@xxxxxxxxxxxxxx> > Signed-off-by: Jakub Sitnicki <jakub@xxxxxxxxxxxxxx> > --- LGTM thanks! Acked-by: John Fastabend <john.fastabend@xxxxxxxxx>
