On 9/24/20 12:21 PM, Daniel Borkmann wrote:
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 0f913755bcba..19caa2fc21e8 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -2160,6 +2160,205 @@ static int __bpf_redirect(struct sk_buff *skb, struct net_device *dev,
> return __bpf_redirect_no_mac(skb, dev, flags);
> }
>
> +#if IS_ENABLED(CONFIG_IPV6)
> +static int bpf_out_neigh_v6(struct net *net, struct sk_buff *skb)
> +{
> + struct dst_entry *dst = skb_dst(skb);
> + struct net_device *dev = dst->dev;
> + const struct in6_addr *nexthop;
> + struct neighbour *neigh;
> +
> + if (dev_xmit_recursion())
> + goto out_rec;
> + skb->dev = dev;
> + rcu_read_lock_bh();
> + nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
> + neigh = __ipv6_neigh_lookup_noref_stub(dev, nexthop);
> + if (unlikely(!neigh))
> + neigh = __neigh_create(ipv6_stub->nd_tbl, nexthop, dev, false);
the last 3 lines can be replaced with ip_neigh_gw6.
> + if (likely(!IS_ERR(neigh))) {
> + int ret;
> +
> + sock_confirm_neigh(skb, neigh);
> + dev_xmit_recursion_inc();
> + ret = neigh_output(neigh, skb, false);
> + dev_xmit_recursion_dec();
> + rcu_read_unlock_bh();
> + return ret;
> + }
> + rcu_read_unlock_bh();
> + IP6_INC_STATS(dev_net(dst->dev),
> + ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
> +out_drop:
> + kfree_skb(skb);
> + return -EINVAL;
> +out_rec:
> + net_crit_ratelimited("bpf: recursion limit reached on datapath, buggy bpf program?\n");
> + goto out_drop;
> +}
> +
...
> +
> +#if IS_ENABLED(CONFIG_INET)
> +static int bpf_out_neigh_v4(struct net *net, struct sk_buff *skb)
> +{
> + struct dst_entry *dst = skb_dst(skb);
> + struct rtable *rt = (struct rtable *)dst;
please use container_of here; I'd like to see the typecasts get removed.
> + struct net_device *dev = dst->dev;
> + u32 hh_len = LL_RESERVED_SPACE(dev);
> + struct neighbour *neigh;
> + bool is_v6gw = false;
> +
> + if (dev_xmit_recursion())
> + goto out_rec;
