[PATCH 1/3] bpf: Add support for mark with bpf_fib_lookup

Rumen Telbizov <rumen.telbizov@xxxxxxxxxxxxxxxxx> · Tue, 29 Jun 2021 10:37:34 -0700

Add support for policy routing via marks to the bpf_fib_lookup
helper. The bpf_fib_lookup struct is constrained to 64B for
performance. Since the smac and dmac entries are used only for
output, put them in an anonymous struct and then add a union
around a second struct that contains the mark to use in the FIB
lookup.

Signed-off-by: David Ahern <dsahern@xxxxxxxxxx>
Signed-off-by: Rumen Telbizov <telbizov@xxxxxxxxx>
---
 include/uapi/linux/bpf.h | 16 ++++++++++++++--
 net/core/filter.c        |  4 ++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index ec6d85a81744..6c78cc9c3c75 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5925,8 +5925,20 @@ struct bpf_fib_lookup {
  /* output */
  __be16 h_vlan_proto;
  __be16 h_vlan_TCI;
- __u8 smac[6];     /* ETH_ALEN */
- __u8 dmac[6];     /* ETH_ALEN */
+
+ union {
+ /* input */
+ struct {
+ __u32 mark;   /* fwmark for policy routing */
+ /* 2 4-byte holes for input */
+ };
+
+ /* output: source and dest mac */
+ struct {
+ __u8 smac[6]; /* ETH_ALEN */
+ __u8 dmac[6]; /* ETH_ALEN */
+ };
+ };
 };

 struct bpf_redir_neigh {
diff --git a/net/core/filter.c b/net/core/filter.c
index 65ab4e21c087..2ea997cacf4d 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5299,6 +5299,7 @@ static int bpf_ipv4_fib_lookup(struct net *net,
struct bpf_fib_lookup *params,
  fl4.saddr = params->ipv4_src;
  fl4.fl4_sport = params->sport;
  fl4.fl4_dport = params->dport;
+ fl4.flowi4_mark = params->mark;
  fl4.flowi4_multipath_hash = 0;

  if (flags & BPF_FIB_LOOKUP_DIRECT) {
@@ -5311,7 +5312,6 @@ static int bpf_ipv4_fib_lookup(struct net *net,
struct bpf_fib_lookup *params,

  err = fib_table_lookup(tb, &fl4, &res, FIB_LOOKUP_NOREF);
  } else {
- fl4.flowi4_mark = 0;
  fl4.flowi4_secid = 0;
  fl4.flowi4_tun_key.tun_id = 0;
  fl4.flowi4_uid = sock_net_uid(net, NULL);
@@ -5425,6 +5425,7 @@ static int bpf_ipv6_fib_lookup(struct net *net,
struct bpf_fib_lookup *params,
  fl6.saddr = *src;
  fl6.fl6_sport = params->sport;
  fl6.fl6_dport = params->dport;
+ fl6.flowi6_mark = params->mark;

  if (flags & BPF_FIB_LOOKUP_DIRECT) {
  u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN;
@@ -5437,7 +5438,6 @@ static int bpf_ipv6_fib_lookup(struct net *net,
struct bpf_fib_lookup *params,
  err = ipv6_stub->fib6_table_lookup(net, tb, oif, &fl6, &res,
    strict);
  } else {
- fl6.flowi6_mark = 0;
  fl6.flowi6_secid = 0;
  fl6.flowi6_tun_key.tun_id = 0;
  fl6.flowi6_uid = sock_net_uid(net, NULL);
--
2.30.1 (Apple Git-130)






