wonderful-mobile/exynos-linux-stable
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exynos-linux-stable/include/net
History
Exact
Andrey Ignatov 8e538c2bf6
BACKPORT: bpf: Hooks for sys_connect 
== The problem ==

See description of the problem in the initial patch of this patch set.

== The solution ==

The patch provides much more reliable in-kernel solution for the 2nd
part of the problem: making outgoing connecttion from desired IP.

It adds new attach types `BPF_CGROUP_INET4_CONNECT` and
`BPF_CGROUP_INET6_CONNECT` for program type
`BPF_PROG_TYPE_CGROUP_SOCK_ADDR` that can be used to override both
source and destination of a connection at connect(2) time.

Local end of connection can be bound to desired IP using newly
introduced BPF-helper `bpf_bind()`. It allows to bind to only IP though,
and doesn't support binding to port, i.e. leverages
`IP_BIND_ADDRESS_NO_PORT` socket option. There are two reasons for this:
* looking for a free port is expensive and can affect performance
  significantly;
* there is no use-case for port.

As for remote end (`struct sockaddr *` passed by user), both parts of it
can be overridden, remote IP and remote port. It's useful if an
application inside cgroup wants to connect to another application inside
same cgroup or to itself, but knows nothing about IP assigned to the
cgroup.

Support is added for IPv4 and IPv6, for TCP and UDP.

IPv4 and IPv6 have separate attach types for same reason as sys_bind
hooks, i.e. to prevent reading from / writing to e.g. user_ip6 fields
when user passes sockaddr_in since it'd be out-of-bound.

== Implementation notes ==

The patch introduces new field in `struct proto`: `pre_connect` that is
a pointer to a function with same signature as `connect` but is called
before it. The reason is in some cases BPF hooks should be called way
before control is passed to `sk->sk_prot->connect`. Specifically
`inet_dgram_connect` autobinds socket before calling
`sk->sk_prot->connect` and there is no way to call `bpf_bind()` from
hooks from e.g. `ip4_datagram_connect` or `ip6_datagram_connect` since
it'd cause double-bind. On the other hand `proto.pre_connect` provides a
flexible way to add BPF hooks for connect only for necessary `proto` and
call them at desired time before `connect`. Since `bpf_bind()` is
allowed to bind only to IP and autobind in `inet_dgram_connect` binds
only port there is no chance of double-bind.

bpf_bind() sets `force_bind_address_no_port` to bind to only IP despite
of value of `bind_address_no_port` socket field.

bpf_bind() sets `with_lock` to `false` when calling to __inet_bind()
and __inet6_bind() since all call-sites, where bpf_bind() is called,
already hold socket lock.

Change-Id: I03eb513369c630b203466621d1fbdb9b29c8333c
Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2024-09-25 16:54:46 +03:00
..
9p 9p: switch p9_client_read() to passing struct iov_iter * 2015-04-11 22:28:27 -04:00
bluetooth Bluetooth: Align minimum encryption key size for LE and BR/EDR connections 2019-07-10 09:55:34 +02:00
caif caif: reduce stack size with KASAN 2019-05-08 07:19:07 +02:00
irda irda: Convert function pointer arrays and uses to const 2014-12-10 15:33:16 -05:00
iucv s390/iucv: do not use arrays as argument 2015-09-21 16:03:04 -07:00
netfilter Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00
netns Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00
nfc import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
phonet phonet: fix building with clang 2019-03-23 13:19:44 +01:00
sctp sctp: cache netns in sctp_ep_common 2019-12-05 15:35:29 +01:00
tc_act net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used 2018-08-24 13:12:37 +02:00
6lowpan.h 6lowpan: add 802.15.4 short addr slaac 2016-06-15 20:41:22 -07:00
act_api.h net_sched: convert tcf_exts from list to pointer array 2016-08-17 19:27:51 -04:00
addrconf.h BACKPORT: bpf: Hooks for sys_connect 2024-09-25 16:54:46 +03:00
af_ieee802154.h ieee802154: af_ieee802154: fix typo in comment. 2015-09-17 13:20:05 +02:00
af_rxrpc.h rxrpc: Rewrite the data and ack handling code 2016-09-08 11:10:12 +01:00
af_unix.h af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' 2016-09-04 13:29:29 -07:00
af_vsock.h vsock: split dwork to avoid reinitializations 2018-08-22 07:47:13 +02:00
ah.h ipsec: Remove obsolete MAX_AH_AUTH_LEN 2014-09-18 10:54:36 +02:00
arp.h ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled 2019-06-11 12:22:49 +02:00
atmclip.h
ax25.h ax25: fix possible use-after-free 2019-02-23 09:05:59 +01:00
ax88796.h
bond_3ad.h bonding: 3ad: apply ad_actor settings changes immediately 2016-02-09 04:45:49 -05:00
bond_alb.h net: Move bonding headers under include/net 2014-11-10 13:27:49 -05:00
bond_options.h bonding: convert num_grat_arp to the new bonding option API 2015-07-27 01:05:24 -07:00
bonding.h bonding: avoid possible dead-lock 2018-10-18 09:13:21 +02:00
busy_poll.h net: Define MIN_NAPI_ID 2024-09-25 16:54:41 +03:00
calipso.h calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
cfg80211-wext.h
cfg80211.h cfg80211/mac80211: make ieee80211_send_layer2_update a public function 2020-01-23 08:19:34 +01:00
cfg802154.h ieee802154: add netns support 2016-07-08 12:20:57 +02:00
checksum.h csum: Update csum_block_add to use rotate instead of byteswap 2016-03-13 15:01:00 -04:00
cipso_ipv4.h netlabel: out of bound access in cipso_v4_validate() 2017-02-18 15:11:41 +01:00
cls_cgroup.h cls_cgroup: get sk_classid only from full sockets 2016-04-19 20:09:25 -04:00
codel.h codel: split into multiple files 2016-04-25 16:44:27 -04:00
codel_impl.h codel: split into multiple files 2016-04-25 16:44:27 -04:00
codel_qdisc.h net_sched: fq_codel: cache skb->truesize into skb->cb 2016-06-25 12:19:35 -04:00
compat.h packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
datalink.h net: Move prototype declaration to header file include/net/datalink.h from net/ipx/af_ipx.c 2014-02-09 17:32:50 -08:00
dcbevent.h include/net/: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
dcbnl.h net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
devlink.h devlink: remove unused priv_size 2016-08-26 11:55:18 -07:00
dn.h net: Move prototype declaration to header file include/net/dn.h from net/decnet/af_decnet.c 2014-02-09 17:32:49 -08:00
dn_dev.h dn_dev: add support for IFA_FLAGS nl attribute 2013-12-10 21:50:00 -05:00
dn_fib.h decnet (dn*.h): Remove extern from function prototypes 2013-09-20 14:49:32 -04:00
dn_neigh.h netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
dn_nsp.h decnet (dn*.h): Remove extern from function prototypes 2013-09-20 14:49:32 -04:00
dn_route.h net: Move prototype declaration to appropriate header file from decnet/af_decnet.c 2014-02-09 17:32:49 -08:00
dsa.h net: dsa: add port fast ageing 2016-09-23 08:38:50 -04:00
dsfield.h
dst.h net: dst: Force 4-byte alignment of dst_metrics 2020-01-04 13:40:19 +01:00
dst_cache.h net: add dst_cache support 2016-02-16 20:21:48 -05:00
dst_metadata.h net/dst: Utility functions to build dst_metadata without supplying an skb 2016-09-10 20:53:55 -07:00
dst_ops.h ipv4, ipv6: Pass net into __ip_local_out and __ip6_local_out 2015-10-08 04:27:02 -07:00
esp.h net: move pskb_put() to core code 2013-11-07 19:28:58 -05:00
ethoc.h net/ethoc: support big-endian register layout 2015-09-23 15:33:15 -07:00
fib_rules.h This is the 4.9.217 stable release 2020-03-20 11:01:08 +01:00
firewire.h
flow.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
flow_dissector.h net: sched: correct flower port blocking 2020-03-11 07:53:05 +01:00
flowcache.h flowcache: Make flow cache name space aware 2014-02-12 07:02:11 +01:00
fou.h fou: Add encap ops for IPv6 tunnels 2016-05-20 18:03:16 -04:00
fq.h net/flow_dissector: switch to siphash 2019-11-10 11:23:31 +01:00
fq_impl.h net/flow_dissector: switch to siphash 2019-11-10 11:23:31 +01:00
garp.h garp.h: Remove extern from function prototypes 2013-09-20 14:49:33 -04:00
gen_stats.h net: sched: do not acquire qdisc spinlock in qdisc/class stats dump 2016-06-07 16:37:14 -07:00
genetlink.h Revert "genl: Add genlmsg_new_unicast() for unicast message allocation" 2016-02-18 11:42:19 -05:00
geneve.h net: Remove deprecated tunnel specific UDP offload functions 2016-06-17 20:23:32 -07:00
gre.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-08-18 01:17:32 -04:00
gro_cells.h gro_cells: make sure device is up in gro_cells_receive() 2019-03-19 13:14:10 +01:00
gtp.h gtp: #define #define _GTP_H_ and not #define _GTP_H 2016-07-25 17:55:43 -07:00
gue.h gue: Protocol constants for remote checksum offload 2014-11-05 16:30:03 -05:00
hwbm.h net: add a hardware buffer management helper API 2016-03-14 12:19:46 -04:00
icmp.h net: Add __icmp_send helper. 2019-03-13 14:04:53 -07:00
ieee80211_radiotap.h mac80211: add support for radiotap timestamp field 2016-09-12 11:45:45 +02:00
ieee802154_netdev.h mac802154: constify ieee802154_llsec_ops structure 2016-01-04 20:40:41 +01:00
if_inet6.h UPSTREAM: net/ipv6: allow sysctl to change link-local address generation mode 2019-08-15 21:01:57 +00:00
ila.h ila: Add generic ILA translation facility 2015-12-15 23:25:20 -05:00
inet6_connection_sock.h ipv6: remove unused in6_addr struct 2016-03-22 15:45:44 -04:00
inet6_hashtables.h tcp/dccp: do not touch listener sk_refcnt under synflood 2016-04-04 22:11:20 -04:00
inet_common.h BACKPORT: net: Introduce __inet_bind() and __inet6_bind 2024-09-25 16:54:46 +03:00
inet_connection_sock.h Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00
inet_ecn.h ipv6: suppress sparse warnings in IP6_ECN_set_ce() 2016-08-13 15:08:00 -07:00
inet_frag.h net: IP defrag: encapsulate rbtree defrag code into callable functions 2019-05-02 09:32:06 +02:00
inet_hashtables.h tcp/dccp: fix possible race __inet_lookup_established() 2020-01-04 13:41:12 +01:00
inet_sock.h Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00
inet_timewait_sock.h soreuseport: initialise timewait reuseport field 2018-05-16 10:08:41 +02:00
inetpeer.h net: ipv4: use a dedicated counter for icmp_v4 redirect packets 2019-02-23 09:05:59 +01:00
ip.h This is the 4.9.207 stable release 2019-12-21 11:28:16 +01:00
ip6_checksum.h ipv6: Pass proto to csum_ipv6_magic as __u8 instead of unsigned short 2016-03-13 23:55:13 -04:00
ip6_fib.h ipv6: fix sparse warning on rt6i_node 2017-09-20 08:19:53 +02:00
ip6_route.h This is the 4.9.39 stable release 2017-07-21 08:55:50 +02:00
ip6_tunnel.h ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL 2019-07-21 09:05:57 +02:00
ip_fib.h net: ipv4: Fix memory leak in network namespace dismantle 2019-01-31 08:12:33 +01:00
ip_tunnels.h ip_tunnel: add collect_md mode to IPIP tunnel 2016-09-17 10:13:07 -04:00
ip_vs.h ipvs: move old_secure_tcp into struct netns_ipvs 2019-11-12 19:15:57 +01:00
ipcomp.h
ipconfig.h
ipv6.h BACKPORT: net: Introduce __inet_bind() and __inet6_bind 2024-09-25 16:54:46 +03:00
ipv6_frag.h ip6: fix skb leak in ip6frag_expire_frag_queue() 2019-09-16 08:19:33 +02:00
ipx.h switch ipxrtr_route_packet() from iovec to msghdr 2014-11-24 04:28:49 -05:00
iw_handler.h wext: handle NULL extra data in iwe_stream_add_point better 2017-08-11 08:49:34 -07:00
kcm.h kcm: Use stream parser 2016-08-17 19:36:23 -04:00
l3mdev.h ipvlan, l3mdev: fix broken l3s mode wrt local routes 2019-02-06 17:33:27 +01:00
lapb.h lapb.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
lib80211.h lib80211: remove unused print_ssid() 2014-10-14 02:18:27 +02:00
llc.h llc: avoid blocking in llc_sap_close() 2019-11-25 09:52:18 +01:00
llc_c_ac.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
llc_c_ev.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
llc_c_st.h llc: Make llc_conn_ev_qfyr_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_conn.h llc: fix sk_buff leak in llc_conn_service() 2019-11-06 12:18:24 +01:00
llc_if.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
llc_pdu.h net: llc: fix order of evaluation in llc_conn_ac_inc_vr_by_1 2014-01-01 22:22:43 -05:00
llc_s_ac.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
llc_s_ev.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
llc_s_st.h llc: Make llc_sap_action_t function pointer arrays const 2014-12-10 15:21:24 -05:00
llc_sap.h llc*.h: Remove extern from function prototypes 2013-09-21 14:01:38 -04:00
lwtunnel.h lwtunnel: valid encap attr check should return 0 when lwtunnel is disabled 2017-02-18 15:11:42 +01:00
mac80211.h mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 2018-05-30 07:50:28 +02:00
mac802154.h ieee802154: cleanup WARN_ON for fc fetch 2016-07-08 13:23:12 +02:00
mip6.h include/net/: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
mld.h ipv6: mld: answer mldv2 queries with mldv1 reports in mldv1 fallback 2014-09-22 16:23:15 -04:00
mpls.h openvswitch: use mpls_hdr 2016-10-03 02:00:22 -04:00
mpls_iptunnel.h mpls: multipath route support 2015-10-23 06:26:42 -07:00
mptcp.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
mptcp_v4.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
mptcp_v6.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
mrp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-01 17:06:14 -04:00
ncm.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
ncsi.h net/ncsi: Introduce ncsi_stop_dev() 2016-10-04 02:11:51 -04:00
ndisc.h UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier 2020-03-28 11:11:24 +00:00
neighbour.h net: add annotations on hh->hh_len lockless accesses 2020-01-12 11:24:19 +01:00
net_namespace.h Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00
net_ratelimit.h
netevent.h neigh: Send a notification when DELAY_PROBE_TIME changes 2016-07-05 09:06:29 -07:00
netlabel.h netlabel: Implement CALIPSO config functions for SMACK. 2016-06-27 15:06:18 -04:00
netlink.h netlink: fix nla_put_{u8,u16,u32} for KASAN 2017-10-12 11:51:25 +02:00
netprio_cgroup.h net: wrap sock->sk_cgrp_prioidx and ->sk_classid inside a struct 2015-12-08 22:02:33 -05:00
netrom.h netrom.h: Remove extern from function prototypes 2013-09-21 14:01:39 -04:00
nexthop.h net: fix rtnh_ok() 2018-05-16 10:08:41 +02:00
nl802154.h ieee802154: add netns support 2016-07-08 12:20:57 +02:00
p8022.h p8022.h: Remove extern from function prototypes 2013-09-21 14:01:39 -04:00
ping.h net: ping: make ping_v6_sendmsg static 2016-03-23 22:09:58 -04:00
pkt_cls.h net/sched: pkt_cls: change tc actions order to be as the user sets 2016-09-28 05:02:44 -04:00
pkt_sched.h net: sched: convert qdisc linked list to hashtable 2016-08-10 17:19:02 -07:00
pptp.h pptp: Refactor the struct and macros of PPTP codes 2016-08-15 10:55:53 -07:00
protocol.h udp: Remove udp_offloads 2016-04-07 16:53:30 -04:00
psnap.h psnap.h: Remove extern from function prototypes 2013-09-23 01:51:08 -04:00
raw.h sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
rawv6.h raw/rawv6.h: Remove extern from function prototypes 2013-09-23 01:51:08 -04:00
red.h net_sched: red: Avoid illegal values 2018-02-25 11:05:48 +01:00
regulatory.h regulatory: add NUL to request alpha2 2018-05-30 07:50:30 +02:00
request_sock.h inet: reqsk_alloc() needs to take care of dead listeners 2016-04-04 22:11:19 -04:00
rose.h rose.h: Remove extern from function prototypes 2013-09-23 01:51:08 -04:00
route.h This is the 4.9.104 stable release 2018-05-30 13:19:56 +02:00
rtnetlink.h net: rtnetlink: add support for the IFLA_STATS_LINK_XSTATS_SLAVE attribute 2016-06-30 06:15:04 -04:00
sch_generic.h sch_netem: fix rcu splat in netem_enqueue() 2019-11-06 12:18:25 +01:00
scm.h unix: correctly track in-flight fds in sending process user_struct 2016-02-08 10:30:42 -05:00
secure_seq.h inetpeer: get rid of ip_id_count 2014-06-02 11:00:41 -07:00
slhc_vj.h slip: Check if rstate is initialized before uncompressing 2018-04-20 08:21:07 +02:00
snmp.h net: snmp: fix 64bit stats on 32bit arches 2016-04-28 11:49:45 -04:00
sock.h BACKPORT: bpf: Hooks for sys_connect 2024-09-25 16:54:46 +03:00
sock_reuseport.h soreuseport: fix NULL ptr dereference SO_REUSEPORT after bind 2016-01-19 14:44:23 -05:00
Space.h drivers: net: Include new header file in sbni.c 2013-12-19 18:51:20 -05:00
stp.h stp.h: Remove extern from function prototypes 2013-09-23 01:51:09 -04:00
strparser.h kcm: Remove TCP specific references from kcm and strparser 2016-08-28 23:32:41 -04:00
switchdev.h switchdev: remove FIB offload infrastructure 2016-09-28 04:48:00 -04:00
tcp.h proto_ops: Add locked held versions of sendmsg and sendpage 2024-09-25 16:54:42 +03:00
tcp_states.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
timewait_sock.h inet: remove BUG_ON() in twsk_destructor() 2015-07-09 15:12:20 -07:00
transp_v6.h import G965FXXU7DTAA OSRC 2020-02-04 13:50:09 +02:00
tso.h net: tso: add support for IPv6 2015-10-26 22:24:22 -07:00
udp.h BACKPORT: bpf: Hooks for sys_connect 2024-09-25 16:54:46 +03:00
udp_tunnel.h vxlan: Add new UDP encapsulation offload type for VXLAN-GPE 2016-06-17 20:23:32 -07:00
udplite.h udplite: fix partial checksum initialization 2018-03-11 16:21:32 +01:00
vsock_addr.h VSOCK: Move af_vsock.h and vsock_addr.h to include/net 2013-07-27 22:14:06 -07:00
vxlan.h vxlan: fix hlist corruption 2017-07-21 07:42:18 +02:00
wext.h wext.h: Remove extern from function prototypes 2013-09-23 16:29:40 -04:00
wimax.h net: treewide: Fix typo found in DocBook/networking.xml 2014-09-05 17:35:28 -07:00
x25.h net: x25: fix one potential use-after-free issue 2018-04-13 19:48:00 +02:00
x25device.h
xfrm.h Merge 4.9.212 branch 'android-4.9-q' into tw10-android-4.9-q 2020-02-12 12:32:38 +02:00