• D
    bpf: add bpf_skb_change_proto helper · 6578171a
    Daniel Borkmann 提交于
    This patch adds a minimal helper for doing the groundwork of changing
    the skb->protocol in a controlled way. Currently supported is v4 to
    v6 and vice versa transitions, which allows f.e. for a minimal, static
    nat64 implementation where applications in containers that still
    require IPv4 can be transparently operated in an IPv6-only environment.
    For example, host facing veth of the container can transparently do
    the transitions in a programmatic way with the help of clsact qdisc
    and cls_bpf.
    
    Idea is to separate concerns for keeping complexity of the helper
    lower, which means that the programs utilize bpf_skb_change_proto(),
    bpf_skb_store_bytes() and bpf_lX_csum_replace() to get the job done,
    instead of doing everything in a single helper (and thus partially
    duplicating helper functionality). Also, bpf_skb_change_proto()
    shouldn't need to deal with raw packet data as this is done by other
    helpers.
    
    bpf_skb_proto_6_to_4() and bpf_skb_proto_4_to_6() unclone the skb to
    operate on a private one, push or pop additionally required header
    space and migrate the gso/gro meta data from the shared info. We do
    mark the gso type as dodgy so that headers are checked and segs
    recalculated by the gso/gro engine. The gso_size target is adapted
    as well. The flags argument added is currently reserved and can be
    used for future extensions.
    Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
    Acked-by: NAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    6578171a
bpf.h 11.2 KB