[PATCH v2 bpf-next 4/7] bpf: Update BPF_CGROUP_RUN_PROG_INET_EGRESS calls

Wed, 03 Apr 2019 17:13:46 -0700 

Update BPF_CGROUP_RUN_PROG_INET_EGRESS() callers to support returning
congestion notifications from the BPF programs.

Signed-off-by: Lawrence Brakmo <bra...@fb.com>
Signed-off-by: Alexei Starovoitov <a...@kernel.org>
---
 net/ipv4/ip_output.c  | 34 +++++++++++++++++++++++-----------
 net/ipv6/ip6_output.c | 26 +++++++++++++++++---------
 2 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index c80188875f39..26071f16eb98 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -289,16 +289,9 @@ static int ip_finish_output_gso(struct net *net, struct 
sock *sk,
        return ret;
 }
 
-static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff 
*skb)
+static int __ip_finish_output(struct net *net, struct sock *sk, struct sk_buff 
*skb)
 {
        unsigned int mtu;
-       int ret;
-
-       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
-               kfree_skb(skb);
-               return ret;
-       }
 
 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
        /* Policy lookup after SNAT yielded a new policy */
@@ -317,18 +310,37 @@ static int ip_finish_output(struct net *net, struct sock 
*sk, struct sk_buff *sk
        return ip_finish_output2(net, sk, skb);
 }
 
+static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff 
*skb)
+{
+       int ret;
+
+       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return __ip_finish_output(net, sk, skb);
+       case NET_XMIT_CN:
+               return __ip_finish_output(net, sk, skb) ? : ret;
+       default:
+               kfree_skb(skb);
+               return ret;
+       }
+}
+
 static int ip_mc_finish_output(struct net *net, struct sock *sk,
                               struct sk_buff *skb)
 {
        int ret;
 
        ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return dev_loopback_xmit(net, sk, skb);
+       case NET_XMIT_CN:
+               return dev_loopback_xmit(net, sk, skb) ? : ret;
+       default:
                kfree_skb(skb);
                return ret;
        }
-
-       return dev_loopback_xmit(net, sk, skb);
 }
 
 int ip_mc_output(struct net *net, struct sock *sk, struct sk_buff *skb)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index edbd12067170..733f098b28fb 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -128,16 +128,8 @@ static int ip6_finish_output2(struct net *net, struct sock 
*sk, struct sk_buff *
        return -EINVAL;
 }
 
-static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff 
*skb)
+static int __ip6_finish_output(struct net *net, struct sock *sk, struct 
sk_buff *skb)
 {
-       int ret;
-
-       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
-       if (ret) {
-               kfree_skb(skb);
-               return ret;
-       }
-
 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
        /* Policy lookup after SNAT yielded a new policy */
        if (skb_dst(skb)->xfrm) {
@@ -154,6 +146,22 @@ static int ip6_finish_output(struct net *net, struct sock 
*sk, struct sk_buff *s
                return ip6_finish_output2(net, sk, skb);
 }
 
+static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff 
*skb)
+{
+       int ret;
+
+       ret = BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb);
+       switch (ret) {
+       case NET_XMIT_SUCCESS:
+               return __ip6_finish_output(net, sk, skb);
+       case NET_XMIT_CN:
+               return __ip6_finish_output(net, sk, skb) ? : ret;
+       default:
+               kfree_skb(skb);
+               return ret;
+       }
+}
+
 int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
        struct net_device *dev = skb_dst(skb)->dev;
-- 
2.17.1

Reply via email to