• Andrey Ignatov's avatar
    bpf: Hooks for sys_sendmsg · 1cedee13
    Andrey Ignatov authored
    In addition to already existing BPF hooks for sys_bind and sys_connect,
    the patch provides new hooks for sys_sendmsg.
    It leverages existing BPF program type `BPF_PROG_TYPE_CGROUP_SOCK_ADDR`
    that provides access to socket itlself (properties like family, type,
    protocol) and user-passed `struct sockaddr *` so that BPF program can
    override destination IP and port for system calls such as sendto(2) or
    sendmsg(2) and/or assign source IP to the socket.
    The hooks are implemented as two new attach types:
    UDPv6 correspondingly.
    UDPv4 and UDPv6 separate attach types for same reason as sys_bind and
    sys_connect hooks, i.e. to prevent reading from / writing to e.g.
    user_ip6 fields when user passes sockaddr_in since it'd be out-of-bound.
    The difference with already existing hooks is sys_sendmsg are
    implemented only for unconnected UDP.
    For TCP it doesn't make sense to change user-provided `struct sockaddr *`
    at sendto(2)/sendmsg(2) time since socket either was already connected
    and has source/destination set or wasn't connected and call to
    sendto(2)/sendmsg(2) would lead to ENOTCONN anyway.
    Connected UDP is already handled by sys_connect hooks that can override
    source/destination at connect time and use fast-path later, i.e. these
    hooks don't affect UDP fast-path.
    Rewriting source IP is implemented differently than that in sys_connect
    hooks. When sys_sendmsg is used with unconnected UDP it doesn't work to
    just bind socket to desired local IP address since source IP can be set
    on per-packet basis by using ancillary data (cmsg(3)). So no matter if
    socket is bound or not, source IP has to be rewritten on every call to
    To do so two new fields are added to UAPI `struct bpf_sock_addr`;
    * `msg_src_ip4` to set source IPv4 for UDPv4;
    * `msg_src_ip6` to set source IPv6 for UDPv6.
    Signed-off-by: default avatarAndrey Ignatov <rdna@fb.com>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>