From patchwork Fri Apr  7 13:38:52 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christian Ehrig <cehrig@cloudflare.com>
X-Patchwork-Id: 7883
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp293483vqo;
        Fri, 7 Apr 2023 06:41:02 -0700 (PDT)
X-Google-Smtp-Source: 
 AKy350YSfLfsK0BVzsn1SEXsTyuntMZu1/ezGH2Mrx7BmT+h8rLpOqoh65TmEg8deMohcrVIDV8Q
X-Received: by 2002:a17:90b:1d8f:b0:23a:8f25:7fd6 with SMTP id
 pf15-20020a17090b1d8f00b0023a8f257fd6mr2605091pjb.29.1680874862750;
        Fri, 07 Apr 2023 06:41:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680874862; cv=none;
        d=google.com; s=arc-20160816;
        b=Q6X0bgf8NRnzyMpbBtZqaOUUcMfxGQ/lITpZExStqnrqn1+rtLKgUbvXmti1bZAz2/
         BOj3piD3RUCWTAovUSGqqKOnDhkzMV8Q2npscfr1v2z1/BuJFRqadTjP6lNkzsfK8H6r
         PNj96z3f2A/+jdSce8z/YZjZPs5hI2+R9M+e7jY4Bi7Pfb87xkva0Zt2Aw9oR7fRQ6MQ
         w3PtM1QNN/Vv+1KfTu8f9XmdhqdxMa3IzqptLJqGzCiVLuAUticWID7u/rJxGJY9dyXd
         0qebT1UO2m1mM/W4wLrJsTgNP+eEPz+WSCGD5FxB8anWMP6tLb2CsVw0Bd/XA5waQlqV
         TOLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=pox4hvdMwzxEobjiq290toIe3b0t8usEe650+0u+Rkg=;
        b=PRL1lhZWdaaetUv06whSNyJeQ3QiRncfesjaGH8djgoZZq8C6gteQdHyNoQlyXpm91
         zYClVBBUj8ic+y12Ne69mNKXVZgAfN5OnSs+CoRNZsVzD5h2omN8t/Ko2SLFlzf7IJ+T
         lW3UpaFrDvKnLNoIQFz1evj5VPP9WDoEYT4BPPkQ6+Vv6AhklgOSj/ePVuSlpPJIrxRx
         k84Ok4LvOaGPBfYu+gwABYfcz4UZqEG+QV0/9dv/28s7dC28xPjyFFZXjnvY3EoyjRYp
         NiVPmYA5QhLbkBH9isUdjXxWpuFfWpiDFV5ZM+vKiT6hXA/sF8ljl/ZEBR0rhoMGuw/v
         1WAA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google header.b=ZELFjg9W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 29-20020a630a1d000000b0050beec93e77si3295713pgk.609.2023.04.07.06.40.50;
        Fri, 07 Apr 2023 06:41:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google header.b=ZELFjg9W;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240689AbjDGNjd (ORCPT <rfc822;a1648639935@gmail.com>
        + 99 others); Fri, 7 Apr 2023 09:39:33 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46772 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240615AbjDGNjY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 7 Apr 2023 09:39:24 -0400
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com
 [IPv6:2a00:1450:4864:20::434])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46367AD2E
        for <linux-kernel@vger.kernel.org>;
 Fri,  7 Apr 2023 06:39:23 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id d17so42319604wrb.11
        for <linux-kernel@vger.kernel.org>;
 Fri, 07 Apr 2023 06:39:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloudflare.com; s=google; t=1680874761;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=pox4hvdMwzxEobjiq290toIe3b0t8usEe650+0u+Rkg=;
        b=ZELFjg9WHzt/arTjAjKKvyySu5ONgaSZ+0S3cyIQc2j4Qq/f0BLAAGclCrkCKlWlr2
         hSz0peJcWTM/CkU4HKAQTSt77ObxTa3d4Ab0+WHo6+/3HzIyzVupEcPMfvrD6EPPD0jh
         rWbtbQaOrSXfHdGkte1OpIX07IZGyQksPVW6A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680874761;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pox4hvdMwzxEobjiq290toIe3b0t8usEe650+0u+Rkg=;
        b=qToxJXHDZ/bT81OJTs6eVk7jH8Ip3S3SMnzrITHSyfd98kWStESp4iNnTN/YCIqD5a
         k6eRpqhSH/kVR9CXm0Ukhsorf561D0szlhBGSJSD7gUJZTvtxU8DCh+dtkiOwdchrXc/
         6Xfykp81fHS/zIwdyGlfn94XKbisNg3NIeGK+eJpTtpH3c4+WfwXNBKbgraGtMzASCta
         AmPKpnRZfftoG4KuI0qP3BrljCP+Q5fSA+o4n3DuXtl13/HiSG3jBKuSAoQU5EjOy56l
         k3bsLkcEUOvUoeYW/9BuVUbYKttQ+mvN5Yf5jdSeNctUL94+wr3Y9kD4SPOLxAvpV2D7
         xGdg==
X-Gm-Message-State: AAQBX9dp5LWWblYrPBxvVBZdwUm/kOvha5bJpNl9eVoDF9972BAlm3NJ
        2FlymJqVurAY8Yl+Uz6vYOtsGw==
X-Received: by 2002:a5d:494f:0:b0:2e4:e489:c679 with SMTP id
 r15-20020a5d494f000000b002e4e489c679mr1374917wrs.10.1680874761530;
        Fri, 07 Apr 2023 06:39:21 -0700 (PDT)
Received: from workstation.ehrig.io (p4fdbfbb0.dip0.t-ipconnect.de.
 [79.219.251.176])
        by smtp.gmail.com with ESMTPSA id
 m13-20020a056000180d00b002efac42ff35sm2380188wrh.37.2023.04.07.06.39.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 07 Apr 2023 06:39:20 -0700 (PDT)
From: Christian Ehrig <cehrig@cloudflare.com>
To: bpf@vger.kernel.org
Cc: cehrig@cloudflare.com, kernel-team@cloudflare.com,
        Alexei Starovoitov <ast@kernel.org>,
        Andrii Nakryiko <andrii@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Dave Marchevsky <davemarchevsky@fb.com>,
        David Vernet <void@manifault.com>,
        Hangbin Liu <liuhangbin@gmail.com>,
        Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
        John Fastabend <john.fastabend@gmail.com>,
        Kaixi Fan <fankaixi.li@bytedance.com>,
        KP Singh <kpsingh@kernel.org>, linux-kernel@vger.kernel.org,
        linux-kselftest@vger.kernel.org,
        Martin KaFai Lau <martin.lau@linux.dev>,
        Mykola Lysenko <mykolal@fb.com>, netdev@vger.kernel.org,
        Paul Chaignon <paul@isovalent.com>, Song Liu <song@kernel.org>,
        Stanislav Fomichev <sdf@google.com>, Yonghong Song <yhs@fb.com>
Subject: [PATCH bpf-next v3 0/3] Add FOU support for externally controlled
 ipip devices
Date: Fri,  7 Apr 2023 15:38:52 +0200
Message-Id: <cover.1680874078.git.cehrig@cloudflare.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1762525040131422669?=
X-GMAIL-MSGID: =?utf-8?q?1762525040131422669?=

This patch set adds support for using FOU or GUE encapsulation with
an ipip device operating in collect-metadata mode and a set of kfuncs
for controlling encap parameters exposed to a BPF tc-hook.

BPF tc-hooks allow us to read tunnel metadata (like remote IP addresses)
in the ingress path of an externally controlled tunnel interface via
the bpf_skb_get_tunnel_{key,opt} bpf-helpers. Packets can then be
redirected to the same or a different externally controlled tunnel
interface by overwriting metadata via the bpf_skb_set_tunnel_{key,opt}
helpers and a call to bpf_redirect. This enables us to redirect packets
between tunnel interfaces - and potentially change the encapsulation
type - using only a single BPF program.

Today this approach works fine for a couple of tunnel combinations.
For example: redirecting packets between Geneve and GRE interfaces or
GRE and plain ipip interfaces. However, redirecting using FOU or GUE is
not supported today. The ip_tunnel module does not allow us to egress
packets using additional UDP encapsulation from an ipip device in
collect-metadata mode.

Patch 1 lifts this restriction by adding a struct ip_tunnel_encap to
the tunnel metadata. It can be filled by a new BPF kfunc introduced
in Patch 2 and evaluated by the ip_tunnel egress path. This will allow
us to use FOU and GUE encap with externally controlled ipip devices.

Patch 2 introduces two new BPF kfuncs: bpf_skb_{set,get}_fou_encap.
These helpers can be used to set and get UDP encap parameters from the
BPF tc-hook doing the packet redirect.

Patch 3 adds BPF tunnel selftests using the two kfuncs.
---
v3:
 - Integrate selftest into test_progs (Alexei)
v2:
 - Fixes for checkpatch.pl
 - Fixes for kernel test robot

Christian Ehrig (3):
  ipip,ip_tunnel,sit: Add FOU support for externally controlled ipip
    devices
  bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs
  selftests/bpf: Test FOU kfuncs for externally controlled ipip devices

 include/net/fou.h                             |   2 +
 include/net/ip_tunnels.h                      |  28 ++--
 net/ipv4/Makefile                             |   2 +-
 net/ipv4/fou_bpf.c                            | 119 ++++++++++++++
 net/ipv4/fou_core.c                           |   5 +
 net/ipv4/ip_tunnel.c                          |  22 ++-
 net/ipv4/ipip.c                               |   1 +
 net/ipv6/sit.c                                |   2 +-
 .../selftests/bpf/prog_tests/test_tunnel.c    | 153 +++++++++++++++++-
 .../selftests/bpf/progs/test_tunnel_kern.c    | 117 ++++++++++++++
 10 files changed, 432 insertions(+), 19 deletions(-)
 create mode 100644 net/ipv4/fou_bpf.c