bpf: Add TCP connection BPF callbacks

Added callbacks to BPF SOCK_OPS type program before an active
connection is intialized and after a passive or active connection is
established.

The following patch demostrates how they can be used to set send and
receive buffer sizes.

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index dd43b22758d65ce98adf8f18e8a570b5b6a01145..2405fe304c982d3653c9e301cda35a51ef739793 100644 (file)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -767,6 +767,17 @@ enum {
                                         * window (in packets) or -1 if default
                                         * value should be used
                                         */
+       BPF_SOCK_OPS_TCP_CONNECT_CB,    /* Calls BPF program right before an
+                                        * active connection is initialized
+                                        */
+       BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB,     /* Calls BPF program when an
+                                                * active connection is
+                                                * established
+                                                */
+       BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB,    /* Calls BPF program when a
+                                                * passive connection is
+                                                * established
+                                                */
 };
 
 #endif /* _UAPI__LINUX_BPF_H__ */

diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index 8b1539efaf38d1a50737101a139769a3cabe13db..ce9c7fef200f3a493de69e87464e7a1e0ba9d889 100644 (file)
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -221,6 +221,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk,
        tcp_init_congestion_control(child);
        tcp_mtup_init(child);
        tcp_init_metrics(child);
+       tcp_call_bpf(child, BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB);
        tcp_init_buffer_space(child);
 
        tp->rcv_nxt = TCP_SKB_CB(skb)->seq + 1;

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index bcc96654cd7e3038677382986380b70a96bf4917..664210e5e4a70a048557d883bb55e906f8eefb8a 100644 (file)
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5571,7 +5571,7 @@ void tcp_finish_connect(struct sock *sk, struct sk_buff *skb)
        icsk->icsk_af_ops->rebuild_header(sk);
 
        tcp_init_metrics(sk);
-
+       tcp_call_bpf(sk, BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB);
        tcp_init_congestion_control(sk);
 
        /* Prevent spurious tcp_cwnd_restart() on first data
@@ -5977,6 +5977,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb)
                } else {
                        /* Make sure socket is routed, for correct metrics. */
                        icsk->icsk_af_ops->rebuild_header(sk);
+                       tcp_call_bpf(sk, BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB);
                        tcp_init_congestion_control(sk);
 
                        tcp_mtup_init(sk);

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index ef809426b538dd3b34452b6312d7eb2e8c82e9ca..33b3e401e812f4663292e60e781344098fe87584 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3444,6 +3444,7 @@ int tcp_connect(struct sock *sk)
        struct sk_buff *buff;
        int err;
 
+       tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_CONNECT_CB);
        tcp_connect_init(sk);
 
        if (unlikely(tp->repair)) {