Commit 8b5ac68f authored Jan 15, 2024 by Kuniyuki Iwashima Committed by Alexei Starovoitov Jan 23, 2024

bpf: tcp: Handle BPF SYN Cookie in skb_steal_sock().



We will support arbitrary SYN Cookie with BPF.

If BPF prog validates ACK and kfunc allocates a reqsk, it will
be carried to TCP stack as skb->sk with req->syncookie 1.  Also,
the reqsk has its listener as req->rsk_listener with no refcnt
taken.

When the TCP stack looks up a socket from the skb, we steal
inet_reqsk(skb->sk)->rsk_listener in skb_steal_sock() so that
the skb will be processed in cookie_v[46]_check() with the
listener.

Note that we do not clear skb->sk and skb->destructor so that we
can carry the reqsk to cookie_v[46]_check().

Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20240115205514.68364-4-kuniyu@amazon.com


Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

parent 95e752b5

include/net/request_sock.h

+13 −2

Original line number	Diff line number	Diff line
		@@ -101,10 +101,21 @@ static inline struct sock skb_steal_sock(struct sk_buff skb,
		}

		*prefetched = skb_sk_is_prefetched(skb);
		if (*prefetched)
		if (*prefetched) {
		#if IS_ENABLED(CONFIG_SYN_COOKIES)
		if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
		struct request_sock *req = inet_reqsk(sk);

		*refcounted = false;
		sk = req->rsk_listener;
		req->rsk_listener = NULL;
		return sk;
		}
		#endif
		*refcounted = sk_is_refcounted(sk);
		else
		} else {
		*refcounted = true;
		}

		skb->destructor = NULL;
		skb->sk = NULL;