bpf: Add BPF_SOCK_OPS_TCP_LISTEN_CB

Add new TCP-BPF callback that is called on listen(2) right after socket
transition to TCP_LISTEN state.

It fills the gap for listening sockets in TCP-BPF. For example BPF
program can set BPF_SOCK_OPS_STATE_CB_FLAG when socket becomes listening
and track later transition from TCP_LISTEN to TCP_CLOSE with
BPF_SOCK_OPS_STATE_CB callback.

Before there was no way to do it with TCP-BPF and other options were
much harder to work with. E.g. socket state tracking can be done with
tracepoints (either raw or regular) but they can't be attached to cgroup
and their lifetime has to be managed separately.

Signed-off-by: Andrey Ignatov <rdna@fb.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 6bcb287a888d4b1f4a61abfb365b6fa93fd4d028..870113916caca5ef3acbad43c821d5b5111d0ffc 100644 (file)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2555,6 +2555,9 @@ enum {
                                         * Arg1: old_state
                                         * Arg2: new_state
                                         */
+       BPF_SOCK_OPS_TCP_LISTEN_CB,     /* Called on listen(2), right after
+                                        * socket transition to LISTEN state.
+                                        */
 };
 
 /* List of TCP states. There is a build check in net/ipv4/tcp.c to detect

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index c716be13d58c92d0db9b5df12ff8d2ea620816f3..f2a0a3bab6b5bd8eb8a1946a17ef8a3e0cea5dab 100644 (file)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -229,6 +229,7 @@ int inet_listen(struct socket *sock, int backlog)
                err = inet_csk_listen_start(sk, backlog);
                if (err)
                        goto out;
+               tcp_call_bpf(sk, BPF_SOCK_OPS_TCP_LISTEN_CB, 0, NULL);
        }
        sk->sk_max_ack_backlog = backlog;
        err = 0;