new configs and hooks infrastructure for tcp interception

drivers/net/Makefile

@@ -39,7 +39,7 @@ obj-$(CONFIG_CAN) += can/
 obj-$(CONFIG_ETRAX_ETHERNET) += cris/
 obj-$(CONFIG_NET_DSA) += dsa/
 obj-$(CONFIG_ETHERNET) += ethernet/
-obj-$(CONFIG_XEN_SME) += ethernet/broadcom/bnx2x/sme/
+obj-$(CONFIG_PACER) += ethernet/broadcom/bnx2x/sme/
 obj-$(CONFIG_FDDI) += fddi/
 obj-$(CONFIG_HIPPI) += hippi/
 obj-$(CONFIG_HAMRADIO) += hamradio/

drivers/net/ethernet/broadcom/bnx2x/sme/Kconfig

@@ -2,9 +2,18 @@
 # Side channel mitigation kernel module
 #
 
+config PACER
+  bool "Pacer support"
+  default n
+  help
+    This selects Pacer, which is used to do traffic shaping for network
+    I/O side channels.
+
+    If you are unaware of how to answer this question, answer N.
+
 config XEN_SME
 	bool "SME support"
-	depends on XEN_NETDEV_BACKEND
+	depends on PACER
 	depends on BNX2X
 	default n
 	help
@@ -13,3 +22,11 @@ config XEN_SME
 		xen dom0 netback driver.
 
 		If you are unaware of how to answer this question, answer N.
+
+config PACER_TCP
+  bool "Pacer support for TCP"
+  depends on PACER
+  default n
+  help
+    This enables Pacer changes for client TCP, such as modified TCP OOB
+    semantics. If you are unaware of how to answer this question, answer N.

drivers/net/ethernet/broadcom/bnx2x/sme/Makefile

-obj-$(CONFIG_XEN_SME) := sme.o
-
-sme-y := xen_sme_hooks.o xen_sme.o
+obj-$(CONFIG_PACER) := sme.o
+sme-objs := pacer_common.o
+sme-$(CONFIG_PACER_TCP) += ptcp_hooks.o ptcp_hooks_impl.o
+sme-$(CONFIG_XEN_SME) += xen_sme_hooks.o xen_sme.o

drivers/net/ethernet/broadcom/bnx2x/sme/pacer_common.c

+#include "xen_sme.h"
+#include "xen_sme_hooks.h"
+#include "ptcp_hooks.h"
+#include "ptcp_hooks_impl.h"
+#include "sme_debug.h"
+#include <linux/module.h>
+#include <linux/ktime.h>
+
+static int __init xen_sme_init(void)
+{
+	iprintk(0, "SME: Initializing");
+#ifdef CONFIG_XEN_SME
+	sme_add_hooks(xen_sme_hooks, ARRAY_SIZE(xen_sme_hooks));
+#endif
+
+#ifdef CONFIG_PACER_TCP
+  ptcp_add_hooks(ptcp_hooks, ARRAY_SIZE(ptcp_hooks));
+#endif
+	return 0;
+}
+
+module_init(xen_sme_init);
+
+static void __exit xen_sme_fini(void)
+{
+#ifdef CONFIG_PACER_TCP
+  ptcp_delete_hooks(ptcp_hooks, ARRAY_SIZE(ptcp_hooks));
+#endif
+
+#ifdef CONFIG_XEN_SME
+	sme_delete_hooks(xen_sme_hooks, ARRAY_SIZE(xen_sme_hooks));
+#endif
+	iprintk(0, "SME complete");
+}
+
+module_exit(xen_sme_fini);
+MODULE_LICENSE("Dual BSD/GPL");
+MODULE_ALIAS("xen-backend:sme");

drivers/net/ethernet/broadcom/bnx2x/sme/ptcp_hooks.c

+/*
+ * ptcp_hooks_impl.c
+ *
+ * created on: Jun 21, 2018
+ * author: aasthakm
+ *
+ * Similar to security.h/c
+ * symbols exported to be used in TCP/IP
+ * 
+ */
+
+#include "ptcp_hooks.h"
+#include "ptcp_hooks_impl.h"
+
+#define call_ptcp_void_hook(FUNC, ...)	({	\
+		do {	\
+			struct ptcp_hook_list *P;	\
+			list_for_each_entry(P, &ptcp_hook_heads.FUNC, list)	{	\
+				P->hook.FUNC(__VA_ARGS__);	\
+			}	\
+		} while (0);	\
+	})
+
+#define call_ptcp_int_hook(FUNC, IRC, ...)	({	\
+		int RC = IRC;	\
+		do {	\
+			struct ptcp_hook_list *P;	\
+			list_for_each_entry(P, &ptcp_hook_heads.FUNC, list)	{	\
+				RC = P->hook.FUNC(__VA_ARGS__);	\
+				if (RC != 0)	\
+					break;	\
+			}	\
+		} while (0);	\
+		RC;	\
+	})
+
+struct ptcp_hook_heads ptcp_hook_heads = {
+  .print_sock_skb = LIST_HEAD_INIT(ptcp_hook_heads.print_sock_skb),
+};
+
+void ptcp_print_sock_skb(struct sock *sk, struct sk_buff *skb)
+{
+  return call_ptcp_void_hook(print_sock_skb, sk, skb);
+}
+EXPORT_SYMBOL(ptcp_print_sock_skb);

drivers/net/ethernet/broadcom/bnx2x/sme/ptcp_hooks.h

+/*
+ * ptcp_hooks.h
+ *
+ * created on: Jun 21, 2018
+ * author: aasthakm
+ *
+ * Similar to security.h/c
+ * symbols exported to be used in TCP/IP
+ * 
+ */
+
+#ifndef __PTCP_HOOKS_H__
+#define __PTCP_HOOKS_H__
+
+#include <linux/skbuff.h>
+
+void ptcp_print_sock_skb(struct sock *sk, struct sk_buff *skb);
+
+#endif /* __PTCP_HOOKS_H__ */

drivers/net/ethernet/broadcom/bnx2x/sme/ptcp_hooks_impl.c

+/*
+ * Similar to LSM modules like selinux/hooks.c
+ * Xen side channel mitigation module
+ *
+ * created on: Jun 21, 2018
+ * author: aasthakm
+ */
+
+#include "ptcp_hooks_impl.h"
+#include <linux/skbuff.h>
+#include <uapi/linux/tcp.h>
+#include <uapi/linux/in.h>
+#include <uapi/linux/ip.h>
+#include <uapi/asm-generic/errno-base.h>
+
+void (*lnk_print_sock_skb) (struct sock *sk, struct sk_buff *skb) = 0;
+EXPORT_SYMBOL(lnk_print_sock_skb);
+static void ptcp_print_sock_skb(struct sock *sk, struct sk_buff *skb)
+{
+  if (lnk_print_sock_skb) {
+    lnk_print_sock_skb(sk, skb);
+  }
+}
+
+struct ptcp_hook_list ptcp_hooks[NUM_PTCP_HOOKS] = {
+  PTCP_HOOK_INIT(print_sock_skb, ptcp_print_sock_skb),
+};
+
+#if 0
+static int __init ptcp_init(void)
+{
+	iprintk(0, "PTCP: Initializing");
+	ptcp_add_hooks(ptcp_hooks, ARRAY_SIZE(ptcp_hooks));
+	return 0;
+}
+
+module_init(ptcp_init);
+
+static void __exit ptcp_fini(void)
+{
+	ptcp_delete_hooks(ptcp_hooks, ARRAY_SIZE(ptcp_hooks));
+	iprintk(0, "PTCP complete");
+}
+
+module_exit(ptcp_fini);
+MODULE_LICENSE("Dual BSD/GPL");
+MODULE_ALIAS("pacerclient");
+#endif

drivers/net/ethernet/broadcom/bnx2x/sme/ptcp_hooks_impl.h

+/*
+ * ptcp_hooks_impl.h
+ *
+ * created on: Jun 21, 2018
+ * author: aasthakm
+ *
+ * Similar to lsm_hooks.h
+ * Provides LSM like generic interface to 
+ * create pluggable function interfaces
+ * 
+ */
+
+#ifndef __PTCP_HOOKS_IMPL_H__
+#define __PTCP_HOOKS_IMPL_H__
+
+#include <linux/skbuff.h>
+
+/*
+ * Note: this does not implement the additional level 
+ * of generic interfaces similar to the ones provided 
+ * by security.c/h, which allow for multiple 
+ * implementations of the LSM
+ */
+
+union ptcp_list_options {
+  void (*print_sock_skb) (struct sock *sk, struct sk_buff *skb);
+};
+
+struct ptcp_hook_heads {
+  struct list_head print_sock_skb;
+};
+
+struct ptcp_hook_list {
+	struct list_head list;
+	struct list_head *head;
+	union ptcp_list_options hook;
+};
+
+#define PTCP_HOOK_INIT(HEAD, HOOK)	\
+{ .head = &ptcp_hook_heads.HEAD, .hook = { . HEAD = HOOK } }
+
+// increment this every time a new hook is added
+#define NUM_PTCP_HOOKS  1
+
+extern struct ptcp_hook_heads ptcp_hook_heads;
+extern struct ptcp_hook_list ptcp_hooks[NUM_PTCP_HOOKS];
+
+static inline void ptcp_add_hooks(struct ptcp_hook_list *hooks, int count)
+{
+	int i;
+	for (i = 0; i < count; i++)
+		list_add_tail_rcu(&hooks[i].list, hooks[i].head);
+}
+
+static inline void ptcp_delete_hooks(struct ptcp_hook_list *hooks, int count)
+{
+	int i;
+	for (i = 0; i < count; i++)
+		list_del_rcu(&hooks[i].list);
+}
+
+#endif /* __PTCP_HOOKS_IMPL_H__ */

drivers/net/ethernet/broadcom/bnx2x/sme/xen_sme.c

@@ -8,8 +8,6 @@
 
 #include "xen_sme.h"
 #include "sme_debug.h"
-#include <linux/module.h>
-#include <linux/ktime.h>
 #include <linux/skbuff.h>
 #include <linux/netdevice.h>
 #include <uapi/linux/tcp.h>
@@ -230,7 +228,7 @@ sme_print_xenvif_queue(struct xenvif_queue *queue, char *extra_dbg_string)
 }
 #endif
 
-static struct sme_hook_list xen_sme_hooks[] = {
+struct sme_hook_list xen_sme_hooks[NUM_XEN_SME_HOOKS] = {
 	SME_HOOK_INIT(update_cwnd, sme_update_cwnd),
   SME_HOOK_INIT(adjust_packet_counts, sme_adjust_packet_counts),
   SME_HOOK_INIT(small_queue_check, sme_small_queue_check),
@@ -248,21 +246,3 @@ static struct sme_hook_list xen_sme_hooks[] = {
 //	SME_HOOK_INIT(print_xenvif_queue, sme_print_xenvif_queue),
 };
 
-static int __init xen_sme_init(void)
-{
-	iprintk(0, "SME: Initializing");
-	sme_add_hooks(xen_sme_hooks, ARRAY_SIZE(xen_sme_hooks));
-	return 0;
-}
-
-module_init(xen_sme_init);
-
-static void __exit xen_sme_fini(void)
-{
-	sme_delete_hooks(xen_sme_hooks, ARRAY_SIZE(xen_sme_hooks));
-	iprintk(0, "SME complete");
-}
-
-module_exit(xen_sme_fini);
-MODULE_LICENSE("Dual BSD/GPL");
-MODULE_ALIAS("xen-backend:sme");

drivers/net/ethernet/broadcom/bnx2x/sme/xen_sme.h

@@ -84,7 +84,11 @@ struct sme_hook_list {
 #define SME_HOOK_INIT(HEAD, HOOK)	\
 { .head = &xen_sme_hook_heads.HEAD, .hook = { . HEAD = HOOK } }
 
+// increment this every time a new hook is added
+#define NUM_XEN_SME_HOOKS 14
+
 extern struct sme_hook_heads xen_sme_hook_heads;
+extern struct sme_hook_list xen_sme_hooks[NUM_XEN_SME_HOOKS];
 
 static inline void sme_add_hooks(struct sme_hook_list *hooks, int count)
 {