tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

bpf: Allow to retrieve cgroup v1 classid from v2 hooks

Today, Kubernetes is still operating on cgroups v1, however, it is
possible to retrieve the task's classid based on 'current' out of
connect(), sendmsg(), recvmsg() and bind-related hooks for orchestrators
which attach to the root cgroup v2 hook in a mixed env like in case
of Cilium, for example, in order to then correlate certain pod traffic
and use it as part of the key for BPF map lookups.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/555e1c69db7376c0947007b4951c260e1074efc3.1585323121.git.daniel@iogearbox.net

authored by

Daniel Borkmann and committed by
Alexei Starovoitov 5a52ae4e f318903c

+27 -1
+6 -1
include/net/cls_cgroup.h
··· 45 45 sock_cgroup_set_classid(skcd, classid); 46 46 } 47 47 48 + static inline u32 __task_get_classid(struct task_struct *task) 49 + { 50 + return task_cls_state(task)->classid; 51 + } 52 + 48 53 static inline u32 task_get_classid(const struct sk_buff *skb) 49 54 { 50 - u32 classid = task_cls_state(current)->classid; 55 + u32 classid = __task_get_classid(current); 51 56 52 57 /* Due to the nature of the classifier it is required to ignore all 53 58 * packets originating from softirq context as accessing `current'
+21
net/core/filter.c
··· 2642 2642 .arg4_type = ARG_ANYTHING, 2643 2643 }; 2644 2644 2645 + #ifdef CONFIG_CGROUP_NET_CLASSID 2646 + BPF_CALL_0(bpf_get_cgroup_classid_curr) 2647 + { 2648 + return __task_get_classid(current); 2649 + } 2650 + 2651 + static const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto = { 2652 + .func = bpf_get_cgroup_classid_curr, 2653 + .gpl_only = false, 2654 + .ret_type = RET_INTEGER, 2655 + }; 2656 + #endif 2657 + 2645 2658 BPF_CALL_1(bpf_get_cgroup_classid, const struct sk_buff *, skb) 2646 2659 { 2647 2660 return task_get_classid(skb); ··· 6018 6005 return &bpf_get_netns_cookie_sock_proto; 6019 6006 case BPF_FUNC_perf_event_output: 6020 6007 return &bpf_event_output_data_proto; 6008 + #ifdef CONFIG_CGROUP_NET_CLASSID 6009 + case BPF_FUNC_get_cgroup_classid: 6010 + return &bpf_get_cgroup_classid_curr_proto; 6011 + #endif 6021 6012 default: 6022 6013 return bpf_base_func_proto(func_id); 6023 6014 } ··· 6052 6035 return &bpf_get_local_storage_proto; 6053 6036 case BPF_FUNC_perf_event_output: 6054 6037 return &bpf_event_output_data_proto; 6038 + #ifdef CONFIG_CGROUP_NET_CLASSID 6039 + case BPF_FUNC_get_cgroup_classid: 6040 + return &bpf_get_cgroup_classid_curr_proto; 6041 + #endif 6055 6042 #ifdef CONFIG_INET 6056 6043 case BPF_FUNC_sk_lookup_tcp: 6057 6044 return &bpf_sock_addr_sk_lookup_tcp_proto;