tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpf: Enable bpf_{g,s}etsockopt in BPF_CGROUP_UDP{4,6}_SENDMSG

Can be used to query/modify socket state for unconnected UDP sendmsg.
Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on
a locked socket.

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210127232853.3753823-2-sdf@google.com

authored by

Stanislav Fomichev and committed by
Daniel Borkmann 62476cc1 211a741c

+37
+4
net/core/filter.c
··· 7023 7023 case BPF_CGROUP_INET6_BIND: 7024 7024 case BPF_CGROUP_INET4_CONNECT: 7025 7025 case BPF_CGROUP_INET6_CONNECT: 7026 + case BPF_CGROUP_UDP4_SENDMSG: 7027 + case BPF_CGROUP_UDP6_SENDMSG: 7026 7028 return &bpf_sock_addr_setsockopt_proto; 7027 7029 default: 7028 7030 return NULL; ··· 7035 7033 case BPF_CGROUP_INET6_BIND: 7036 7034 case BPF_CGROUP_INET4_CONNECT: 7037 7035 case BPF_CGROUP_INET6_CONNECT: 7036 + case BPF_CGROUP_UDP4_SENDMSG: 7037 + case BPF_CGROUP_UDP6_SENDMSG: 7038 7038 return &bpf_sock_addr_getsockopt_proto; 7039 7039 default: 7040 7040 return NULL;
+21
tools/testing/selftests/bpf/bpf_sockopt_helpers.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + 3 + #include <sys/socket.h> 4 + #include <bpf/bpf_helpers.h> 5 + 6 + int get_set_sk_priority(void *ctx) 7 + { 8 + int prio; 9 + 10 + /* Verify that context allows calling bpf_getsockopt and 11 + * bpf_setsockopt by reading and writing back socket 12 + * priority. 13 + */ 14 + 15 + if (bpf_getsockopt(ctx, SOL_SOCKET, SO_PRIORITY, &prio, sizeof(prio))) 16 + return 0; 17 + if (bpf_setsockopt(ctx, SOL_SOCKET, SO_PRIORITY, &prio, sizeof(prio))) 18 + return 0; 19 + 20 + return 1; 21 + }
+7
tools/testing/selftests/bpf/progs/sendmsg4_prog.c
··· 8 8 #include <bpf/bpf_helpers.h> 9 9 #include <bpf/bpf_endian.h> 10 10 11 + #include <bpf_sockopt_helpers.h> 12 + 11 13 #define SRC1_IP4 0xAC100001U /* 172.16.0.1 */ 12 14 #define SRC2_IP4 0x00000000U 13 15 #define SRC_REWRITE_IP4 0x7f000004U ··· 23 21 SEC("cgroup/sendmsg4") 24 22 int sendmsg_v4_prog(struct bpf_sock_addr *ctx) 25 23 { 24 + int prio; 25 + 26 26 if (ctx->type != SOCK_DGRAM) 27 + return 0; 28 + 29 + if (!get_set_sk_priority(ctx)) 27 30 return 0; 28 31 29 32 /* Rewrite source. */
+5
tools/testing/selftests/bpf/progs/sendmsg6_prog.c
··· 8 8 #include <bpf/bpf_helpers.h> 9 9 #include <bpf/bpf_endian.h> 10 10 11 + #include <bpf_sockopt_helpers.h> 12 + 11 13 #define SRC_REWRITE_IP6_0 0 12 14 #define SRC_REWRITE_IP6_1 0 13 15 #define SRC_REWRITE_IP6_2 0 ··· 28 26 int sendmsg_v6_prog(struct bpf_sock_addr *ctx) 29 27 { 30 28 if (ctx->type != SOCK_DGRAM) 29 + return 0; 30 + 31 + if (!get_set_sk_priority(ctx)) 31 32 return 0; 32 33 33 34 /* Rewrite source. */