Merge branch 'bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG'

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Xu Liu says:

====================

We'd like to be able to identify netns from sk_msg hooks
to accelerate local process communication form different netns.
====================

Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Alexei Starovoitov 4 years ago f63693e3 8c0bb89e

+106 -28

3 changed files

expand all

net

core

filter.c

tools

testing

selftests

bpf

prog_tests

netns_cookie.c

progs

netns_cookie_prog.c

+14

net/core/filter.c

··· 4688 4688 .arg1_type = ARG_PTR_TO_CTX_OR_NULL, 4689 4689 }; 4690 4690 4691 + BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx) 4692 + { 4693 + return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL); 4694 + } 4695 + 4696 + static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = { 4697 + .func = bpf_get_netns_cookie_sk_msg, 4698 + .gpl_only = false, 4699 + .ret_type = RET_INTEGER, 4700 + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, 4701 + }; 4702 + 4691 4703 BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb) 4692 4704 { 4693 4705 struct sock *sk = sk_to_full_sk(skb->sk); ··· 7563 7551 return &bpf_sk_storage_get_proto; 7564 7552 case BPF_FUNC_sk_storage_delete: 7565 7553 return &bpf_sk_storage_delete_proto; 7554 + case BPF_FUNC_get_netns_cookie: 7555 + return &bpf_get_netns_cookie_sk_msg_proto; 7566 7556 #ifdef CONFIG_CGROUPS 7567 7557 case BPF_FUNC_get_current_cgroup_id: 7568 7558 return &bpf_get_current_cgroup_id_proto;

+38 -19

tools/testing/selftests/bpf/prog_tests/netns_cookie.c

··· 12 12 13 13 void test_netns_cookie(void) 14 14 { 15 - int server_fd = 0, client_fd = 0, cgroup_fd = 0, err = 0, val = 0; 15 + int server_fd = -1, client_fd = -1, cgroup_fd = -1; 16 + int err, val, ret, map, verdict; 16 17 struct netns_cookie_prog *skel; 17 18 uint64_t cookie_expected_value; 18 19 socklen_t vallen = sizeof(cookie_expected_value); 20 + static const char send_msg[] = "message"; 19 21 20 22 skel = netns_cookie_prog__open_and_load(); 21 23 if (!ASSERT_OK_PTR(skel, "skel_open")) ··· 25 23 26 24 cgroup_fd = test__join_cgroup("/netns_cookie"); 27 25 if (CHECK(cgroup_fd < 0, "join_cgroup", "cgroup creation failed\n")) 28 - goto out; 26 + goto done; 29 27 30 28 skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup( 31 29 skel->progs.get_netns_cookie_sockops, cgroup_fd); 32 30 if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach")) 33 - goto close_cgroup_fd; 31 + goto done; 32 + 33 + verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg); 34 + map = bpf_map__fd(skel->maps.sock_map); 35 + err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); 36 + if (!ASSERT_OK(err, "prog_attach")) 37 + goto done; 34 38 35 39 server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); 36 40 if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) 37 - goto close_cgroup_fd; 41 + goto done; 38 42 39 43 client_fd = connect_to_fd(server_fd, 0); 40 44 if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno)) 41 - goto close_server_fd; 45 + goto done; 42 46 43 - err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.netns_cookies), 44 - &client_fd, &val); 45 - if (!ASSERT_OK(err, "map_lookup(socket_cookies)")) 46 - goto close_client_fd; 47 + ret = send(client_fd, send_msg, sizeof(send_msg), 0); 48 + if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret)) 49 + goto done; 50 + 51 + err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies), 52 + &client_fd, &val); 53 + if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)")) 54 + goto done; 47 55 48 56 err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE, 49 - &cookie_expected_value, &vallen); 50 - if (!ASSERT_OK(err, "getsockopt)")) 51 - goto close_client_fd; 57 + &cookie_expected_value, &vallen); 58 + if (!ASSERT_OK(err, "getsockopt")) 59 + goto done; 52 60 53 61 ASSERT_EQ(val, cookie_expected_value, "cookie_value"); 54 62 55 - close_client_fd: 56 - close(client_fd); 57 - close_server_fd: 58 - close(server_fd); 59 - close_cgroup_fd: 60 - close(cgroup_fd); 61 - out: 63 + err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies), 64 + &client_fd, &val); 65 + if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)")) 66 + goto done; 67 + 68 + ASSERT_EQ(val, cookie_expected_value, "cookie_value"); 69 + 70 + done: 71 + if (server_fd != -1) 72 + close(server_fd); 73 + if (client_fd != -1) 74 + close(client_fd); 75 + if (cgroup_fd != -1) 76 + close(cgroup_fd); 62 77 netns_cookie_prog__destroy(skel); 63 78 }

+54 -9

tools/testing/selftests/bpf/progs/netns_cookie_prog.c

··· 11 11 __uint(map_flags, BPF_F_NO_PREALLOC); 12 12 __type(key, int); 13 13 __type(value, int); 14 - } netns_cookies SEC(".maps"); 14 + } sockops_netns_cookies SEC(".maps"); 15 + 16 + struct { 17 + __uint(type, BPF_MAP_TYPE_SK_STORAGE); 18 + __uint(map_flags, BPF_F_NO_PREALLOC); 19 + __type(key, int); 20 + __type(value, int); 21 + } sk_msg_netns_cookies SEC(".maps"); 22 + 23 + struct { 24 + __uint(type, BPF_MAP_TYPE_SOCKMAP); 25 + __uint(max_entries, 2); 26 + __type(key, __u32); 27 + __type(value, __u64); 28 + } sock_map SEC(".maps"); 15 29 16 30 SEC("sockops") 17 31 int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) 18 32 { 19 33 struct bpf_sock *sk = ctx->sk; 20 34 int *cookie; 35 + __u32 key = 0; 21 36 22 37 if (ctx->family != AF_INET6) 23 - return 1; 24 - 25 - if (ctx->op != BPF_SOCK_OPS_TCP_CONNECT_CB) 26 38 return 1; 27 39 28 40 if (!sk) 29 41 return 1; 30 42 31 - cookie = bpf_sk_storage_get(&netns_cookies, sk, 0, 32 - BPF_SK_STORAGE_GET_F_CREATE); 33 - if (!cookie) 34 - return 1; 43 + switch (ctx->op) { 44 + case BPF_SOCK_OPS_TCP_CONNECT_CB: 45 + cookie = bpf_sk_storage_get(&sockops_netns_cookies, sk, 0, 46 + BPF_SK_STORAGE_GET_F_CREATE); 47 + if (!cookie) 48 + return 1; 35 49 36 - *cookie = bpf_get_netns_cookie(ctx); 50 + *cookie = bpf_get_netns_cookie(ctx); 51 + break; 52 + case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB: 53 + bpf_sock_map_update(ctx, &sock_map, &key, BPF_NOEXIST); 54 + break; 55 + default: 56 + break; 57 + } 37 58 38 59 return 1; 39 60 } 61 + 62 + SEC("sk_msg") 63 + int get_netns_cookie_sk_msg(struct sk_msg_md *msg) 64 + { 65 + struct bpf_sock *sk = msg->sk; 66 + int *cookie; 67 + 68 + if (msg->family != AF_INET6) 69 + return 1; 70 + 71 + if (!sk) 72 + return 1; 73 + 74 + cookie = bpf_sk_storage_get(&sk_msg_netns_cookies, sk, 0, 75 + BPF_SK_STORAGE_GET_F_CREATE); 76 + if (!cookie) 77 + return 1; 78 + 79 + *cookie = bpf_get_netns_cookie(msg); 80 + 81 + return 1; 82 + } 83 + 84 + char _license[] SEC("license") = "GPL";