Commit f63693e3 authored by Alexei Starovoitov's avatar Alexei Starovoitov
Browse files

Merge branch 'bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG' 



Xu Liu says:

====================

We'd like to be able to identify netns from sk_msg hooks
to accelerate local process communication form different netns.
====================

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parents 8c0bb89e 6cbca1ee

net/core/filter.c

+14 −0
Original line number Diff line number Diff line
@@ -4688,6 +4688,18 @@ static const struct bpf_func_proto bpf_get_netns_cookie_sock_ops_proto = { 
	.arg1_type	= ARG_PTR_TO_CTX_OR_NULL,

};



BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx)

{

	return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);

}



static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = {

	.func		= bpf_get_netns_cookie_sk_msg,

	.gpl_only	= false,

	.ret_type	= RET_INTEGER,

	.arg1_type	= ARG_PTR_TO_CTX_OR_NULL,

};



BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb)

{

	struct sock *sk = sk_to_full_sk(skb->sk);
@@ -7551,6 +7563,8 @@ sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) 
		return &bpf_sk_storage_get_proto;

	case BPF_FUNC_sk_storage_delete:

		return &bpf_sk_storage_delete_proto;

	case BPF_FUNC_get_netns_cookie:

		return &bpf_get_netns_cookie_sk_msg_proto;

#ifdef CONFIG_CGROUPS

	case BPF_FUNC_get_current_cgroup_id:

		return &bpf_get_current_cgroup_id_proto;

tools/testing/selftests/bpf/prog_tests/netns_cookie.c

+38 −19
Original line number Diff line number Diff line
@@ -12,10 +12,12 @@ static int duration; 


void test_netns_cookie(void)

{

	int server_fd = 0, client_fd = 0, cgroup_fd = 0, err = 0, val = 0;

	int server_fd = -1, client_fd = -1, cgroup_fd = -1;

	int err, val, ret, map, verdict;

	struct netns_cookie_prog *skel;

	uint64_t cookie_expected_value;

	socklen_t vallen = sizeof(cookie_expected_value);

	static const char send_msg[] = "message";



	skel = netns_cookie_prog__open_and_load();

	if (!ASSERT_OK_PTR(skel, "skel_open"))
@@ -23,39 +25,56 @@ void test_netns_cookie(void) 


	cgroup_fd = test__join_cgroup("/netns_cookie");

	if (CHECK(cgroup_fd < 0, "join_cgroup", "cgroup creation failed\n"))

		goto out;

		goto done;



	skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup(

		skel->progs.get_netns_cookie_sockops, cgroup_fd);

	if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach"))

		goto close_cgroup_fd;

		goto done;



	verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg);

	map = bpf_map__fd(skel->maps.sock_map);

	err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);

	if (!ASSERT_OK(err, "prog_attach"))

		goto done;



	server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0);

	if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno))

		goto close_cgroup_fd;

		goto done;



	client_fd = connect_to_fd(server_fd, 0);

	if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno))

		goto close_server_fd;

		goto done;



	ret = send(client_fd, send_msg, sizeof(send_msg), 0);

	if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret))

		goto done;



	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.netns_cookies),

	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies),

				  &client_fd, &val);

	if (!ASSERT_OK(err, "map_lookup(socket_cookies)"))

		goto close_client_fd;

	if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)"))

		goto done;



	err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE,

			 &cookie_expected_value, &vallen);

	if (!ASSERT_OK(err, "getsockopt)"))

		goto close_client_fd;

	if (!ASSERT_OK(err, "getsockopt"))

		goto done;



	ASSERT_EQ(val, cookie_expected_value, "cookie_value");



close_client_fd:

	close(client_fd);

close_server_fd:

	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies),

				  &client_fd, &val);

	if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)"))

		goto done;



	ASSERT_EQ(val, cookie_expected_value, "cookie_value");



done:

	if (server_fd != -1)

		close(server_fd);

close_cgroup_fd:

	if (client_fd != -1)

		close(client_fd);

	if (cgroup_fd != -1)

		close(cgroup_fd);

out:

	netns_cookie_prog__destroy(skel);

}

tools/testing/selftests/bpf/progs/netns_cookie_prog.c

+50 −5
Original line number Diff line number Diff line
@@ -11,29 +11,74 @@ struct { 
	__uint(map_flags, BPF_F_NO_PREALLOC);

	__type(key, int);

	__type(value, int);

} netns_cookies SEC(".maps");

} sockops_netns_cookies SEC(".maps");



struct {

	__uint(type, BPF_MAP_TYPE_SK_STORAGE);

	__uint(map_flags, BPF_F_NO_PREALLOC);

	__type(key, int);

	__type(value, int);

} sk_msg_netns_cookies SEC(".maps");



struct {

	__uint(type, BPF_MAP_TYPE_SOCKMAP);

	__uint(max_entries, 2);

	__type(key, __u32);

	__type(value, __u64);

} sock_map SEC(".maps");



SEC("sockops")

int get_netns_cookie_sockops(struct bpf_sock_ops *ctx)

{

	struct bpf_sock *sk = ctx->sk;

	int *cookie;

	__u32 key = 0;



	if (ctx->family != AF_INET6)

		return 1;



	if (ctx->op != BPF_SOCK_OPS_TCP_CONNECT_CB)

	if (!sk)

		return 1;



	switch (ctx->op) {

	case BPF_SOCK_OPS_TCP_CONNECT_CB:

		cookie = bpf_sk_storage_get(&sockops_netns_cookies, sk, 0,

					    BPF_SK_STORAGE_GET_F_CREATE);

		if (!cookie)

			return 1;



		*cookie = bpf_get_netns_cookie(ctx);

		break;

	case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:

		bpf_sock_map_update(ctx, &sock_map, &key, BPF_NOEXIST);

		break;

	default:

		break;

	}



	return 1;

}



SEC("sk_msg")

int get_netns_cookie_sk_msg(struct sk_msg_md *msg)

{

	struct bpf_sock *sk = msg->sk;

	int *cookie;



	if (msg->family != AF_INET6)

		return 1;



	if (!sk)

		return 1;



	cookie = bpf_sk_storage_get(&netns_cookies, sk, 0,

	cookie = bpf_sk_storage_get(&sk_msg_netns_cookies, sk, 0,

				    BPF_SK_STORAGE_GET_F_CREATE);

	if (!cookie)

		return 1;



	*cookie = bpf_get_netns_cookie(ctx);

	*cookie = bpf_get_netns_cookie(msg);



	return 1;

}



char _license[] SEC("license") = "GPL";