[PATCH bpf-next v3 7/8] bpf: add sockopt documentation

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
	Stanislav Fomichev <sdf@google.com>
Subject: [PATCH bpf-next v3 7/8] bpf: add sockopt documentation
Date: Fri,  7 Jun 2019 09:29:19 -0700	[thread overview]
Message-ID: <20190607162920.24546-8-sdf@google.com> (raw)
In-Reply-To: <20190607162920.24546-1-sdf@google.com>

Provide user documentation about sockopt prog type and cgroup hooks.

v2:
* use return code 2 for kernel bypass

Signed-off-by: Stanislav Fomichev <sdf@google.com>
---
 Documentation/bpf/index.rst               |  1 +
 Documentation/bpf/prog_cgroup_sockopt.rst | 39 +++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 Documentation/bpf/prog_cgroup_sockopt.rst

diff --git a/Documentation/bpf/index.rst b/Documentation/bpf/index.rst
index d3fe4cac0c90..801a6ed3f2e5 100644
--- a/Documentation/bpf/index.rst
+++ b/Documentation/bpf/index.rst
@@ -42,6 +42,7 @@ Program types
 .. toctree::
    :maxdepth: 1
 
+   prog_cgroup_sockopt
    prog_cgroup_sysctl
    prog_flow_dissector
 
diff --git a/Documentation/bpf/prog_cgroup_sockopt.rst b/Documentation/bpf/prog_cgroup_sockopt.rst
new file mode 100644
index 000000000000..b117451ab571
--- /dev/null
+++ b/Documentation/bpf/prog_cgroup_sockopt.rst
@@ -0,0 +1,39 @@
+.. SPDX-License-Identifier: GPL-2.0
+
+=====================
+BPF_PROG_TYPE_SOCKOPT
+=====================
+
+``BPF_PROG_TYPE_SOCKOPT`` program type can be attached to two cgroup hooks:
+
+* ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
+  system call.
+* ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
+  system call.
+
+The context (``struct bpf_sockopt``) has associated socket (``sk``) and
+all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.
+
+BPF_CGROUP_SETSOCKOPT
+=====================
+
+``BPF_CGROUP_SETSOCKOPT`` has a read-only context and this hook has
+access to cgroup and socket local storage.
+
+BPF_CGROUP_GETSOCKOPT
+=====================
+
+``BPF_CGROUP_GETSOCKOPT`` has to fill in ``optval`` and adjust
+``optlen`` accordingly. Input ``optlen`` contains the maximum length
+of data that can be returned to the userspace. In other words, BPF
+program can't increase ``optlen``, it can only decrease it.
+
+Return Type
+===========
+
+* ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
+* ``1`` - success: after returning from the BPF hook, kernel will also
+  handle this socket option.
+* ``2`` - success: after returning from the BPF hook, kernel will _not_
+  handle this socket option; control will be returned to the userspace
+  instead.
-- 
2.22.0.rc1.311.g5d7573a151-goog

next prev parent reply	other threads:[~2019-06-07 16:29 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-07 16:29 [PATCH bpf-next v3 0/8] bpf: getsockopt and setsockopt hooks Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 1/8] bpf: implement " Stanislav Fomichev
2019-06-08  7:08   ` Martin Lau
2019-06-10 16:10     ` Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 2/8] bpf: sync bpf.h to tools/ Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 3/8] libbpf: support sockopt hooks Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 4/8] selftests/bpf: test sockopt section name Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 5/8] selftests/bpf: add sockopt test Stanislav Fomichev
2019-06-07 16:29 ` [PATCH bpf-next v3 6/8] selftests/bpf: add sockopt test that exercises sk helpers Stanislav Fomichev
2019-06-07 16:29 ` Stanislav Fomichev [this message]
2019-06-07 16:29 ` [PATCH bpf-next v3 8/8] bpftool: support cgroup sockopt Stanislav Fomichev

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d3fe4cac0c9 dfblob:801a6ed3f2e dfblob:b117451ab57 )
 OR (
bs:"[PATCH bpf-next v3 7/8] bpf: add sockopt documentation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190607162920.24546-8-sdf@google.com \
    --to=sdf@google.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.