Re: [PATCH net-next v2 1/2] Add a helper function to get socket cookie in eBPF

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox.net>
To: Chenbo Feng <chenbofeng.kernel@gmail.com>,
	netdev@vger.kernel.org, Alexei Starovoitov <ast@fb.com>
Cc: Lorenzo Colitti <lorenzo@google.com>,
	Willem de Bruijn <willemb@google.com>,
	Chenbo Feng <fengc@google.com>
Subject: Re: [PATCH net-next v2 1/2] Add a helper function to get socket cookie in eBPF
Date: Mon, 06 Feb 2017 12:20:57 +0100	[thread overview]
Message-ID: <58985C19.1030401@iogearbox.net> (raw)
In-Reply-To: <1486347448-15393-2-git-send-email-chenbofeng.kernel@gmail.com>

On 02/06/2017 03:17 AM, Chenbo Feng wrote:
> From: Chenbo Feng <fengc@google.com>
>
> Retrieve the socket cookie generated by sock_gen_cookie() from a sk_buff
> with a known socket. Generates a new cookie if one was not yet set.If
> the socket pointer inside sk_buff is NULL, 0 is returned. The helper
> function coud be useful in monitoring per socket networking traffic
> statistics and provide a unique socket identifier per namespace.
>
> Signed-off-by: Chenbo Feng <chenbofeng.kernel@gmail.com>
[...]
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 0b753cb..632fb91 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -26,6 +26,7 @@
>   #include <linux/mm.h>
>   #include <linux/fcntl.h>
>   #include <linux/socket.h>
> +#include <linux/sock_diag.h>
>   #include <linux/in.h>
>   #include <linux/inet.h>
>   #include <linux/netdevice.h>
> @@ -2599,6 +2600,18 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = {
>   	.arg5_type	= ARG_CONST_SIZE,
>   };
>
> +BPF_CALL_1(bpf_get_socket_cookie, struct sk_buff *, skb)
> +{
> +	return skb->sk ? sock_gen_cookie(skb->sk) : 0;
> +}
> +
> +static const struct bpf_func_proto bpf_get_socket_cookie_proto = {
> +	.func           = bpf_get_socket_cookie,
> +	.gpl_only       = false,
> +	.ret_type       = RET_INTEGER,
> +	.arg1_type      = ARG_PTR_TO_CTX,
> +};
> +
>   static const struct bpf_func_proto *
>   bpf_base_func_proto(enum bpf_func_id func_id)
>   {
> @@ -2622,6 +2635,8 @@ bpf_base_func_proto(enum bpf_func_id func_id)
>   	case BPF_FUNC_trace_printk:
>   		if (capable(CAP_SYS_ADMIN))
>   			return bpf_get_trace_printk_proto();
> +	case BPF_FUNC_get_socket_cookie:
> +		return &bpf_get_socket_cookie_proto;
>   	default:
>   		return NULL;
>   	}

This still has one issue that would need to be addressed, otherwise
looks good and ready to me.

Issue is that it cannot be added to bpf_base_func_proto(), because
that is also used by cg_sock_ops, which has struct sock as input
instead of struct sk_buff.

I suggest, we initially add this to both, sk_filter_func_proto() and
tc_cls_act_func_proto() and, if needed, we could follow-up with other
prog types at some later point in time. Otherwise, looks fine.

> diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
> index 6b10573..acd2a6c 100644
> --- a/net/core/sock_diag.c
> +++ b/net/core/sock_diag.c
> @@ -19,7 +19,7 @@ static int (*inet_rcv_compat)(struct sk_buff *skb, struct nlmsghdr *nlh);
>   static DEFINE_MUTEX(sock_diag_table_mutex);
>   static struct workqueue_struct *broadcast_wq;
>
> -static u64 sock_gen_cookie(struct sock *sk)
> +u64 sock_gen_cookie(struct sock *sk)
>   {
>   	while (1) {
>   		u64 res = atomic64_read(&sk->sk_cookie);
>

next prev parent reply	other threads:[~2017-02-06 11:21 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-06  2:17 [PATCH net-next v2 0/2] Two Helper function about socket information Chenbo Feng
2017-02-06  2:17 ` [PATCH net-next v2 1/2] Add a helper function to get socket cookie in eBPF Chenbo Feng
2017-02-06  2:57   ` Eric Dumazet
2017-02-06  3:01   ` Lorenzo Colitti
2017-02-06  3:30     ` Eric Dumazet
2017-02-06 11:20   ` Daniel Borkmann [this message]
2017-02-06  2:17 ` [PATCH net-next v2 2/2] Add a eBPF helper function to retrieve socket uid Chenbo Feng
2017-02-06  2:48   ` kbuild test robot
2017-02-06  3:02   ` Eric Dumazet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=58985C19.1030401@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=ast@fb.com \
    --cc=chenbofeng.kernel@gmail.com \
    --cc=fengc@google.com \
    --cc=lorenzo@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.