From: Daniel Borkmann <daniel@iogearbox.net>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Chenbo Feng <chenbofeng.kernel@gmail.com>
Cc: netdev@vger.kernel.org, Lorenzo Colitti <lorenzo@google.com>,
Willem de Bruijn <willemb@google.com>,
Chenbo Feng <fengc@google.com>
Subject: Re: [PATCH net-next] Add uid and cookie bpf helper to cg_skb_func_proto
Date: Sat, 15 Apr 2017 02:20:36 +0200 [thread overview]
Message-ID: <58F16754.80401@iogearbox.net> (raw)
In-Reply-To: <20170415000752.GC68140@ast-mbp.thefacebook.com>
On 04/15/2017 02:07 AM, Alexei Starovoitov wrote:
> On Fri, Apr 14, 2017 at 04:12:14PM -0700, Chenbo Feng wrote:
>> From: Chenbo Feng <fengc@google.com>
>>
>> BPF helper functions get_socket_cookie and get_socket_uid can be
>> used for network traffic classifications, among others. Expose
>> them also to programs of type BPF_PROG_TYPE_CGROUP_SKB. As of
>> commit 8f917bba0042 ("bpf: pass sk to helper functions") the required
>> skb->sk function is available at both cgroup bpf ingress and egress
>> hooks.
>>
>> Signed-off-by: Chenbo Feng <fengc@google.com>
>
> Thanks for follow up.
> Another alternative is to do
> cg_skb_func_proto(enum bpf_func_id func_id)
> {
> return sk_filter_func_proto(func_id);
> }
>
> I think all socket filter helpers are applicable to cg_skb too.
Yeah, both will effectively be the same at that point:
static const struct bpf_func_proto *
sk_filter_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return &bpf_skb_load_bytes_proto;
case BPF_FUNC_get_socket_cookie:
return &bpf_get_socket_cookie_proto;
case BPF_FUNC_get_socket_uid:
return &bpf_get_socket_uid_proto;
default:
return bpf_base_func_proto(func_id);
}
}
And with the two additions:
static const struct bpf_func_proto *
cg_skb_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return &bpf_skb_load_bytes_proto;
+ case BPF_FUNC_get_socket_cookie:
+ return &bpf_get_socket_cookie_proto;
+ case BPF_FUNC_get_socket_uid:
+ return &bpf_get_socket_uid_proto;
default:
return bpf_base_func_proto(func_id);
}
}
prev parent reply other threads:[~2017-04-15 0:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-14 23:12 [PATCH net-next] Add uid and cookie bpf helper to cg_skb_func_proto Chenbo Feng
2017-04-15 0:07 ` Alexei Starovoitov
2017-04-15 0:20 ` Daniel Borkmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58F16754.80401@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=alexei.starovoitov@gmail.com \
--cc=chenbofeng.kernel@gmail.com \
--cc=fengc@google.com \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.