From: YiFei Zhu <zhuyifei@google.com>
To: bpf@vger.kernel.org
Cc: netdev@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Stanislav Fomichev <sdf@google.com>,
Martin KaFai Lau <martin.lau@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
Jiri Olsa <jolsa@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
David Ahern <dsahern@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>
Subject: [PATCH bpf-next 0/2] cgroup/connect{4,6} programs for unprivileged ICMP ping
Date: Thu, 1 Sep 2022 19:15:08 +0000 [thread overview]
Message-ID: <cover.1662058674.git.zhuyifei@google.com> (raw)
Usually when a TCP/UDP connection is initiated, we can bind the socket
to a specific IP attached to an interface in a cgroup/connect hook.
But for pings, this is impossible, as the hook is not being called.
This series adds the invocation for cgroup/connect{4,6} programs to
unprivileged ICMP ping (i.e. ping sockets created with SOCK_DGRAM
IPPROTO_ICMP(V6) as opposed to SOCK_RAW). This also adds a test to
verify that the hooks are being called and invoking bpf_bind() from
within the hook actually binds the socket.
Patch 1 adds the invocation of the hook. Patch 2 adds the tests.
YiFei Zhu (2):
bpf: Invoke cgroup/connect{4,6} programs for unprivileged ICMP ping
selftests/bpf: Ensure cgroup/connect{4,6} programs can bind unpriv
ICMP ping
net/ipv4/ping.c | 15 +
net/ipv6/ping.c | 16 +
.../selftests/bpf/prog_tests/connect_ping.c | 318 ++++++++++++++++++
.../selftests/bpf/progs/connect_ping.c | 53 +++
4 files changed, 402 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/connect_ping.c
create mode 100644 tools/testing/selftests/bpf/progs/connect_ping.c
--
2.37.2.789.g6183377224-goog
next reply other threads:[~2022-09-01 19:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-01 19:15 YiFei Zhu [this message]
2022-09-01 19:15 ` [PATCH bpf-next 1/2] bpf: Invoke cgroup/connect{4,6} programs for unprivileged ICMP ping YiFei Zhu
2022-09-01 19:15 ` [PATCH bpf-next 2/2] selftests/bpf: Ensure cgroup/connect{4,6} programs can bind unpriv " YiFei Zhu
2022-09-02 5:55 ` Martin KaFai Lau
2022-09-02 23:52 ` YiFei Zhu
2022-09-06 17:16 ` Martin KaFai Lau
2022-09-06 23:52 ` YiFei Zhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1662058674.git.zhuyifei@google.com \
--to=zhuyifei@google.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kuba@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@google.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.