* [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs
@ 2025-02-25 12:50 Mahe Tardy
2025-02-25 12:50 ` [PATCH bpf-next 2/2] selftests/bpf: add cgroup_skb netns cookie tests Mahe Tardy
2025-02-26 15:40 ` [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Mahe Tardy @ 2025-02-25 12:50 UTC (permalink / raw)
To: bpf; +Cc: martin.lau, daniel, john.fastabend, ast, andrii, Mahe Tardy
This is needed in the context of Cilium and Tetragon to retrieve netns
cookie from hostns when traffic leaves Pod, so that we can correlate
skb->sk's netns cookie.
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
---
net/core/filter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 2ec162dd83c4..827108c6dad9 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -8075,6 +8075,8 @@ sk_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_skb_load_bytes_relative_proto;
case BPF_FUNC_get_socket_cookie:
return &bpf_get_socket_cookie_proto;
+ case BPF_FUNC_get_netns_cookie:
+ return &bpf_get_netns_cookie_proto;
case BPF_FUNC_get_socket_uid:
return &bpf_get_socket_uid_proto;
case BPF_FUNC_perf_event_output:
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH bpf-next 2/2] selftests/bpf: add cgroup_skb netns cookie tests
2025-02-25 12:50 [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs Mahe Tardy
@ 2025-02-25 12:50 ` Mahe Tardy
2025-02-26 15:40 ` [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Mahe Tardy @ 2025-02-25 12:50 UTC (permalink / raw)
To: bpf; +Cc: martin.lau, daniel, john.fastabend, ast, andrii, Mahe Tardy
Add netns cookie test that verifies the helper is now supported and work
in the context of cgroup_skb programs.
Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
---
.../selftests/bpf/prog_tests/netns_cookie.c | 21 ++++++++++++-------
.../selftests/bpf/progs/netns_cookie_prog.c | 9 ++++++++
2 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
index ac3c3c097c0e..e00cd34586dd 100644
--- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
+++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
@@ -33,20 +33,25 @@ void test_netns_cookie(void)
skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup(
skel->progs.get_netns_cookie_sockops, cgroup_fd);
- if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach"))
+ if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach_sockops"))
goto done;
verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg);
map = bpf_map__fd(skel->maps.sock_map);
err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
- if (!ASSERT_OK(err, "prog_attach"))
+ if (!ASSERT_OK(err, "prog_attach_sk_msg"))
goto done;
tc_fd = bpf_program__fd(skel->progs.get_netns_cookie_tcx);
err = bpf_prog_attach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &opta);
- if (!ASSERT_OK(err, "prog_attach"))
+ if (!ASSERT_OK(err, "prog_attach_tcx"))
goto done;
+ skel->links.get_netns_cookie_cgroup_skb = bpf_program__attach_cgroup(
+ skel->progs.get_netns_cookie_cgroup_skb, cgroup_fd);
+ if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_cgroup_skb, "prog_attach_cgroup_skb"))
+ goto cleanup_tc;
+
server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0);
if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno))
goto cleanup_tc;
@@ -69,16 +74,18 @@ void test_netns_cookie(void)
if (!ASSERT_OK(err, "getsockopt"))
goto cleanup_tc;
- ASSERT_EQ(val, cookie_expected_value, "cookie_value");
+ ASSERT_EQ(val, cookie_expected_value, "cookie_value_sockops");
err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies),
&client_fd, &val);
if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)"))
goto cleanup_tc;
- ASSERT_EQ(val, cookie_expected_value, "cookie_value");
- ASSERT_EQ(skel->bss->tcx_init_netns_cookie, cookie_expected_value, "cookie_value");
- ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value");
+ ASSERT_EQ(val, cookie_expected_value, "cookie_value_sk_msg");
+ ASSERT_EQ(skel->bss->tcx_init_netns_cookie, cookie_expected_value, "cookie_value_init_tcx");
+ ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value_tcx");
+ ASSERT_EQ(skel->bss->cgroup_skb_init_netns_cookie, cookie_expected_value, "cookie_value_init_cgroup_skb");
+ ASSERT_EQ(skel->bss->cgroup_skb_netns_cookie, cookie_expected_value, "cookie_value_cgroup_skb");
cleanup_tc:
err = bpf_prog_detach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &optd);
diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
index c6edf8dbefeb..94040714af18 100644
--- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
+++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
@@ -28,6 +28,7 @@ struct {
} sock_map SEC(".maps");
int tcx_init_netns_cookie, tcx_netns_cookie;
+int cgroup_skb_init_netns_cookie, cgroup_skb_netns_cookie;
SEC("sockops")
int get_netns_cookie_sockops(struct bpf_sock_ops *ctx)
@@ -91,4 +92,12 @@ int get_netns_cookie_tcx(struct __sk_buff *skb)
return TCX_PASS;
}
+SEC("cgroup_skb/ingress")
+int get_netns_cookie_cgroup_skb(struct __sk_buff *skb)
+{
+ cgroup_skb_init_netns_cookie = bpf_get_netns_cookie(NULL);
+ cgroup_skb_netns_cookie = bpf_get_netns_cookie(skb);
+ return SK_PASS;
+}
+
char _license[] SEC("license") = "GPL";
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs
2025-02-25 12:50 [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs Mahe Tardy
2025-02-25 12:50 ` [PATCH bpf-next 2/2] selftests/bpf: add cgroup_skb netns cookie tests Mahe Tardy
@ 2025-02-26 15:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-02-26 15:40 UTC (permalink / raw)
To: Mahe Tardy; +Cc: bpf, martin.lau, daniel, john.fastabend, ast, andrii
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Tue, 25 Feb 2025 12:50:30 +0000 you wrote:
> This is needed in the context of Cilium and Tetragon to retrieve netns
> cookie from hostns when traffic leaves Pod, so that we can correlate
> skb->sk's netns cookie.
>
> Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
> ---
> net/core/filter.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> [...]
Here is the summary with links:
- [bpf-next,1/2] bpf: add get_netns_cookie helper to cgroup_skb programs
https://git.kernel.org/bpf/bpf-next/c/c221d3744ad3
- [bpf-next,2/2] selftests/bpf: add cgroup_skb netns cookie tests
https://git.kernel.org/bpf/bpf-next/c/9138048bb589
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-02-26 15:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-25 12:50 [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs Mahe Tardy
2025-02-25 12:50 ` [PATCH bpf-next 2/2] selftests/bpf: add cgroup_skb netns cookie tests Mahe Tardy
2025-02-26 15:40 ` [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to cgroup_skb programs patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox