* [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to tc programs @ 2024-10-02 16:01 Mahe Tardy 2024-10-02 16:01 ` [PATCH bpf-next 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 0 siblings, 1 reply; 9+ messages in thread From: Mahe Tardy @ 2024-10-02 16:01 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy This is needed in the context of Cilium and Tetragon to retrieve netns cookie from hostns when traffic leaves Pod, so that we can correlate skb->sk's netns cookie. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- net/core/filter.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index cd3524cb326b..6e80991125ba 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5138,6 +5138,17 @@ static u64 __bpf_get_netns_cookie(struct sock *sk) return net->net_cookie; } +BPF_CALL_1(bpf_get_netns_cookie, struct sk_buff *, skb) +{ + return __bpf_get_netns_cookie(skb->sk ? skb->sk : NULL); +} + +static const struct bpf_func_proto bpf_get_netns_cookie_proto = { + .func = bpf_get_netns_cookie, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, +}; + BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx) { return __bpf_get_netns_cookie(ctx); @@ -8209,6 +8220,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_skb_under_cgroup_proto; case BPF_FUNC_get_socket_cookie: return &bpf_get_socket_cookie_proto; + case BPF_FUNC_get_netns_cookie: + return &bpf_get_netns_cookie_proto; case BPF_FUNC_get_socket_uid: return &bpf_get_socket_uid_proto; case BPF_FUNC_fib_lookup: -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH bpf-next 2/2] selftests/bpf: add tcx netns cookie tests 2024-10-02 16:01 [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy @ 2024-10-02 16:01 ` Mahe Tardy 2024-10-02 16:42 ` Daniel Borkmann 0 siblings, 1 reply; 9+ messages in thread From: Mahe Tardy @ 2024-10-02 16:01 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy Add netns cookie test that verifies the helper is now supported and work in the context of tc programs. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- tools/testing/selftests/bpf/prog_tests/netns_cookie.c | 7 +++++++ tools/testing/selftests/bpf/progs/netns_cookie_prog.c | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c index 71d8f3ba7d6b..233fd66f59ee 100644 --- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c @@ -12,6 +12,7 @@ static int duration; void test_netns_cookie(void) { + LIBBPF_OPTS(bpf_prog_attach_opts, opta); int server_fd = -1, client_fd = -1, cgroup_fd = -1; int err, val, ret, map, verdict; struct netns_cookie_prog *skel; @@ -38,6 +39,11 @@ void test_netns_cookie(void) if (!ASSERT_OK(err, "prog_attach")) goto done; + verdict = bpf_program__fd(skel->progs.get_netns_cookie_tcx); + err = bpf_prog_attach_opts(verdict, 1, BPF_TCX_INGRESS, &opta); + if (!ASSERT_EQ(err, 0, "prog_attach")) + goto done; + server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) goto done; @@ -68,6 +74,7 @@ void test_netns_cookie(void) goto done; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); + ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value"); done: if (server_fd != -1) diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c index aeff3a4f9287..207f0e6c20b7 100644 --- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c +++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c @@ -27,6 +27,8 @@ struct { __type(value, __u64); } sock_map SEC(".maps"); +int tcx_netns_cookie; + SEC("sockops") int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) { @@ -81,4 +83,11 @@ int get_netns_cookie_sk_msg(struct sk_msg_md *msg) return 1; } +SEC("tcx/ingress") +int get_netns_cookie_tcx(struct __sk_buff *skb) +{ + tcx_netns_cookie = bpf_get_netns_cookie(skb); + return TCX_PASS; +} + char _license[] SEC("license") = "GPL"; -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH bpf-next 2/2] selftests/bpf: add tcx netns cookie tests 2024-10-02 16:01 ` [PATCH bpf-next 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy @ 2024-10-02 16:42 ` Daniel Borkmann 2024-10-02 17:57 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy 0 siblings, 1 reply; 9+ messages in thread From: Daniel Borkmann @ 2024-10-02 16:42 UTC (permalink / raw) To: Mahe Tardy, bpf; +Cc: martin.lau, john.fastabend On 10/2/24 6:01 PM, Mahe Tardy wrote: > Add netns cookie test that verifies the helper is now supported and work > in the context of tc programs. > > Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> > --- > tools/testing/selftests/bpf/prog_tests/netns_cookie.c | 7 +++++++ > tools/testing/selftests/bpf/progs/netns_cookie_prog.c | 9 +++++++++ > 2 files changed, 16 insertions(+) > > diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c > index 71d8f3ba7d6b..233fd66f59ee 100644 > --- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c > +++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c > @@ -12,6 +12,7 @@ static int duration; > > void test_netns_cookie(void) > { > + LIBBPF_OPTS(bpf_prog_attach_opts, opta); > int server_fd = -1, client_fd = -1, cgroup_fd = -1; > int err, val, ret, map, verdict; > struct netns_cookie_prog *skel; > @@ -38,6 +39,11 @@ void test_netns_cookie(void) > if (!ASSERT_OK(err, "prog_attach")) > goto done; > > + verdict = bpf_program__fd(skel->progs.get_netns_cookie_tcx); > + err = bpf_prog_attach_opts(verdict, 1, BPF_TCX_INGRESS, &opta); > + if (!ASSERT_EQ(err, 0, "prog_attach")) > + goto done; > + > server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); > if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) > goto done; > @@ -68,6 +74,7 @@ void test_netns_cookie(void) > goto done; > > ASSERT_EQ(val, cookie_expected_value, "cookie_value"); > + ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value"); > > done: > if (server_fd != -1) Looks like CI fails, as this is missing a bpf_prog_detach_opts(). > diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c > index aeff3a4f9287..207f0e6c20b7 100644 > --- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c > +++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c > @@ -27,6 +27,8 @@ struct { > __type(value, __u64); > } sock_map SEC(".maps"); > > +int tcx_netns_cookie; > + > SEC("sockops") > int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) > { > @@ -81,4 +83,11 @@ int get_netns_cookie_sk_msg(struct sk_msg_md *msg) > return 1; > } > > +SEC("tcx/ingress") > +int get_netns_cookie_tcx(struct __sk_buff *skb) > +{ > + tcx_netns_cookie = bpf_get_netns_cookie(skb); > + return TCX_PASS; > +} > + > char _license[] SEC("license") = "GPL"; > -- > 2.34.1 > ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs 2024-10-02 16:42 ` Daniel Borkmann @ 2024-10-02 17:57 ` Mahe Tardy 2024-10-02 17:57 ` [PATCH bpf-next v2 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 2024-10-04 12:00 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Daniel Borkmann 0 siblings, 2 replies; 9+ messages in thread From: Mahe Tardy @ 2024-10-02 17:57 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy This is needed in the context of Cilium and Tetragon to retrieve netns cookie from hostns when traffic leaves Pod, so that we can correlate skb->sk's netns cookie. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- net/core/filter.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index cd3524cb326b..6e80991125ba 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5138,6 +5138,17 @@ static u64 __bpf_get_netns_cookie(struct sock *sk) return net->net_cookie; } +BPF_CALL_1(bpf_get_netns_cookie, struct sk_buff *, skb) +{ + return __bpf_get_netns_cookie(skb->sk ? skb->sk : NULL); +} + +static const struct bpf_func_proto bpf_get_netns_cookie_proto = { + .func = bpf_get_netns_cookie, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, +}; + BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx) { return __bpf_get_netns_cookie(ctx); @@ -8209,6 +8220,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_skb_under_cgroup_proto; case BPF_FUNC_get_socket_cookie: return &bpf_get_socket_cookie_proto; + case BPF_FUNC_get_netns_cookie: + return &bpf_get_netns_cookie_proto; case BPF_FUNC_get_socket_uid: return &bpf_get_socket_uid_proto; case BPF_FUNC_fib_lookup: -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH bpf-next v2 2/2] selftests/bpf: add tcx netns cookie tests 2024-10-02 17:57 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy @ 2024-10-02 17:57 ` Mahe Tardy 2024-10-04 12:00 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Daniel Borkmann 1 sibling, 0 replies; 9+ messages in thread From: Mahe Tardy @ 2024-10-02 17:57 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy Add netns cookie test that verifies the helper is now supported and work in the context of tc programs. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- .../selftests/bpf/prog_tests/netns_cookie.c | 28 ++++++++++++++----- .../selftests/bpf/progs/netns_cookie_prog.c | 9 ++++++ 2 files changed, 30 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c index 71d8f3ba7d6b..a014082d1e09 100644 --- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c @@ -8,12 +8,16 @@ #define SO_NETNS_COOKIE 71 #endif +#define loopback 1 + static int duration; void test_netns_cookie(void) { + LIBBPF_OPTS(bpf_prog_attach_opts, opta); + LIBBPF_OPTS(bpf_prog_detach_opts, optd); int server_fd = -1, client_fd = -1, cgroup_fd = -1; - int err, val, ret, map, verdict; + int err, val, ret, map, verdict, tc_fd; struct netns_cookie_prog *skel; uint64_t cookie_expected_value; socklen_t vallen = sizeof(cookie_expected_value); @@ -38,36 +42,46 @@ void test_netns_cookie(void) if (!ASSERT_OK(err, "prog_attach")) goto done; + tc_fd = bpf_program__fd(skel->progs.get_netns_cookie_tcx); + err = bpf_prog_attach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &opta); + if (!ASSERT_OK(err, "prog_attach")) + goto done; + server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) - goto done; + goto cleanup_tc; client_fd = connect_to_fd(server_fd, 0); if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno)) - goto done; + goto cleanup_tc; ret = send(client_fd, send_msg, sizeof(send_msg), 0); if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret)) - goto done; + goto cleanup_tc; err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies), &client_fd, &val); if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)")) - goto done; + goto cleanup_tc; err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE, &cookie_expected_value, &vallen); if (!ASSERT_OK(err, "getsockopt")) - goto done; + goto cleanup_tc; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies), &client_fd, &val); if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)")) - goto done; + goto cleanup_tc; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); + ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value"); + +cleanup_tc: + err = bpf_prog_detach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &optd); + ASSERT_OK(err, "prog_detach"); done: if (server_fd != -1) diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c index aeff3a4f9287..207f0e6c20b7 100644 --- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c +++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c @@ -27,6 +27,8 @@ struct { __type(value, __u64); } sock_map SEC(".maps"); +int tcx_netns_cookie; + SEC("sockops") int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) { @@ -81,4 +83,11 @@ int get_netns_cookie_sk_msg(struct sk_msg_md *msg) return 1; } +SEC("tcx/ingress") +int get_netns_cookie_tcx(struct __sk_buff *skb) +{ + tcx_netns_cookie = bpf_get_netns_cookie(skb); + return TCX_PASS; +} + char _license[] SEC("license") = "GPL"; -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs 2024-10-02 17:57 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy 2024-10-02 17:57 ` [PATCH bpf-next v2 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy @ 2024-10-04 12:00 ` Daniel Borkmann 2024-10-07 9:59 ` [PATCH bpf-next v3 " Mahe Tardy 1 sibling, 1 reply; 9+ messages in thread From: Daniel Borkmann @ 2024-10-04 12:00 UTC (permalink / raw) To: Mahe Tardy, bpf; +Cc: martin.lau, john.fastabend On 10/2/24 7:57 PM, Mahe Tardy wrote: > This is needed in the context of Cilium and Tetragon to retrieve netns > cookie from hostns when traffic leaves Pod, so that we can correlate > skb->sk's netns cookie. > > Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> > --- > net/core/filter.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/net/core/filter.c b/net/core/filter.c > index cd3524cb326b..6e80991125ba 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -5138,6 +5138,17 @@ static u64 __bpf_get_netns_cookie(struct sock *sk) > return net->net_cookie; > } > > +BPF_CALL_1(bpf_get_netns_cookie, struct sk_buff *, skb) > +{ > + return __bpf_get_netns_cookie(skb->sk ? skb->sk : NULL); > +} > + > +static const struct bpf_func_proto bpf_get_netns_cookie_proto = { > + .func = bpf_get_netns_cookie, > + .ret_type = RET_INTEGER, > + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, This basically tells the verifier that NULL or context can be passed to the helper. As-is above, the `skb->sk ?` will trigger a NULL pointer dereference. If you look into other implementations, the above should rather look like: return __bpf_get_netns_cookie(skb && skb->sk ? skb->sk : NULL); > +}; > + > BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx) > { > return __bpf_get_netns_cookie(ctx); > @@ -8209,6 +8220,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > return &bpf_skb_under_cgroup_proto; > case BPF_FUNC_get_socket_cookie: > return &bpf_get_socket_cookie_proto; > + case BPF_FUNC_get_netns_cookie: > + return &bpf_get_netns_cookie_proto; > case BPF_FUNC_get_socket_uid: > return &bpf_get_socket_uid_proto; > case BPF_FUNC_fib_lookup: > -- > 2.34.1 > ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH bpf-next v3 1/2] bpf: add get_netns_cookie helper to tc programs 2024-10-04 12:00 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Daniel Borkmann @ 2024-10-07 9:59 ` Mahe Tardy 2024-10-07 9:59 ` [PATCH bpf-next v3 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 2024-10-08 21:40 ` [PATCH bpf-next v3 1/2] bpf: add get_netns_cookie helper to tc programs patchwork-bot+netdevbpf 0 siblings, 2 replies; 9+ messages in thread From: Mahe Tardy @ 2024-10-07 9:59 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy This is needed in the context of Cilium and Tetragon to retrieve netns cookie from hostns when traffic leaves Pod, so that we can correlate skb->sk's netns cookie. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- net/core/filter.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index cd3524cb326b..944bbe12a039 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5138,6 +5138,17 @@ static u64 __bpf_get_netns_cookie(struct sock *sk) return net->net_cookie; } +BPF_CALL_1(bpf_get_netns_cookie, struct sk_buff *, skb) +{ + return __bpf_get_netns_cookie(skb && skb->sk ? skb->sk : NULL); +} + +static const struct bpf_func_proto bpf_get_netns_cookie_proto = { + .func = bpf_get_netns_cookie, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, +}; + BPF_CALL_1(bpf_get_netns_cookie_sock, struct sock *, ctx) { return __bpf_get_netns_cookie(ctx); @@ -8209,6 +8220,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_skb_under_cgroup_proto; case BPF_FUNC_get_socket_cookie: return &bpf_get_socket_cookie_proto; + case BPF_FUNC_get_netns_cookie: + return &bpf_get_netns_cookie_proto; case BPF_FUNC_get_socket_uid: return &bpf_get_socket_uid_proto; case BPF_FUNC_fib_lookup: -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH bpf-next v3 2/2] selftests/bpf: add tcx netns cookie tests 2024-10-07 9:59 ` [PATCH bpf-next v3 " Mahe Tardy @ 2024-10-07 9:59 ` Mahe Tardy 2024-10-08 21:40 ` [PATCH bpf-next v3 1/2] bpf: add get_netns_cookie helper to tc programs patchwork-bot+netdevbpf 1 sibling, 0 replies; 9+ messages in thread From: Mahe Tardy @ 2024-10-07 9:59 UTC (permalink / raw) To: bpf; +Cc: martin.lau, daniel, john.fastabend, Mahe Tardy Add netns cookie test that verifies the helper is now supported and work in the context of tc programs. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> --- .../selftests/bpf/prog_tests/netns_cookie.c | 29 ++++++++++++++----- .../selftests/bpf/progs/netns_cookie_prog.c | 10 +++++++ 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c index 71d8f3ba7d6b..ac3c3c097c0e 100644 --- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c @@ -8,12 +8,16 @@ #define SO_NETNS_COOKIE 71 #endif +#define loopback 1 + static int duration; void test_netns_cookie(void) { + LIBBPF_OPTS(bpf_prog_attach_opts, opta); + LIBBPF_OPTS(bpf_prog_detach_opts, optd); int server_fd = -1, client_fd = -1, cgroup_fd = -1; - int err, val, ret, map, verdict; + int err, val, ret, map, verdict, tc_fd; struct netns_cookie_prog *skel; uint64_t cookie_expected_value; socklen_t vallen = sizeof(cookie_expected_value); @@ -38,36 +42,47 @@ void test_netns_cookie(void) if (!ASSERT_OK(err, "prog_attach")) goto done; + tc_fd = bpf_program__fd(skel->progs.get_netns_cookie_tcx); + err = bpf_prog_attach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &opta); + if (!ASSERT_OK(err, "prog_attach")) + goto done; + server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) - goto done; + goto cleanup_tc; client_fd = connect_to_fd(server_fd, 0); if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno)) - goto done; + goto cleanup_tc; ret = send(client_fd, send_msg, sizeof(send_msg), 0); if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret)) - goto done; + goto cleanup_tc; err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies), &client_fd, &val); if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)")) - goto done; + goto cleanup_tc; err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE, &cookie_expected_value, &vallen); if (!ASSERT_OK(err, "getsockopt")) - goto done; + goto cleanup_tc; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies), &client_fd, &val); if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)")) - goto done; + goto cleanup_tc; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); + ASSERT_EQ(skel->bss->tcx_init_netns_cookie, cookie_expected_value, "cookie_value"); + ASSERT_EQ(skel->bss->tcx_netns_cookie, cookie_expected_value, "cookie_value"); + +cleanup_tc: + err = bpf_prog_detach_opts(tc_fd, loopback, BPF_TCX_INGRESS, &optd); + ASSERT_OK(err, "prog_detach"); done: if (server_fd != -1) diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c index aeff3a4f9287..c6edf8dbefeb 100644 --- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c +++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c @@ -27,6 +27,8 @@ struct { __type(value, __u64); } sock_map SEC(".maps"); +int tcx_init_netns_cookie, tcx_netns_cookie; + SEC("sockops") int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) { @@ -81,4 +83,12 @@ int get_netns_cookie_sk_msg(struct sk_msg_md *msg) return 1; } +SEC("tcx/ingress") +int get_netns_cookie_tcx(struct __sk_buff *skb) +{ + tcx_init_netns_cookie = bpf_get_netns_cookie(NULL); + tcx_netns_cookie = bpf_get_netns_cookie(skb); + return TCX_PASS; +} + char _license[] SEC("license") = "GPL"; -- 2.34.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH bpf-next v3 1/2] bpf: add get_netns_cookie helper to tc programs 2024-10-07 9:59 ` [PATCH bpf-next v3 " Mahe Tardy 2024-10-07 9:59 ` [PATCH bpf-next v3 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy @ 2024-10-08 21:40 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 9+ messages in thread From: patchwork-bot+netdevbpf @ 2024-10-08 21:40 UTC (permalink / raw) To: Mahe Tardy; +Cc: bpf, martin.lau, daniel, john.fastabend Hello: This series was applied to bpf/bpf-next.git (net) by Martin KaFai Lau <martin.lau@kernel.org>: On Mon, 7 Oct 2024 09:59:57 +0000 you wrote: > This is needed in the context of Cilium and Tetragon to retrieve netns > cookie from hostns when traffic leaves Pod, so that we can correlate > skb->sk's netns cookie. > > Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> > --- > net/core/filter.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > [...] Here is the summary with links: - [bpf-next,v3,1/2] bpf: add get_netns_cookie helper to tc programs https://git.kernel.org/bpf/bpf-next/c/eb62f49de7ec - [bpf-next,v3,2/2] selftests/bpf: add tcx netns cookie tests https://git.kernel.org/bpf/bpf-next/c/693fe954d61d You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-10-08 21:40 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-10-02 16:01 [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy 2024-10-02 16:01 ` [PATCH bpf-next 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 2024-10-02 16:42 ` Daniel Borkmann 2024-10-02 17:57 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Mahe Tardy 2024-10-02 17:57 ` [PATCH bpf-next v2 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 2024-10-04 12:00 ` [PATCH bpf-next v2 1/2] bpf: add get_netns_cookie helper to tc programs Daniel Borkmann 2024-10-07 9:59 ` [PATCH bpf-next v3 " Mahe Tardy 2024-10-07 9:59 ` [PATCH bpf-next v3 2/2] selftests/bpf: add tcx netns cookie tests Mahe Tardy 2024-10-08 21:40 ` [PATCH bpf-next v3 1/2] bpf: add get_netns_cookie helper to tc programs patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox