From: Chenbo Feng <chenbofeng.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: Lorenzo Colitti <lorenzo@google.com>,
Willem de Bruijn <willemb@google.com>,
Chenbo Feng <fengc@google.com>
Subject: [PATCH net-next 0/2] New getsockopt option to retrieve socket cookie
Date: Wed, 5 Apr 2017 19:00:54 -0700 [thread overview]
Message-ID: <1491444056-4312-1-git-send-email-chenbofeng.kernel@gmail.com> (raw)
From: Chenbo Feng <fengc@google.com>
In the current kernel socket cookie implementation, there is no simple
and direct way to retrieve the socket cookie based on file descriptor. A
process mat need to get it from sock fd if it want to correlate with
sock_diag output or use a bpf map with new socket cookie function.
If userspace wants to receive the socket cookie for a given socket fd,
it must send a SOCK_DIAG_BY_FAMILY dump request and look for the 5-tuple.
This is slow and can be ambiguous in the case of sockets that have the
same 5-tuple (e.g., tproxy / transparent sockets, SO_REUSEPORT sockets,
etc.).
As shown in the example program. The xt_eBPF program is using socket cookie
to record the network traffics statistics and with the socket cookie
retrieved by getsockopt. The program can directly access to a specific
socket data without scanning the whole bpf map.
Chenbo Feng (2):
New getsockopt option to get socket cookie
Sample program using SO_COOKIE
arch/alpha/include/uapi/asm/socket.h | 2 +
arch/avr32/include/uapi/asm/socket.h | 2 +
arch/frv/include/uapi/asm/socket.h | 2 +
arch/ia64/include/uapi/asm/socket.h | 2 +
arch/m32r/include/uapi/asm/socket.h | 2 +
arch/mips/include/uapi/asm/socket.h | 2 +
arch/mn10300/include/uapi/asm/socket.h | 2 +
arch/parisc/include/uapi/asm/socket.h | 2 +
arch/powerpc/include/uapi/asm/socket.h | 2 +
arch/s390/include/uapi/asm/socket.h | 2 +
arch/sparc/include/uapi/asm/socket.h | 2 +
arch/xtensa/include/uapi/asm/socket.h | 2 +
include/uapi/asm-generic/socket.h | 2 +
net/core/sock.c | 4 +
samples/bpf/cookie_uid_helper_example.c | 112 ++++++++++++++++++++++-----
samples/bpf/run_cookie_uid_helper_example.sh | 4 +-
16 files changed, 124 insertions(+), 22 deletions(-)
mode change 100644 => 100755 samples/bpf/run_cookie_uid_helper_example.sh
--
2.7.4
next reply other threads:[~2017-04-06 2:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-06 2:00 Chenbo Feng [this message]
2017-04-06 2:00 ` [PATCH net-next 1/2] New getsockopt option to get socket cookie Chenbo Feng
2017-04-06 2:00 ` [PATCH net-next 2/2] Sample program using SO_COOKIE Chenbo Feng
2017-04-06 13:05 ` [PATCH net-next 0/2] New getsockopt option to retrieve socket cookie Alexei Starovoitov
2017-04-08 15:07 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1491444056-4312-1-git-send-email-chenbofeng.kernel@gmail.com \
--to=chenbofeng.kernel@gmail.com \
--cc=fengc@google.com \
--cc=lorenzo@google.com \
--cc=netdev@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).