From: Mahe Tardy <mahe.tardy@gmail.com>
To: Martin KaFai Lau <martin.lau@linux.dev>
Cc: daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org,
andrii@kernel.org, jolsa@kernel.org, bpf@vger.kernel.org,
Network Development <netdev@vger.kernel.org>
Subject: Re: [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to tracing programs
Date: Mon, 3 Mar 2025 11:14:57 +0100 [thread overview]
Message-ID: <Z8WBIR72Zu5x50N9@MTARDY-M-GJC6> (raw)
In-Reply-To: <96dbd7df-1fa7-4caa-a52c-372d696e0f38@linux.dev>
On Thu, Feb 27, 2025 at 12:32:43PM -0800, Martin KaFai Lau wrote:
> On 2/27/25 10:28 AM, Mahe Tardy wrote:
> > This is needed in the context of Cilium and Tetragon to retrieve netns
> > cookie from hostns when traffic leaves Pod, so that we can correlate
> > skb->sk's netns cookie.
> >
> > Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
> > ---
> > This is a follow-up of c221d3744ad3 ("bpf: add get_netns_cookie helper
> > to cgroup_skb programs") and eb62f49de7ec ("bpf: add get_netns_cookie
> > helper to tc programs"), adding this helper respectively to cgroup_skb
> > and tcx programs.
> >
> > I looked up a patch doing a similar thing c5dbb89fc2ac ("bpf: Expose
> > bpf_get_socket_cookie to tracing programs") and there was an item about
> > "sleepable context". It seems it indeed concerns tracing and LSM progs
> > from reading 1e6c62a88215 ("bpf: Introduce sleepable BPF programs"). Is
> > this needed here?
>
> Regarding sleepable, I think the bpf_get_netns_cookie_sock is only reading,
> should be fine.
Ok thank you.
> The immediate question is whether sock_net(sk) must be non-NULL for tracing.
We discussed this offline with Daniel Borkmann and we think that it
might not be the question. The get_netns_cookie(NULL) call allows us to
compare against get_netns_cookie(sock) to see whether the sock's netns
is equal to the init netns and thus dispatch different logic.
Given we (in Tetragon) historically used tracing programs when no
appropriate network hook was available on older kernels I can foresee
how it can still be useful in such programs.
next prev parent reply other threads:[~2025-03-03 10:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250227182830.90863-1-mahe.tardy@gmail.com>
2025-02-27 20:32 ` [PATCH bpf-next 1/2] bpf: add get_netns_cookie helper to tracing programs Martin KaFai Lau
2025-03-03 10:14 ` Mahe Tardy [this message]
2025-03-03 19:14 ` Martin KaFai Lau
2025-03-06 17:03 ` Mahe Tardy
2025-03-07 23:06 ` Martin KaFai Lau
2025-03-08 6:17 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8WBIR72Zu5x50N9@MTARDY-M-GJC6 \
--to=mahe.tardy@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox