From: Daniel Borkmann <daniel@iogearbox.net>
To: Quentin Monnet <quentin.monnet@netronome.com>, ast@kernel.org
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH bpf-next 06/11] bpf: add bpf_skb_cgroup_id helper
Date: Tue, 29 May 2018 17:43:13 +0200 [thread overview]
Message-ID: <2e119a52-5dc8-6236-1abb-900d9a8f4552@iogearbox.net> (raw)
In-Reply-To: <ada6df29-600c-9e86-3843-36951f0f226e@netronome.com>
On 05/29/2018 02:15 PM, Quentin Monnet wrote:
> Hi Daniel,
>
> 2018-05-28 02:43 UTC+0200 ~ Daniel Borkmann <daniel@iogearbox.net>
>> Add a new bpf_skb_cgroup_id() helper that allows to retrieve the
>> cgroup id from the skb's socket. This is useful in particular to
>> enable bpf_get_cgroup_classid()-like behavior for cgroup v1 in
>> cgroup v2 by allowing ID based matching on egress. This can in
>> particular be used in combination with applying policy e.g. from
>> map lookups, and also complements the older bpf_skb_under_cgroup()
>> interface. In user space the cgroup id for a given path can be
>> retrieved through the f_handle as demonstrated in [0] recently.
>>
>> [0] https://lkml.org/lkml/2018/5/22/1190
>>
>> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>> Acked-by: Alexei Starovoitov <ast@kernel.org>
>> ---
>> include/uapi/linux/bpf.h | 17 ++++++++++++++++-
>> net/core/filter.c | 29 +++++++++++++++++++++++++++--
>> 2 files changed, 43 insertions(+), 3 deletions(-)
>>
>> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
>> index 9b8c6e3..e2853aa 100644
>> --- a/include/uapi/linux/bpf.h
>> +++ b/include/uapi/linux/bpf.h
>> @@ -2004,6 +2004,20 @@ union bpf_attr {
>> * direct packet access.
>> * Return
>> * 0 on success, or a negative error in case of failure.
>> + *
>> + * uint64_t bpf_skb_cgroup_id(struct sk_buff *skb)
>> + * Description
>> + * Return the cgroup v2 id of the socket associated with the *skb*.
>> + * This is roughly similar to the **bpf_get_cgroup_classid**\ ()
>> + * helper for cgroup v1 by providing a tag resp. identifier that
>> + * can be matched on or used for map lookups e.g. to implement
>> + * policy. The cgroup v2 id of a given path in the hierarchy is
>> + * exposed in user space through the f_handle API in order to get
>> + * to the same 64-bit id.
>> + *
>> + * This helper can be used on TC egress path, but not on ingress.
>
> Nitpick: Maybe mention that the kernel must be built with
> CONFIG_SOCK_CGROUP_DATA option for the helper to be available?
Yeah that's fine. I was planning on a minor respin anyway some time today,
so I'll also update the description along with it.
Cheers,
Daniel
next prev parent reply other threads:[~2018-05-29 15:43 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-28 0:43 [PATCH bpf-next 00/11] Misc BPF improvements Daniel Borkmann
2018-05-28 0:43 ` [PATCH bpf-next 01/11] bpf: test case for map pointer poison with calls/branches Daniel Borkmann
2018-05-29 18:01 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 02/11] bpf: add also cbpf long jump test cases with heavy expansion Daniel Borkmann
2018-05-29 18:09 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 03/11] bpf: fixup error message from gpl helpers on license mismatch Daniel Borkmann
2018-05-29 17:16 ` Jesper Dangaard Brouer
2018-05-29 18:10 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 04/11] bpf: show prog and map id in fdinfo Daniel Borkmann
2018-05-29 17:27 ` Jesper Dangaard Brouer
2018-05-29 19:55 ` Daniel Borkmann
2018-05-30 16:15 ` Song Liu
2018-05-30 17:15 ` Jesper Dangaard Brouer
2018-05-28 0:43 ` [PATCH bpf-next 05/11] bpf: avoid retpoline for lookup/update/delete calls on maps Daniel Borkmann
2018-05-29 17:23 ` Jesper Dangaard Brouer
2018-05-30 17:06 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 06/11] bpf: add bpf_skb_cgroup_id helper Daniel Borkmann
2018-05-29 12:15 ` Quentin Monnet
2018-05-29 15:43 ` Daniel Borkmann [this message]
2018-05-28 0:43 ` [PATCH bpf-next 07/11] bpf: make sure to clear unused fields in tunnel/xfrm state fetch Daniel Borkmann
2018-05-30 17:15 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 08/11] bpf: fix cbpf parser bug for octal numbers Daniel Borkmann
2018-05-30 17:16 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 09/11] bpf: fix context access in tracing progs on 32 bit archs Daniel Borkmann
2018-05-30 16:46 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 10/11] bpf: sync bpf uapi header with tools Daniel Borkmann
2018-05-30 16:10 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 11/11] bpf, doc: add missing patchwork url and libbpf to maintainers Daniel Borkmann
2018-05-30 0:16 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e119a52-5dc8-6236-1abb-900d9a8f4552@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=quentin.monnet@netronome.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.