[PATCH bpf-next 0/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG

[PATCH bpf-next 0/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG

[Xu Liu]

We'd like to be able to identify netns from sk_msg hooks
to accelerate local process communication form different netns.

Xu Liu (2):
  bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG
  selftests/bpf: Test for get_netns_cookie

 net/core/filter.c                             | 14 +++++
 .../selftests/bpf/prog_tests/netns_cookie.c   | 57 ++++++++++++-------
 .../selftests/bpf/progs/netns_cookie_prog.c   | 55 ++++++++++++++++--
 3 files changed, 102 insertions(+), 24 deletions(-)

-- 
2.28.0

[PATCH bpf-next 1/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG

[Xu Liu]

We'd like to be able to identify netns from sk_msg hooks
to accelerate local process communication form different netns.

Signed-off-by: Xu Liu <liuxu623@gmail.com>
---
 net/core/filter.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/net/core/filter.c b/net/core/filter.c
index 59b8f5050180..cfbd01167eb5 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4688,6 +4688,18 @@ static const struct bpf_func_proto bpf_get_netns_cookie_sock_ops_proto = {
 	.arg1_type	= ARG_PTR_TO_CTX_OR_NULL,
 };
 
+BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx)
+{
+	return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);
+}
+
+static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = {
+	.func		= bpf_get_netns_cookie_sk_msg,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_PTR_TO_CTX_OR_NULL,
+};
+
 BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb)
 {
 	struct sock *sk = sk_to_full_sk(skb->sk);
@@ -7551,6 +7563,8 @@ sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 		return &bpf_sk_storage_get_proto;
 	case BPF_FUNC_sk_storage_delete:
 		return &bpf_sk_storage_delete_proto;
+	case BPF_FUNC_get_netns_cookie:
+		return &bpf_get_netns_cookie_sk_msg_proto;
 #ifdef CONFIG_CGROUPS
 	case BPF_FUNC_get_current_cgroup_id:
 		return &bpf_get_current_cgroup_id_proto;
-- 
2.28.0

[PATCH bpf-next 2/2] selftests/bpf: Test for get_netns_cookie

[Xu Liu]

Add test to use get_netns_cookie() from BPF_PROG_TYPE_SK_MSG.

Signed-off-by: Xu Liu <liuxu623@gmail.com>
---
 .../selftests/bpf/prog_tests/netns_cookie.c   | 57 ++++++++++++-------
 .../selftests/bpf/progs/netns_cookie_prog.c   | 55 ++++++++++++++++--
 2 files changed, 88 insertions(+), 24 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
index 6f3cd472fb65..71d8f3ba7d6b 100644
--- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
+++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c
@@ -12,10 +12,12 @@ static int duration;
 
 void test_netns_cookie(void)
 {
-	int server_fd = 0, client_fd = 0, cgroup_fd = 0, err = 0, val = 0;
+	int server_fd = -1, client_fd = -1, cgroup_fd = -1;
+	int err, val, ret, map, verdict;
 	struct netns_cookie_prog *skel;
 	uint64_t cookie_expected_value;
 	socklen_t vallen = sizeof(cookie_expected_value);
+	static const char send_msg[] = "message";
 
 	skel = netns_cookie_prog__open_and_load();
 	if (!ASSERT_OK_PTR(skel, "skel_open"))
@@ -23,39 +25,56 @@ void test_netns_cookie(void)
 
 	cgroup_fd = test__join_cgroup("/netns_cookie");
 	if (CHECK(cgroup_fd < 0, "join_cgroup", "cgroup creation failed\n"))
-		goto out;
+		goto done;
 
 	skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup(
 		skel->progs.get_netns_cookie_sockops, cgroup_fd);
 	if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach"))
-		goto close_cgroup_fd;
+		goto done;
+
+	verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg);
+	map = bpf_map__fd(skel->maps.sock_map);
+	err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0);
+	if (!ASSERT_OK(err, "prog_attach"))
+		goto done;
 
 	server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0);
 	if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno))
-		goto close_cgroup_fd;
+		goto done;
 
 	client_fd = connect_to_fd(server_fd, 0);
 	if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno))
-		goto close_server_fd;
+		goto done;
+
+	ret = send(client_fd, send_msg, sizeof(send_msg), 0);
+	if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret))
+		goto done;
 
-	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.netns_cookies),
-				&client_fd, &val);
-	if (!ASSERT_OK(err, "map_lookup(socket_cookies)"))
-		goto close_client_fd;
+	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies),
+				  &client_fd, &val);
+	if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)"))
+		goto done;
 
 	err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE,
-				&cookie_expected_value, &vallen);
-	if (!ASSERT_OK(err, "getsockopt)"))
-		goto close_client_fd;
+			 &cookie_expected_value, &vallen);
+	if (!ASSERT_OK(err, "getsockopt"))
+		goto done;
+
+	ASSERT_EQ(val, cookie_expected_value, "cookie_value");
+
+	err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies),
+				  &client_fd, &val);
+	if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)"))
+		goto done;
 
 	ASSERT_EQ(val, cookie_expected_value, "cookie_value");
 
-close_client_fd:
-	close(client_fd);
-close_server_fd:
-	close(server_fd);
-close_cgroup_fd:
-	close(cgroup_fd);
-out:
+done:
+	if (server_fd != -1)
+		close(server_fd);
+	if (client_fd != -1)
+		close(client_fd);
+	if (cgroup_fd != -1)
+		close(cgroup_fd);
 	netns_cookie_prog__destroy(skel);
 }
diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
index 4ed8d75aa299..aeff3a4f9287 100644
--- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
+++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c
@@ -11,29 +11,74 @@ struct {
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 	__type(key, int);
 	__type(value, int);
-} netns_cookies SEC(".maps");
+} sockops_netns_cookies SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_SK_STORAGE);
+	__uint(map_flags, BPF_F_NO_PREALLOC);
+	__type(key, int);
+	__type(value, int);
+} sk_msg_netns_cookies SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_SOCKMAP);
+	__uint(max_entries, 2);
+	__type(key, __u32);
+	__type(value, __u64);
+} sock_map SEC(".maps");
 
 SEC("sockops")
 int get_netns_cookie_sockops(struct bpf_sock_ops *ctx)
 {
 	struct bpf_sock *sk = ctx->sk;
 	int *cookie;
+	__u32 key = 0;
 
 	if (ctx->family != AF_INET6)
 		return 1;
 
-	if (ctx->op != BPF_SOCK_OPS_TCP_CONNECT_CB)
+	if (!sk)
+		return 1;
+
+	switch (ctx->op) {
+	case BPF_SOCK_OPS_TCP_CONNECT_CB:
+		cookie = bpf_sk_storage_get(&sockops_netns_cookies, sk, 0,
+					    BPF_SK_STORAGE_GET_F_CREATE);
+		if (!cookie)
+			return 1;
+
+		*cookie = bpf_get_netns_cookie(ctx);
+		break;
+	case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
+		bpf_sock_map_update(ctx, &sock_map, &key, BPF_NOEXIST);
+		break;
+	default:
+		break;
+	}
+
+	return 1;
+}
+
+SEC("sk_msg")
+int get_netns_cookie_sk_msg(struct sk_msg_md *msg)
+{
+	struct bpf_sock *sk = msg->sk;
+	int *cookie;
+
+	if (msg->family != AF_INET6)
 		return 1;
 
 	if (!sk)
 		return 1;
 
-	cookie = bpf_sk_storage_get(&netns_cookies, sk, 0,
-				BPF_SK_STORAGE_GET_F_CREATE);
+	cookie = bpf_sk_storage_get(&sk_msg_netns_cookies, sk, 0,
+				    BPF_SK_STORAGE_GET_F_CREATE);
 	if (!cookie)
 		return 1;
 
-	*cookie = bpf_get_netns_cookie(ctx);
+	*cookie = bpf_get_netns_cookie(msg);
 
 	return 1;
 }
+
+char _license[] SEC("license") = "GPL";
-- 
2.28.0