From fab60e29fcc6d60396da20d63d45fd0d305ba4e4 Mon Sep 17 00:00:00 2001 From: Xu Liu Date: Fri, 20 Aug 2021 15:17:11 +0800 Subject: [PATCH 1/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_SK_MSG We'd like to be able to identify netns from sk_msg hooks to accelerate local process communication form different netns. Signed-off-by: Xu Liu Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20210820071712.52852-2-liuxu623@gmail.com --- net/core/filter.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index 59b8f5050180..cfbd01167eb5 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -4688,6 +4688,18 @@ static const struct bpf_func_proto bpf_get_netns_cookie_sock_ops_proto = { .arg1_type = ARG_PTR_TO_CTX_OR_NULL, }; +BPF_CALL_1(bpf_get_netns_cookie_sk_msg, struct sk_msg *, ctx) +{ + return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL); +} + +static const struct bpf_func_proto bpf_get_netns_cookie_sk_msg_proto = { + .func = bpf_get_netns_cookie_sk_msg, + .gpl_only = false, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_CTX_OR_NULL, +}; + BPF_CALL_1(bpf_get_socket_uid, struct sk_buff *, skb) { struct sock *sk = sk_to_full_sk(skb->sk); @@ -7551,6 +7563,8 @@ sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_sk_storage_get_proto; case BPF_FUNC_sk_storage_delete: return &bpf_sk_storage_delete_proto; + case BPF_FUNC_get_netns_cookie: + return &bpf_get_netns_cookie_sk_msg_proto; #ifdef CONFIG_CGROUPS case BPF_FUNC_get_current_cgroup_id: return &bpf_get_current_cgroup_id_proto; From 6cbca1ee0d74ea14d7b6cff16745b66b8f0fda5c Mon Sep 17 00:00:00 2001 From: Xu Liu Date: Fri, 20 Aug 2021 15:17:12 +0800 Subject: [PATCH 2/2] selftests/bpf: Test for get_netns_cookie Add test to use get_netns_cookie() from BPF_PROG_TYPE_SK_MSG. Signed-off-by: Xu Liu Signed-off-by: Alexei Starovoitov Link: https://lore.kernel.org/bpf/20210820071712.52852-3-liuxu623@gmail.com --- .../selftests/bpf/prog_tests/netns_cookie.c | 57 +++++++++++------ .../selftests/bpf/progs/netns_cookie_prog.c | 63 ++++++++++++++++--- 2 files changed, 92 insertions(+), 28 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c index 6f3cd472fb65..71d8f3ba7d6b 100644 --- a/tools/testing/selftests/bpf/prog_tests/netns_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/netns_cookie.c @@ -12,10 +12,12 @@ static int duration; void test_netns_cookie(void) { - int server_fd = 0, client_fd = 0, cgroup_fd = 0, err = 0, val = 0; + int server_fd = -1, client_fd = -1, cgroup_fd = -1; + int err, val, ret, map, verdict; struct netns_cookie_prog *skel; uint64_t cookie_expected_value; socklen_t vallen = sizeof(cookie_expected_value); + static const char send_msg[] = "message"; skel = netns_cookie_prog__open_and_load(); if (!ASSERT_OK_PTR(skel, "skel_open")) @@ -23,39 +25,56 @@ void test_netns_cookie(void) cgroup_fd = test__join_cgroup("/netns_cookie"); if (CHECK(cgroup_fd < 0, "join_cgroup", "cgroup creation failed\n")) - goto out; + goto done; skel->links.get_netns_cookie_sockops = bpf_program__attach_cgroup( skel->progs.get_netns_cookie_sockops, cgroup_fd); if (!ASSERT_OK_PTR(skel->links.get_netns_cookie_sockops, "prog_attach")) - goto close_cgroup_fd; + goto done; + + verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg); + map = bpf_map__fd(skel->maps.sock_map); + err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); + if (!ASSERT_OK(err, "prog_attach")) + goto done; server_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); if (CHECK(server_fd < 0, "start_server", "errno %d\n", errno)) - goto close_cgroup_fd; + goto done; client_fd = connect_to_fd(server_fd, 0); if (CHECK(client_fd < 0, "connect_to_fd", "errno %d\n", errno)) - goto close_server_fd; + goto done; - err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.netns_cookies), - &client_fd, &val); - if (!ASSERT_OK(err, "map_lookup(socket_cookies)")) - goto close_client_fd; + ret = send(client_fd, send_msg, sizeof(send_msg), 0); + if (CHECK(ret != sizeof(send_msg), "send(msg)", "ret:%d\n", ret)) + goto done; + + err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sockops_netns_cookies), + &client_fd, &val); + if (!ASSERT_OK(err, "map_lookup(sockops_netns_cookies)")) + goto done; err = getsockopt(client_fd, SOL_SOCKET, SO_NETNS_COOKIE, - &cookie_expected_value, &vallen); - if (!ASSERT_OK(err, "getsockopt)")) - goto close_client_fd; + &cookie_expected_value, &vallen); + if (!ASSERT_OK(err, "getsockopt")) + goto done; ASSERT_EQ(val, cookie_expected_value, "cookie_value"); -close_client_fd: - close(client_fd); -close_server_fd: - close(server_fd); -close_cgroup_fd: - close(cgroup_fd); -out: + err = bpf_map_lookup_elem(bpf_map__fd(skel->maps.sk_msg_netns_cookies), + &client_fd, &val); + if (!ASSERT_OK(err, "map_lookup(sk_msg_netns_cookies)")) + goto done; + + ASSERT_EQ(val, cookie_expected_value, "cookie_value"); + +done: + if (server_fd != -1) + close(server_fd); + if (client_fd != -1) + close(client_fd); + if (cgroup_fd != -1) + close(cgroup_fd); netns_cookie_prog__destroy(skel); } diff --git a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c index 4ed8d75aa299..aeff3a4f9287 100644 --- a/tools/testing/selftests/bpf/progs/netns_cookie_prog.c +++ b/tools/testing/selftests/bpf/progs/netns_cookie_prog.c @@ -11,29 +11,74 @@ struct { __uint(map_flags, BPF_F_NO_PREALLOC); __type(key, int); __type(value, int); -} netns_cookies SEC(".maps"); +} sockops_netns_cookies SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, int); +} sk_msg_netns_cookies SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 2); + __type(key, __u32); + __type(value, __u64); +} sock_map SEC(".maps"); SEC("sockops") int get_netns_cookie_sockops(struct bpf_sock_ops *ctx) { struct bpf_sock *sk = ctx->sk; int *cookie; + __u32 key = 0; if (ctx->family != AF_INET6) return 1; - if (ctx->op != BPF_SOCK_OPS_TCP_CONNECT_CB) - return 1; - if (!sk) return 1; - cookie = bpf_sk_storage_get(&netns_cookies, sk, 0, - BPF_SK_STORAGE_GET_F_CREATE); - if (!cookie) - return 1; + switch (ctx->op) { + case BPF_SOCK_OPS_TCP_CONNECT_CB: + cookie = bpf_sk_storage_get(&sockops_netns_cookies, sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!cookie) + return 1; - *cookie = bpf_get_netns_cookie(ctx); + *cookie = bpf_get_netns_cookie(ctx); + break; + case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB: + bpf_sock_map_update(ctx, &sock_map, &key, BPF_NOEXIST); + break; + default: + break; + } return 1; } + +SEC("sk_msg") +int get_netns_cookie_sk_msg(struct sk_msg_md *msg) +{ + struct bpf_sock *sk = msg->sk; + int *cookie; + + if (msg->family != AF_INET6) + return 1; + + if (!sk) + return 1; + + cookie = bpf_sk_storage_get(&sk_msg_netns_cookies, sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!cookie) + return 1; + + *cookie = bpf_get_netns_cookie(msg); + + return 1; +} + +char _license[] SEC("license") = "GPL";