Re: [PATCH net-next] Add uid and cookie bpf helper to cg_skb_func_proto

2017-04-14 Thread Daniel Borkmann 

On 04/15/2017 02:07 AM, Alexei Starovoitov wrote:

On Fri, Apr 14, 2017 at 04:12:14PM -0700, Chenbo Feng wrote:

From: Chenbo Feng 

BPF helper functions get_socket_cookie and get_socket_uid can be
used for network traffic classifications, among others. Expose
them also to programs of type BPF_PROG_TYPE_CGROUP_SKB. As of
commit 8f917bba0042 ("bpf: pass sk to helper functions") the required
skb->sk function is available at both cgroup bpf ingress and egress
hooks.

Signed-off-by: Chenbo Feng 


Thanks for follow up.
Another alternative is to do
cg_skb_func_proto(enum bpf_func_id func_id)
{
 return sk_filter_func_proto(func_id);
}

I think all socket filter helpers are applicable to cg_skb too.


Yeah, both will effectively be the same at that point:

static const struct bpf_func_proto *
sk_filter_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return _skb_load_bytes_proto;
case BPF_FUNC_get_socket_cookie:
return _get_socket_cookie_proto;
case BPF_FUNC_get_socket_uid:
return _get_socket_uid_proto;
default:
return bpf_base_func_proto(func_id);
}
}

And with the two additions:

static const struct bpf_func_proto *
cg_skb_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return _skb_load_bytes_proto;
+   case BPF_FUNC_get_socket_cookie:
+   return _get_socket_cookie_proto;
+   case BPF_FUNC_get_socket_uid:
+   return _get_socket_uid_proto;
default:
return bpf_base_func_proto(func_id);
}
}

Re: [PATCH net-next] Add uid and cookie bpf helper to cg_skb_func_proto

2017-04-14 Thread Alexei Starovoitov 
On Fri, Apr 14, 2017 at 04:12:14PM -0700, Chenbo Feng wrote:
> From: Chenbo Feng 
> 
> BPF helper functions get_socket_cookie and get_socket_uid can be
> used for network traffic classifications, among others. Expose
> them also to programs of type BPF_PROG_TYPE_CGROUP_SKB. As of
> commit 8f917bba0042 ("bpf: pass sk to helper functions") the required
> skb->sk function is available at both cgroup bpf ingress and egress
> hooks.
> 
> Signed-off-by: Chenbo Feng 

Thanks for follow up.
Another alternative is to do
cg_skb_func_proto(enum bpf_func_id func_id)
{
return sk_filter_func_proto(func_id);
}

I think all socket filter helpers are applicable to cg_skb too.

[PATCH net-next] Add uid and cookie bpf helper to cg_skb_func_proto

2017-04-14 Thread Chenbo Feng 
From: Chenbo Feng 

BPF helper functions get_socket_cookie and get_socket_uid can be
used for network traffic classifications, among others. Expose
them also to programs of type BPF_PROG_TYPE_CGROUP_SKB. As of
commit 8f917bba0042 ("bpf: pass sk to helper functions") the required
skb->sk function is available at both cgroup bpf ingress and egress
hooks.

Signed-off-by: Chenbo Feng 
---
 net/core/filter.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/net/core/filter.c b/net/core/filter.c
index ce2a19d..b6db9e330 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2769,6 +2769,10 @@ cg_skb_func_proto(enum bpf_func_id func_id)
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return _skb_load_bytes_proto;
+   case BPF_FUNC_get_socket_cookie:
+   return _get_socket_cookie_proto;
+   case BPF_FUNC_get_socket_uid:
+   return _get_socket_uid_proto;
default:
return bpf_base_func_proto(func_id);
}
-- 
2.7.4