On 06/16/2015 07:10 PM, Alexei Starovoitov wrote:
...
Ideally we would allow a blend of tracing and networking programs,
then the best solution would be one or two stable tracepoints in
networking stack where skb is visible and receiving/transmitting task
is also visible, then skb->len and task->
On 6/16/15 2:19 AM, Daniel Borkmann wrote:
if you really want to, you
could go via skb->sk->sk_socket->file and then retrieve credentials
from there for egress side (you can have a look at xt_owner). You'd
need a different *_proto helper for tc in that case, which would
then map to BPF_FUNC_get_c
On 06/16/2015 05:28 AM, Alexei Starovoitov wrote:
On 6/15/15 4:01 PM, David Miller wrote:
Although I agree with the sentiment that this thing can cause
surprising results and can be asking for trouble.
If someone wants to filter traffic "by UID" they might make
a simple ingress TC ebpf program
On 6/15/15 4:01 PM, David Miller wrote:
Although I agree with the sentiment that this thing can cause
surprising results and can be asking for trouble.
If someone wants to filter traffic "by UID" they might make
a simple ingress TC ebpf program using these new interfaces
and expect it to work.
From: Alexei Starovoitov
Date: Fri, 12 Jun 2015 19:39:11 -0700
> v1->v2: switched to init_user_ns from current_user_ns as suggested by Andy
>
> Introduce new helpers to access 'struct task_struct'->pid, tgid, uid, gid,
> comm
> fields in tracing and networking.
>
> Share bpf_trace_printk() and
v1->v2: switched to init_user_ns from current_user_ns as suggested by Andy
Introduce new helpers to access 'struct task_struct'->pid, tgid, uid, gid, comm
fields in tracing and networking.
Share bpf_trace_printk() and bpf_get_smp_processor_id() helpers between
tracing and networking.
Alexei Star
6 matches
Mail list logo
