[PATCH net v5] bpf: add helper to compare network namespaces

In cases where bpf programs are looking at sockets and packets that belong to different netns, it could be useful to compare the network namespace of the socket or packet Introduce bpf_sk_netns_cmp and bpf_skb_netns_cmp helpers to compare network namespace of the socket or skb to the namespace par

Re: [PATCH net v5] bpf: add helper to compare network namespaces

On 2/16/17 3:08 AM, Daniel Borkmann wrote: > Is there anything that speaks against doing the comparison itself > outside of the helper? Meaning, the helper would get a buffer > passed from stack f.e. struct foo { u64 ns_dev; u64 ns_ino; } > and fills both out with the netns info belonging to the sk

Re: [PATCH net v5] bpf: add helper to compare network namespaces

On 02/17/2017 05:01 AM, David Ahern wrote: On 2/16/17 3:08 AM, Daniel Borkmann wrote: Is there anything that speaks against doing the comparison itself outside of the helper? Meaning, the helper would get a buffer passed from stack f.e. struct foo { u64 ns_dev; u64 ns_ino; } and fills both out w

Re: [PATCH net v5] bpf: add helper to compare network namespaces

Daniel Borkmann writes: > On 02/16/2017 02:29 AM, David Ahern wrote: >> In cases where bpf programs are looking at sockets and packets >> that belong to different netns, it could be useful to compare the >> network namespace of the socket or packet >> >> Introduce bpf_sk_netns_cmp and bpf_skb_net

Re: [PATCH net v5] bpf: add helper to compare network namespaces

On 2/19/17 9:17 PM, Eric W. Biederman wrote: >>> @@ -2597,6 +2598,39 @@ static const struct bpf_func_proto >>> bpf_xdp_event_output_proto = { >>> .arg5_type = ARG_CONST_STACK_SIZE, >>> }; >>> >>> +BPF_CALL_3(bpf_sk_netns_cmp, struct sock *, sk, u64, ns_dev, u64, ns_ino) >>> +{ >>> +

Re: [PATCH net v5] bpf: add helper to compare network namespaces

David Ahern writes: > On 2/19/17 9:17 PM, Eric W. Biederman wrote: @@ -2597,6 +2598,39 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = { .arg5_type = ARG_CONST_STACK_SIZE, }; +BPF_CALL_3(bpf_sk_netns_cmp, struct sock *, sk, u64, ns_dev,

Re: [PATCH net v5] bpf: add helper to compare network namespaces

David Ahern writes: > In cases where bpf programs are looking at sockets and packets > that belong to different netns, it could be useful to compare the > network namespace of the socket or packet > > Introduce bpf_sk_netns_cmp and bpf_skb_netns_cmp helpers to compare > network namespace of the s

Re: [PATCH net v5] bpf: add helper to compare network namespaces

On 02/16/2017 02:29 AM, David Ahern wrote: In cases where bpf programs are looking at sockets and packets that belong to different netns, it could be useful to compare the network namespace of the socket or packet Introduce bpf_sk_netns_cmp and bpf_skb_netns_cmp helpers to compare network namesp