diff options
| author | Chenbo Feng <fengc@google.com> | 2017-03-22 20:27:34 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-03-23 20:01:02 -0400 |
| commit | 91b8270f2a4d1d9b268de90451cdca63a70052d6 (patch) | |
| tree | cca836d388f189d98179ab3dc51d1afbffa0a6e9 | |
| parent | 16ae1f223601c44e5cb65c99257ffae003504704 (diff) | |
Add a helper function to get socket cookie in eBPF
Retrieve the socket cookie generated by sock_gen_cookie() from a sk_buff
with a known socket. Generates a new cookie if one was not yet set.If
the socket pointer inside sk_buff is NULL, 0 is returned. The helper
function coud be useful in monitoring per socket networking traffic
statistics and provide a unique socket identifier per namespace.
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Chenbo Feng <fengc@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/sock_diag.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/bpf.h | 9 | ||||
| -rw-r--r-- | net/core/filter.c | 17 | ||||
| -rw-r--r-- | net/core/sock_diag.c | 2 | ||||
| -rw-r--r-- | tools/include/uapi/linux/bpf.h | 3 |
5 files changed, 29 insertions, 3 deletions
diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h index a0596ca0e80a..a2f8109bb215 100644 --- a/include/linux/sock_diag.h +++ b/include/linux/sock_diag.h | |||
| @@ -24,6 +24,7 @@ void sock_diag_unregister(const struct sock_diag_handler *h); | |||
| 24 | void sock_diag_register_inet_compat(int (*fn)(struct sk_buff *skb, struct nlmsghdr *nlh)); | 24 | void sock_diag_register_inet_compat(int (*fn)(struct sk_buff *skb, struct nlmsghdr *nlh)); |
| 25 | void sock_diag_unregister_inet_compat(int (*fn)(struct sk_buff *skb, struct nlmsghdr *nlh)); | 25 | void sock_diag_unregister_inet_compat(int (*fn)(struct sk_buff *skb, struct nlmsghdr *nlh)); |
| 26 | 26 | ||
| 27 | u64 sock_gen_cookie(struct sock *sk); | ||
| 27 | int sock_diag_check_cookie(struct sock *sk, const __u32 *cookie); | 28 | int sock_diag_check_cookie(struct sock *sk, const __u32 *cookie); |
| 28 | void sock_diag_save_cookie(struct sock *sk, __u32 *cookie); | 29 | void sock_diag_save_cookie(struct sock *sk, __u32 *cookie); |
| 29 | 30 | ||
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index ce6f029ac368..cdfc5595fbc1 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h | |||
| @@ -459,6 +459,12 @@ union bpf_attr { | |||
| 459 | * Return: | 459 | * Return: |
| 460 | * > 0 length of the string including the trailing NUL on success | 460 | * > 0 length of the string including the trailing NUL on success |
| 461 | * < 0 error | 461 | * < 0 error |
| 462 | * | ||
| 463 | * u64 bpf_bpf_get_socket_cookie(skb) | ||
| 464 | * Get the cookie for the socket stored inside sk_buff. | ||
| 465 | * @skb: pointer to skb | ||
| 466 | * Return: 8 Bytes non-decreasing number on success or 0 if the socket | ||
| 467 | * field is missing inside sk_buff | ||
| 462 | */ | 468 | */ |
| 463 | #define __BPF_FUNC_MAPPER(FN) \ | 469 | #define __BPF_FUNC_MAPPER(FN) \ |
| 464 | FN(unspec), \ | 470 | FN(unspec), \ |
| @@ -506,7 +512,8 @@ union bpf_attr { | |||
| 506 | FN(get_numa_node_id), \ | 512 | FN(get_numa_node_id), \ |
| 507 | FN(skb_change_head), \ | 513 | FN(skb_change_head), \ |
| 508 | FN(xdp_adjust_head), \ | 514 | FN(xdp_adjust_head), \ |
| 509 | FN(probe_read_str), | 515 | FN(probe_read_str), \ |
| 516 | FN(get_socket_cookie), | ||
| 510 | 517 | ||
| 511 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper | 518 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper |
| 512 | * function eBPF program intends to call | 519 | * function eBPF program intends to call |
diff --git a/net/core/filter.c b/net/core/filter.c index c7f0ccd1c0d3..35b0f97c3fdf 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <linux/mm.h> | 26 | #include <linux/mm.h> |
| 27 | #include <linux/fcntl.h> | 27 | #include <linux/fcntl.h> |
| 28 | #include <linux/socket.h> | 28 | #include <linux/socket.h> |
| 29 | #include <linux/sock_diag.h> | ||
| 29 | #include <linux/in.h> | 30 | #include <linux/in.h> |
| 30 | #include <linux/inet.h> | 31 | #include <linux/inet.h> |
| 31 | #include <linux/netdevice.h> | 32 | #include <linux/netdevice.h> |
| @@ -2606,6 +2607,18 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = { | |||
| 2606 | .arg5_type = ARG_CONST_SIZE, | 2607 | .arg5_type = ARG_CONST_SIZE, |
| 2607 | }; | 2608 | }; |
| 2608 | 2609 | ||
| 2610 | BPF_CALL_1(bpf_get_socket_cookie, struct sk_buff *, skb) | ||
| 2611 | { | ||
| 2612 | return skb->sk ? sock_gen_cookie(skb->sk) : 0; | ||
| 2613 | } | ||
| 2614 | |||
| 2615 | static const struct bpf_func_proto bpf_get_socket_cookie_proto = { | ||
| 2616 | .func = bpf_get_socket_cookie, | ||
| 2617 | .gpl_only = false, | ||
| 2618 | .ret_type = RET_INTEGER, | ||
| 2619 | .arg1_type = ARG_PTR_TO_CTX, | ||
| 2620 | }; | ||
| 2621 | |||
| 2609 | static const struct bpf_func_proto * | 2622 | static const struct bpf_func_proto * |
| 2610 | bpf_base_func_proto(enum bpf_func_id func_id) | 2623 | bpf_base_func_proto(enum bpf_func_id func_id) |
| 2611 | { | 2624 | { |
| @@ -2640,6 +2653,8 @@ sk_filter_func_proto(enum bpf_func_id func_id) | |||
| 2640 | switch (func_id) { | 2653 | switch (func_id) { |
| 2641 | case BPF_FUNC_skb_load_bytes: | 2654 | case BPF_FUNC_skb_load_bytes: |
| 2642 | return &bpf_skb_load_bytes_proto; | 2655 | return &bpf_skb_load_bytes_proto; |
| 2656 | case BPF_FUNC_get_socket_cookie: | ||
| 2657 | return &bpf_get_socket_cookie_proto; | ||
| 2643 | default: | 2658 | default: |
| 2644 | return bpf_base_func_proto(func_id); | 2659 | return bpf_base_func_proto(func_id); |
| 2645 | } | 2660 | } |
| @@ -2699,6 +2714,8 @@ tc_cls_act_func_proto(enum bpf_func_id func_id) | |||
| 2699 | return &bpf_get_smp_processor_id_proto; | 2714 | return &bpf_get_smp_processor_id_proto; |
| 2700 | case BPF_FUNC_skb_under_cgroup: | 2715 | case BPF_FUNC_skb_under_cgroup: |
| 2701 | return &bpf_skb_under_cgroup_proto; | 2716 | return &bpf_skb_under_cgroup_proto; |
| 2717 | case BPF_FUNC_get_socket_cookie: | ||
| 2718 | return &bpf_get_socket_cookie_proto; | ||
| 2702 | default: | 2719 | default: |
| 2703 | return bpf_base_func_proto(func_id); | 2720 | return bpf_base_func_proto(func_id); |
| 2704 | } | 2721 | } |
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index 8d11ee75a100..fb9d0e2fd148 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c | |||
| @@ -19,7 +19,7 @@ static int (*inet_rcv_compat)(struct sk_buff *skb, struct nlmsghdr *nlh); | |||
| 19 | static DEFINE_MUTEX(sock_diag_table_mutex); | 19 | static DEFINE_MUTEX(sock_diag_table_mutex); |
| 20 | static struct workqueue_struct *broadcast_wq; | 20 | static struct workqueue_struct *broadcast_wq; |
| 21 | 21 | ||
| 22 | static u64 sock_gen_cookie(struct sock *sk) | 22 | u64 sock_gen_cookie(struct sock *sk) |
| 23 | { | 23 | { |
| 24 | while (1) { | 24 | while (1) { |
| 25 | u64 res = atomic64_read(&sk->sk_cookie); | 25 | u64 res = atomic64_read(&sk->sk_cookie); |
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index ce6f029ac368..a3851859e5f3 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h | |||
| @@ -506,7 +506,8 @@ union bpf_attr { | |||
| 506 | FN(get_numa_node_id), \ | 506 | FN(get_numa_node_id), \ |
| 507 | FN(skb_change_head), \ | 507 | FN(skb_change_head), \ |
| 508 | FN(xdp_adjust_head), \ | 508 | FN(xdp_adjust_head), \ |
| 509 | FN(probe_read_str), | 509 | FN(probe_read_str), \ |
| 510 | FN(get_socket_cookie), | ||
| 510 | 511 | ||
| 511 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper | 512 | /* integer value in 'imm' field of BPF_CALL instruction selects which helper |
| 512 | * function eBPF program intends to call | 513 | * function eBPF program intends to call |