Re: [PATCH bpf-next] bpf: enable bpf_{g,s}etsockopt in BPF_CGROUP_UDP{4,6}_SENDMSG
From: Daniel Borkmann <daniel@iogearbox.net>
Date: 2021-01-27 21:46:06
Also in:
bpf
On 1/27/21 6:47 PM, Stanislav Fomichev wrote:
quoted hunk ↗ jump to hunk
Can be used to query/modify socket state for unconnected UDP sendmsg. Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Signed-off-by: Stanislav Fomichev <redacted> --- net/core/filter.c | 4 ++++ tools/testing/selftests/bpf/progs/sendmsg4_prog.c | 7 +++++++ tools/testing/selftests/bpf/progs/sendmsg6_prog.c | 7 +++++++ 3 files changed, 18 insertions(+)diff --git a/net/core/filter.c b/net/core/filter.c index 9ab94e90d660..3d7f78a19565 100644 --- a/net/core/filter.c +++ b/net/core/filter.c@@ -7023,6 +7023,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) case BPF_CGROUP_INET6_BIND: case BPF_CGROUP_INET4_CONNECT: case BPF_CGROUP_INET6_CONNECT: + case BPF_CGROUP_UDP4_SENDMSG: + case BPF_CGROUP_UDP6_SENDMSG: return &bpf_sock_addr_setsockopt_proto; default: return NULL;@@ -7033,6 +7035,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) case BPF_CGROUP_INET6_BIND: case BPF_CGROUP_INET4_CONNECT: case BPF_CGROUP_INET6_CONNECT: + case BPF_CGROUP_UDP4_SENDMSG: + case BPF_CGROUP_UDP6_SENDMSG: return &bpf_sock_addr_getsockopt_proto;
Patch looks good, could we at this point also add all the others that run under BPF_CGROUP_RUN_SA_PROG_LOCK while at it, that is v4/v6 flavors of recvmsg as well as peername/sockname? Thanks, Daniel