forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Martin KaFai Lau says: ==================== cgroup: bpf: cgroup2 membership test on skb This series is to implement a bpf-way to check the cgroup2 membership of a skb (sk_buff). It is similar to the feature added in netfilter: c38c459 ("netfilter: implement xt_cgroup cgroup2 path match") The current target is the tc-like usage. v3: - Remove WARN_ON_ONCE(!rcu_read_lock_held()) - Stop BPF_MAP_TYPE_CGROUP_ARRAY usage in patch 2/4 - Avoid mounting bpf fs manually in patch 4/4 - Thanks for Daniel's review and the above suggestions - Check CONFIG_SOCK_CGROUP_DATA instead of CONFIG_CGROUPS. Thanks to the kbuild bot's report. Patch 2/4 only needs CONFIG_CGROUPS while patch 3/4 needs CONFIG_SOCK_CGROUP_DATA. Since a single bpf cgrp2 array alone is not useful for now, CONFIG_SOCK_CGROUP_DATA is also used in patch 2/4. We can fine tune it later if we find other use cases for the cgrp2 array. - Return EAGAIN instead of ENOENT if the cgrp2 array entry is NULL. It is to distinguish these two cases: 1) the userland has not populated this array entry yet. or 2) not finding cgrp2 from the skb. - Be-lated thanks to Alexei and Tejun on reviewing v1 and giving advice on this work. v2: - Fix two return cases in cgroup_get_from_fd() - Fix compilation errors when CONFIG_CGROUPS is not used: - arraymap.c: avoid registering BPF_MAP_TYPE_CGROUP_ARRAY - filter.c: tc_cls_act_func_proto() returns NULL on BPF_FUNC_skb_in_cgroup - Add comments to BPF_FUNC_skb_in_cgroup and cgroup_get_from_fd() ==================== Signed-off-by: David S. Miller <[email protected]>
- Loading branch information
Showing
12 changed files
with
506 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
/* Copyright (c) 2016 Facebook | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of version 2 of the GNU General Public | ||
* License as published by the Free Software Foundation. | ||
*/ | ||
#include <linux/unistd.h> | ||
#include <linux/bpf.h> | ||
|
||
#include <stdio.h> | ||
#include <stdint.h> | ||
#include <unistd.h> | ||
#include <string.h> | ||
#include <errno.h> | ||
#include <fcntl.h> | ||
|
||
#include "libbpf.h" | ||
|
||
static void usage(void) | ||
{ | ||
printf("Usage: test_cgrp2_array_pin [...]\n"); | ||
printf(" -F <file> File to pin an BPF cgroup array\n"); | ||
printf(" -U <file> Update an already pinned BPF cgroup array\n"); | ||
printf(" -v <value> Full path of the cgroup2\n"); | ||
printf(" -h Display this help\n"); | ||
} | ||
|
||
int main(int argc, char **argv) | ||
{ | ||
const char *pinned_file = NULL, *cg2 = NULL; | ||
int create_array = 1; | ||
int array_key = 0; | ||
int array_fd = -1; | ||
int cg2_fd = -1; | ||
int ret = -1; | ||
int opt; | ||
|
||
while ((opt = getopt(argc, argv, "F:U:v:")) != -1) { | ||
switch (opt) { | ||
/* General args */ | ||
case 'F': | ||
pinned_file = optarg; | ||
break; | ||
case 'U': | ||
pinned_file = optarg; | ||
create_array = 0; | ||
break; | ||
case 'v': | ||
cg2 = optarg; | ||
break; | ||
default: | ||
usage(); | ||
goto out; | ||
} | ||
} | ||
|
||
if (!cg2 || !pinned_file) { | ||
usage(); | ||
goto out; | ||
} | ||
|
||
cg2_fd = open(cg2, O_RDONLY); | ||
if (cg2_fd < 0) { | ||
fprintf(stderr, "open(%s,...): %s(%d)\n", | ||
cg2, strerror(errno), errno); | ||
goto out; | ||
} | ||
|
||
if (create_array) { | ||
array_fd = bpf_create_map(BPF_MAP_TYPE_CGROUP_ARRAY, | ||
sizeof(uint32_t), sizeof(uint32_t), | ||
1, 0); | ||
if (array_fd < 0) { | ||
fprintf(stderr, | ||
"bpf_create_map(BPF_MAP_TYPE_CGROUP_ARRAY,...): %s(%d)\n", | ||
strerror(errno), errno); | ||
goto out; | ||
} | ||
} else { | ||
array_fd = bpf_obj_get(pinned_file); | ||
if (array_fd < 0) { | ||
fprintf(stderr, "bpf_obj_get(%s): %s(%d)\n", | ||
pinned_file, strerror(errno), errno); | ||
goto out; | ||
} | ||
} | ||
|
||
ret = bpf_update_elem(array_fd, &array_key, &cg2_fd, 0); | ||
if (ret) { | ||
perror("bpf_update_elem"); | ||
goto out; | ||
} | ||
|
||
if (create_array) { | ||
ret = bpf_obj_pin(array_fd, pinned_file); | ||
if (ret) { | ||
fprintf(stderr, "bpf_obj_pin(..., %s): %s(%d)\n", | ||
pinned_file, strerror(errno), errno); | ||
goto out; | ||
} | ||
} | ||
|
||
out: | ||
if (array_fd != -1) | ||
close(array_fd); | ||
if (cg2_fd != -1) | ||
close(cg2_fd); | ||
return ret; | ||
} |
Oops, something went wrong.