This series implements two new per-cgroup hooks: getsockopt and setsockopt along with a new sockopt program type. The idea is pretty similar to recently introduced cgroup sysctl hooks, but implementation is simpler (no need to convert to/from strings). What this can be applied to: * move business logic of what tos/priority/etc can be set by containers (either pass or reject) * handle existing options (or introduce new ones) differently by propagating some information in cgroup/socket local storage Compared to a simple syscall/{g,s}etsockopt tracepoint, those hooks are context aware. Meaning, they can access underlying socket and use cgroup and socket local storage. Stanislav Fomichev (9): bpf: implement getsockopt and setsockopt hooks bpf: sync bpf.h to tools/ libbpf: support sockopt hooks selftests/bpf: test sockopt section name selftests/bpf: add sockopt test selftests/bpf: add sockopt test that exercises sk helpers selftests/bpf: add sockopt test that exercises BPF_F_ALLOW_MULTI bpf: add sockopt documentation bpftool: support cgroup sockopt Documentation/bpf/index.rst | 1 + Documentation/bpf/prog_cgroup_sockopt.rst | 82 ++ include/linux/bpf-cgroup.h | 43 + include/linux/bpf.h | 2 + include/linux/bpf_types.h | 1 + include/linux/filter.h | 14 + include/uapi/linux/bpf.h | 14 + kernel/bpf/cgroup.c | 317 +++++++ kernel/bpf/core.c | 9 + kernel/bpf/syscall.c | 19 + kernel/bpf/verifier.c | 13 + net/core/filter.c | 2 +- net/socket.c | 16 + .../bpftool/Documentation/bpftool-cgroup.rst | 7 +- .../bpftool/Documentation/bpftool-prog.rst | 3 +- tools/bpf/bpftool/bash-completion/bpftool | 9 +- tools/bpf/bpftool/cgroup.c | 5 +- tools/bpf/bpftool/main.h | 1 + tools/bpf/bpftool/prog.c | 3 +- tools/include/uapi/linux/bpf.h | 14 + tools/lib/bpf/libbpf.c | 5 + tools/lib/bpf/libbpf_probes.c | 1 + tools/testing/selftests/bpf/.gitignore | 3 + tools/testing/selftests/bpf/Makefile | 6 +- .../selftests/bpf/progs/sockopt_multi.c | 53 ++ .../testing/selftests/bpf/progs/sockopt_sk.c | 91 ++ .../selftests/bpf/test_section_names.c | 10 + tools/testing/selftests/bpf/test_sockopt.c | 892 ++++++++++++++++++ .../selftests/bpf/test_sockopt_multi.c | 276 ++++++ tools/testing/selftests/bpf/test_sockopt_sk.c | 185 ++++ 30 files changed, 2087 insertions(+), 10 deletions(-) create mode 100644 Documentation/bpf/prog_cgroup_sockopt.rst create mode 100644 tools/testing/selftests/bpf/progs/sockopt_multi.c create mode 100644 tools/testing/selftests/bpf/progs/sockopt_sk.c create mode 100644 tools/testing/selftests/bpf/test_sockopt.c create mode 100644 tools/testing/selftests/bpf/test_sockopt_multi.c create mode 100644 tools/testing/selftests/bpf/test_sockopt_sk.c -- 2.22.0.410.gd8fdbe21b5-goog