Signed-off-by: Carlos Neira <cneirabustos@xxxxxxxxx>
---
tools/include/uapi/linux/bpf.h | 35 ++++++++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index b5889257cc33..3ec9aa1438b7 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2747,6 +2747,32 @@ union bpf_attr {
* **-EOPNOTSUPP** kernel configuration does not enable SYN cookies
*
* **-EPROTONOSUPPORT** IP packet version is not 4 or 6
+ *
+ * int bpf_get_current_pidns_info(struct bpf_pidns_info *pidns, u32 size_of_pidns)
+ * Description
+ * Get tgid, pid and namespace id as seen by the current namespace,
+ * and device major/minor numbers from /proc/self/ns/pid. Such
+ * information is stored in *pidns* of size *size*.
+ *
+ * This helper is used when pid filtering is needed inside a
+ * container as bpf_get_current_tgid() helper always returns the
+ * pid id as seen by the root namespace.
+ * Return
+ * 0 on success
+ *
+ * On failure, the returned value is one of the following:
+ *
+ * **-EINVAL** if *size_of_pidns* is not valid or unable to get ns, pid
+ * or tgid of the current task.
+ *
+ * **-ENOENT** if /proc/self/ns/pid does not exists.
+ *
+ * **-ENOENT** if /proc/self/ns does not exists.
+ *
+ * **-ENOMEM** if helper internal allocation fails.
+ *
+ * **-EPERM** if not able to call helper.
+ *
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -2859,7 +2885,8 @@ union bpf_attr {
FN(sk_storage_get), \
FN(sk_storage_delete), \
FN(send_signal), \
- FN(tcp_gen_syncookie),
+ FN(tcp_gen_syncookie), \
+ FN(get_current_pidns_info),
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
@@ -3610,4 +3637,10 @@ struct bpf_sockopt {
__s32 retval;
};
+struct bpf_pidns_info {
+ __u32 dev; /* dev_t from /proc/self/ns/pid inode */
+ __u32 nsid;
+ __u32 tgid;
+ __u32 pid;
+};
#endif /* _UAPI__LINUX_BPF_H__ */
--
2.11.0
