This is needed in the context of Cilium and Tetragon to retrieve netns
cookie from hostns when traffic leaves Pod, so that we can correlate
skb->sk's netns cookie.
Signed-off-by: Mahe Tardy <mahe.tardy@xxxxxxxxx>
---
This is a follow-up of c221d3744ad3 ("bpf: add get_netns_cookie helper
to cgroup_skb programs") and eb62f49de7ec ("bpf: add get_netns_cookie
helper to tc programs"), adding this helper respectively to cgroup_skb
and tcx programs.
I looked up a patch doing a similar thing c5dbb89fc2ac ("bpf: Expose
bpf_get_socket_cookie to tracing programs") and there was an item about
"sleepable context". It seems it indeed concerns tracing and LSM progs
from reading 1e6c62a88215 ("bpf: Introduce sleepable BPF programs"). Is
this needed here?
Thanks!
include/linux/bpf.h | 1 +
kernel/trace/bpf_trace.c | 2 ++
net/core/filter.c | 6 ++++++
3 files changed, 9 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 15164787ce7f..c079cf3e34ea 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -3361,6 +3361,7 @@ extern const struct bpf_func_proto bpf_get_retval_proto;
extern const struct bpf_func_proto bpf_user_ringbuf_drain_proto;
extern const struct bpf_func_proto bpf_cgrp_storage_get_proto;
extern const struct bpf_func_proto bpf_cgrp_storage_delete_proto;
+extern const struct bpf_func_proto bpf_get_netns_cookie_sock_ptr_proto;
const struct bpf_func_proto *tracing_prog_func_proto(
enum bpf_func_id func_id, const struct bpf_prog *prog);
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 13bef2462e94..f2d37ae27ad2 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2012,6 +2012,8 @@ tracing_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_sock_from_file_proto;
case BPF_FUNC_get_socket_cookie:
return &bpf_get_socket_ptr_cookie_proto;
+ case BPF_FUNC_get_netns_cookie:
+ return &bpf_get_netns_cookie_sock_ptr_proto;
case BPF_FUNC_xdp_get_buff_len:
return &bpf_xdp_get_buff_len_trace_proto;
#endif
diff --git a/net/core/filter.c b/net/core/filter.c
index 827108c6dad9..4f42ab00c875 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5168,6 +5168,12 @@ static const struct bpf_func_proto bpf_get_netns_cookie_sock_proto = {
.arg1_type = ARG_PTR_TO_CTX_OR_NULL,
};
+const struct bpf_func_proto bpf_get_netns_cookie_sock_ptr_proto = {
+ .func = bpf_get_netns_cookie_sock,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON | PTR_MAYBE_NULL,
+};
+
BPF_CALL_1(bpf_get_netns_cookie_sock_addr, struct bpf_sock_addr_kern *, ctx)
{
return __bpf_get_netns_cookie(ctx ? ctx->sk : NULL);
--
2.34.1
