This adds various straight-forward helper improvements and additions to BPF cgroup based connect(), sendmsg(), recvmsg() and bind-related hooks which would allow to implement more fine-grained policies and improve current load balancer limitations we're seeing. For details please see individual patches. I've tested them on Kubernetes & Cilium and also added selftests for the small verifier extension. Thanks! Daniel Borkmann (7): bpf: enable retrieval of socket cookie for bind/post-bind hook bpf: enable perf event rb output for bpf cgroup progs bpf: add netns cookie and enable it for bpf cgroup hooks bpf: allow to retrieve cgroup v1 classid from v2 hooks bpf: enable bpf cgroup hooks to retrieve cgroup v2 and ancestor id bpf: enable retrival of pid/tgid/comm from bpf cgroup hooks bpf: add selftest cases for ctx_or_null argument type include/linux/bpf.h | 2 + include/net/cls_cgroup.h | 7 +- include/net/net_namespace.h | 10 ++ include/uapi/linux/bpf.h | 35 ++++++- kernel/bpf/core.c | 1 + kernel/bpf/helpers.c | 18 ++++ kernel/bpf/verifier.c | 16 ++-- net/core/filter.c | 106 ++++++++++++++++++++- net/core/net_namespace.c | 15 +++ tools/include/uapi/linux/bpf.h | 35 ++++++- tools/testing/selftests/bpf/verifier/ctx.c | 105 ++++++++++++++++++++ 11 files changed, 336 insertions(+), 14 deletions(-) -- 2.21.0
