On Fri, Mar 27, 2020 at 9:00 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote: > > Today, Kubernetes is still operating on cgroups v1, however, it is > possible to retrieve the task's classid based on 'current' out of > connect(), sendmsg(), recvmsg() and bind-related hooks for orchestrators > which attach to the root cgroup v2 hook in a mixed env like in case > of Cilium, for example, in order to then correlate certain pod traffic > and use it as part of the key for BPF map lookups. > Have you tried getting this classid directly from task_struct in your BPF program with vmlinux.h and CO-RE? Seems like it should be pretty straightforward and not requiring a special BPF handler just for that? > Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx> > --- > include/net/cls_cgroup.h | 7 ++++++- > net/core/filter.c | 21 +++++++++++++++++++++ > 2 files changed, 27 insertions(+), 1 deletion(-) > [...]
