On 3/28/20 1:41 AM, Andrii Nakryiko wrote:
On Fri, Mar 27, 2020 at 9:00 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
Today, Kubernetes is still operating on cgroups v1, however, it is
possible to retrieve the task's classid based on 'current' out of
connect(), sendmsg(), recvmsg() and bind-related hooks for orchestrators
which attach to the root cgroup v2 hook in a mixed env like in case
of Cilium, for example, in order to then correlate certain pod traffic
and use it as part of the key for BPF map lookups.
Have you tried getting this classid directly from task_struct in your
BPF program with vmlinux.h and CO-RE? Seems like it should be pretty
straightforward and not requiring a special BPF handler just for that?
To answer both questions (5/7 and this one) in the same mail here: my
understanding is that this would require to install additional tracing
programs on these hooks instead of being able to integrate them into [0]
for usage out of sock_addr and sock progs (similar as they are available
as well from tc from skb)?
Thanks,
Daniel
[0] https://github.com/cilium/cilium/blob/master/bpf/bpf_sock.c
