Re: [PATCH bpf-next 4/7] bpf: allow to retrieve cgroup v1 classid from v2 hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 27, 2020 at 6:56 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> On 3/28/20 1:41 AM, Andrii Nakryiko wrote:
> > On Fri, Mar 27, 2020 at 9:00 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> >>
> >> Today, Kubernetes is still operating on cgroups v1, however, it is
> >> possible to retrieve the task's classid based on 'current' out of
> >> connect(), sendmsg(), recvmsg() and bind-related hooks for orchestrators
> >> which attach to the root cgroup v2 hook in a mixed env like in case
> >> of Cilium, for example, in order to then correlate certain pod traffic
> >> and use it as part of the key for BPF map lookups.
> >
> > Have you tried getting this classid directly from task_struct in your
> > BPF program with vmlinux.h and CO-RE? Seems like it should be pretty
> > straightforward and not requiring a special BPF handler just for that?
>
> To answer both questions (5/7 and this one) in the same mail here: my
> understanding is that this would require to install additional tracing
> programs on these hooks instead of being able to integrate them into [0]
> for usage out of sock_addr and sock progs (similar as they are available
> as well from tc from skb)?

No, not really, assuming bpf_get_current_task() helper is available
for those programs. Something like this should work, can't really
check because I don't know what classid value is supposed to be, but
all the relocations succeed, so at least typing wise it should be
good:

#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_core_read.h>

static __always_inline u32 get_cgroup_classid(void)
{
        struct task_struct *task = (void *)bpf_get_current_task();
        struct cgroup_cls_state *state = (void *)BPF_CORE_READ(task,
cgroups, subsys[net_cls_cgrp_id]);

        return BPF_CORE_READ(state, classid);
}

I've cheated with conversion from `struct cgroup_subsys_state *` to
`struct cgroup_cls_state *`, given that they match right now. But it
is possible to have relocatable equivalent of container_of() macro for
CO-RE, I'd be happy to play with that and provide it as part of
bpf_core_read.h, if necessary.

Hope this clarifies what I meant by implementing with CO-RE.


>
> Thanks,
> Daniel
>
>    [0] https://github.com/cilium/cilium/blob/master/bpf/bpf_sock.c
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux