We want to have a tighter control on what ports we bind to in
the BPF_CGROUP_INET{4,6}_CONNECT hooks even if it means
connect() becomes slightly more expensive.
The series goes like this:
1. selftests: move existing helpers that make it easy to create
listener threads into common test_progs part
2. selftests: make sure the helpers above don't get stuck forever
in case the tests fails
3. do small refactoring of __inet{,6}_bind() flags to make it easy
to extend them with the additional flags
4. remove the restriction on port being zero in bpf_bind() helper;
add new bind flag to prevent POST_BIND hook from being called
Cc: Andrey Ignatov <rdna@xxxxxx>
Stanislav Fomichev (4):
selftests/bpf: generalize helpers to control backround listener
selftests/bpf: adopt accept_timeout from sockmap_listen
net: refactor arguments of inet{,6}_bind
bpf: allow any port in bpf_bind helper
include/net/inet_common.h | 8 +-
include/net/ipv6_stubs.h | 2 +-
net/core/filter.c | 15 +-
net/ipv4/af_inet.c | 20 ++-
net/ipv6/af_inet6.c | 22 +--
.../bpf/prog_tests/connect_force_port.c | 104 +++++++++++
.../selftests/bpf/prog_tests/sockmap_listen.c | 34 ----
.../selftests/bpf/prog_tests/tcp_rtt.c | 115 +-----------
.../selftests/bpf/progs/connect_force_port4.c | 28 +++
.../selftests/bpf/progs/connect_force_port6.c | 28 +++
tools/testing/selftests/bpf/test_progs.c | 165 ++++++++++++++++++
tools/testing/selftests/bpf/test_progs.h | 7 +
12 files changed, 372 insertions(+), 176 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/connect_force_port.c
create mode 100644 tools/testing/selftests/bpf/progs/connect_force_port4.c
create mode 100644 tools/testing/selftests/bpf/progs/connect_force_port6.c
--
2.26.2.526.g744177e7f7-goog
