Daniel Borkmann wrote: > On 5/24/20 6:50 PM, John Fastabend wrote: > > Often it is useful when applying policy to know something about the > > task. If the administrator has CAP_SYS_ADMIN rights then they can > > use kprobe + networking hook and link the two programs together to > > accomplish this. However, this is a bit clunky and also means we have > > to call both the network program and kprobe program when we could just > > use a single program and avoid passing metadata through sk_msg/skb->cb, > > socket, maps, etc. > > > > To accomplish this add probe_* helpers to bpf_base_func_proto programs > > guarded by a perfmon_capable() check. New supported helpers are the > > following, > > > > BPF_FUNC_get_current_task > > BPF_FUNC_current_task_under_cgroup > > Nit: Stale commit message? > Correct, stale commit. > > BPF_FUNC_probe_read_user > > BPF_FUNC_probe_read_kernel > > BPF_FUNC_probe_read_user_str > > BPF_FUNC_probe_read_kernel_str > > > > Signed-off-by: John Fastabend <john.fastabend@xxxxxxxxx> > > Acked-by: Yonghong Song <yhs@xxxxxx> > > --- [...]
