On Wed, Jan 27, 2021 at 1:30 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote: > > On 1/27/21 6:47 PM, Stanislav Fomichev wrote: > > Can be used to query/modify socket state for unconnected UDP sendmsg. > > Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on > > a locked socket. > > > > Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx> > > --- > > net/core/filter.c | 4 ++++ > > tools/testing/selftests/bpf/progs/sendmsg4_prog.c | 7 +++++++ > > tools/testing/selftests/bpf/progs/sendmsg6_prog.c | 7 +++++++ > > 3 files changed, 18 insertions(+) > > > > diff --git a/net/core/filter.c b/net/core/filter.c > > index 9ab94e90d660..3d7f78a19565 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -7023,6 +7023,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > > case BPF_CGROUP_INET6_BIND: > > case BPF_CGROUP_INET4_CONNECT: > > case BPF_CGROUP_INET6_CONNECT: > > + case BPF_CGROUP_UDP4_SENDMSG: > > + case BPF_CGROUP_UDP6_SENDMSG: > > return &bpf_sock_addr_setsockopt_proto; > > default: > > return NULL; > > @@ -7033,6 +7035,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > > case BPF_CGROUP_INET6_BIND: > > case BPF_CGROUP_INET4_CONNECT: > > case BPF_CGROUP_INET6_CONNECT: > > + case BPF_CGROUP_UDP4_SENDMSG: > > + case BPF_CGROUP_UDP6_SENDMSG: > > return &bpf_sock_addr_getsockopt_proto; > > Patch looks good, could we at this point also add all the others that run under > BPF_CGROUP_RUN_SA_PROG_LOCK while at it, that is v4/v6 flavors of recvmsg as well > as peername/sockname? Sounds good, will resend with more hooks added.
