On Tue, Jun 21, 2022 at 02:05:47AM +0000, Dave Thaler wrote: > Martin KaFai Lau <kafai@xxxxxx> writes: > >> I wonder why struct bpf_sock_addr doesn't contain the sin6_scope_id as > >> in struct sockaddr_in6. > >> A program with type like BPF_PROG_TYPE_CGROUP_SOCK_ADDR might want to > >> access that field. > > > > > > I think usually there was no use case? > > Do you need to read from it or write to it? > > You can try to extend it. Take a look at sock_addr_is_valid_access() and sock_addr_convert_ctx_access(). > > For me: read it. If you're trying to, say, track the set of all connections, you can't do it simply from > the IP+port pairs, since IPv6 scoped addresses are ambiguous so you can have 2 or more connections > with the same IP+port pair, so I need either the scope id, or an interface (device) identifier, to disambiguate > and know which connection is which. > > If Linux has an API to get to it, we'd ty to do the same in the ebpf-for-windows project as well, > but right now I don't know the answer. For read only into any syscall like functions, it is usually done with bpf-tracing in Linux which can read the scope id and other args. afaik, the cgroup sock_addr hook is more for changing the sockaddr rather than only reading it. If the sock_addr prog is to be extended for sin6_scope_id, it should be changeable also. [ Remove outdated email from cc list ]
