On Mon, Oct 2, 2023 at 5:28 AM Daan De Meyer <daan.j.demeyer@xxxxxxxxx> wrote: > > Add the necessary plumbing to hook up the new cgroup unix sockaddr > hooks into libbpf. > > Signed-off-by: Daan De Meyer <daan.j.demeyer@xxxxxxxxx> > --- > tools/lib/bpf/libbpf.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > index 31b8b252e614..dd3683b98679 100644 > --- a/tools/lib/bpf/libbpf.c > +++ b/tools/lib/bpf/libbpf.c > @@ -82,17 +82,22 @@ static const char * const attach_type_name[] = { > [BPF_CGROUP_INET6_BIND] = "cgroup_inet6_bind", > [BPF_CGROUP_INET4_CONNECT] = "cgroup_inet4_connect", > [BPF_CGROUP_INET6_CONNECT] = "cgroup_inet6_connect", > + [BPF_CGROUP_UNIX_CONNECT] = "cgroup_unix_connect", > [BPF_CGROUP_INET4_POST_BIND] = "cgroup_inet4_post_bind", > [BPF_CGROUP_INET6_POST_BIND] = "cgroup_inet6_post_bind", > [BPF_CGROUP_INET4_GETPEERNAME] = "cgroup_inet4_getpeername", > [BPF_CGROUP_INET6_GETPEERNAME] = "cgroup_inet6_getpeername", > + [BPF_CGROUP_UNIX_GETPEERNAME] = "cgroup_unix_getpeername", > [BPF_CGROUP_INET4_GETSOCKNAME] = "cgroup_inet4_getsockname", > [BPF_CGROUP_INET6_GETSOCKNAME] = "cgroup_inet6_getsockname", > + [BPF_CGROUP_UNIX_GETSOCKNAME] = "cgroup_unix_getsockname", > [BPF_CGROUP_UDP4_SENDMSG] = "cgroup_udp4_sendmsg", > [BPF_CGROUP_UDP6_SENDMSG] = "cgroup_udp6_sendmsg", > + [BPF_CGROUP_UNIX_SENDMSG] = "cgroup_unix_sendmsg", > [BPF_CGROUP_SYSCTL] = "cgroup_sysctl", > [BPF_CGROUP_UDP4_RECVMSG] = "cgroup_udp4_recvmsg", > [BPF_CGROUP_UDP6_RECVMSG] = "cgroup_udp6_recvmsg", > + [BPF_CGROUP_UNIX_RECVMSG] = "cgroup_unix_recvmsg", > [BPF_CGROUP_GETSOCKOPT] = "cgroup_getsockopt", > [BPF_CGROUP_SETSOCKOPT] = "cgroup_setsockopt", > [BPF_SK_SKB_STREAM_PARSER] = "sk_skb_stream_parser", > @@ -8960,14 +8965,19 @@ static const struct bpf_sec_def section_defs[] = { > SEC_DEF("cgroup/bind6", CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_BIND, SEC_ATTACHABLE), > SEC_DEF("cgroup/connect4", CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_CONNECT, SEC_ATTACHABLE), > SEC_DEF("cgroup/connect6", CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_CONNECT, SEC_ATTACHABLE), > + SEC_DEF("cgroup/connectun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_CONNECT, SEC_ATTACHABLE), I don't have too strong feelings here, but is "un" suffix a clear enough designator that this is working with unix sockets? Nothing can beat "connect4" and "connect6" in succinctness, but `cgroup/connect_unix` is not too verbose, but is probably a bit easier to guess? Again, if this was some sort of consensus, I don't care much, but I thought I'd bring this up anyways. > SEC_DEF("cgroup/sendmsg4", CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_SENDMSG, SEC_ATTACHABLE), > SEC_DEF("cgroup/sendmsg6", CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_SENDMSG, SEC_ATTACHABLE), > + SEC_DEF("cgroup/sendmsgun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_SENDMSG, SEC_ATTACHABLE), > SEC_DEF("cgroup/recvmsg4", CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_RECVMSG, SEC_ATTACHABLE), > SEC_DEF("cgroup/recvmsg6", CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_RECVMSG, SEC_ATTACHABLE), > + SEC_DEF("cgroup/recvmsgun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_RECVMSG, SEC_ATTACHABLE), > SEC_DEF("cgroup/getpeername4", CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETPEERNAME, SEC_ATTACHABLE), > SEC_DEF("cgroup/getpeername6", CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETPEERNAME, SEC_ATTACHABLE), > + SEC_DEF("cgroup/getpeernameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETPEERNAME, SEC_ATTACHABLE), > SEC_DEF("cgroup/getsockname4", CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETSOCKNAME, SEC_ATTACHABLE), > SEC_DEF("cgroup/getsockname6", CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETSOCKNAME, SEC_ATTACHABLE), > + SEC_DEF("cgroup/getsocknameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETSOCKNAME, SEC_ATTACHABLE), > SEC_DEF("cgroup/sysctl", CGROUP_SYSCTL, BPF_CGROUP_SYSCTL, SEC_ATTACHABLE), > SEC_DEF("cgroup/getsockopt", CGROUP_SOCKOPT, BPF_CGROUP_GETSOCKOPT, SEC_ATTACHABLE), > SEC_DEF("cgroup/setsockopt", CGROUP_SOCKOPT, BPF_CGROUP_SETSOCKOPT, SEC_ATTACHABLE), > -- > 2.41.0 > >