Re: [PATCH bpf-next v7 5/9] libbpf: Add support for cgroup unix socket address hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 2, 2023 at 5:28 AM Daan De Meyer <daan.j.demeyer@xxxxxxxxx> wrote:
>
> Add the necessary plumbing to hook up the new cgroup unix sockaddr
> hooks into libbpf.
>
> Signed-off-by: Daan De Meyer <daan.j.demeyer@xxxxxxxxx>
> ---
>  tools/lib/bpf/libbpf.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 31b8b252e614..dd3683b98679 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -82,17 +82,22 @@ static const char * const attach_type_name[] = {
>         [BPF_CGROUP_INET6_BIND]         = "cgroup_inet6_bind",
>         [BPF_CGROUP_INET4_CONNECT]      = "cgroup_inet4_connect",
>         [BPF_CGROUP_INET6_CONNECT]      = "cgroup_inet6_connect",
> +       [BPF_CGROUP_UNIX_CONNECT]       = "cgroup_unix_connect",
>         [BPF_CGROUP_INET4_POST_BIND]    = "cgroup_inet4_post_bind",
>         [BPF_CGROUP_INET6_POST_BIND]    = "cgroup_inet6_post_bind",
>         [BPF_CGROUP_INET4_GETPEERNAME]  = "cgroup_inet4_getpeername",
>         [BPF_CGROUP_INET6_GETPEERNAME]  = "cgroup_inet6_getpeername",
> +       [BPF_CGROUP_UNIX_GETPEERNAME]   = "cgroup_unix_getpeername",
>         [BPF_CGROUP_INET4_GETSOCKNAME]  = "cgroup_inet4_getsockname",
>         [BPF_CGROUP_INET6_GETSOCKNAME]  = "cgroup_inet6_getsockname",
> +       [BPF_CGROUP_UNIX_GETSOCKNAME]   = "cgroup_unix_getsockname",
>         [BPF_CGROUP_UDP4_SENDMSG]       = "cgroup_udp4_sendmsg",
>         [BPF_CGROUP_UDP6_SENDMSG]       = "cgroup_udp6_sendmsg",
> +       [BPF_CGROUP_UNIX_SENDMSG]       = "cgroup_unix_sendmsg",
>         [BPF_CGROUP_SYSCTL]             = "cgroup_sysctl",
>         [BPF_CGROUP_UDP4_RECVMSG]       = "cgroup_udp4_recvmsg",
>         [BPF_CGROUP_UDP6_RECVMSG]       = "cgroup_udp6_recvmsg",
> +       [BPF_CGROUP_UNIX_RECVMSG]       = "cgroup_unix_recvmsg",
>         [BPF_CGROUP_GETSOCKOPT]         = "cgroup_getsockopt",
>         [BPF_CGROUP_SETSOCKOPT]         = "cgroup_setsockopt",
>         [BPF_SK_SKB_STREAM_PARSER]      = "sk_skb_stream_parser",
> @@ -8960,14 +8965,19 @@ static const struct bpf_sec_def section_defs[] = {
>         SEC_DEF("cgroup/bind6",         CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_BIND, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/connect4",      CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_CONNECT, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/connect6",      CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_CONNECT, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/connectun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_CONNECT, SEC_ATTACHABLE),

I don't have too strong feelings here, but is "un" suffix a clear
enough designator that this is working with unix sockets? Nothing can
beat "connect4" and "connect6" in succinctness, but
`cgroup/connect_unix` is not too verbose, but is probably a bit easier
to guess?

Again, if this was some sort of consensus, I don't care much, but I
thought I'd bring this up anyways.

>         SEC_DEF("cgroup/sendmsg4",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_SENDMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/sendmsg6",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_SENDMSG, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/sendmsgun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_SENDMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/recvmsg4",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_RECVMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/recvmsg6",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_RECVMSG, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/recvmsgun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_RECVMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getpeername4",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETPEERNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getpeername6",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETPEERNAME, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/getpeernameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETPEERNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockname4",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETSOCKNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockname6",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETSOCKNAME, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/getsocknameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETSOCKNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/sysctl",        CGROUP_SYSCTL, BPF_CGROUP_SYSCTL, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockopt",    CGROUP_SOCKOPT, BPF_CGROUP_GETSOCKOPT, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/setsockopt",    CGROUP_SOCKOPT, BPF_CGROUP_SETSOCKOPT, SEC_ATTACHABLE),
> --
> 2.41.0
>
>





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux