Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cgroup sockaddr hooks for unix sockets #4190

Closed
wants to merge 9 commits into from
Closed

Add cgroup sockaddr hooks for unix sockets #4190

wants to merge 9 commits into from

Conversation

kernel-patches-bot
Copy link

Pull request for series with
subject: Add cgroup sockaddr hooks for unix sockets
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=703590

@DaanDeMeyer
selftests/bpf: Add missing section name tests for getpeername/getsock…
0e96f22 
…name
@DaanDeMeyer
bpf: Allow read access to addr_len from cgroup sockaddr programs
11cc317
@DaanDeMeyer
bpf: Support access to sun_path from cgroup sockaddr programs
a6d6596 
Preparation for adding unix support to cgroup sockaddr bpf programs.
In this commit, no programs are allowed to access user_path. We'll
open this up to the new unix program types in a later commit.
@DaanDeMeyer
selftests/bpf: Track sockaddr length in sock addr tests
2b5cc55 
In preparation for adding unix socket support to the bpf cgroup
socket address hooks, start tracking the sockaddr length in the
sockaddr tests which will be required when adding tests for unix
sockets.
@DaanDeMeyer
bpf: Implement cgroup sockaddr hooks for unix sockets
92fe37e 
These hooks allows intercepting bind(), connect(), getsockname(),
getpeername(), sendmsg() and recvmsg() for unix sockets. The unix
socket hooks get write access to the address length because the
address length is not fixed when dealing with unix sockets and
needs to be modified when a unix socket address is modified by
the hook. Because abstract socket unix addresses start with a
NUL byte, we cannot recalculate the socket address in kernelspace
after running the hook by calculating the length of the unix socket
path using strlen().

This hook can be used when users want to multiplex syscall to a
single unix socket to multiple different processes behind the scenes
by redirecting the connect() and other syscalls to process specific
sockets.
@DaanDeMeyer
libbpf: Add support for cgroup unix socket address hooks
34aa7fe
@DaanDeMeyer
bpftool: Add support for cgroup unix socket address hooks
3221bc3
@DaanDeMeyer
selftests/bpf: Add tests for cgroup unix socket address hooks
913c01a 
The unix socket address hooks do not support modifying the source
address so we skip source address checks when we're running a unix
socket address hook test.
@DaanDeMeyer
documentation/bpf: Document cgroup unix socket address hooks
a898d2d
@kernel-patches-bot
Copy link
Author

Upstream branch: f3212ad
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=703590
version: 2

@kernel-patches-bot
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=703590 expired. Closing PR.

@kernel-patches-bot kernel-patches-bot deleted the series/703590=>bpf-next branch December 13, 2022 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next changes-requested V2
Projects
None yet
Milestone
No milestone
2 participants
@kernel-patches-bot @DaanDeMeyer