Skip to content

Commit afc454b

Browse files
fomichevborkmann
fomichev
authored and
borkmann
committed
bpf: Enable bpf_{g,s}etsockopt in BPF_CGROUP_UDP{4,6}_RECVMSG
Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Signed-off-by: Stanislav Fomichev <sdf@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20210127232853.3753823-5-sdf@google.com
1 parent 2d9d104 commit afc454b

File tree

3 files changed

+14
-0
lines changed

3 files changed

+14
-0
lines changed

net/core/filter.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7023,6 +7023,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
70237023
case BPF_CGROUP_INET6_BIND:
70247024
case BPF_CGROUP_INET4_CONNECT:
70257025
case BPF_CGROUP_INET6_CONNECT:
7026+
case BPF_CGROUP_UDP4_RECVMSG:
7027+
case BPF_CGROUP_UDP6_RECVMSG:
70267028
case BPF_CGROUP_UDP4_SENDMSG:
70277029
case BPF_CGROUP_UDP6_SENDMSG:
70287030
case BPF_CGROUP_INET4_GETPEERNAME:
@@ -7039,6 +7041,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
70397041
case BPF_CGROUP_INET6_BIND:
70407042
case BPF_CGROUP_INET4_CONNECT:
70417043
case BPF_CGROUP_INET6_CONNECT:
7044+
case BPF_CGROUP_UDP4_RECVMSG:
7045+
case BPF_CGROUP_UDP6_RECVMSG:
70427046
case BPF_CGROUP_UDP4_SENDMSG:
70437047
case BPF_CGROUP_UDP6_SENDMSG:
70447048
case BPF_CGROUP_INET4_GETPEERNAME:

tools/testing/selftests/bpf/progs/recvmsg4_prog.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@
88
#include <bpf/bpf_helpers.h>
99
#include <bpf/bpf_endian.h>
1010

11+
#include <bpf_sockopt_helpers.h>
12+
1113
#define SERV4_IP 0xc0a801feU /* 192.168.1.254 */
1214
#define SERV4_PORT 4040
1315

@@ -28,6 +30,9 @@ int recvmsg4_prog(struct bpf_sock_addr *ctx)
2830
if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
2931
return 1;
3032

33+
if (!get_set_sk_priority(ctx))
34+
return 1;
35+
3136
ctx->user_ip4 = bpf_htonl(SERV4_IP);
3237
ctx->user_port = bpf_htons(SERV4_PORT);
3338

tools/testing/selftests/bpf/progs/recvmsg6_prog.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@
88
#include <bpf/bpf_helpers.h>
99
#include <bpf/bpf_endian.h>
1010

11+
#include <bpf_sockopt_helpers.h>
12+
1113
#define SERV6_IP_0 0xfaceb00c /* face:b00c:1234:5678::abcd */
1214
#define SERV6_IP_1 0x12345678
1315
#define SERV6_IP_2 0x00000000
@@ -31,6 +33,9 @@ int recvmsg6_prog(struct bpf_sock_addr *ctx)
3133
if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
3234
return 1;
3335

36+
if (!get_set_sk_priority(ctx))
37+
return 1;
38+
3439
ctx->user_ip6[0] = bpf_htonl(SERV6_IP_0);
3540
ctx->user_ip6[1] = bpf_htonl(SERV6_IP_1);
3641
ctx->user_ip6[2] = bpf_htonl(SERV6_IP_2);

0 commit comments

Comments
 (0)