Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2271767yba; Fri, 19 Apr 2019 16:02:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqzo3XzX0fbBslbKuv+e5Iu+MMqJNpQ91MG1BSIYZweixPjvZXjNTUu4+cLsSqu9XdWLBHwJ X-Received: by 2002:aa7:8e43:: with SMTP id d3mr6638401pfr.168.1555714923342; Fri, 19 Apr 2019 16:02:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555714923; cv=none; d=google.com; s=arc-20160816; b=KU5pvh3Gw3w1Ue/kv0ONibrBdeclXV8WTykLYsq5g3bMVbs7RBHEFV8HaXGCMXmZYf BUjuYgiSY/eyYUb46kWH8tYJNhMSsVqiTxvbESqc1Rj1D4g7bnFwQ6I2RQr3gK/iDXoh /TdqmE6zm2kDo3ohdkpfRuGJGFb9920nbP+vYPCWBhRNVmbAPZppNRJdoppcMkpyY9N0 1S1CicW9yZCwrHAREFZHMiM8eR6AaYyvsQO9G8okU/eyS/HTrhqTA7xqgE8QLQNNdMcb MikFKv8D6lEuYwNKrSGGxBEkNsN6STM7epLlb5vzsQo0j3iaqxQXlvj7fEIjBPXwsllM 0k+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vnMl9QufHWeKqWpHvzndv041maEwiL/0hMQzJUIU77I=; b=oNZSoaiOuO7IpqThSXrGR2xFEJmQU5NnVIiYKosG+3GA12Ah2JEPXCiVXz98k/nsHW 8CnyXmkxfiWsPJGSWsT1hwBcz2sfk33WT06ebNbwKnpLQH85bZ5VskrQEMhzfqYapcUR KEjA8n1JvUBjeB2kIlm/JqwZ9lehLzcOBnW+ULAYHI+YQEr+GjRHeudjxPe+izgy3enY B5URFXd9eaUokO1ry+t9QmibSLrM/dnBONFFcPG1/3NXoOFQ+F06mVt/E4OI2Ud51y4d fN4TZNdX3Fz3JnB9Gw4PX86vGE5jiIM5Xtlb2GD7KvMi8RtRl/IQQ48wutbpxyEkcQny OTPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SXcVghTS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k5si6191577plt.179.2019.04.19.16.01.47; Fri, 19 Apr 2019 16:02:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=SXcVghTS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726807AbfDSW7m (ORCPT + 99 others); Fri, 19 Apr 2019 18:59:42 -0400 Received: from mail-it1-f196.google.com ([209.85.166.196]:37312 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726234AbfDSW7m (ORCPT ); Fri, 19 Apr 2019 18:59:42 -0400 Received: by mail-it1-f196.google.com with SMTP id u65so10350863itc.2; Fri, 19 Apr 2019 15:59:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vnMl9QufHWeKqWpHvzndv041maEwiL/0hMQzJUIU77I=; b=SXcVghTSx0kLE9c4ECxgKHFj5/E+7jIPziyBsgbfsKjOfksLfiXNK0A2Y2MbLGnEUT f1FqPc8DoPeYsbPaTLtLDJD5LcATY2qg2uuCuMxOBTdBL+G0UFpRfWgCNXwB8HbhT9OE d1kUPjoFUKtaihte7ZE1KN1BP2MFjh/Ma6bxmq+bA8XYe7hPqU3UtLx7n34craL/KSfP i9ZuVqIuArlThbaRhc2kYgTPBg/QI6TigWk3X0H4zAlark/sUC6GQ3d/tcymXoQK1iiu 7CoXqgBEFoFNnG/WPgNMAPZYjwXKjdbmwh27PBdSqpMRTvI6YxkfvKaRaLL+er4770rN 9uaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vnMl9QufHWeKqWpHvzndv041maEwiL/0hMQzJUIU77I=; b=g1NL4hPZnHKqF0Aq5wmwrGgQ/L6Nq6OMFSJaaPE2IuLNem/a2vmxunfXLSUlvAWFk3 EQtbEPQF7uXEoAZ2jjyiM63b9fSelCC901Ar9QXbdd82CZ4mm9LSQbhU5MTeHENC08LN vovLzpngPF/AyoMmzOdKIubcjqOsQ26P9z1gln9ZZhGn+Qlmt8xPydkU1FGueai9Fe5i vq6EJXi+RY4WB8nV+tiMwvfIAwIgoaNAb8yujZoXdUxSDE4URTfwayx/Li9fsgQQGH1X 0dlsFuGHnBWTTc0qf5Mc0glfqcSu8bczdnE+U+WRSsKfBaM6oiqdDt/zK7QrvXNK8gLZ X6Uw== X-Gm-Message-State: APjAAAUmn3AhQHAmMajf/qCb2WWBF0ffpU1yWxBZdNP4ayireEh0M/Ne gTX9l+FkTTBzBRZ9B+isGfheSlfcm5VWyR7RriU= X-Received: by 2002:a24:4210:: with SMTP id i16mr4696113itb.37.1555714781085; Fri, 19 Apr 2019 15:59:41 -0700 (PDT) MIME-Version: 1.0 References: <20190418155652.22181-1-alban@kinvolk.io> In-Reply-To: From: Y Song Date: Fri, 19 Apr 2019 15:59:04 -0700 Message-ID: Subject: Re: [PATCH bpf-next v2 1/3] bpf: sock ops: add netns ino and dev in bpf context To: Alban Crequy Cc: Alban Crequy , John Fastabend , Alexei Starovoitov , Daniel Borkmann , bpf , netdev , LKML , =?UTF-8?Q?Iago_L=C3=B3pez_Galeiras?= Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 19, 2019 at 4:51 AM Alban Crequy wrote: > > On Thu, Apr 18, 2019 at 11:31 PM Y Song wrote: > > > > On Thu, Apr 18, 2019 at 8:58 AM Alban Crequy wrote: > > > > > > From: Alban Crequy > > > > > > sockops programs can now access the network namespace inode and device > > > via (struct bpf_sock_ops)->netns_ino and ->netns_dev. This can be useful > > > to apply different policies on different network namespaces. > > > > > > In the unlikely case where network namespaces are not compiled in > > > (CONFIG_NET_NS=n), the verifier will not allow access to ->netns_*. > > > > > > The generated BPF bytecode for netns_ino is loading the correct inode > > > number at the time of execution. > > > > > > However, the generated BPF bytecode for netns_dev is loading an > > > immediate value determined at BPF-load-time by looking at the initial > > > network namespace. In practice, this works because all netns currently > > > use the same virtual device. If this was to change, this code would need > > > to be updated too. > > > > > > Signed-off-by: Alban Crequy > > > > > > --- > > > > > > Changes since v1: > > > - add netns_dev (review from Alexei) > > > --- > > > include/uapi/linux/bpf.h | 2 ++ > > > net/core/filter.c | 70 ++++++++++++++++++++++++++++++++++++++++ > > > 2 files changed, 72 insertions(+) > > > > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > > index eaf2d3284248..f4f841dde42c 100644 > > > --- a/include/uapi/linux/bpf.h > > > +++ b/include/uapi/linux/bpf.h > > > @@ -3213,6 +3213,8 @@ struct bpf_sock_ops { > > > __u32 sk_txhash; > > > __u64 bytes_received; > > > __u64 bytes_acked; > > > + __u64 netns_dev; > > > + __u64 netns_ino; > > > > Maybe we can define netns_dev as __u32? > > __u64 netns_ino; > > __u32 netns_dev; > > > > There is a hole at the end which can be used if the next > > field to be added in the future is a __u32. > > > > From > > static inline u32 new_encode_dev(dev_t dev) > > { > > unsigned major = MAJOR(dev); > > unsigned minor = MINOR(dev); > > return (minor & 0xff) | (major << 8) | ((minor & ~0xff) << 12); > > } > > > > device num is encoded in a u32. > > I could do that but there are already two occurrences of "__u64 > netns_dev" in bpf.h: > - struct bpf_prog_info > - struct bpf_map_info > > Should I keep it a u64 for consistency with the rest of bpf.h, or > change it to u32? Agreed. We probably should keep it to be __u64 to be consistent with others.