From patchwork Thu Aug 31 22:05:43 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808436 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="WSNldwqg"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKR0YWVz9s81 for ; Fri, 1 Sep 2017 08:06:19 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751355AbdHaWGK (ORCPT ); Thu, 31 Aug 2017 18:06:10 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:38399 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751001AbdHaWGJ (ORCPT ); Thu, 31 Aug 2017 18:06:09 -0400 Received: by mail-pf0-f194.google.com with SMTP id r187so518455pfr.5 for ; Thu, 31 Aug 2017 15:06:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Og8YcErKWydxtzL31Gw/A7hs8bvhT/1tIjRLYVl1scQ=; b=WSNldwqgyQJWTuvuwRndiHKSm3a2X4O+95l5dIrsa2VlogcZHAJ8dS8AreNybP3071 iyQEMld8pDWlo67bFGtWM+ro0OBaMU8VIpRIWBfKx1OqZfSzoBu4ca1fhIUBjKjY5IMh Qw4Sevmk9O+2OZsFQBpnGwHK+glQfFngdHRGT4jOfMOwr6j4sJZdTl/C11GeXx3wuVtf ZQrkSRtR8VgbI8lSksSTucyMQBbquK+H91Rp8f2y/DXPUQbTho+4CiPOBuemGtyH2O6m 1DPpR6VjYXRM2UPqFwbzynhkcVsMJbu/yUhStnGFnkUOoLmUP2EFm+KraMGdsC79jc/o Z3hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Og8YcErKWydxtzL31Gw/A7hs8bvhT/1tIjRLYVl1scQ=; b=LET9Fvt1rvL7PYmcAMm4tbQVCQI15UnJRXs7muIZPzRqMnhFFSX8wedz6YYaMFCCvt w12FZz6BKsAgviZ4Nh7f2efonwdY2pmDh6XbXRj1h42xWB7aJp2X+jIy7zzcUy1/HYdG 2V2HrKX69Nb0QkT1gfMAFd5nqkyELrmZClWcFCZkRpMvUQlOVX7AYQ709LM81cAjY0U0 s84HytbqxgVoVcsx7nxAi74jNMoE26+npbEFzH3efKKBAz+06JzFXDpVXWjy5RT/clPL avL9IVOv9F7Csnz2DS9g2CrFrxrez/GIWt54dPTbk+KqqF/r7ftuh+CS/DabLDHUz/Qi ZYnA== X-Gm-Message-State: AHYfb5gVoYDb0OirYFNvBGPN8e4VxMqPmez5GgupqdrgfCqUvUS+qwhQ NOhIabuVRIzUKJxd X-Google-Smtp-Source: ADKCNb5IKg5jWfjJn0EElJ6w1VxCiXE8XzdKOVXGnpEg0Qy1wXZHjBfBbBsdU109K8n8g5rvVfCf6A== X-Received: by 10.99.96.23 with SMTP id u23mr3258510pgb.253.1504217168741; Thu, 31 Aug 2017 15:06:08 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:07 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 0/7] bpf: Add option to set mark and priority in cgroup sock programs Date: Thu, 31 Aug 2017 15:05:43 -0700 Message-Id: <1504217150-16151-1-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add option to set mark and priority in addition to bound device for newly created sockets. Also, allow the bpf programs to use the get_current_uid_gid helper meaning socket marks, priority and device can be set based on the uid/gid of the running process. Sample programs are updated to demonstrate the new options. v3 - no changes to Patches 1 and 2 which Alexei acked in previous versions - dropped change related to recursive programs in a cgroup - updated tests per dropped patch v2 - added flag to control recursive behavior as requested by Alexei - added comment to sock_filter_func_proto regarding use of get_current_uid_gid helper - updated test programs for recursive option David Ahern (7): bpf: Add mark and priority to sock options that can be set bpf: Allow cgroup sock filters to use get_current_uid_gid helper samples/bpf: Update sock test to allow setting mark and priority samples/bpf: Add detach option to test_cgrp2_sock samples/bpf: Add option to dump socket settings samples/bpf: Update cgrp2 socket tests samples/bpf: Update cgroup socket examples to use uid gid helper include/uapi/linux/bpf.h | 2 + net/core/filter.c | 42 ++++++- samples/bpf/sock_flags_kern.c | 5 + samples/bpf/test_cgrp2_sock.c | 255 ++++++++++++++++++++++++++++++++++++----- samples/bpf/test_cgrp2_sock.sh | 162 ++++++++++++++++++++------ 5 files changed, 401 insertions(+), 65 deletions(-)