[net-next,0/2] inet_diag: add cgroup attribute and filter

Message ID	20200430155115.83306-1-zeil@yandex-team.ru
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Dmitry Yakunin <zeil@yandex-team.ru> To: davem@davemloft.net, netdev@vger.kernel.org Cc: khlebnikov@yandex-team.ru, tj@kernel.org, cgroups@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH net-next 0/2] inet_diag: add cgroup attribute and filter Date: Thu, 30 Apr 2020 18:51:13 +0300 Message-Id: <20200430155115.83306-1-zeil@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	inet_diag: add cgroup attribute and filter \| expand [net-next,0/2] inet_diag: add cgroup attribute and filter [net-next,1/2] inet_diag: add cgroup id attribute [net-next,2/2] inet_diag: add support for cgroup filter

Message ID

20200430155115.83306-1-zeil@yandex-team.ru

Headers

From: Dmitry Yakunin <zeil@yandex-team.ru>
To: davem@davemloft.net, netdev@vger.kernel.org
Cc: khlebnikov@yandex-team.ru, tj@kernel.org, cgroups@vger.kernel.org,
        bpf@vger.kernel.org
Subject: [PATCH net-next 0/2] inet_diag: add cgroup attribute and filter
Date: Thu, 30 Apr 2020 18:51:13 +0300
Message-Id: <20200430155115.83306-1-zeil@yandex-team.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

inet_diag: add cgroup attribute and filter | expand

Message

Dmitry Yakunin April 30, 2020, 3:51 p.m. UTC

This patch series extends inet diag with cgroup v2 ID attribute and
filter. Which allows investigate sockets on per cgroup basis. Patch for
ss is already sent to iproute2-next mailing list.

Dmitry Yakunin (2):
  inet_diag: add cgroup id attribute
  inet_diag: add support for cgroup filter

 include/linux/inet_diag.h      |  6 +++++-
 include/uapi/linux/inet_diag.h |  2 ++
 net/ipv4/inet_diag.c           | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)

Comments

David Miller April 30, 2020, 7:55 p.m. UTC | #1

From: Dmitry Yakunin <zeil@yandex-team.ru>
Date: Thu, 30 Apr 2020 18:51:13 +0300

> This patch series extends inet diag with cgroup v2 ID attribute and
> filter. Which allows investigate sockets on per cgroup basis. Patch for
> ss is already sent to iproute2-next mailing list.

Ok, this looks fine, series applied.

Although I wish you could have done something like only emit the cgroup
attribute if it is a non-default value (zero, or whatever it is).

Every time a new socket attribute is added, it makes long dumps more
and more expensive.

Konstantin Khlebnikov May 1, 2020, 5:54 a.m. UTC | #2

On 30/04/2020 22.55, David Miller wrote:
> From: Dmitry Yakunin <zeil@yandex-team.ru>
> Date: Thu, 30 Apr 2020 18:51:13 +0300
> 
>> This patch series extends inet diag with cgroup v2 ID attribute and
>> filter. Which allows investigate sockets on per cgroup basis. Patch for
>> ss is already sent to iproute2-next mailing list.
> 
> Ok, this looks fine, series applied.
> 
> Although I wish you could have done something like only emit the cgroup
> attribute if it is a non-default value (zero, or whatever it is).
> 
> Every time a new socket attribute is added, it makes long dumps more
> and more expensive.
> 

Maybe then put it under condition

	if (ext & (1 << (INET_DIAG_CLASS_ID - 1)) ||
	    ext & (1 << (INET_DIAG_TCLASS - 1))) {

like legacy cgroup id INET_DIAG_CLASS_ID above.

(userspace requests it by INET_DIAG_TCLASS because INET_DIAG_CLASS_ID does not fit into field)