diff options
| author |   Martin KaFai Lau <martin.lau@kernel.org> | 2022-09-09 10:40:45 -0700 |
|---|---|---|
| committer | Martin KaFai Lau <martin.lau@kernel.org> | 2022-09-09 10:40:46 -0700 |
| commit | 2fae67716bb99a956a4c4a47c0e2ece52a2a15ca (patch) | |
| tree | ffea21e0a4d42c7ddd9ddf8dc56c14a2dd52f306 /kernel/bpf/helpers.c | |
| parent | libbpf: Remove gcc support for bpf_tail_call_static for now (diff) | |
| parent | selftests/bpf: Ensure cgroup/connect{4,6} programs can bind unpriv ICMP ping (diff) | |
| download | linux-dev-2fae67716bb99a956a4c4a47c0e2ece52a2a15ca.tar.xz linux-dev-2fae67716bb99a956a4c4a47c0e2ece52a2a15ca.zip | |
Merge branch 'cgroup/connect{4,6} programs for unprivileged ICMP ping'
YiFei Zhu says:
====================
Usually when a TCP/UDP connection is initiated, we can bind the socket
to a specific IP attached to an interface in a cgroup/connect hook.
But for pings, this is impossible, as the hook is not being called.
This series adds the invocation for cgroup/connect{4,6} programs to
unprivileged ICMP ping (i.e. ping sockets created with SOCK_DGRAM
IPPROTO_ICMP(V6) as opposed to SOCK_RAW). This also adds a test to
verify that the hooks are being called and invoking bpf_bind() from
within the hook actually binds the socket.
Patch 1 adds the invocation of the hook.
Patch 2 deduplicates write_sysctl in BPF test_progs.
Patch 3 adds the tests for this hook.
v1 -> v2:
* Added static to bindaddr_v6 in prog_tests/connect_ping.c
* Deduplicated much of the test logic in prog_tests/connect_ping.c
* Deduplicated write_sysctl() to test_progs.c
v2 -> v3:
* Renamed variable "obj" to "skel" for the BPF skeleton object in
prog_tests/connect_ping.c
v3 -> v4:
* Fixed error path to destroy skel in prog_tests/connect_ping.c
====================
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'kernel/bpf/helpers.c')
0 files changed, 0 insertions, 0 deletions