In case of bad entries in /proc/mounts just skip cgroup cache initialization.
Cgroups in output will be shown as "unreachable:cgroup_id".
Fixes: d5e6ee0dac64 ("ss: introduce cgroup2 cache and helper functions")
Signed-off-by: Dmitry Yakunin
Reported-by: Donald Sharp
-
ild without CONFIG_IPV6 (kernel test robot )
v3:
- check skb length before access to inet headers (Eric Dumazet)
v4:
- do not use pskb_may_pull() in skb length checking (Alexei Starovoitov)
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 21 +
1 file changed, 21
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
(Daniel Borkmann)
v5:
- check skb length before access to inet headers (Eric Dumazet)
v6:
- do not use pskb_may_pull() in skb length checking (Alexei Starovoitov)
Dmitry Yakunin (2):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for skb in
(Daniel Borkmann)
v5:
- check skb length before access to inet headers (Eric Dumazet)
Dmitry Yakunin (2):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb
net/bpf/test_run.c | 39
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
ild without CONFIG_IPV6 (kernel test robot )
v3:
- check skb length before access to inet headers (Eric Dumazet)
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index b03c4
Sorry, forgot to bump version in cover letter subject. I will resend it.
03.08.2020, 00:30, "Dmitry Yakunin" :
> This patchset contains some improvements for testing cgroup/skb programs
> through BPF_PROG_TEST_RUN command.
>
> v2:
> - fix build without CONFIG_CGRO
(Daniel Borkmann)
v5:
- check skb length before access to inet headers (Eric Dumazet)
Dmitry Yakunin (2):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb
net/bpf/test_run.c | 39
ild without CONFIG_IPV6 (kernel test robot )
v3:
- check skb length before access to inet headers (Eric Dumazet)
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 21 +
1 file changed, 21 insertions(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index b03c4
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
ild without CONFIG_IPV6 (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index b03c469..2521b27 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -44
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
(Daniel Borkmann)
Dmitry Yakunin (2):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb
net/bpf/test_run.c | 39 ++--
tools/testing/selftests/bpf/prog_tests
16.07.2020, 23:19, "Daniel Borkmann" :
> On 7/15/20 9:51 PM, Dmitry Yakunin wrote:
>> Now we cannot check results in cgroup storage after running
>> BPF_PROG_TEST_RUN command because it allocates dummy cgroup storage
>> during test. This patch implements sim
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
This patchset contains some improvements for testing cgroup/skb programs
through BPF_PROG_TEST_RUN command.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
v3:
- fix build without CONFIG_IPV6 (kernel test robot )
Dmitry Yakunin (4):
bpf: setup socket family and addresses in
This patch exports bpf_cgroup_storages_alloc and bpf_cgroup_storages_free
helpers to the header file and reuses them in bpf_test_run.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
include/linux/bpf-cgroup.h | 36
ild without CONFIG_IPV6 (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index bfd4ccd..0c3283d 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -43
first match. If match is not found fallback to
temporary storage is happened.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 64 +-
.../selftests/bpf/prog_tests
This patchset contains some improvements for testing cgroup/skb programs
through BPF_PROG_TEST_RUN command.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
Dmitry Yakunin (4):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for
first match. If match is not found fallback to
temporary storage is happened.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 64 +-
.../selftests/bpf/prog_tests
This patch exports bpf_cgroup_storages_alloc and bpf_cgroup_storages_free
helpers to the header file and reuses them in bpf_test_run.
v2:
- fix build without CONFIG_CGROUP_BPF (kernel test robot )
Signed-off-by: Dmitry Yakunin
---
include/linux/bpf-cgroup.h | 36
Now it's impossible to test all branches of cgroup_skb bpf program which
accesses skb->family and skb->{local,remote}_ip{4,6} fields because they
are zeroed during socket allocation. This commit fills socket family and
addresses from related fields in constructed skb.
Signed-off
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
This patch exports bpf_cgroup_storages_alloc and bpf_cgroup_storages_free
helpers to the header file and reuses them in bpf_test_run.
Signed-off-by: Dmitry Yakunin
---
include/linux/bpf-cgroup.h | 27 +++
kernel/bpf/cgroup.c| 25 -
net/bpf
ion
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 22 --
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.
This patchset contains some improvements for testing cgroup/skb programs
through BPF_PROG_TEST_RUN command.
Dmitry Yakunin (4):
bpf: setup socket family and addresses in bpf_prog_test_run_skb
bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb
bpf: export some cgroup storages
Now it's impossible to test all branches of cgroup_skb bpf program which
accesses skb->family and skb->{local,remote}_ip{4,6} fields because they
are zeroed during socket allocation. This commit fills socket family and
addresses from related fields in constructed skb.
Signed-off
first match. If match is not found fallback to
temporary storage is happened.
Signed-off-by: Dmitry Yakunin
---
net/bpf/test_run.c | 53 ++-
.../selftests/bpf/prog_tests/cgroup_skb_prog_run.c | 78 ++
2 files changed, 128 insertions
Before this patch check is happened only in case when we try to find
cgroup at cgroup2 mount point.
v2:
- add Fixes line before Signed-off-by (David Ahern)
Fixes: d5e6ee0dac64 ("ss: introduce cgroup2 cache and helper functions")
Signed-off-by: Dmitry Yakunin
---
lib/fs.c | 8 --
Before this patch check is happened only in case when we try to find
cgroup at cgroup2 mount point.
Signed-off-by: Dmitry Yakunin
---
lib/fs.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/fs.c b/lib/fs.c
index e265fc0..4b90a70 100644
--- a/lib/fs.c
+++ b/lib
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/sock.h | 9 +
net/core/sock.c| 9 -
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index c53cc42
This is preparation for usage in bpf_setsockopt.
v2:
- remove redundant EXPORT_SYMBOL (Alexei Starovoitov)
Signed-off-by: Dmitry Yakunin
---
include/linux/tcp.h | 1 +
net/ipv4/tcp.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/linux/tcp.h b/include
l-doc in tools too (Alexei Starovoitov)
- add test to selftests (Alexei Starovoitov)
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/uapi/linux/bpf.h | 7 +++--
net/core/filter.c | 36 ++-
tools/in
This is preparation for usage in bpf_setsockopt.
v2:
- remove redundant EXPORT_SYMBOL (Alexei Starovoitov)
Signed-off-by: Dmitry Yakunin
---
include/linux/tcp.h | 1 +
net/ipv4/tcp.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/linux/tcp.h b/include
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/sock.h | 9 +
net/core/sock.c| 9 -
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index c53cc42
This patch adds support of SO_KEEPALIVE flag and TCP related options
to bpf_setsockopt() routine. This is helpful if we want to enable or tune
TCP keepalive for applications which don't do it in the userspace code.
v2:
- update kernel-doc (Nikita Vetoshkin )
Signed-off-by: Dmitry Ya
This patch adds support of SO_KEEPALIVE flag and TCP related options
to bpf_setsockopt() routine. This is helpful if we want to enable or tune
TCP keepalive for applications which don't do it in the userspace code.
v2:
- update kernel-doc (Nikita Vetoshkin )
Signed-off-by: Dmitry Ya
This is preparation for usage in bpf_setsockopt.
v2:
- remove redundant EXPORT_SYMBOL (Alexei Starovoitov)
Signed-off-by: Dmitry Yakunin
---
include/linux/tcp.h | 1 +
net/ipv4/tcp.c | 6 +++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/include/linux/tcp.h b/include
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/sock.h | 9 +
net/core/sock.c| 9 -
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index c53cc42
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/sock.h | 9 +
net/core/sock.c| 9 -
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index c53cc42
This patch adds support of SO_KEEPALIVE flag and TCP related options
to bpf_setsockopt() routine. This is helpful if we want to enable or tune
TCP keepalive for applications which don't do it in the userspace code.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
net/core/fil
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
---
include/linux/tcp.h | 1 +
net/ipv4/tcp.c | 7 ---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 9aac824..3bdec31 100644
--- a/include
27.05.2020, 20:03, "Martin KaFai Lau" :
> On Wed, May 27, 2020 at 06:05:43PM +0300, Dmitry Yakunin wrote:
>> This patch adds support of SO_KEEPALIVE flag and TCP related options
>> to bpf_setsockopt() routine. This is helpful if we want to enable or tune
>>
27.05.2020, 19:43, "Eric Dumazet" :
> On 5/27/20 8:05 AM, Dmitry Yakunin wrote:
>> This patch adds support of SO_KEEPALIVE flag and TCP related options
>> to bpf_setsockopt() routine. This is helpful if we want to enable or tune
>> TCP keepalive for applic
This is preparation for usage in bpf_setsockopt.
v2:
- change first parameter type to struct sock (Eric Dumazet)
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/tcp.h | 18 ++
net/ipv4/tcp.c| 15 ++-
2 files changed, 20 insertions
This is preparation for usage in bpf_setsockopt.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
include/net/sock.h | 9 +
net/core/sock.c| 9 -
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 3e8c6d4
This patch adds support of SO_KEEPALIVE flag and TCP related options
to bpf_setsockopt() routine. This is helpful if we want to enable or tune
TCP keepalive for applications which don't do it in the userspace code.
Signed-off-by: Dmitry Yakunin
Acked-by: Martin KaFai Lau
---
net/core/fil
ed
to auxiliary functions in the headers.
Signed-off-by: Dmitry Yakunin
---
include/net/sock.h | 9 +
include/net/tcp.h | 18 ++
net/core/filter.c | 39 ++-
net/core/sock.c| 9 -
net/ipv4/tcp.c | 15 ++-
5
Ahern)
Signed-off-by: Dmitry Yakunin
---
include/cg_map.h | 6 +++
include/utils.h | 4 +-
ip/ipvrf.c | 4 +-
lib/Makefile | 2 +-
lib/cg_map.c | 135 ++
lib/fs.c | 137
this cgroup.
Filter syntax: ss [ cgroup PATHNAME ]
Examples:
ss -a cgroup /sys/fs/cgroup/unified (or ss -a cgroup .)
ss -a cgroup /sys/fs/cgroup/unified/cgroup1 (or ss -a cgroup cgroup1)
v2:
- style fixes (David Ahern)
Signed-off-by: Dmitry Yakunin
---
include/uapi/linux/inet_diag.h | 2
: Dmitry Yakunin
---
misc/Makefile | 2 +-
misc/ss.c | 17 +
misc/ss_util.h| 22 +++
misc/ssfilter.h | 34 +
misc/ssfilter.y | 9 -
misc/ssfilter_check.c | 103 ++
6 files
Fix bug introduced by commit b1f3e43dbfac ("inet_diag: add support for
cgroup filter").
Signed-off-by: Dmitry Yakunin
Reported-by: syzbot+ee80f840d9bf68932...@syzkaller.appspotmail.com
Reported-by: syzbot+13bef047dbfffa5cd...@syzkaller.appspotmail.com
Fixes: b1f3e43dbfac ("inet_di
this cgroup.
Filter syntax: ss [ cgroup PATHNAME ]
Examples:
ss -a cgroup /sys/fs/cgroup/unified (or ss -a cgroup .)
ss -a cgroup /sys/fs/cgroup/unified/cgroup1 (or ss -a cgroup cgroup1)
Signed-off-by: Dmitry Yakunin
Reviewed-by: Konstantin Khlebnikov
---
include/uapi/linux/inet_diag.h | 2
This patch series adds usage of two proposed kernel features:
cgroup bytecode filter (INET_DIAG_BC_CGROUP_COND) and
cgroup v2 ID attribute (INET_DIAG_CGROUP_ID)
for discovering and filtering sockets by cgroups.
Dmitry Yakunin (2):
ss: introduce cgroup2 cache and helper functions
ss: add
Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors:Dmitry Yakunin
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "cg_map.h"
+#include "list.h"
+#include "ut
CONFIG_SOCK_CGROUP_DATA instead if CONFIG_CGROUPS
v3:
- fix attr size by using nla_total_size_64bit() (Eric Dumazet)
- more detailed commit message (Konstantin Khlebnikov)
Signed-off-by: Dmitry Yakunin
Reviewed-by: Konstantin Khlebnikov
Acked-By: Tejun Heo
---
include/linux/inet_diag.h | 6
This patch series extends inet diag with cgroup v2 ID attribute and
filter. Which allows investigate sockets on per cgroup basis. Patch for
ss is already sent to iproute2-next mailing list.
Dmitry Yakunin (2):
inet_diag: add cgroup id attribute
inet_diag: add support for cgroup filter
This patch adds ability to filter sockets based on cgroup v2 ID.
Such filter is helpful in ss utility for filtering sockets by
cgroup pathname.
Signed-off-by: Dmitry Yakunin
Reviewed-by: Konstantin Khlebnikov
---
include/uapi/linux/inet_diag.h | 1 +
net/ipv4/inet_diag.c | 31
60 matches
Mail list logo
