lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Mar 2020 16:58:49 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: alexei.starovoitov@...il.com Cc: m@...bda.lt, joe@...d.net.nz, bpf@...r.kernel.org, netdev@...r.kernel.org, Daniel Borkmann <daniel@...earbox.net> Subject: [PATCH bpf-next 0/7] Various improvements to cgroup helpers This adds various straight-forward helper improvements and additions to BPF cgroup based connect(), sendmsg(), recvmsg() and bind-related hooks which would allow to implement more fine-grained policies and improve current load balancer limitations we're seeing. For details please see individual patches. I've tested them on Kubernetes & Cilium and also added selftests for the small verifier extension. Thanks! Daniel Borkmann (7): bpf: enable retrieval of socket cookie for bind/post-bind hook bpf: enable perf event rb output for bpf cgroup progs bpf: add netns cookie and enable it for bpf cgroup hooks bpf: allow to retrieve cgroup v1 classid from v2 hooks bpf: enable bpf cgroup hooks to retrieve cgroup v2 and ancestor id bpf: enable retrival of pid/tgid/comm from bpf cgroup hooks bpf: add selftest cases for ctx_or_null argument type include/linux/bpf.h | 2 + include/net/cls_cgroup.h | 7 +- include/net/net_namespace.h | 10 ++ include/uapi/linux/bpf.h | 35 ++++++- kernel/bpf/core.c | 1 + kernel/bpf/helpers.c | 18 ++++ kernel/bpf/verifier.c | 16 ++-- net/core/filter.c | 106 ++++++++++++++++++++- net/core/net_namespace.c | 15 +++ tools/include/uapi/linux/bpf.h | 35 ++++++- tools/testing/selftests/bpf/verifier/ctx.c | 105 ++++++++++++++++++++ 11 files changed, 336 insertions(+), 14 deletions(-) -- 2.21.0
Powered by blists - more mailing lists