lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <cover.1585323121.git.daniel@iogearbox.net>
Date:   Fri, 27 Mar 2020 16:58:49 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     alexei.starovoitov@...il.com
Cc:     m@...bda.lt, joe@...d.net.nz, bpf@...r.kernel.org,
        netdev@...r.kernel.org, Daniel Borkmann <daniel@...earbox.net>
Subject: [PATCH bpf-next 0/7] Various improvements to cgroup helpers

This adds various straight-forward helper improvements and additions to BPF
cgroup based connect(), sendmsg(), recvmsg() and bind-related hooks which
would allow to implement more fine-grained policies and improve current load
balancer limitations we're seeing. For details please see individual patches.
I've tested them on Kubernetes & Cilium and also added selftests for the small
verifier extension. Thanks!

Daniel Borkmann (7):
  bpf: enable retrieval of socket cookie for bind/post-bind hook
  bpf: enable perf event rb output for bpf cgroup progs
  bpf: add netns cookie and enable it for bpf cgroup hooks
  bpf: allow to retrieve cgroup v1 classid from v2 hooks
  bpf: enable bpf cgroup hooks to retrieve cgroup v2 and ancestor id
  bpf: enable retrival of pid/tgid/comm from bpf cgroup hooks
  bpf: add selftest cases for ctx_or_null argument type

 include/linux/bpf.h                        |   2 +
 include/net/cls_cgroup.h                   |   7 +-
 include/net/net_namespace.h                |  10 ++
 include/uapi/linux/bpf.h                   |  35 ++++++-
 kernel/bpf/core.c                          |   1 +
 kernel/bpf/helpers.c                       |  18 ++++
 kernel/bpf/verifier.c                      |  16 ++--
 net/core/filter.c                          | 106 ++++++++++++++++++++-
 net/core/net_namespace.c                   |  15 +++
 tools/include/uapi/linux/bpf.h             |  35 ++++++-
 tools/testing/selftests/bpf/verifier/ctx.c | 105 ++++++++++++++++++++
 11 files changed, 336 insertions(+), 14 deletions(-)

-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ