lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 2 Oct 2023 13:57:04 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Daan De Meyer <daan.j.demeyer@...il.com>
Cc: bpf@...r.kernel.org, martin.lau@...ux.dev, kernel-team@...a.com, 
	netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v7 5/9] libbpf: Add support for cgroup unix
 socket address hooks

On Mon, Oct 2, 2023 at 5:28 AM Daan De Meyer <daan.j.demeyer@...il.com> wrote:
>
> Add the necessary plumbing to hook up the new cgroup unix sockaddr
> hooks into libbpf.
>
> Signed-off-by: Daan De Meyer <daan.j.demeyer@...il.com>
> ---
>  tools/lib/bpf/libbpf.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 31b8b252e614..dd3683b98679 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -82,17 +82,22 @@ static const char * const attach_type_name[] = {
>         [BPF_CGROUP_INET6_BIND]         = "cgroup_inet6_bind",
>         [BPF_CGROUP_INET4_CONNECT]      = "cgroup_inet4_connect",
>         [BPF_CGROUP_INET6_CONNECT]      = "cgroup_inet6_connect",
> +       [BPF_CGROUP_UNIX_CONNECT]       = "cgroup_unix_connect",
>         [BPF_CGROUP_INET4_POST_BIND]    = "cgroup_inet4_post_bind",
>         [BPF_CGROUP_INET6_POST_BIND]    = "cgroup_inet6_post_bind",
>         [BPF_CGROUP_INET4_GETPEERNAME]  = "cgroup_inet4_getpeername",
>         [BPF_CGROUP_INET6_GETPEERNAME]  = "cgroup_inet6_getpeername",
> +       [BPF_CGROUP_UNIX_GETPEERNAME]   = "cgroup_unix_getpeername",
>         [BPF_CGROUP_INET4_GETSOCKNAME]  = "cgroup_inet4_getsockname",
>         [BPF_CGROUP_INET6_GETSOCKNAME]  = "cgroup_inet6_getsockname",
> +       [BPF_CGROUP_UNIX_GETSOCKNAME]   = "cgroup_unix_getsockname",
>         [BPF_CGROUP_UDP4_SENDMSG]       = "cgroup_udp4_sendmsg",
>         [BPF_CGROUP_UDP6_SENDMSG]       = "cgroup_udp6_sendmsg",
> +       [BPF_CGROUP_UNIX_SENDMSG]       = "cgroup_unix_sendmsg",
>         [BPF_CGROUP_SYSCTL]             = "cgroup_sysctl",
>         [BPF_CGROUP_UDP4_RECVMSG]       = "cgroup_udp4_recvmsg",
>         [BPF_CGROUP_UDP6_RECVMSG]       = "cgroup_udp6_recvmsg",
> +       [BPF_CGROUP_UNIX_RECVMSG]       = "cgroup_unix_recvmsg",
>         [BPF_CGROUP_GETSOCKOPT]         = "cgroup_getsockopt",
>         [BPF_CGROUP_SETSOCKOPT]         = "cgroup_setsockopt",
>         [BPF_SK_SKB_STREAM_PARSER]      = "sk_skb_stream_parser",
> @@ -8960,14 +8965,19 @@ static const struct bpf_sec_def section_defs[] = {
>         SEC_DEF("cgroup/bind6",         CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_BIND, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/connect4",      CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_CONNECT, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/connect6",      CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_CONNECT, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/connectun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_CONNECT, SEC_ATTACHABLE),

I don't have too strong feelings here, but is "un" suffix a clear
enough designator that this is working with unix sockets? Nothing can
beat "connect4" and "connect6" in succinctness, but
`cgroup/connect_unix` is not too verbose, but is probably a bit easier
to guess?

Again, if this was some sort of consensus, I don't care much, but I
thought I'd bring this up anyways.

>         SEC_DEF("cgroup/sendmsg4",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_SENDMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/sendmsg6",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_SENDMSG, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/sendmsgun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_SENDMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/recvmsg4",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP4_RECVMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/recvmsg6",      CGROUP_SOCK_ADDR, BPF_CGROUP_UDP6_RECVMSG, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/recvmsgun",     CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_RECVMSG, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getpeername4",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETPEERNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getpeername6",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETPEERNAME, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/getpeernameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETPEERNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockname4",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET4_GETSOCKNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockname6",  CGROUP_SOCK_ADDR, BPF_CGROUP_INET6_GETSOCKNAME, SEC_ATTACHABLE),
> +       SEC_DEF("cgroup/getsocknameun", CGROUP_SOCK_ADDR, BPF_CGROUP_UNIX_GETSOCKNAME, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/sysctl",        CGROUP_SYSCTL, BPF_CGROUP_SYSCTL, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/getsockopt",    CGROUP_SOCKOPT, BPF_CGROUP_GETSOCKOPT, SEC_ATTACHABLE),
>         SEC_DEF("cgroup/setsockopt",    CGROUP_SOCKOPT, BPF_CGROUP_SETSOCKOPT, SEC_ATTACHABLE),
> --
> 2.41.0
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ