mbox series

[bpf-next,v3,0/4] Expose network namespace cookies to user space

Message ID 20210219154330.93615-1-lmb@cloudflare.com (mailing list archive)
Headers show
Series Expose network namespace cookies to user space | expand

Message

Lorenz Bauer Feb. 19, 2021, 3:43 p.m. UTC 
We're working on a user space control plane for the BPF sk_lookup
hook [1]. The hook attaches to a network namespace and allows
control over which socket receives a new connection / packet.

I'm proposing to add a new getsockopt and a netns ioctl to retrieve
netns cookies, which allows identifying which netns a socket belongs
to.

1: https://www.kernel.org/doc/html/latest/bpf/prog_sk_lookup.html

Changes in v3:
- Use sock_net unconditionally
- Fix unused variable in nsfs ioctl
- Be strict about getsockopt value size

Changes in v2:
- Rebase on top of Eric Dumazet's netns cookie simplification

Lorenz Bauer (4):
  net: add SO_NETNS_COOKIE socket option
  nsfs: add an ioctl to discover the network namespace cookie
  tools/testing: add test for NS_GET_COOKIE
  tools/testing: add a selftest for SO_NETNS_COOKIE

 arch/alpha/include/uapi/asm/socket.h          |  2 +
 arch/mips/include/uapi/asm/socket.h           |  2 +
 arch/parisc/include/uapi/asm/socket.h         |  2 +
 arch/sparc/include/uapi/asm/socket.h          |  2 +
 fs/nsfs.c                                     |  7 +++
 include/uapi/asm-generic/socket.h             |  2 +
 include/uapi/linux/nsfs.h                     |  2 +
 net/core/sock.c                               |  7 +++
 tools/testing/selftests/net/.gitignore        |  1 +
 tools/testing/selftests/net/Makefile          |  2 +-
 tools/testing/selftests/net/config            |  1 +
 tools/testing/selftests/net/so_netns_cookie.c | 61 +++++++++++++++++++
 tools/testing/selftests/nsfs/.gitignore       |  1 +
 tools/testing/selftests/nsfs/Makefile         |  2 +-
 tools/testing/selftests/nsfs/config           |  1 +
 tools/testing/selftests/nsfs/netns.c          | 57 +++++++++++++++++
 16 files changed, 150 insertions(+), 2 deletions(-)
 create mode 100644 tools/testing/selftests/net/so_netns_cookie.c
 create mode 100644 tools/testing/selftests/nsfs/netns.c

Comments

Tony Lu March 12, 2021, 9:57 a.m. UTC | #1 
On Fri, Feb 19, 2021 at 03:43:26PM +0000, Lorenz Bauer wrote:
> We're working on a user space control plane for the BPF sk_lookup
> hook [1]. The hook attaches to a network namespace and allows
> control over which socket receives a new connection / packet.

We are developing a net stack latency tracing tool, which need
net_cookie to distinguish different net namespace. Besides that, our
container management system need to read net_cookie from userspace. 

In [0], you said you would give up this patch set. Could you reconsider
continuing with these patches? Because we also need them. 

net_cookie could be an unified net namespace ID to replace netns inode,
but there are lots of work to do.

[0]: https://lkml.org/lkml/2021/3/10/254


Cheers,
Tony Lu

> 
> I'm proposing to add a new getsockopt and a netns ioctl to retrieve
> netns cookies, which allows identifying which netns a socket belongs
> to.
> 
> 1: https://www.kernel.org/doc/html/latest/bpf/prog_sk_lookup.html
> 
> Changes in v3:
> - Use sock_net unconditionally
> - Fix unused variable in nsfs ioctl
> - Be strict about getsockopt value size
> 
> Changes in v2:
> - Rebase on top of Eric Dumazet's netns cookie simplification
> 
> Lorenz Bauer (4):
>   net: add SO_NETNS_COOKIE socket option
>   nsfs: add an ioctl to discover the network namespace cookie
>   tools/testing: add test for NS_GET_COOKIE
>   tools/testing: add a selftest for SO_NETNS_COOKIE
> 
>  arch/alpha/include/uapi/asm/socket.h          |  2 +
>  arch/mips/include/uapi/asm/socket.h           |  2 +
>  arch/parisc/include/uapi/asm/socket.h         |  2 +
>  arch/sparc/include/uapi/asm/socket.h          |  2 +
>  fs/nsfs.c                                     |  7 +++
>  include/uapi/asm-generic/socket.h             |  2 +
>  include/uapi/linux/nsfs.h                     |  2 +
>  net/core/sock.c                               |  7 +++
>  tools/testing/selftests/net/.gitignore        |  1 +
>  tools/testing/selftests/net/Makefile          |  2 +-
>  tools/testing/selftests/net/config            |  1 +
>  tools/testing/selftests/net/so_netns_cookie.c | 61 +++++++++++++++++++
>  tools/testing/selftests/nsfs/.gitignore       |  1 +
>  tools/testing/selftests/nsfs/Makefile         |  2 +-
>  tools/testing/selftests/nsfs/config           |  1 +
>  tools/testing/selftests/nsfs/netns.c          | 57 +++++++++++++++++
>  16 files changed, 150 insertions(+), 2 deletions(-)
>  create mode 100644 tools/testing/selftests/net/so_netns_cookie.c
>  create mode 100644 tools/testing/selftests/nsfs/netns.c
> 
> -- 
> 2.27.0