git.baikalelectronics.ru Git - kernel.git/commit

author	Daniel Borkmann <daniel@iogearbox.net>
	Thu, 8 Aug 2019 11:57:25 +0000 (13:57 +0200)
committer	David S. Miller <davem@davemloft.net>
	Fri, 9 Aug 2019 20:14:46 +0000 (13:14 -0700)
commit	298cd85b95f4c89e9afcfa14d1098c90706acdc1
tree	216caa17af9205eee4c0894fab16af0167408849	tree \| snapshot
parent	9f826430eb8c0a6400bdb4b20c40f3b8f4aa6dca	commit \| diff

sock: make cookie generation global instead of per netns

Generating and retrieving socket cookies are a useful feature that is
exposed to BPF for various program types through bpf_get_socket_cookie()
helper.

The fact that the cookie counter is per netns is quite a limitation
for BPF in practice in particular for programs in host namespace that
use socket cookies as part of a map lookup key since they will be
causing socket cookie collisions e.g. when attached to BPF cgroup hooks
or cls_bpf on tc egress in host namespace handling container traffic
from veth or ipvlan devices with peer in different netns. Change the
counter to be global instead.

Socket cookie consumers must assume the value as opqaue in any case.
Not every socket must have a cookie generated and knowledge of the
counter value itself does not provide much value either way hence
conversion to global is fine.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Martynas Pumputis <m@lambda.lt>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/net_namespace.h		diff \| blob \| history
include/uapi/linux/bpf.h		diff \| blob \| history
net/core/sock_diag.c		diff \| blob \| history