On 2/6/17 3:39 PM, Daniel Borkmann wrote:
On 02/04/2017 04:34 AM, Alexei Starovoitov wrote: [...]+BPF_CALL_1(bpf_skb_netns_id, struct sk_buff *, skb) +{ + struct net_device *dev = skb->dev; + + if (!dev) + return 0; + return proc_get_ns_devid_inum(&dev_net(dev)->ns); +} + +static const struct bpf_func_proto bpf_skb_netns_id_proto = { + .func = bpf_skb_netns_id, + .gpl_only = false, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_CTX, +}; + static const struct bpf_func_proto * sk_filter_func_proto(enum bpf_func_id func_id) { @@ -2620,6 +2649,8 @@ sk_filter_func_proto(enum bpf_func_id func_id) case BPF_FUNC_trace_printk: if (capable(CAP_SYS_ADMIN)) return bpf_get_trace_printk_proto(); + case BPF_FUNC_sk_netns_id: + return &bpf_skb_netns_id_proto; default: return NULL; }Btw, I think here's an oversight that would still need to be fixed. Above would mean that trace printk from unprivileged would fall through and use &bpf_skb_netns_id_proto as proto now instead of NULL. So BPF_FUNC_sk_netns_id needs to be placed above the BPF_FUNC_trace_printk case, not in its fall-through path. Looks like Chenbo in his get_socket_cookie missed this, too. Other than that BPF bits seem good to me.
Ahh, right. Good catch. I'll add 'else return NULL;' otherwise somebody might step on it again. Thanks Daniel! Eric, still waiting for your review of nsfs.c bits.
