summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorDaniel Borkmann <daniel@iogearbox.net>2019-08-08 14:57:25 +0300
committerDavid S. Miller <davem@davemloft.net>2019-08-09 23:14:46 +0300
commitcd48bdda4fb82c2fe569d97af4217c530168c99c (patch)
tree216caa17af9205eee4c0894fab16af0167408849 /scripts
parent7bac762d8da39ae215171bfa93c6662894ce17dc (diff)
downloadlinux-cd48bdda4fb82c2fe569d97af4217c530168c99c.tar.xz
sock: make cookie generation global instead of per netns
Generating and retrieving socket cookies are a useful feature that is exposed to BPF for various program types through bpf_get_socket_cookie() helper. The fact that the cookie counter is per netns is quite a limitation for BPF in practice in particular for programs in host namespace that use socket cookies as part of a map lookup key since they will be causing socket cookie collisions e.g. when attached to BPF cgroup hooks or cls_bpf on tc egress in host namespace handling container traffic from veth or ipvlan devices with peer in different netns. Change the counter to be global instead. Socket cookie consumers must assume the value as opqaue in any case. Not every socket must have a cookie generated and knowledge of the counter value itself does not provide much value either way hence conversion to global is fine. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Cc: Eric Dumazet <edumazet@google.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Willem de Bruijn <willemb@google.com> Cc: Martynas Pumputis <m@lambda.lt> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions