Documentation/bpf/prog_cgroup_sockopt.rst - linux - Git at Google

 .. SPDX-License-Identifier: GPL-2.0

 ============================
 BPF_PROG_TYPE_CGROUP_SOCKOPT
 ============================

 ``BPF_PROG_TYPE_CGROUP_SOCKOPT`` program type can be attached to two
 cgroup hooks:

 * ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
   system call.
 * ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
   system call.

 The context (``struct bpf_sockopt``) has associated socket (``sk``) and
 all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.

 BPF_CGROUP_SETSOCKOPT
 =====================

 ``BPF_CGROUP_SETSOCKOPT`` is triggered *before* the kernel handling of
 sockopt and it has writable context: it can modify the supplied arguments
 before passing them down to the kernel. This hook has access to the cgroup
 and socket local storage.

 If BPF program sets ``optlen`` to -1, the control will be returned
 back to the userspace after all other BPF programs in the cgroup
 chain finish (i.e. kernel ``setsockopt`` handling will *not* be executed).

 Note, that ``optlen`` can not be increased beyond the user-supplied
 value. It can only be decreased or set to -1. Any other value will
 trigger ``EFAULT``.

 Return Type
 -----------

 * ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
 * ``1`` - success, continue with next BPF program in the cgroup chain.

 BPF_CGROUP_GETSOCKOPT
 =====================

 ``BPF_CGROUP_GETSOCKOPT`` is triggered *after* the kernel handing of
 sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval``
 if it's interested in whatever kernel has returned. BPF hook can override
 the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen``
 has been increased above initial ``getsockopt`` value (i.e. userspace
 buffer is too small), ``EFAULT`` is returned.

 This hook has access to the cgroup and socket local storage.

 Note, that the only acceptable value to set to ``retval`` is 0 and the
 original value that the kernel returned. Any other value will trigger
 ``EFAULT``.

 Return Type
 -----------

 * ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
 * ``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
   ``retval`` from the syscall (note that this can be overwritten by
   the BPF program from the parent cgroup).

 Cgroup Inheritance
 ==================

 Suppose, there is the following cgroup hierarchy where each cgroup
 has ``BPF_CGROUP_GETSOCKOPT`` attached at each level with
 ``BPF_F_ALLOW_MULTI`` flag::

   A (root, parent)
    \
     B (child)

 When the application calls ``getsockopt`` syscall from the cgroup B,
 the programs are executed from the bottom up: B, A. First program
 (B) sees the result of kernel's ``getsockopt``. It can optionally
 adjust ``optval``, ``optlen`` and reset ``retval`` to 0. After that
 control will be passed to the second (A) program which will see the
 same context as B including any potential modifications.

 Same for ``BPF_CGROUP_SETSOCKOPT``: if the program is attached to
 A and B, the trigger order is B, then A. If B does any changes
 to the input arguments (``level``, ``optname``, ``optval``, ``optlen``),
 then the next program in the chain (A) will see those changes,
 *not* the original input ``setsockopt`` arguments. The potentially
 modified values will be then passed down to the kernel.

 Large optval
 ============
 When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program
 can access only the first ``PAGE_SIZE`` of that data. So it has to options:

 * Set ``optlen`` to zero, which indicates that the kernel should
   use the original buffer from the userspace. Any modifications
   done by the BPF program to the ``optval`` are ignored.
 * Set ``optlen`` to the value less than ``PAGE_SIZE``, which
   indicates that the kernel should use BPF's trimmed ``optval``.

 When the BPF program returns with the ``optlen`` greater than
 ``PAGE_SIZE``, the userspace will receive original kernel
 buffers without any modifications that the BPF program might have
 applied.

 Example
 =======

 Recommended way to handle BPF programs is as follows:

 .. code-block:: c

 	SEC("cgroup/getsockopt")
 	int getsockopt(struct bpf_sockopt *ctx)
 	{
 		/* Custom socket option. */
 		if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
 			ctx->retval = 0;
 			optval[0] = ...;
 			ctx->optlen = 1;
 			return 1;
 		}

 		/* Modify kernel's socket option. */
 		if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
 			ctx->retval = 0;
 			optval[0] = ...;
 			ctx->optlen = 1;
 			return 1;
 		}

 		/* optval larger than PAGE_SIZE use kernel's buffer. */
 		if (ctx->optlen > PAGE_SIZE)
 			ctx->optlen = 0;

 		return 1;
 	}

 	SEC("cgroup/setsockopt")
 	int setsockopt(struct bpf_sockopt *ctx)
 	{
 		/* Custom socket option. */
 		if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
 			/* do something */
 			ctx->optlen = -1;
 			return 1;
 		}

 		/* Modify kernel's socket option. */
 		if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
 			optval[0] = ...;
 			return 1;
 		}

 		/* optval larger than PAGE_SIZE use kernel's buffer. */
 		if (ctx->optlen > PAGE_SIZE)
 			ctx->optlen = 0;

 		return 1;
 	}

 See ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example
 of BPF program that handles socket options.
	.. SPDX-License-Identifier: GPL-2.0

	============================
	BPF_PROG_TYPE_CGROUP_SOCKOPT
	============================

	``BPF_PROG_TYPE_CGROUP_SOCKOPT`` program type can be attached to two
	cgroup hooks:

	* ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
	system call.
	* ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
	system call.

	The context (``struct bpf_sockopt``) has associated socket (``sk``) and
	all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.

	BPF_CGROUP_SETSOCKOPT
	=====================

	``BPF_CGROUP_SETSOCKOPT`` is triggered before the kernel handling of
	sockopt and it has writable context: it can modify the supplied arguments
	before passing them down to the kernel. This hook has access to the cgroup
	and socket local storage.

	If BPF program sets ``optlen`` to -1, the control will be returned
	back to the userspace after all other BPF programs in the cgroup
	chain finish (i.e. kernel ``setsockopt`` handling will not be executed).

	Note, that ``optlen`` can not be increased beyond the user-supplied
	value. It can only be decreased or set to -1. Any other value will
	trigger ``EFAULT``.

	Return Type
	-----------

	* ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
	* ``1`` - success, continue with next BPF program in the cgroup chain.

	BPF_CGROUP_GETSOCKOPT
	=====================

	``BPF_CGROUP_GETSOCKOPT`` is triggered after the kernel handing of
	sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval``
	if it's interested in whatever kernel has returned. BPF hook can override
	the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen``
	has been increased above initial ``getsockopt`` value (i.e. userspace
	buffer is too small), ``EFAULT`` is returned.

	This hook has access to the cgroup and socket local storage.

	Note, that the only acceptable value to set to ``retval`` is 0 and the
	original value that the kernel returned. Any other value will trigger
	``EFAULT``.

	Return Type
	-----------

	* ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
	* ``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
	``retval`` from the syscall (note that this can be overwritten by
	the BPF program from the parent cgroup).

	Cgroup Inheritance
	==================

	Suppose, there is the following cgroup hierarchy where each cgroup
	has ``BPF_CGROUP_GETSOCKOPT`` attached at each level with
	``BPF_F_ALLOW_MULTI`` flag::

	A (root, parent)
	\
	B (child)

	When the application calls ``getsockopt`` syscall from the cgroup B,
	the programs are executed from the bottom up: B, A. First program
	(B) sees the result of kernel's ``getsockopt``. It can optionally
	adjust ``optval``, ``optlen`` and reset ``retval`` to 0. After that
	control will be passed to the second (A) program which will see the
	same context as B including any potential modifications.

	Same for ``BPF_CGROUP_SETSOCKOPT``: if the program is attached to
	A and B, the trigger order is B, then A. If B does any changes
	to the input arguments (``level``, ``optname``, ``optval``, ``optlen``),
	then the next program in the chain (A) will see those changes,
	not the original input ``setsockopt`` arguments. The potentially
	modified values will be then passed down to the kernel.

	Large optval
	============
	When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program
	can access only the first ``PAGE_SIZE`` of that data. So it has to options:

	* Set ``optlen`` to zero, which indicates that the kernel should
	use the original buffer from the userspace. Any modifications
	done by the BPF program to the ``optval`` are ignored.
	* Set ``optlen`` to the value less than ``PAGE_SIZE``, which
	indicates that the kernel should use BPF's trimmed ``optval``.

	When the BPF program returns with the ``optlen`` greater than
	``PAGE_SIZE``, the userspace will receive original kernel
	buffers without any modifications that the BPF program might have
	applied.

	Example
	=======

	Recommended way to handle BPF programs is as follows:

	.. code-block:: c

	SEC("cgroup/getsockopt")
	int getsockopt(struct bpf_sockopt *ctx)
	{
	/* Custom socket option. */
	if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
	ctx->retval = 0;
	optval[0] = ...;
	ctx->optlen = 1;
	return 1;
	}

	/* Modify kernel's socket option. */
	if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
	ctx->retval = 0;
	optval[0] = ...;
	ctx->optlen = 1;
	return 1;
	}

	/* optval larger than PAGE_SIZE use kernel's buffer. */
	if (ctx->optlen > PAGE_SIZE)
	ctx->optlen = 0;

	return 1;
	}

	SEC("cgroup/setsockopt")
	int setsockopt(struct bpf_sockopt *ctx)
	{
	/* Custom socket option. */
	if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
	/* do something */
	ctx->optlen = -1;
	return 1;
	}

	/* Modify kernel's socket option. */
	if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
	optval[0] = ...;
	return 1;
	}

	/* optval larger than PAGE_SIZE use kernel's buffer. */
	if (ctx->optlen > PAGE_SIZE)
	ctx->optlen = 0;

	return 1;
	}

	See ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example
	of BPF program that handles socket options.