linux/Documentation/bpf/prog_cgroup_sockopt.rst
<<
>>
Prefs
   1.. SPDX-License-Identifier: GPL-2.0
   2
   3============================
   4BPF_PROG_TYPE_CGROUP_SOCKOPT
   5============================
   6
   7``BPF_PROG_TYPE_CGROUP_SOCKOPT`` program type can be attached to two
   8cgroup hooks:
   9
  10* ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
  11  system call.
  12* ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
  13  system call.
  14
  15The context (``struct bpf_sockopt``) has associated socket (``sk``) and
  16all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.
  17
  18BPF_CGROUP_SETSOCKOPT
  19=====================
  20
  21``BPF_CGROUP_SETSOCKOPT`` is triggered *before* the kernel handling of
  22sockopt and it has writable context: it can modify the supplied arguments
  23before passing them down to the kernel. This hook has access to the cgroup
  24and socket local storage.
  25
  26If BPF program sets ``optlen`` to -1, the control will be returned
  27back to the userspace after all other BPF programs in the cgroup
  28chain finish (i.e. kernel ``setsockopt`` handling will *not* be executed).
  29
  30Note, that ``optlen`` can not be increased beyond the user-supplied
  31value. It can only be decreased or set to -1. Any other value will
  32trigger ``EFAULT``.
  33
  34Return Type
  35-----------
  36
  37* ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
  38* ``1`` - success, continue with next BPF program in the cgroup chain.
  39
  40BPF_CGROUP_GETSOCKOPT
  41=====================
  42
  43``BPF_CGROUP_GETSOCKOPT`` is triggered *after* the kernel handing of
  44sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval``
  45if it's interested in whatever kernel has returned. BPF hook can override
  46the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen``
  47has been increased above initial ``getsockopt`` value (i.e. userspace
  48buffer is too small), ``EFAULT`` is returned.
  49
  50This hook has access to the cgroup and socket local storage.
  51
  52Note, that the only acceptable value to set to ``retval`` is 0 and the
  53original value that the kernel returned. Any other value will trigger
  54``EFAULT``.
  55
  56Return Type
  57-----------
  58
  59* ``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.
  60* ``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
  61  ``retval`` from the syscall (note that this can be overwritten by
  62  the BPF program from the parent cgroup).
  63
  64Cgroup Inheritance
  65==================
  66
  67Suppose, there is the following cgroup hierarchy where each cgroup
  68has ``BPF_CGROUP_GETSOCKOPT`` attached at each level with
  69``BPF_F_ALLOW_MULTI`` flag::
  70
  71  A (root, parent)
  72   \
  73    B (child)
  74
  75When the application calls ``getsockopt`` syscall from the cgroup B,
  76the programs are executed from the bottom up: B, A. First program
  77(B) sees the result of kernel's ``getsockopt``. It can optionally
  78adjust ``optval``, ``optlen`` and reset ``retval`` to 0. After that
  79control will be passed to the second (A) program which will see the
  80same context as B including any potential modifications.
  81
  82Same for ``BPF_CGROUP_SETSOCKOPT``: if the program is attached to
  83A and B, the trigger order is B, then A. If B does any changes
  84to the input arguments (``level``, ``optname``, ``optval``, ``optlen``),
  85then the next program in the chain (A) will see those changes,
  86*not* the original input ``setsockopt`` arguments. The potentially
  87modified values will be then passed down to the kernel.
  88
  89Large optval
  90============
  91When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program
  92can access only the first ``PAGE_SIZE`` of that data. So it has to options:
  93
  94* Set ``optlen`` to zero, which indicates that the kernel should
  95  use the original buffer from the userspace. Any modifications
  96  done by the BPF program to the ``optval`` are ignored.
  97* Set ``optlen`` to the value less than ``PAGE_SIZE``, which
  98  indicates that the kernel should use BPF's trimmed ``optval``.
  99
 100When the BPF program returns with the ``optlen`` greater than
 101``PAGE_SIZE``, the userspace will receive ``EFAULT`` errno.
 102
 103Example
 104=======
 105
 106See ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example
 107of BPF program that handles socket options.
 108