linux/tools/include
Daan De Meyer 859051dd16 bpf: Implement cgroup sockaddr hooks for unix sockets
These hooks allows intercepting connect(), getsockname(),
getpeername(), sendmsg() and recvmsg() for unix sockets. The unix
socket hooks get write access to the address length because the
address length is not fixed when dealing with unix sockets and
needs to be modified when a unix socket address is modified by
the hook. Because abstract socket unix addresses start with a
NUL byte, we cannot recalculate the socket address in kernelspace
after running the hook by calculating the length of the unix socket
path using strlen().

These hooks can be used when users want to multiplex syscall to a
single unix socket to multiple different processes behind the scenes
by redirecting the connect() and other syscalls to process specific
sockets.

We do not implement support for intercepting bind() because when
using bind() with unix sockets with a pathname address, this creates
an inode in the filesystem which must be cleaned up. If we rewrite
the address, the user might try to clean up the wrong file, leaking
the socket in the filesystem where it is never cleaned up. Until we
figure out a solution for this (and a use case for intercepting bind()),
we opt to not allow rewriting the sockaddr in bind() calls.

We also implement recvmsg() support for connected streams so that
after a connect() that is modified by a sockaddr hook, any corresponding
recmvsg() on the connected socket can also be modified to make the
connected program think it is connected to the "intended" remote.

Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
Link: https://lore.kernel.org/r/20231011185113.140426-5-daan.j.demeyer@gmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
2023-10-11 17:27:47 -07:00
..
asm tools headers: Update the copy of x86's mem{cpy,set}_64.S used in 'perf bench' 2023-05-17 10:42:19 -03:00
asm-generic tools: KVM: selftests: Convert clear/set_bit() to actual atomics 2022-12-02 13:22:35 -05:00
linux Networking fixes for 6.6-rc2, including fixes from netfilter and bpf 2023-09-21 11:28:16 -07:00
nolibc tools/nolibc: keep brk(), sbrk(), mmap() away from __sysret() 2023-08-23 05:19:22 +02:00
tools tools include: add dis-asm-compat.h to handle version differences 2022-08-01 15:29:49 -03:00
trace/events
uapi bpf: Implement cgroup sockaddr hooks for unix sockets 2023-10-11 17:27:47 -07:00
vdso tools headers: Synchronize {linux,vdso}/bits.h with the kernel sources 2023-03-03 22:34:15 -03:00