[PATCH bpf-next v8 1/4] bpf: Add update_socket_protocol hook
Geliang Tang
geliang.tang at suse.com
Thu Aug 3 13:05:40 UTC 2023
On Thu, Aug 03, 2023 at 02:53:38PM +0200, Simon Horman wrote:
> On Thu, Aug 03, 2023 at 03:30:39PM +0800, Geliang Tang wrote:
> > Add a hook named update_socket_protocol in __sys_socket(), for bpf
> > progs to attach to and update socket protocol. One user case is to
> > force legacy TCP apps to create and use MPTCP sockets instead of
> > TCP ones.
> >
> > Define a mod_ret set named bpf_mptcp_fmodret_ids, add the hook
> > update_socket_protocol into this set, and register it in
> > bpf_mptcp_kfunc_init().
> >
> > Signed-off-by: Geliang Tang <geliang.tang at suse.com>
>
> ...
>
> > diff --git a/net/socket.c b/net/socket.c
> > index 2b0e54b2405c..586a437d7a5e 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -1644,11 +1644,36 @@ struct file *__sys_socket_file(int family, int type, int protocol)
> > return sock_alloc_file(sock, flags, NULL);
> > }
> >
> > +/**
>
> Hi Geliang Tang,
>
> nit: The format of the text below is not in kernel doc format,
> so it is probably better if the comment begins with '/*'
> rather than '/**'.
I do use '/*' here first, but got a checkpatch.pl warning:
./scripts/checkpatch.pl v8-0001-bpf-Add-update_socket_protocol-hook.patch
WARNING: networking block comments don't use an empty /* line, use /* Comment...
#63: FILE: net/socket.c:1648:
+/*
+ * A hook for bpf progs to attach to and update socket protocol.
total: 0 errors, 1 warnings, 0 checks, 59 lines checked
And I found that other comments in net/socket.c all begins with '/**'.
So I use '/**' here too.
Thanks,
-Geliang
>
> > + * A hook for bpf progs to attach to and update socket protocol.
> > + *
> > + * A static noinline declaration here could cause the compiler to
> > + * optimize away the function. A global noinline declaration will
> > + * keep the definition, but may optimize away the callsite.
> > + * Therefore, __weak is needed to ensure that the call is still
> > + * emitted, by telling the compiler that we don't know what the
> > + * function might eventually be.
> > + *
> > + * __diag_* below are needed to dismiss the missing prototype warning.
> > + */
>
> ...
More information about the Linux-security-module-archive
mailing list