1

bpf-helpers(7) states that bpf_get_socket_cookie() returns 0 if the socket field is missing inside skb.

Under what conditions is the socket field missing in this context? Does it depend where in the datapath a BPF program is attached to? For instance, would bpf_get_socket_cookie() always return 0 in the case of a filter that attaches with tc filter add dev ... ingress ... bpf ... (on a Linux kernel 4.19, say)?

rookie099
  • 2,201
  • 2
  • 26
  • 52

1 Answers1

3

The socket field is NULL if the packet wasn't demultiplexed to a socket yet. For TCP, that happens in tcp_v4_early_demux().

So yes, that will depend on where you attach your BPF program. You'd need to attach it before the packet is demultiplexed to a socket.

pchaigno
  • 11,313
  • 2
  • 29
  • 54
  • Thank you very much. Would you also know whether the attachment point for `tc filter add dev ... ingress ... bpf ...` is one where the packet wasn't yet demultiplexed to a socket (in the case of TCP)? (I guess so, because traffic acts below L4.) – rookie099 May 26 '21 at 09:09
  • Or perhaps it depends: NULL at beginning of TCP flow, non-NULL for subsequent packages. Will try to dis/confirm by experiment. – rookie099 May 26 '21 at 11:49
  • 1
    FYI these experiments suggest that `bpf_get_socket_cookie()` does always return 0 for this kind of attachment, and that if one needs access to such cookies, a BPF program would have to be attached elsewhere in the datapath. – rookie099 May 30 '21 at 09:03