€•Xo      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ+/translations/zh_CN/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/zh_TW/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/it_IT/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ja_JP/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ko_KR/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/sp_SP/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒE/var/lib/git/docbuild/linux/Documentation/bpf/prog_cgroup_sockopt.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”h]”hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ	paragraph”“”)”}”(hŒR``BPF_PROG_TYPE_CGROUP_SOCKOPT`` program type can be attached to two
cgroup hooks:”h]”(hŒliteral”“”)”}”(hŒ ``BPF_PROG_TYPE_CGROUP_SOCKOPT``”h]”hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”…””}”(hhÑhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhhËubhŒ2 program type can be attached to two
cgroup hooks:”…””}”(hhËhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒZ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
system call.”h]”hÊ)”}”(hŒZ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
system call.”h]”(hÐ)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hhøhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhhôubhŒ& - called every time process executes ”…””}”(hhôhžhhŸNh NubhÐ)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhhôubhŒ
system call.”…””}”(hhôhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K
hhðubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhhëhžhhŸh³h Nubhï)”}”(hŒ[``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
system call.
”h]”hÊ)”}”(hŒZ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
system call.”h]”(hÐ)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hj0  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj,  ubhŒ& - called every time process executes ”…””}”(hj,  hžhhŸNh NubhÐ)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hjB  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj,  ubhŒ
system call.”…””}”(hj,  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj(  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhhëhžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1héhŸh³h K
hh¶hžhubhÊ)”}”(hŒThe context (``struct bpf_sockopt``) has associated socket (``sk``) and
all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.”h]”(hŒThe context (”…””}”(hjh  hžhhŸNh NubhÐ)”}”(hŒ``struct bpf_sockopt``”h]”hŒstruct bpf_sockopt”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ) has associated socket (”…””}”(hjh  hžhhŸNh NubhÐ)”}”(hŒ``sk``”h]”hŒsk”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ) and
all input arguments: ”…””}”(hjh  hžhhŸNh NubhÐ)”}”(hŒ	``level``”h]”hŒlevel”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ, ”…””}”(hjh  hžhhŸNh NubhÐ)”}”(hŒ``optname``”h]”hŒoptname”…””}”(hj¦  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ, ”…””}”hjh  sbhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj¸  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ and ”…””}”(hjh  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjÊ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjh  ubhŒ.”…””}”(hjh  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒBPF_CGROUP_SETSOCKOPT”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hjå  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjâ  hžhhŸh³h KubhÊ)”}”(hŒõ``BPF_CGROUP_SETSOCKOPT`` is triggered *before* the kernel handling of
sockopt and it has writable context: it can modify the supplied arguments
before passing them down to the kernel. This hook has access to the cgroup
and socket local storage.”h]”(hÐ)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hj÷  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjó  ubhŒ is triggered ”…””}”(hjó  hžhhŸNh NubhŒemphasis”“”)”}”(hŒ*before*”h]”hŒbefore”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hjó  ubhŒÆ the kernel handling of
sockopt and it has writable context: it can modify the supplied arguments
before passing them down to the kernel. This hook has access to the cgroup
and socket local storage.”…””}”(hjó  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjâ  hžhubhÊ)”}”(hŒÎIf BPF program sets ``optlen`` to -1, the control will be returned
back to the userspace after all other BPF programs in the cgroup
chain finish (i.e. kernel ``setsockopt`` handling will *not* be executed).”h]”(hŒIf BPF program sets ”…””}”(hj#  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj#  ubhŒ€ to -1, the control will be returned
back to the userspace after all other BPF programs in the cgroup
chain finish (i.e. kernel ”…””}”(hj#  hžhhŸNh NubhÐ)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj#  ubhŒ handling will ”…””}”(hj#  hžhhŸNh Nubj
  )”}”(hŒ*not*”h]”hŒnot”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj#  ubhŒ be executed).”…””}”(hj#  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjâ  hžhubhÊ)”}”(hŒšNote, that ``optlen`` can not be increased beyond the user-supplied
value. It can only be decreased or set to -1. Any other value will
trigger ``EFAULT``.”h]”(hŒNote, that ”…””}”(hjg  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjg  ubhŒz can not be increased beyond the user-supplied
value. It can only be decreased or set to -1. Any other value will
trigger ”…””}”(hjg  hžhhŸNh NubhÐ)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjg  ubhŒ.”…””}”(hjg  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjâ  hžhubhµ)”}”(hhh]”(hº)”}”(hŒReturn Type”h]”hŒReturn Type”…””}”(hjœ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj™  hžhhŸh³h K#ubhê)”}”(hhh]”(hï)”}”(hŒH``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.”h]”hÊ)”}”(hj¯  h]”(hÐ)”}”(hŒ``0``”h]”hŒ0”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj±  ubhŒ - reject the syscall, ”…””}”(hj±  hžhhŸNh NubhÐ)”}”(hŒ	``EPERM``”h]”hŒEPERM”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj±  ubhŒ# will be returned to the userspace.”…””}”(hj±  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K%hj­  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhjª  hžhhŸh³h Nubhï)”}”(hŒE``1`` - success, continue with next BPF program in the cgroup chain.
”h]”hÊ)”}”(hŒD``1`` - success, continue with next BPF program in the cgroup chain.”h]”(hÐ)”}”(hŒ``1``”h]”hŒ1”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjè  ubhŒ? - success, continue with next BPF program in the cgroup chain.”…””}”(hjè  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K&hjä  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhjª  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jf  jg  uh1héhŸh³h K%hj™  hžhubeh}”(h]”Œreturn-type”ah ]”h"]”h$]”Œreturn type”ah&]”uh1h´hjâ  hžhhŸh³h K#Œ
referenced”Kubeh}”(h]”Œbpf-cgroup-setsockopt”ah ]”h"]”Œbpf_cgroup_setsockopt”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒBPF_CGROUP_GETSOCKOPT”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj!  hžhhŸh³h K)ubhÊ)”}”(hX—  ``BPF_CGROUP_GETSOCKOPT`` is triggered *after* the kernel handing of
sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval``
if it's interested in whatever kernel has returned. BPF hook can override
the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen``
has been increased above initial ``getsockopt`` value (i.e. userspace
buffer is too small), ``EFAULT`` is returned.”h]”(hÐ)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj6  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ is triggered ”…””}”(hj2  hžhhŸNh Nubj
  )”}”(hŒ*after*”h]”hŒafter”…””}”(hjH  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj2  ubhŒ9 the kernel handing of
sockopt. The BPF hook can observe ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjZ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ, ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ and ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒf
if itâ€™s interested in whatever kernel has returned. BPF hook can override
the values above, adjust ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ and reset ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ
 to 0. If ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ"
has been increased above initial ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ- value (i.e. userspace
buffer is too small), ”…””}”(hj2  hžhhŸNh NubhÐ)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hjØ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj2  ubhŒ is returned.”…””}”(hj2  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K+hj!  hžhubhÊ)”}”(hŒ<This hook has access to the cgroup and socket local storage.”h]”hŒ<This hook has access to the cgroup and socket local storage.”…””}”(hjð  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K2hj!  hžhubhÊ)”}”(hŒ˜Note, that the only acceptable value to set to ``retval`` is 0 and the
original value that the kernel returned. Any other value will trigger
``EFAULT``.”h]”(hŒ/Note, that the only acceptable value to set to ”…””}”(hjþ  hžhhŸNh NubhÐ)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjþ  ubhŒT is 0 and the
original value that the kernel returned. Any other value will trigger
”…””}”(hjþ  hžhhŸNh NubhÐ)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjþ  ubhŒ.”…””}”(hjþ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K4hj!  hžhubhµ)”}”(hhh]”(hº)”}”(hŒReturn Type”h]”hŒReturn Type”…””}”(hj3  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj0  hžhhŸh³h K9ubhê)”}”(hhh]”(hï)”}”(hŒH``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.”h]”hÊ)”}”(hjF  h]”(hÐ)”}”(hŒ``0``”h]”hŒ0”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjH  ubhŒ - reject the syscall, ”…””}”(hjH  hžhhŸNh NubhÐ)”}”(hŒ	``EPERM``”h]”hŒEPERM”…””}”(hj]  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjH  ubhŒ# will be returned to the userspace.”…””}”(hjH  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K;hjD  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhjA  hžhhŸh³h Nubhï)”}”(hŒ°``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
``retval`` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).
”h]”hÊ)”}”(hŒ¯``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
``retval`` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).”h]”(hÐ)”}”(hŒ``1``”h]”hŒ1”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj  ubhŒ - success: copy ”…””}”(hj  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj  ubhŒ and ”…””}”(hj  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj§  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj  ubhŒ to userspace, return
”…””}”(hj  hžhhŸNh NubhÐ)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj¹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj  ubhŒ` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K<hj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhjA  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jf  jg  uh1héhŸh³h K;hj0  hžhubeh}”(h]”Œid1”ah ]”h"]”h$]”j  ah&]”uh1h´hj!  hžhhŸh³h K9j  Kubeh}”(h]”Œbpf-cgroup-getsockopt”ah ]”h"]”Œbpf_cgroup_getsockopt”ah$]”h&]”uh1h´hh¶hžhhŸh³h K)ubhµ)”}”(hhh]”(hº)”}”(hŒCgroup Inheritance”h]”hŒCgroup Inheritance”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjì  hžhhŸh³h KAubhÊ)”}”(hŒ™Suppose, there is the following cgroup hierarchy where each cgroup
has ``BPF_CGROUP_GETSOCKOPT`` attached at each level with
``BPF_F_ALLOW_MULTI`` flag::”h]”(hŒGSuppose, there is the following cgroup hierarchy where each cgroup
has ”…””}”(hjý  hžhhŸNh NubhÐ)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjý  ubhŒ attached at each level with
”…””}”(hjý  hžhhŸNh NubhÐ)”}”(hŒ``BPF_F_ALLOW_MULTI``”h]”hŒBPF_F_ALLOW_MULTI”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjý  ubhŒ flag:”…””}”(hjý  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KChjì  hžhubhŒliteral_block”“”)”}”(hŒA (root, parent)
 \
  B (child)”h]”hŒA (root, parent)
 \
  B (child)”…””}”hj1  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j/  hŸh³h KGhjì  hžhubhÊ)”}”(hX‰  When the application calls ``getsockopt`` syscall from the cgroup B,
the programs are executed from the bottom up: B, A. First program
(B) sees the result of kernel's ``getsockopt``. It can optionally
adjust ``optval``, ``optlen`` and reset ``retval`` to 0. After that
control will be passed to the second (A) program which will see the
same context as B including any potential modifications.”h]”(hŒWhen the application calls ”…””}”(hj?  hžhhŸNh NubhÐ)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hjG  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj?  ubhŒ€ syscall from the cgroup B,
the programs are executed from the bottom up: B, A. First program
(B) sees the result of kernelâ€™s ”…””}”(hj?  hžhhŸNh NubhÐ)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hjY  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj?  ubhŒ. It can optionally
adjust ”…””}”(hj?  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj?  ubhŒ, ”…””}”(hj?  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj?  ubhŒ and reset ”…””}”(hj?  hžhhŸNh NubhÐ)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj?  ubhŒŽ to 0. After that
control will be passed to the second (A) program which will see the
same context as B including any potential modifications.”…””}”(hj?  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KKhjì  hžhubhÊ)”}”(hXƒ  Same for ``BPF_CGROUP_SETSOCKOPT``: if the program is attached to
A and B, the trigger order is B, then A. If B does any changes
to the input arguments (``level``, ``optname``, ``optval``, ``optlen``),
then the next program in the chain (A) will see those changes,
*not* the original input ``setsockopt`` arguments. The potentially
modified values will be then passed down to the kernel.”h]”(hŒ	Same for ”…””}”(hj§  hžhhŸNh NubhÐ)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒw: if the program is attached to
A and B, the trigger order is B, then A. If B does any changes
to the input arguments (”…””}”(hj§  hžhhŸNh NubhÐ)”}”(hŒ	``level``”h]”hŒlevel”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒ, ”…””}”(hj§  hžhhŸNh NubhÐ)”}”(hŒ``optname``”h]”hŒoptname”…””}”(hjÓ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒ, ”…””}”hj§  sbhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjå  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒ, ”…””}”hj§  sbhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj÷  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒB),
then the next program in the chain (A) will see those changes,
”…””}”(hj§  hžhhŸNh Nubj
  )”}”(hŒ*not*”h]”hŒnot”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj§  ubhŒ the original input ”…””}”(hj§  hžhhŸNh NubhÐ)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj§  ubhŒS arguments. The potentially
modified values will be then passed down to the kernel.”…””}”(hj§  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KRhjì  hžhubeh}”(h]”Œcgroup-inheritance”ah ]”h"]”Œcgroup inheritance”ah$]”h&]”uh1h´hh¶hžhhŸh³h KAubhµ)”}”(hhh]”(hº)”}”(hŒLarge optval”h]”hŒLarge optval”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj;  hžhhŸh³h KZubhÊ)”}”(hŒ’When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program
can access only the first ``PAGE_SIZE`` of that data. So it has to options:”h]”(hŒ	When the ”…””}”(hjL  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjT  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjL  ubhŒ is greater than the ”…””}”(hjL  hžhhŸNh NubhÐ)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjf  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjL  ubhŒ,, the BPF program
can access only the first ”…””}”(hjL  hžhhŸNh NubhÐ)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjx  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjL  ubhŒ$ of that data. So it has to options:”…””}”(hjL  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K[hj;  hžhubhê)”}”(hhh]”(hï)”}”(hŒ³Set ``optlen`` to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ``optval`` are ignored.”h]”hÊ)”}”(hŒ³Set ``optlen`` to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ``optval`` are ignored.”h]”(hŒSet ”…””}”(hj—  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjŸ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj—  ubhŒŽ to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ”…””}”(hj—  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj±  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj—  ubhŒ are ignored.”…””}”(hj—  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K^hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhj  hžhhŸh³h Nubhï)”}”(hŒzSet ``optlen`` to the value less than ``PAGE_SIZE``, which
indicates that the kernel should use BPF's trimmed ``optval``.
”h]”hÊ)”}”(hŒySet ``optlen`` to the value less than ``PAGE_SIZE``, which
indicates that the kernel should use BPF's trimmed ``optval``.”h]”(hŒSet ”…””}”(hjÓ  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjÓ  ubhŒ to the value less than ”…””}”(hjÓ  hžhhŸNh NubhÐ)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjí  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjÓ  ubhŒ=, which
indicates that the kernel should use BPFâ€™s trimmed ”…””}”(hjÓ  hžhhŸNh NubhÐ)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjÿ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhjÓ  ubhŒ.”…””}”(hjÓ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KahjÏ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hîhj  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jf  jg  uh1héhŸh³h K^hj;  hžhubhÊ)”}”(hŒÂWhen the BPF program returns with the ``optlen`` greater than
``PAGE_SIZE``, the userspace will receive original kernel
buffers without any modifications that the BPF program might have
applied.”h]”(hŒ&When the BPF program returns with the ”…””}”(hj#  hžhhŸNh NubhÐ)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj#  ubhŒ greater than
”…””}”(hj#  hžhhŸNh NubhÐ)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj#  ubhŒw, the userspace will receive original kernel
buffers without any modifications that the BPF program might have
applied.”…””}”(hj#  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kdhj;  hžhubeh}”(h]”Œlarge-optval”ah ]”h"]”Œlarge optval”ah$]”h&]”uh1h´hh¶hžhhŸh³h KZubhµ)”}”(hhh]”(hº)”}”(hŒExample”h]”hŒExample”…””}”(hj`  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj]  hžhhŸh³h KjubhÊ)”}”(hŒ5Recommended way to handle BPF programs is as follows:”h]”hŒ5Recommended way to handle BPF programs is as follows:”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Klhj]  hžhubj0  )”}”(hX(  SEC("cgroup/getsockopt")
int getsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}

SEC("cgroup/setsockopt")
int setsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                /* do something */
                ctx->optlen = -1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                optval[0] = ...;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}”h]”hX(  SEC("cgroup/getsockopt")
int getsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}

SEC("cgroup/setsockopt")
int setsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                /* do something */
                ctx->optlen = -1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                optval[0] = ...;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}”…””}”hj|  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²Œforce”‰Œlanguage”Œc”Œhighlight_args”}”uh1j/  hŸh³h Knhj]  hžhubhÊ)”}”(hŒqSee ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example
of BPF program that handles socket options.”h]”(hŒSee ”…””}”(hj  hžhhŸNh NubhÐ)”}”(hŒ2``tools/testing/selftests/bpf/progs/sockopt_sk.c``”h]”hŒ.tools/testing/selftests/bpf/progs/sockopt_sk.c”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÏhj  ubhŒ; for an example
of BPF program that handles socket options.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K¡hj]  hžhubeh}”(h]”Œexample”ah ]”h"]”Œexample”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kjubeh}”(h]”Œbpf-prog-type-cgroup-sockopt”ah ]”h"]”Œbpf_prog_type_cgroup_sockopt”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jâ  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j¼  j¹  j  j  Œreturn type”Njé  jæ  j8  j5  jZ  jW  j´  j±  uŒ	nametypes”}”(j¼  ‰j  ‰j&  ‰jé  ‰j8  ‰jZ  ‰j´  ‰uh}”(j¹  h¶j  jâ  j  j™  jæ  j!  jß  j0  j5  jì  jW  j;  j±  j]  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”jð  Ks…”R”Œparse_messages”]”hŒsystem_message”“”)”}”(hhh]”hÊ)”}”(hŒ.Duplicate implicit target name: "return type".”h]”hŒ2Duplicate implicit target name: â€œreturn typeâ€.”…””}”(hjJ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhjG  ubah}”(h]”h ]”h"]”h$]”h&]”jß  aŒlevel”KŒtype”ŒINFO”Œsource”h³Œline”K9uh1jE  hj0  hžhhŸh³h K9ubaŒtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.