€•np      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ+/translations/zh_CN/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/zh_TW/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/it_IT/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ja_JP/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ko_KR/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/pt_BR/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/sp_SP/bpf/prog_cgroup_sockopt”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³ŒE/var/lib/git/docbuild/linux/Documentation/bpf/prog_cgroup_sockopt.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”h]”hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ	paragraph”“”)”}”(hŒR``BPF_PROG_TYPE_CGROUP_SOCKOPT`` program type can be attached to two
cgroup hooks:”h]”(hŒliteral”“”)”}”(hŒ ``BPF_PROG_TYPE_CGROUP_SOCKOPT``”h]”hŒBPF_PROG_TYPE_CGROUP_SOCKOPT”…””}”(hhåh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhhßubhŒ2 program type can be attached to two
cgroup hooks:”…””}”(hhßh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒZ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
system call.”h]”hÞ)”}”(hŒZ``BPF_CGROUP_GETSOCKOPT`` - called every time process executes ``getsockopt``
system call.”h]”(hä)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ& - called every time process executes ”…””}”(hj  h²hh³Nh´Nubhä)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ
system call.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K
hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hhÿh²hh³hÇh´Nubj  )”}”(hŒ[``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
system call.
”h]”hÞ)”}”(hŒZ``BPF_CGROUP_SETSOCKOPT`` - called every time process executes ``setsockopt``
system call.”h]”(hä)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hjD  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj@  ubhŒ& - called every time process executes ”…””}”(hj@  h²hh³Nh´Nubhä)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hjV  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj@  ubhŒ
system call.”…””}”(hj@  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj<  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hhÿh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1hýh³hÇh´K
hhÊh²hubhÞ)”}”(hŒThe context (``struct bpf_sockopt``) has associated socket (``sk``) and
all input arguments: ``level``, ``optname``, ``optval`` and ``optlen``.”h]”(hŒThe context (”…””}”(hj|  h²hh³Nh´Nubhä)”}”(hŒ``struct bpf_sockopt``”h]”hŒstruct bpf_sockopt”…””}”(hj„  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ) has associated socket (”…””}”(hj|  h²hh³Nh´Nubhä)”}”(hŒ``sk``”h]”hŒsk”…””}”(hj–  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ) and
all input arguments: ”…””}”(hj|  h²hh³Nh´Nubhä)”}”(hŒ	``level``”h]”hŒlevel”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ, ”…””}”(hj|  h²hh³Nh´Nubhä)”}”(hŒ``optname``”h]”hŒoptname”…””}”(hjº  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ, ”…””}”hj|  sbhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjÌ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ and ”…””}”(hj|  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjÞ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj|  ubhŒ.”…””}”(hj|  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒBPF_CGROUP_SETSOCKOPT”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjö  h²hh³hÇh´KubhÞ)”}”(hŒõ``BPF_CGROUP_SETSOCKOPT`` is triggered *before* the kernel handling of
sockopt and it has writable context: it can modify the supplied arguments
before passing them down to the kernel. This hook has access to the cgroup
and socket local storage.”h]”(hä)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ is triggered ”…””}”(hj  h²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*before*”h]”hŒbefore”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubhŒÆ the kernel handling of
sockopt and it has writable context: it can modify the supplied arguments
before passing them down to the kernel. This hook has access to the cgroup
and socket local storage.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjö  h²hubhÞ)”}”(hŒÎIf BPF program sets ``optlen`` to -1, the control will be returned
back to the userspace after all other BPF programs in the cgroup
chain finish (i.e. kernel ``setsockopt`` handling will *not* be executed).”h]”(hŒIf BPF program sets ”…””}”(hj7  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj?  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj7  ubhŒ€ to -1, the control will be returned
back to the userspace after all other BPF programs in the cgroup
chain finish (i.e. kernel ”…””}”(hj7  h²hh³Nh´Nubhä)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj7  ubhŒ handling will ”…””}”(hj7  h²hh³Nh´Nubj  )”}”(hŒ*not*”h]”hŒnot”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj7  ubhŒ be executed).”…””}”(hj7  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjö  h²hubhÞ)”}”(hŒšNote, that ``optlen`` can not be increased beyond the user-supplied
value. It can only be decreased or set to -1. Any other value will
trigger ``EFAULT``.”h]”(hŒNote, that ”…””}”(hj{  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj{  ubhŒz can not be increased beyond the user-supplied
value. It can only be decreased or set to -1. Any other value will
trigger ”…””}”(hj{  h²hh³Nh´Nubhä)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj{  ubhŒ.”…””}”(hj{  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjö  h²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒReturn Type”h]”hŒReturn Type”…””}”(hj°  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj­  h²hh³hÇh´K#ubhþ)”}”(hhh]”(j  )”}”(hŒH``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.”h]”hÞ)”}”(hjÃ  h]”(hä)”}”(hŒ``0``”h]”hŒ0”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjÅ  ubhŒ - reject the syscall, ”…””}”(hjÅ  h²hh³Nh´Nubhä)”}”(hŒ	``EPERM``”h]”hŒEPERM”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjÅ  ubhŒ# will be returned to the userspace.”…””}”(hjÅ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K%hjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¾  h²hh³hÇh´Nubj  )”}”(hŒE``1`` - success, continue with next BPF program in the cgroup chain.
”h]”hÞ)”}”(hŒD``1`` - success, continue with next BPF program in the cgroup chain.”h]”(hä)”}”(hŒ``1``”h]”hŒ1”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjü  ubhŒ? - success, continue with next BPF program in the cgroup chain.”…””}”(hjü  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K&hjø  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¾  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jz  j{  uh1hýh³hÇh´K%hj­  h²hubeh}”(h]”Œreturn-type”ah ]”h"]”h$]”Œreturn type”ah&]”uh1hÈhjö  h²hh³hÇh´K#Œ
referenced”Kubeh}”(h]”Œbpf-cgroup-setsockopt”ah ]”h"]”Œbpf_cgroup_setsockopt”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒBPF_CGROUP_GETSOCKOPT”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj5  h²hh³hÇh´K)ubhÞ)”}”(hX—  ``BPF_CGROUP_GETSOCKOPT`` is triggered *after* the kernel handing of
sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval``
if it's interested in whatever kernel has returned. BPF hook can override
the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen``
has been increased above initial ``getsockopt`` value (i.e. userspace
buffer is too small), ``EFAULT`` is returned.”h]”(hä)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ is triggered ”…””}”(hjF  h²hh³Nh´Nubj  )”}”(hŒ*after*”h]”hŒafter”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjF  ubhŒ9 the kernel handing of
sockopt. The BPF hook can observe ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjn  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ, ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ and ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒf
if itâ€™s interested in whatever kernel has returned. BPF hook can override
the values above, adjust ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj¤  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ and reset ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ
 to 0. If ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ"
has been increased above initial ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ- value (i.e. userspace
buffer is too small), ”…””}”(hjF  h²hh³Nh´Nubhä)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjF  ubhŒ is returned.”…””}”(hjF  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K+hj5  h²hubhÞ)”}”(hŒ<This hook has access to the cgroup and socket local storage.”h]”hŒ<This hook has access to the cgroup and socket local storage.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K2hj5  h²hubhÞ)”}”(hŒ˜Note, that the only acceptable value to set to ``retval`` is 0 and the
original value that the kernel returned. Any other value will trigger
``EFAULT``.”h]”(hŒ/Note, that the only acceptable value to set to ”…””}”(hj  h²hh³Nh´Nubhä)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒT is 0 and the
original value that the kernel returned. Any other value will trigger
”…””}”(hj  h²hh³Nh´Nubhä)”}”(hŒ
``EFAULT``”h]”hŒEFAULT”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K4hj5  h²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒReturn Type”h]”hŒReturn Type”…””}”(hjG  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjD  h²hh³hÇh´K9ubhþ)”}”(hhh]”(j  )”}”(hŒH``0`` - reject the syscall, ``EPERM`` will be returned to the userspace.”h]”hÞ)”}”(hjZ  h]”(hä)”}”(hŒ``0``”h]”hŒ0”…””}”(hj_  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj\  ubhŒ - reject the syscall, ”…””}”(hj\  h²hh³Nh´Nubhä)”}”(hŒ	``EPERM``”h]”hŒEPERM”…””}”(hjq  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj\  ubhŒ# will be returned to the userspace.”…””}”(hj\  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K;hjX  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjU  h²hh³hÇh´Nubj  )”}”(hŒ°``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
``retval`` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).
”h]”hÞ)”}”(hŒ¯``1`` - success: copy ``optval`` and ``optlen`` to userspace, return
``retval`` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).”h]”(hä)”}”(hŒ``1``”h]”hŒ1”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj“  ubhŒ - success: copy ”…””}”(hj“  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj“  ubhŒ and ”…””}”(hj“  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj»  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj“  ubhŒ to userspace, return
”…””}”(hj“  h²hh³Nh´Nubhä)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hjÍ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj“  ubhŒ` from the syscall (note that this can be overwritten by
the BPF program from the parent cgroup).”…””}”(hj“  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K<hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjU  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jz  j{  uh1hýh³hÇh´K;hjD  h²hubeh}”(h]”Œid1”ah ]”h"]”h$]”j*  ah&]”uh1hÈhj5  h²hh³hÇh´K9j,  Kubeh}”(h]”Œbpf-cgroup-getsockopt”ah ]”h"]”Œbpf_cgroup_getsockopt”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K)ubhÉ)”}”(hhh]”(hÎ)”}”(hŒCgroup Inheritance”h]”hŒCgroup Inheritance”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj   h²hh³hÇh´KAubhÞ)”}”(hŒ™Suppose, there is the following cgroup hierarchy where each cgroup
has ``BPF_CGROUP_GETSOCKOPT`` attached at each level with
``BPF_F_ALLOW_MULTI`` flag::”h]”(hŒGSuppose, there is the following cgroup hierarchy where each cgroup
has ”…””}”(hj  h²hh³Nh´Nubhä)”}”(hŒ``BPF_CGROUP_GETSOCKOPT``”h]”hŒBPF_CGROUP_GETSOCKOPT”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ attached at each level with
”…””}”(hj  h²hh³Nh´Nubhä)”}”(hŒ``BPF_F_ALLOW_MULTI``”h]”hŒBPF_F_ALLOW_MULTI”…””}”(hj+  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj  ubhŒ flag:”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KChj   h²hubhŒliteral_block”“”)”}”(hŒA (root, parent)
 \
  B (child)”h]”hŒA (root, parent)
 \
  B (child)”…””}”hjE  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jC  h³hÇh´KGhj   h²hubhÞ)”}”(hX‰  When the application calls ``getsockopt`` syscall from the cgroup B,
the programs are executed from the bottom up: B, A. First program
(B) sees the result of kernel's ``getsockopt``. It can optionally
adjust ``optval``, ``optlen`` and reset ``retval`` to 0. After that
control will be passed to the second (A) program which will see the
same context as B including any potential modifications.”h]”(hŒWhen the application calls ”…””}”(hjS  h²hh³Nh´Nubhä)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjS  ubhŒ€ syscall from the cgroup B,
the programs are executed from the bottom up: B, A. First program
(B) sees the result of kernelâ€™s ”…””}”(hjS  h²hh³Nh´Nubhä)”}”(hŒ``getsockopt``”h]”hŒ
getsockopt”…””}”(hjm  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjS  ubhŒ. It can optionally
adjust ”…””}”(hjS  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjS  ubhŒ, ”…””}”(hjS  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj‘  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjS  ubhŒ and reset ”…””}”(hjS  h²hh³Nh´Nubhä)”}”(hŒ
``retval``”h]”hŒretval”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjS  ubhŒŽ to 0. After that
control will be passed to the second (A) program which will see the
same context as B including any potential modifications.”…””}”(hjS  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KKhj   h²hubhÞ)”}”(hXƒ  Same for ``BPF_CGROUP_SETSOCKOPT``: if the program is attached to
A and B, the trigger order is B, then A. If B does any changes
to the input arguments (``level``, ``optname``, ``optval``, ``optlen``),
then the next program in the chain (A) will see those changes,
*not* the original input ``setsockopt`` arguments. The potentially
modified values will be then passed down to the kernel.”h]”(hŒ	Same for ”…””}”(hj»  h²hh³Nh´Nubhä)”}”(hŒ``BPF_CGROUP_SETSOCKOPT``”h]”hŒBPF_CGROUP_SETSOCKOPT”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒw: if the program is attached to
A and B, the trigger order is B, then A. If B does any changes
to the input arguments (”…””}”(hj»  h²hh³Nh´Nubhä)”}”(hŒ	``level``”h]”hŒlevel”…””}”(hjÕ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒ, ”…””}”(hj»  h²hh³Nh´Nubhä)”}”(hŒ``optname``”h]”hŒoptname”…””}”(hjç  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒ, ”…””}”hj»  sbhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒ, ”…””}”hj»  sbhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒB),
then the next program in the chain (A) will see those changes,
”…””}”(hj»  h²hh³Nh´Nubj  )”}”(hŒ*not*”h]”hŒnot”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj»  ubhŒ the original input ”…””}”(hj»  h²hh³Nh´Nubhä)”}”(hŒ``setsockopt``”h]”hŒ
setsockopt”…””}”(hj/  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj»  ubhŒS arguments. The potentially
modified values will be then passed down to the kernel.”…””}”(hj»  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KRhj   h²hubeh}”(h]”Œcgroup-inheritance”ah ]”h"]”Œcgroup inheritance”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KAubhÉ)”}”(hhh]”(hÎ)”}”(hŒLarge optval”h]”hŒLarge optval”…””}”(hjR  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjO  h²hh³hÇh´KZubhÞ)”}”(hŒ’When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program
can access only the first ``PAGE_SIZE`` of that data. So it has to options:”h]”(hŒ	When the ”…””}”(hj`  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj`  ubhŒ is greater than the ”…””}”(hj`  h²hh³Nh´Nubhä)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjz  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj`  ubhŒ,, the BPF program
can access only the first ”…””}”(hj`  h²hh³Nh´Nubhä)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjŒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj`  ubhŒ$ of that data. So it has to options:”…””}”(hj`  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K[hjO  h²hubhþ)”}”(hhh]”(j  )”}”(hŒ³Set ``optlen`` to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ``optval`` are ignored.”h]”hÞ)”}”(hŒ³Set ``optlen`` to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ``optval`` are ignored.”h]”(hŒSet ”…””}”(hj«  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj«  ubhŒŽ to zero, which indicates that the kernel should
use the original buffer from the userspace. Any modifications
done by the BPF program to the ”…””}”(hj«  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj«  ubhŒ are ignored.”…””}”(hj«  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K^hj§  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¤  h²hh³hÇh´Nubj  )”}”(hŒzSet ``optlen`` to the value less than ``PAGE_SIZE``, which
indicates that the kernel should use BPF's trimmed ``optval``.
”h]”hÞ)”}”(hŒySet ``optlen`` to the value less than ``PAGE_SIZE``, which
indicates that the kernel should use BPF's trimmed ``optval``.”h]”(hŒSet ”…””}”(hjç  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjç  ubhŒ to the value less than ”…””}”(hjç  h²hh³Nh´Nubhä)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjç  ubhŒ=, which
indicates that the kernel should use BPFâ€™s trimmed ”…””}”(hjç  h²hh³Nh´Nubhä)”}”(hŒ
``optval``”h]”hŒoptval”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhjç  ubhŒ.”…””}”(hjç  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kahjã  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¤  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jz  j{  uh1hýh³hÇh´K^hjO  h²hubhÞ)”}”(hŒÂWhen the BPF program returns with the ``optlen`` greater than
``PAGE_SIZE``, the userspace will receive original kernel
buffers without any modifications that the BPF program might have
applied.”h]”(hŒ&When the BPF program returns with the ”…””}”(hj7  h²hh³Nh´Nubhä)”}”(hŒ
``optlen``”h]”hŒoptlen”…””}”(hj?  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj7  ubhŒ greater than
”…””}”(hj7  h²hh³Nh´Nubhä)”}”(hŒ``PAGE_SIZE``”h]”hŒ	PAGE_SIZE”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj7  ubhŒw, the userspace will receive original kernel
buffers without any modifications that the BPF program might have
applied.”…””}”(hj7  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KdhjO  h²hubeh}”(h]”Œlarge-optval”ah ]”h"]”Œlarge optval”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KZubhÉ)”}”(hhh]”(hÎ)”}”(hŒExample”h]”hŒExample”…””}”(hjt  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjq  h²hh³hÇh´KjubhÞ)”}”(hŒ5Recommended way to handle BPF programs is as follows:”h]”hŒ5Recommended way to handle BPF programs is as follows:”…””}”(hj‚  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Klhjq  h²hubjD  )”}”(hX(  SEC("cgroup/getsockopt")
int getsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}

SEC("cgroup/setsockopt")
int setsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                /* do something */
                ctx->optlen = -1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                optval[0] = ...;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}”h]”hX(  SEC("cgroup/getsockopt")
int getsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                ctx->retval = 0;
                optval[0] = ...;
                ctx->optlen = 1;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}

SEC("cgroup/setsockopt")
int setsockopt(struct bpf_sockopt *ctx)
{
        /* Custom socket option. */
        if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) {
                /* do something */
                ctx->optlen = -1;
                return 1;
        }

        /* Modify kernel's socket option. */
        if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) {
                optval[0] = ...;
                return 1;
        }

        /* optval larger than PAGE_SIZE use kernel's buffer. */
        if (ctx->optlen > PAGE_SIZE)
                ctx->optlen = 0;

        return 1;
}”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆŒforce”‰Œlanguage”Œc”Œhighlight_args”}”uh1jC  h³hÇh´Knhjq  h²hubhÞ)”}”(hŒqSee ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example
of BPF program that handles socket options.”h]”(hŒSee ”…””}”(hj£  h²hh³Nh´Nubhä)”}”(hŒ2``tools/testing/selftests/bpf/progs/sockopt_sk.c``”h]”hŒ.tools/testing/selftests/bpf/progs/sockopt_sk.c”…””}”(hj«  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hãhj£  ubhŒ; for an example
of BPF program that handles socket options.”…””}”(hj£  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K¡hjq  h²hubeh}”(h]”Œexample”ah ]”h"]”Œexample”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´Kjubeh}”(h]”Œbpf-prog-type-cgroup-sockopt”ah ]”h"]”Œbpf_prog_type_cgroup_sockopt”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jö  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jÐ  jÍ  j2  j/  Œreturn type”Njý  jú  jL  jI  jn  jk  jÈ  jÅ  uŒ	nametypes”}”(jÐ  ‰j2  ‰j:  ‰jý  ‰jL  ‰jn  ‰jÈ  ‰uh}”(jÍ  hÊj/  jö  j&  j­  jú  j5  jó  jD  jI  j   jk  jO  jÅ  jq  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”j  Ks…”R”Œparse_messages”]”hŒsystem_message”“”)”}”(hhh]”hÞ)”}”(hŒ.Duplicate implicit target name: "return type".”h]”hŒ2Duplicate implicit target name: â€œreturn typeâ€.”…””}”(hj^  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝhj[  ubah}”(h]”h ]”h"]”h$]”h&]”jó  aŒlevel”KŒtype”ŒINFO”Œsource”hÇŒline”K9uh1jY  hjD  h²hh³hÇh´K9ubaŒtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.