net: retrieve netns cookie via getsocketopt
It's getting more common to run nested container environments for testing cloud software. One of such examples is Kind [1] which runs a Kubernetes cluster in Docker containers on a single host. Each container acts as a Kubernetes node, and thus can run any Pod (aka container) inside the former. This approach simplifies testing a lot, as it eliminates complicated VM setups. Unfortunately, such a setup breaks some functionality when cgroupv2 BPF programs are used for load-balancing. The load-balancer BPF program needs to detect whether a request originates from the host netns or a container netns in order to allow some access, e.g. to a service via a loopback IP address. Typically, the programs detect this by comparing netns cookies with the one of the init ns via a call to bpf_get_netns_cookie(NULL). However, in nested environments the latter cannot be used given the Kubernetes node's netns is outside the init ns. To fix this, we need to pass the Kubernetes node...
Showing
- arch/alpha/include/uapi/asm/socket.h 2 additions, 0 deletionsarch/alpha/include/uapi/asm/socket.h
- arch/mips/include/uapi/asm/socket.h 2 additions, 0 deletionsarch/mips/include/uapi/asm/socket.h
- arch/parisc/include/uapi/asm/socket.h 2 additions, 0 deletionsarch/parisc/include/uapi/asm/socket.h
- arch/sparc/include/uapi/asm/socket.h 2 additions, 0 deletionsarch/sparc/include/uapi/asm/socket.h
- include/uapi/asm-generic/socket.h 2 additions, 0 deletionsinclude/uapi/asm-generic/socket.h
- net/core/sock.c 7 additions, 0 deletionsnet/core/sock.c
Please register or sign in to comment