mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-21 00:10:09 +00:00
fd9c663b9a
This adds minimal support for BPF_PROG_TYPE_NETFILTER bpf programs that will be invoked via the NF_HOOK() points in the ip stack. Invocation incurs an indirect call. This is not a necessity: Its possible to add 'DEFINE_BPF_DISPATCHER(nf_progs)' and handle the program invocation with the same method already done for xdp progs. This isn't done here to keep the size of this chunk down. Verifier restricts verdicts to either DROP or ACCEPT. Signed-off-by: Florian Westphal <fw@strlen.de> Link: https://lore.kernel.org/r/20230421170300.24115-3-fw@strlen.de Signed-off-by: Alexei Starovoitov <ast@kernel.org>
15 lines
365 B
C
15 lines
365 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
struct bpf_nf_ctx {
|
|
const struct nf_hook_state *state;
|
|
struct sk_buff *skb;
|
|
};
|
|
|
|
#if IS_ENABLED(CONFIG_NETFILTER_BPF_LINK)
|
|
int bpf_nf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog);
|
|
#else
|
|
static inline int bpf_nf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
#endif
|