mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-27 22:51:31 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Daniel Mack 33b486793c net: ipv4, ipv6: run cgroup eBPF egress programs 
If the cgroup associated with the receiving socket has an eBPF
programs installed, run them from ip_output(), ip6_output() and
ip_mc_output(). From mentioned functions we have two socket contexts
as per 7026b1ddb6 ("netfilter: Pass socket pointer down through
okfn()."). We explicitly need to use sk instead of skb->sk here,
since otherwise the same program would run multiple times on egress
when encap devices are involved, which is not desired in our case.

eBPF programs used in this context are expected to either return 1 to
let the packet pass, or != 1 to drop them. The programs have access to
the skb through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).

Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.

Signed-off-by: Daniel Mack <daniel@zonque.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-25 16:26:04 -05:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
bluetooth
bridge bridge: mcast: add MLDv2 querier support 2016-11-21 13:16:58 -05:00
caif
can
ceph
core net: filter: run cgroup eBPF ingress programs 2016-11-25 16:26:04 -05:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 net: ipv4, ipv6: run cgroup eBPF egress programs 2016-11-25 16:26:04 -05:00
ipv6 net: ipv4, ipv6: run cgroup eBPF egress programs 2016-11-25 16:26:04 -05:00
ipx
irda
iucv
kcm
key
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
l3mdev
lapb
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
mac802154
mpls
ncsi
netfilter
netlabel
netlink
netrom
nfc
openvswitch
packet af_packet: Use virtio_net_hdr_from_skb() directly. 2016-11-19 10:37:03 -05:00
phonet
qrtr
rds
rfkill
rose
rxrpc
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
sctp
strparser
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
vmw_vsock VSOCK: add loopback to virtio_transport 2016-11-24 11:53:15 -05:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
x25
xfrm
compat.c
Kconfig
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
sysctl_net.c