git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Daniel Mack <daniel@zonque.org>
	Wed, 23 Nov 2016 15:52:26 +0000 (16:52 +0100)
committer	David S. Miller <davem@davemloft.net>
	Fri, 25 Nov 2016 21:25:52 +0000 (16:25 -0500)
commit	3007098494bec614fb55dee7bc0410bb7db5ad18
tree	ff07e31da90fd790d2ae4f129d04954b70766057	tree \| snapshot
parent	0e33661de493db325435d565a4a722120ae4cbf3	commit \| diff

cgroup: add support for eBPF programs

This patch adds two sets of eBPF program pointers to struct cgroup.
One for such that are directly pinned to a cgroup, and one for such
that are effective for it.

To illustrate the logic behind that, assume the following example
cgroup hierarchy.

A - B - C
\ D - E

If only B has a program attached, it will be effective for B, C, D
and E. If D then attaches a program itself, that will be effective for
both D and E, and the program in B will only affect B and C. Only one
program of a given type is effective for a cgroup.

Attaching and detaching programs will be done through the bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.

Signed-off-by: Daniel Mack <daniel@zonque.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/bpf-cgroup.h	[new file with mode: 0644]	blob
include/linux/cgroup-defs.h		diff \| blob \| history
init/Kconfig		diff \| blob \| history
kernel/bpf/Makefile		diff \| blob \| history
kernel/bpf/cgroup.c	[new file with mode: 0644]	blob
kernel/cgroup.c		diff \| blob \| history