As mentioned at netconf in October, insight into bpf filters is an essential part of debugging and verifying a particular networking configuration. For example, classic bpf filters can be returned for packet sockets as part of the sock_diag infrastructure and the PACKET_DIAG_FILTER attribute. This capability is leveraged by 'ss --bpf' to dump the filter when requested.
This series adds similar support to ebpf, starting with filters attached to a cgroup. The first patch saves the original bpf instructions in a manner similar to classic bpf. The second patch allows the retrieval of filters applied to a cgroup. David Ahern (2): bpf: Save original ebpf instructions bpf: Add support to retrieve program attached to a cgroup include/linux/bpf-cgroup.h | 7 ++++ include/linux/filter.h | 5 ++- include/uapi/linux/bpf.h | 9 +++++ kernel/bpf/cgroup.c | 31 +++++++++++++++ kernel/bpf/syscall.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++ kernel/cgroup.c | 12 ++++++ 6 files changed, 160 insertions(+), 1 deletion(-) -- 2.1.4
