On 6/23/20 12:34 PM, Jakub Sitnicki wrote:
This patch set prepares ground for link-based multi-prog attachment for
future netns attach types, with BPF_SK_LOOKUP attach type in mind [0].
Two changes are needed in order to attach and run a series of BPF programs:
1) an bpf_prog_array of programs to run (patch #2), and
2) a list of attached links to keep track of attachments (patch #3).
I've been using these patches with the next iteration of BPF socket lookup
hook patches, and saw that they are self-contained and can be split out to
ease the review burden.
Nothing changes for BPF flow_dissector. That is at most one prog can be
attached.
Thanks,
-jkbs
[0] https://lore.kernel.org/bpf/20200511185218.1422406-1-ja...@cloudflare.com/
Cc: Andrii Nakryiko <andrii.nakry...@gmail.com>
Cc: Stanislav Fomichev <s...@google.com>
v1 -> v2:
- Show with a (void) cast that bpf_prog_array_replace_item() return value
is ignored on purpose. (Andrii)
- Explain why bpf-cgroup cannot replace programs in bpf_prog_array based
on bpf_prog pointer comparison in patch #2 description. (Andrii)
Jakub Sitnicki (3):
flow_dissector: Pull BPF program assignment up to bpf-netns
bpf, netns: Keep attached programs in bpf_prog_array
bpf, netns: Keep a list of attached bpf_link's
include/linux/bpf.h | 3 +
include/net/flow_dissector.h | 3 +-
include/net/netns/bpf.h | 7 +-
kernel/bpf/core.c | 20 +++-
kernel/bpf/net_namespace.c | 189 +++++++++++++++++++++++++----------
net/core/flow_dissector.c | 34 +++----
6 files changed, 173 insertions(+), 83 deletions(-)
Applied, thanks!
