net: Introduce netns_bpf for BPF programs attached to netns
authorJakub Sitnicki <jakub@cloudflare.com>
Sun, 31 May 2020 08:28:36 +0000 (10:28 +0200)
committerAlexei Starovoitov <ast@kernel.org>
Mon, 1 Jun 2020 22:21:02 +0000 (15:21 -0700)
commita3fd7ceee05431d2c51ed86c6cae015d236a51f0
tree239fb6cb80a26ab38befd59faa7d4354d5eac190
parent171526f6fee84de0c39e2b7aa7e666ba0bbfd173
net: Introduce netns_bpf for BPF programs attached to netns

In order to:

 (1) attach more than one BPF program type to netns, or
 (2) support attaching BPF programs to netns with bpf_link, or
 (3) support multi-prog attach points for netns

we will need to keep more state per netns than a single pointer like we
have now for BPF flow dissector program.

Prepare for the above by extracting netns_bpf that is part of struct net,
for storing all state related to BPF programs attached to netns.

Turn flow dissector callbacks for querying/attaching/detaching a program
into generic ones that operate on netns_bpf. Next patch will move the
generic callbacks into their own module.

This is similar to how it is organized for cgroup with cgroup_bpf.

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Cc: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/bpf/20200531082846.2117903-3-jakub@cloudflare.com
include/linux/bpf-netns.h [new file with mode: 0644]
include/linux/skbuff.h
include/net/net_namespace.h
include/net/netns/bpf.h [new file with mode: 0644]
kernel/bpf/syscall.c
net/core/flow_dissector.c