review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 21 Apr 2023 17:02:55 +0000 (19:02 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 21 Apr 2023 18:34:14 +0000 (11:34 -0700)
commit	fd9c663b9ad67dedfc9a3fd3429ddd3e83782b4d
tree	6cf7b3fdb57b0152b9f84cfdb282b6c039522a5d	tree \| snapshot
parent	84601d6ee68ae820dec97450934797046d62db4b	commit \| diff

bpf: minimal support for programs hooked into netfilter framework

This adds minimal support for BPF_PROG_TYPE_NETFILTER bpf programs
that will be invoked via the NF_HOOK() points in the ip stack.

Invocation incurs an indirect call. This is not a necessity: Its
possible to add 'DEFINE_BPF_DISPATCHER(nf_progs)' and handle the
program invocation with the same method already done for xdp progs.

This isn't done here to keep the size of this chunk down.

Verifier restricts verdicts to either DROP or ACCEPT.

Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20230421170300.24115-3-fw@strlen.de
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/linux/bpf_types.h		diff \| blob \| history
include/net/netfilter/nf_bpf_link.h		diff \| blob \| history
kernel/bpf/btf.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history
net/core/filter.c		diff \| blob \| history
net/netfilter/nf_bpf_link.c		diff \| blob \| history