[ @Willem: RH email doesn't exist anymore, I took it out, otherwise
every reply gets a bounce. ;) ]
On 08/14/2015 07:03 PM, Alexei Starovoitov wrote:
On 8/14/15 8:50 AM, Willem de Bruijn wrote:
...
all looks great except in the above the check:
if (new-type !=
[ @Willem: RH email doesn't exist anymore, I took it out, otherwise
every reply gets a bounce. ;) ]
Sorry for using the wrong address, Daniel.
Also instead of:
#define PACKET_FANOUT_BPF6
#define PACKET_FANOUT_EBPF7
I would call them FANOUT_CBPF and FANOUT_EBPF to be
On 08/14/2015 09:27 PM, Willem de Bruijn wrote:
...
Btw, in case someone sets sock_flag(sk, SOCK_FILTER_LOCKED),
perhaps we should also apply it on fanout?
Good point. With classic bpf, packet access control is fully
enforced in per-socket filters, but playing with load balancing
filters could
On Fri, Aug 14, 2015 at 1:03 PM, Alexei Starovoitov a...@plumgrid.com wrote:
On 8/14/15 8:50 AM, Willem de Bruijn wrote:
+static int fanout_set_data_ebpf(struct packet_fanout *f, char __user
*data,
+ unsigned int len)
+{
+ struct bpf_prog *new;
+
On 8/14/15 8:50 AM, Willem de Bruijn wrote:
+static int fanout_set_data_ebpf(struct packet_fanout *f, char __user *data,
+ unsigned int len)
+{
+ struct bpf_prog *new;
+ u32 fd;
+
+ if (len != sizeof(fd))
+ return -EINVAL;
+ if
On Fri, Aug 14, 2015 at 3:46 PM, Daniel Borkmann dan...@iogearbox.net wrote:
On 08/14/2015 09:27 PM, Willem de Bruijn wrote:
...
Btw, in case someone sets sock_flag(sk, SOCK_FILTER_LOCKED),
perhaps we should also apply it on fanout?
Good point. With classic bpf, packet access control is
From: Willem de Bruijn will...@google.com
Add a fanout mode that accepts an eBPF program to select a socket.
Update the internal eBPF program by passing to socket option
SOL_PACKET/PACKET_FANOUT_DATA a file descriptor returned by bpf().
Signed-off-by: Willem de Bruijn will...@google.com
---