bpf: Refactor cgroups code in prep for new type

Code move and rename only; no functional change intended.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David Ahern 2016-12-01 08:48:03 -08:00 committed by David S. Miller
parent 7f7bf1606f
commit b2cd12574a
3 changed files with 42 additions and 40 deletions

View File

@ -36,28 +36,28 @@ void cgroup_bpf_update(struct cgroup *cgrp,
struct bpf_prog *prog, struct bpf_prog *prog,
enum bpf_attach_type type); enum bpf_attach_type type);
int __cgroup_bpf_run_filter(struct sock *sk, int __cgroup_bpf_run_filter_skb(struct sock *sk,
struct sk_buff *skb, struct sk_buff *skb,
enum bpf_attach_type type); enum bpf_attach_type type);
/* Wrappers for __cgroup_bpf_run_filter() guarded by cgroup_bpf_enabled. */ /* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */
#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) \ #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \
({ \ ({ \
int __ret = 0; \ int __ret = 0; \
if (cgroup_bpf_enabled) \ if (cgroup_bpf_enabled) \
__ret = __cgroup_bpf_run_filter(sk, skb, \ __ret = __cgroup_bpf_run_filter_skb(sk, skb, \
BPF_CGROUP_INET_INGRESS); \ BPF_CGROUP_INET_INGRESS); \
\ \
__ret; \ __ret; \
}) })
#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) \ #define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \
({ \ ({ \
int __ret = 0; \ int __ret = 0; \
if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ if (cgroup_bpf_enabled && sk && sk == skb->sk) { \
typeof(sk) __sk = sk_to_full_sk(sk); \ typeof(sk) __sk = sk_to_full_sk(sk); \
if (sk_fullsock(__sk)) \ if (sk_fullsock(__sk)) \
__ret = __cgroup_bpf_run_filter(__sk, skb, \ __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \
BPF_CGROUP_INET_EGRESS); \ BPF_CGROUP_INET_EGRESS); \
} \ } \
__ret; \ __ret; \

View File

@ -118,7 +118,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
} }
/** /**
* __cgroup_bpf_run_filter() - Run a program for packet filtering * __cgroup_bpf_run_filter_skb() - Run a program for packet filtering
* @sk: The socken sending or receiving traffic * @sk: The socken sending or receiving traffic
* @skb: The skb that is being sent or received * @skb: The skb that is being sent or received
* @type: The type of program to be exectuted * @type: The type of program to be exectuted
@ -132,7 +132,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp,
* This function will return %-EPERM if any if an attached program was found * This function will return %-EPERM if any if an attached program was found
* and if it returned != 1 during execution. In all other cases, 0 is returned. * and if it returned != 1 during execution. In all other cases, 0 is returned.
*/ */
int __cgroup_bpf_run_filter(struct sock *sk, int __cgroup_bpf_run_filter_skb(struct sock *sk,
struct sk_buff *skb, struct sk_buff *skb,
enum bpf_attach_type type) enum bpf_attach_type type)
{ {
@ -164,4 +164,4 @@ int __cgroup_bpf_run_filter(struct sock *sk,
return ret; return ret;
} }
EXPORT_SYMBOL(__cgroup_bpf_run_filter); EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb);

View File

@ -856,6 +856,7 @@ static int bpf_prog_attach(const union bpf_attr *attr)
{ {
struct bpf_prog *prog; struct bpf_prog *prog;
struct cgroup *cgrp; struct cgroup *cgrp;
enum bpf_prog_type ptype;
if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN))
return -EPERM; return -EPERM;
@ -866,8 +867,14 @@ static int bpf_prog_attach(const union bpf_attr *attr)
switch (attr->attach_type) { switch (attr->attach_type) {
case BPF_CGROUP_INET_INGRESS: case BPF_CGROUP_INET_INGRESS:
case BPF_CGROUP_INET_EGRESS: case BPF_CGROUP_INET_EGRESS:
prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype = BPF_PROG_TYPE_CGROUP_SKB;
BPF_PROG_TYPE_CGROUP_SKB); break;
default:
return -EINVAL;
}
prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype);
if (IS_ERR(prog)) if (IS_ERR(prog))
return PTR_ERR(prog); return PTR_ERR(prog);
@ -879,11 +886,6 @@ static int bpf_prog_attach(const union bpf_attr *attr)
cgroup_bpf_update(cgrp, prog, attr->attach_type); cgroup_bpf_update(cgrp, prog, attr->attach_type);
cgroup_put(cgrp); cgroup_put(cgrp);
break;
default:
return -EINVAL;
}
return 0; return 0;
} }