diff options
| author |   Andrey Ignatov <rdna@fb.com> | 2020-05-14 13:03:46 -0700 |
|---|---|---|
| committer |   Alexei Starovoitov <ast@kernel.org> | 2020-05-14 18:41:07 -0700 |
| commit | 06d3e4c9f11afc849dc201ecf9ef7a43eeb1dddd (patch) | |
| tree | b5deca627ef2679e3715b57c3ba611c2f15bc16e /net | |
| parent | bpf: Allow sk lookup helpers in cgroup skb (diff) | |
| download | wireguard-linux-06d3e4c9f11afc849dc201ecf9ef7a43eeb1dddd.tar.xz wireguard-linux-06d3e4c9f11afc849dc201ecf9ef7a43eeb1dddd.zip | |
bpf: Allow skb_ancestor_cgroup_id helper in cgroup skb
cgroup skb programs already can use bpf_skb_cgroup_id. Allow
bpf_skb_ancestor_cgroup_id as well so that container policies can be
implemented for a container that can have sub-cgroups dynamically
created, but policies should still be implemented based on cgroup id of
container itself not on an id of a sub-cgroup.
Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/8874194d6041eba190356453ea9f6071edf5f658.1589486450.git.rdna@fb.com
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/filter.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 9c3eada5c86c..a47dc5b9dad4 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6157,6 +6157,8 @@ cg_skb_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) #ifdef CONFIG_SOCK_CGROUP_DATA case BPF_FUNC_skb_cgroup_id: return &bpf_skb_cgroup_id_proto; + case BPF_FUNC_skb_ancestor_cgroup_id: + return &bpf_skb_ancestor_cgroup_id_proto; #endif #ifdef CONFIG_INET case BPF_FUNC_sk_lookup_tcp: |