mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
bpf-program: optionally take fd of program to detach
This is useful for BPF_F_ALLOW_MULTI programs, where the kernel requires us to specify the fd.
This commit is contained in:
parent
2ae7ee58fa
commit
9b3c189786
@ -117,12 +117,16 @@ int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path, uint32_
|
||||
return 0;
|
||||
}
|
||||
|
||||
int bpf_program_cgroup_detach(int type, const char *path) {
|
||||
int bpf_program_cgroup_detach(BPFProgram *p, int type, const char *path) {
|
||||
_cleanup_close_ int fd = -1;
|
||||
union bpf_attr attr;
|
||||
|
||||
assert(type >= 0);
|
||||
assert(path);
|
||||
|
||||
/* Note that 'p' may be NULL, in which case any program is detached. However, note that if BPF_F_ALLOW_MULTI is
|
||||
* used 'p' is not optional. */
|
||||
|
||||
fd = open(path, O_DIRECTORY|O_RDONLY|O_CLOEXEC);
|
||||
if (fd < 0)
|
||||
return -errno;
|
||||
@ -130,6 +134,7 @@ int bpf_program_cgroup_detach(int type, const char *path) {
|
||||
attr = (union bpf_attr) {
|
||||
.attach_type = type,
|
||||
.target_fd = fd,
|
||||
.attach_bpf_fd = p ? p->kernel_fd : -1,
|
||||
};
|
||||
|
||||
if (bpf(BPF_PROG_DETACH, &attr, sizeof(attr)) < 0)
|
||||
|
@ -47,7 +47,7 @@ int bpf_program_add_instructions(BPFProgram *p, const struct bpf_insn *insn, siz
|
||||
int bpf_program_load_kernel(BPFProgram *p, char *log_buf, size_t log_size);
|
||||
|
||||
int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path, uint32_t flags);
|
||||
int bpf_program_cgroup_detach(int type, const char *path);
|
||||
int bpf_program_cgroup_detach(BPFProgram *p, int type, const char *path);
|
||||
|
||||
int bpf_map_new(enum bpf_map_type type, size_t key_size, size_t value_size, size_t max_entries, uint32_t flags);
|
||||
int bpf_map_update_element(int fd, const void *key, void *value);
|
||||
|
@ -573,7 +573,7 @@ int bpf_firewall_install(Unit *u) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Attaching egress BPF program to cgroup %s failed: %m", path);
|
||||
} else {
|
||||
r = bpf_program_cgroup_detach(BPF_CGROUP_INET_EGRESS, path);
|
||||
r = bpf_program_cgroup_detach(NULL, BPF_CGROUP_INET_EGRESS, path);
|
||||
if (r < 0)
|
||||
return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r,
|
||||
"Detaching egress BPF program from cgroup failed: %m");
|
||||
@ -588,7 +588,7 @@ int bpf_firewall_install(Unit *u) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Attaching ingress BPF program to cgroup %s failed: %m", path);
|
||||
} else {
|
||||
r = bpf_program_cgroup_detach(BPF_CGROUP_INET_INGRESS, path);
|
||||
r = bpf_program_cgroup_detach(NULL, BPF_CGROUP_INET_INGRESS, path);
|
||||
if (r < 0)
|
||||
return log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_ERR, r,
|
||||
"Detaching ingress BPF program from cgroup failed: %m");
|
||||
|
Loading…
Reference in New Issue
Block a user