| Daniel Mack | 3007098 | 2016-11-23 16:52:26 +0100 | [diff] [blame^] | 1 | #ifndef _BPF_CGROUP_H |
| 2 | #define _BPF_CGROUP_H |
| 3 | |
| 4 | #include <linux/bpf.h> |
| 5 | #include <linux/jump_label.h> |
| 6 | #include <uapi/linux/bpf.h> |
| 7 | |
| 8 | struct sock; |
| 9 | struct cgroup; |
| 10 | struct sk_buff; |
| 11 | |
| 12 | #ifdef CONFIG_CGROUP_BPF |
| 13 | |
| 14 | extern struct static_key_false cgroup_bpf_enabled_key; |
| 15 | #define cgroup_bpf_enabled static_branch_unlikely(&cgroup_bpf_enabled_key) |
| 16 | |
| 17 | struct cgroup_bpf { |
| 18 | /* |
| 19 | * Store two sets of bpf_prog pointers, one for programs that are |
| 20 | * pinned directly to this cgroup, and one for those that are effective |
| 21 | * when this cgroup is accessed. |
| 22 | */ |
| 23 | struct bpf_prog *prog[MAX_BPF_ATTACH_TYPE]; |
| 24 | struct bpf_prog *effective[MAX_BPF_ATTACH_TYPE]; |
| 25 | }; |
| 26 | |
| 27 | void cgroup_bpf_put(struct cgroup *cgrp); |
| 28 | void cgroup_bpf_inherit(struct cgroup *cgrp, struct cgroup *parent); |
| 29 | |
| 30 | void __cgroup_bpf_update(struct cgroup *cgrp, |
| 31 | struct cgroup *parent, |
| 32 | struct bpf_prog *prog, |
| 33 | enum bpf_attach_type type); |
| 34 | |
| 35 | /* Wrapper for __cgroup_bpf_update() protected by cgroup_mutex */ |
| 36 | void cgroup_bpf_update(struct cgroup *cgrp, |
| 37 | struct bpf_prog *prog, |
| 38 | enum bpf_attach_type type); |
| 39 | |
| 40 | int __cgroup_bpf_run_filter(struct sock *sk, |
| 41 | struct sk_buff *skb, |
| 42 | enum bpf_attach_type type); |
| 43 | |
| 44 | /* Wrappers for __cgroup_bpf_run_filter() guarded by cgroup_bpf_enabled. */ |
| 45 | #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) \ |
| 46 | ({ \ |
| 47 | int __ret = 0; \ |
| 48 | if (cgroup_bpf_enabled) \ |
| 49 | __ret = __cgroup_bpf_run_filter(sk, skb, \ |
| 50 | BPF_CGROUP_INET_INGRESS); \ |
| 51 | \ |
| 52 | __ret; \ |
| 53 | }) |
| 54 | |
| 55 | #define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) \ |
| 56 | ({ \ |
| 57 | int __ret = 0; \ |
| 58 | if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ |
| 59 | typeof(sk) __sk = sk_to_full_sk(sk); \ |
| 60 | if (sk_fullsock(__sk)) \ |
| 61 | __ret = __cgroup_bpf_run_filter(__sk, skb, \ |
| 62 | BPF_CGROUP_INET_EGRESS); \ |
| 63 | } \ |
| 64 | __ret; \ |
| 65 | }) |
| 66 | |
| 67 | #else |
| 68 | |
| 69 | struct cgroup_bpf {}; |
| 70 | static inline void cgroup_bpf_put(struct cgroup *cgrp) {} |
| 71 | static inline void cgroup_bpf_inherit(struct cgroup *cgrp, |
| 72 | struct cgroup *parent) {} |
| 73 | |
| 74 | #define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; }) |
| 75 | #define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; }) |
| 76 | |
| 77 | #endif /* CONFIG_CGROUP_BPF */ |
| 78 | |
| 79 | #endif /* _BPF_CGROUP_H */ |