diff options
author | Daniel Mack <daniel@zonque.org> | 2016-11-23 16:52:26 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-11-25 16:25:52 -0500 |
commit | 3007098494bec614fb55dee7bc0410bb7db5ad18 (patch) | |
tree | ff07e31da90fd790d2ae4f129d04954b70766057 /include/linux/cgroup-defs.h | |
parent | 0e33661de493db325435d565a4a722120ae4cbf3 (diff) | |
download | linux-3007098494bec614fb55dee7bc0410bb7db5ad18.tar.gz linux-3007098494bec614fb55dee7bc0410bb7db5ad18.tar.bz2 linux-3007098494bec614fb55dee7bc0410bb7db5ad18.zip |
cgroup: add support for eBPF programs
This patch adds two sets of eBPF program pointers to struct cgroup.
One for such that are directly pinned to a cgroup, and one for such
that are effective for it.
To illustrate the logic behind that, assume the following example
cgroup hierarchy.
A - B - C
\ D - E
If only B has a program attached, it will be effective for B, C, D
and E. If D then attaches a program itself, that will be effective for
both D and E, and the program in B will only affect B and C. Only one
program of a given type is effective for a cgroup.
Attaching and detaching programs will be done through the bpf(2)
syscall. For now, ingress and egress inet socket filtering are the
only supported use-cases.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux/cgroup-defs.h')
-rw-r--r-- | include/linux/cgroup-defs.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h index 5b17de62c962..861b4677fc5b 100644 --- a/include/linux/cgroup-defs.h +++ b/include/linux/cgroup-defs.h @@ -16,6 +16,7 @@ #include <linux/percpu-refcount.h> #include <linux/percpu-rwsem.h> #include <linux/workqueue.h> +#include <linux/bpf-cgroup.h> #ifdef CONFIG_CGROUPS @@ -300,6 +301,9 @@ struct cgroup { /* used to schedule release agent */ struct work_struct release_agent_work; + /* used to store eBPF programs */ + struct cgroup_bpf bpf; + /* ids of the ancestors at each level including self */ int ancestor_ids[]; }; |