| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2016-12-02 | bpf: Refactor cgroups code in prep for new type | David Ahern | 1 | -23/+23 | |
| Code move and rename only; no functional change intended. Signed-off-by: David Ahern <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]> | |||||
| 2016-11-30 | cgroup, bpf: remove unnecessary #include | Alexei Starovoitov | 1 | -1/+0 | |
| this #include is unnecessary and brings whole set of other headers into cgroup-defs.h. Remove it. Fixes: 3007098494be ("cgroup: add support for eBPF programs") Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Rami Rosen <[email protected]> Acked-by: Daniel Borkmann <[email protected]> Acked-by: Daniel Mack <[email protected]> Signed-off-by: David S. Miller <[email protected]> | |||||
| 2016-11-25 | cgroup: add support for eBPF programs | Daniel Mack | 1 | -0/+79 | |
| This patch adds two sets of eBPF program pointers to struct cgroup. One for such that are directly pinned to a cgroup, and one for such that are effective for it. To illustrate the logic behind that, assume the following example cgroup hierarchy. A - B - C \ D - E If only B has a program attached, it will be effective for B, C, D and E. If D then attaches a program itself, that will be effective for both D and E, and the program in B will only affect B and C. Only one program of a given type is effective for a cgroup. Attaching and detaching programs will be done through the bpf(2) syscall. For now, ingress and egress inet socket filtering are the only supported use-cases. Signed-off-by: Daniel Mack <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]> | |||||