daandemeyer / centos-sig-hyperscale / systemd

Forked from centos-sig-hyperscale/systemd 3 years ago
Clone
Source Code
GIT

8a8cf1a bpf: load firewall with name only if supported

2 files Authored by Julia Kartseva 3 years ago, Committed by daandemeyer 3 years ago,
raw patch tree parent
2 files changed. 17 lines added. 6 lines removed.
src/core/bpf-devices.c
file modified
+1 -1
src/core/bpf-firewall.c
file modified
+16 -5 
    bpf: load firewall with name only if supported
    
    BPF firewall is supported starting from v4.9 kernel where
    BPF_PROG_TYPE_SOCKET_FILTER support was added [0].
    
    However, program name support was added to v4.15 [1] and BPF_PROG_LOAD
    syscall will fail on older kernels if called with prog_name attribute.
    BPF_F_ALLOW_MULTI was also added to v4.15 kernel which allows reusing
    BPF_F_ALLOW_MULTI probe to indicate that program name is also supported.
    
    It is no problem for BPF_PROG_TYPE_CGROUP_DEVICE since it was added in
    v4.15.
    
    [0] https://elixir.bootlin.com/linux/v4.9/source/include/uapi/linux/bpf.h#L92
    [1] https://elixir.bootlin.com/linux/v4.15/source/include/uapi/linux/bpf.h#L191
    
    Follow-up of https://github.com/systemd/systemd/pull/22214
file modified
+1 -1
file modified
+16 -5
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.