kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/net
History
Daniel Mack c11cd3a6ec net: filter: run cgroup eBPF ingress programs 
If the cgroup associated with the receiving socket has an eBPF
programs installed, run them from sk_filter_trim_cap().

eBPF programs used in this context are expected to either return 1 to
let the packet pass, or != 1 to drop them. The programs have access to
the skb through bpf_skb_load_bytes(), and the payload starts at the
network headers (L3).

Note that cgroup_bpf_run_filter() is stubbed out as static inline nop
for !CONFIG_CGROUP_BPF, and is otherwise guarded by a static key if
the feature is unused.

Signed-off-by: Daniel Mack <daniel@zonque.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-25 16:26:04 -05:00
..
6lowpan 6lowpan: ndisc: no overreact if no short address is available 2016-09-19 20:19:34 +02:00
9p IB/core: add support to create a unsafe global rkey to ib_create_pd 2016-09-23 13:47:44 -04:00
802 net: use core MTU range checking in misc drivers 2016-10-20 14:51:10 -04:00
8021q netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
appletalk
atm net: remove MTU limits on a few ether_setup callers 2016-10-21 13:57:50 -04:00
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-30 12:42:58 -04:00
bridge bridge: mcast: add MLDv2 querier support 2016-11-21 13:16:58 -05:00
caif netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
can can: bcm: fix warning in bcm_connect/proc_register 2016-10-31 20:48:19 +01:00
ceph libceph: initialize last_linger_id with a large integer 2016-11-10 20:13:08 +01:00
core net: filter: run cgroup eBPF ingress programs 2016-11-25 16:26:04 -05:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-15 10:54:36 -05:00
decnet net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
dns_resolver
dsa net: remove MTU limits on a few ether_setup callers 2016-10-21 13:57:50 -04:00
ethernet net: make default TX queue length a defined constant 2016-11-07 20:15:55 -05:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-30 12:42:58 -04:00
ieee802154 genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
ipv4 tcp: enhance tcp_collapse_retrans() with skb_shift() 2016-11-24 15:40:42 -05:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
ipx
irda genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
iucv Subject: [PATCH] af_iucv: drop skbs rejected by filter 2016-10-12 01:56:04 -04:00
kcm Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-07 15:36:58 -07:00
key netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
l3mdev
lapb
llc net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
mac802154 mac802154: use rate limited warnings for malformed frames 2016-09-19 20:19:34 +02:00
mpls lwt: Remove unused len field 2016-10-23 17:45:01 -04:00
ncsi net/ncsi: Improve HNCDSC AEN handler 2016-10-20 11:23:08 -04:00
netfilter netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
netlabel genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-15 10:54:36 -05:00
netrom
nfc genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
openvswitch netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
packet af_packet: Use virtio_net_hdr_from_skb() directly. 2016-11-19 10:37:03 -05:00
phonet netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
qrtr
rds netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
rfkill
rose
rxrpc udp: do fwd memory scheduling on dequeue 2016-11-07 13:24:41 -05:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
sctp sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
strparser strparser: Propagate correct error code in strp_recv() 2016-10-12 01:51:49 -04:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
switchdev Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-30 12:42:58 -04:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
vmw_vsock VSOCK: add loopback to virtio_transport 2016-11-24 11:53:15 -05:00
wimax genetlink: mark families as __ro_after_init 2016-10-27 16:16:09 -04:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
x25
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2016-10-28 13:26:27 -04:00
compat.c
Kconfig
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
sysctl_net.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2016-10-06 09:52:23 -07:00