diff options
| author | Florian Westphal <fw@strlen.de> | 2023-04-21 20:02:59 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2023-04-21 21:34:50 +0300 |
| commit | 2b99ef22e0d237e08bfc437e7d051f78f352aeb2 (patch) | |
| tree | 7e32a2726021966408ded96ee08c34e29744e869 /net/netfilter | |
| parent | d0fe92fb5e3df6991c640fb9205d880b68603259 (diff) | |
| download | linux-2b99ef22e0d237e08bfc437e7d051f78f352aeb2.tar.xz | |
bpf: add test_run support for netfilter program type
add glue code so a bpf program can be run using userspace-provided
netfilter state and packet/skb.
Default is to use ipv4:output hook point, but this can be overridden by
userspace. Userspace provided netfilter state is restricted, only hook and
protocol families can be overridden and only to ipv4/ipv6.
Signed-off-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20230421170300.24115-7-fw@strlen.de
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_bpf_link.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_bpf_link.c b/net/netfilter/nf_bpf_link.c index 49cfc5215386..c36da56d756f 100644 --- a/net/netfilter/nf_bpf_link.c +++ b/net/netfilter/nf_bpf_link.c @@ -166,6 +166,7 @@ int bpf_nf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog) } const struct bpf_prog_ops netfilter_prog_ops = { + .test_run = bpf_prog_test_run_nf, }; static bool nf_ptr_to_btf_id(struct bpf_insn_access_aux *info, const char *name) |