linux/net/sched
Daniel Borkmann a5c90b29e5 act_bpf: properly support late binding of bpf action to a classifier
Since the introduction of the BPF action in d23b8ad8ab ("tc: add BPF
based action"), late binding was not working as expected. I.e. setting
the action part for a classifier only via 'bpf index <num>', where <num>
is the index of an existing action, is being rejected by the kernel due
to other missing parameters.

It doesn't make sense to require these parameters such as BPF opcodes
etc, as they are not going to be used anyway: in this case, they're just
allocated/parsed and then freed again w/o doing anything meaningful.

Instead, parse and verify the remaining parameters *after* the test on
tcf_hash_check(), when we really know that we're dealing with creation
of a new action or replacement of an existing one and where late binding
is thus irrelevant.

After patch, test case is now working:

  FOO="1,6 0 0 4294967295,"
  tc actions add action bpf bytecode "$FOO"
  tc filter add dev foo parent 1: bpf bytecode "$FOO" flowid 1:1 action bpf index 1
  tc actions show action bpf
    action order 0: bpf bytecode '1,6 0 0 4294967295' default-action pipe
    index 1 ref 2 bind 1
  tc filter show dev foo
    filter protocol all pref 49152 bpf
    filter protocol all pref 49152 bpf handle 0x1 flowid 1:1 bytecode '1,6 0 0 4294967295'
    action order 1: bpf bytecode '1,6 0 0 4294967295' default-action pipe
    index 1 ref 2 bind 1

Late binding of a BPF action can be useful for preloading maps (e.g. before
they hit traffic) in case of eBPF programs, or to share a single eBPF action
with multiple classifiers.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-08-03 16:05:56 -07:00
..
act_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-31 23:52:20 -07:00
act_bpf.c act_bpf: properly support late binding of bpf action to a classifier 2015-08-03 16:05:56 -07:00
act_connmark.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_csum.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_gact.c net_sched: act_gact: remove spinlock in fast path 2015-07-08 13:50:42 -07:00
act_ipt.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_mirred.c net_sched: act_mirred: remove spinlock in fast path 2015-07-08 13:50:42 -07:00
act_nat.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_pedit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-31 23:52:20 -07:00
act_police.c
act_simple.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_skbedit.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
act_vlan.c net: sched: add percpu stats to actions 2015-07-08 13:50:41 -07:00
cls_api.c net: sched: fix call_rcu() race on classifier module unloads 2015-05-21 18:48:18 -04:00
cls_basic.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_bpf.c sched: cls_bpf: fix panic on filter replace 2015-07-21 00:25:02 -07:00
cls_cgroup.c cls_cgroup: factor out classid retrieval 2015-07-20 12:41:30 -07:00
cls_flow.c sched: cls_flow: fix panic on filter replace 2015-07-21 00:25:03 -07:00
cls_flower.c sched: cls_flower: fix panic on filter replace 2015-07-21 00:25:03 -07:00
cls_fw.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_route.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_rsvp.c
cls_rsvp.h net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_rsvp6.c
cls_tcindex.c net_sched: destroy proto tp when all filters are gone 2015-03-09 15:35:55 -04:00
cls_u32.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
em_canid.c
em_cmp.c
em_ipset.c net: sched: Simplify em_ipset_match 2015-06-18 21:14:28 +02:00
em_meta.c
em_nbyte.c
em_text.c
em_u32.c
ematch.c
Kconfig net: add CONFIG_NET_INGRESS to enable ingress filtering 2015-05-14 01:10:05 -04:00
Makefile tc: introduce Flower classifier 2015-05-13 15:19:48 -04:00
sch_api.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
sch_atm.c
sch_blackhole.c
sch_cbq.c
sch_choke.c sch_choke: drop all packets in queue during reset 2015-07-24 22:57:15 -07:00
sch_codel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-13 14:31:43 -04:00
sch_drr.c
sch_dsmark.c
sch_fifo.c
sch_fq.c pkt_sched: fq: correct spelling of locally 2015-04-01 22:52:29 -04:00
sch_fq_codel.c fq_codel: fix return value of fq_codel_drop() 2015-07-15 21:36:35 -07:00
sch_generic.c
sch_gred.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-05-13 14:31:43 -04:00
sch_hfsc.c
sch_hhf.c sched: Call skb_get_hash_perturb in sch_hhf 2015-05-04 00:09:08 -04:00
sch_htb.c
sch_ingress.c net: sched: further simplify handle_ing 2015-05-11 11:10:35 -04:00
sch_mq.c
sch_mqprio.c
sch_multiq.c
sch_netem.c net: sched: deprecate enqueue_root() 2015-05-11 14:17:32 -04:00
sch_pie.c
sch_plug.c sch_plug: purge buffered packets during reset 2015-07-24 22:57:14 -07:00
sch_prio.c
sch_qfq.c pkt_sched: sch_qfq: remove unused member of struct qfq_sched 2015-07-15 17:21:31 -07:00
sch_red.c
sch_sfb.c sched: Call skb_get_hash_perturb in sch_sfb 2015-05-04 00:09:08 -04:00
sch_sfq.c net_sched: fix a use-after-free in sfq 2015-07-15 21:36:34 -07:00
sch_tbf.c
sch_teql.c