Skip to content
Commit cd3092c7 authored by Mathieu Xhonneux's avatar Mathieu Xhonneux Committed by Daniel Borkmann
Browse files

bpf: Split lwt inout verifier structures 



The new bpf_lwt_push_encap helper should only be accessible within the
LWT BPF IN hook, and not the OUT one, as this may lead to a skb under
panic.

At the moment, both LWT BPF IN and OUT share the same list of helpers,
whose calls are authorized by the verifier. This patch separates the
verifier ops for the IN and OUT hooks, and allows the IN hook to call the
bpf_lwt_push_encap helper.

This patch is also the occasion to put all lwt_*_func_proto functions
together for clarity. At the moment, socks_op_func_proto is in the middle
of lwt_inout_func_proto and lwt_xmit_func_proto.

Signed-off-by: default avatarMathieu Xhonneux <m.xhonneux@gmail.com>
Acked-by: default avatarDavid Lebrun <dlebrun@google.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent fe94cc29
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment