subject:"\[PATCH net\-next 1\/8\] bpf\: Recursively apply cgroup sock filters"

Re: [PATCH net-next 1/8] bpf: Recursively apply cgroup sock filters

2017-08-23 Thread David Ahern

On 8/22/17 6:40 PM, Alexei Starovoitov wrote: >> diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c >> index df2e0f14a95d..7480cebab073 100644 >> --- a/kernel/cgroup/cgroup.c >> +++ b/kernel/cgroup/cgroup.c >> @@ -5186,4 +5186,22 @@ int cgroup_bpf_update(struct cgroup *cgrp, struct >>

Re: [PATCH net-next 1/8] bpf: Recursively apply cgroup sock filters

2017-08-22 Thread Alexei Starovoitov

On Tue, Aug 22, 2017 at 05:20:14PM -0700, David Ahern wrote: > Recursively apply sock filters attached to a cgroup. For now, start > with the inner cgroup attached to the socket and work back to the > root. If desired the inverse can be done use an attach flag (start > with parent cgroup and go

[PATCH net-next 1/8] bpf: Recursively apply cgroup sock filters

2017-08-22 Thread David Ahern

Recursively apply sock filters attached to a cgroup. For now, start with the inner cgroup attached to the socket and work back to the root. If desired the inverse can be done use an attach flag (start with parent cgroup and go in). Signed-off-by: David Ahern ---