diff options
| author | Daniel Mack <daniel@zonque.org> | 2016-11-23 16:52:30 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-11-25 16:26:04 -0500 |
| commit | d8c5b17f2bc0de09fbbfa14d90e8168163a579e7 (patch) | |
| tree | 978eb5557eddcc244bc63b1098cdb3975b1dffcd /security/tomoyo/realpath.c | |
| parent | 33b486793cb31311f3a91ae4fe4be5926e7677b0 (diff) | |
| download | linux-d8c5b17f2bc0de09fbbfa14d90e8168163a579e7.tar.bz2 | |
samples: bpf: add userspace example for attaching eBPF programs to cgroups
Add a simple userpace program to demonstrate the new API to attach eBPF
programs to cgroups. This is what it does:
* Create arraymap in kernel with 4 byte keys and 8 byte values
* Load eBPF program
The eBPF program accesses the map passed in to store two pieces of
information. The number of invocations of the program, which maps
to the number of packets received, is stored to key 0. Key 1 is
incremented on each iteration by the number of bytes stored in
the skb.
* Detach any eBPF program previously attached to the cgroup
* Attach the new program to the cgroup using BPF_PROG_ATTACH
* Once a second, read map[0] and map[1] to see how many bytes and
packets were seen on any socket of tasks in the given cgroup.
The program takes a cgroup path as 1st argument, and either "ingress"
or "egress" as 2nd. Optionally, "drop" can be passed as 3rd argument,
which will make the generated eBPF program return 0 instead of 1, so
the kernel will drop the packet.
libbpf gained two new wrappers for the new syscall commands.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/tomoyo/realpath.c')
0 files changed, 0 insertions, 0 deletions