#ifndef _BPF_CGROUP_H
#define _BPF_CGROUP_H
#include <linux/bpf.h>
#include <linux/bpf-cgroup-defs.h>
#include <linux/errno.h>
#include <linux/jump_label.h>
#include <linux/percpu.h>
#include <linux/rbtree.h>
#include <net/sock.h>
#include <uapi/linux/bpf.h>
struct sock;
struct sockaddr;
struct cgroup;
struct sk_buff;
struct bpf_map;
struct bpf_prog;
struct bpf_sock_ops_kern;
struct bpf_cgroup_storage;
struct ctl_table;
struct ctl_table_header;
struct task_struct;
unsigned int __cgroup_bpf_run_lsm_sock(const void *ctx,
const struct bpf_insn *insn);
unsigned int __cgroup_bpf_run_lsm_socket(const void *ctx,
const struct bpf_insn *insn);
unsigned int __cgroup_bpf_run_lsm_current(const void *ctx,
const struct bpf_insn *insn);
#ifdef CONFIG_CGROUP_BPF
#define CGROUP_ATYPE …
static inline enum cgroup_bpf_attach_type
to_cgroup_bpf_attach_type(enum bpf_attach_type attach_type)
{ … }
#undef CGROUP_ATYPE
extern struct static_key_false cgroup_bpf_enabled_key[MAX_CGROUP_BPF_ATTACH_TYPE];
#define cgroup_bpf_enabled(atype) …
#define for_each_cgroup_storage_type(stype) …
struct bpf_cgroup_storage_map;
struct bpf_storage_buffer { … };
struct bpf_cgroup_storage { … };
struct bpf_cgroup_link { … };
struct bpf_prog_list { … };
int cgroup_bpf_inherit(struct cgroup *cgrp);
void cgroup_bpf_offline(struct cgroup *cgrp);
int __cgroup_bpf_run_filter_skb(struct sock *sk,
struct sk_buff *skb,
enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_run_filter_sk(struct sock *sk,
enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
struct sockaddr *uaddr,
int *uaddrlen,
enum cgroup_bpf_attach_type atype,
void *t_ctx,
u32 *flags);
int __cgroup_bpf_run_filter_sock_ops(struct sock *sk,
struct bpf_sock_ops_kern *sock_ops,
enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor,
short access, enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
struct ctl_table *table, int write,
char **buf, size_t *pcount, loff_t *ppos,
enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level,
int *optname, sockptr_t optval,
int *optlen, char **kernel_optval);
int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level,
int optname, sockptr_t optval,
sockptr_t optlen, int max_optlen,
int retval);
int __cgroup_bpf_run_filter_getsockopt_kern(struct sock *sk, int level,
int optname, void *optval,
int *optlen, int retval);
static inline enum bpf_cgroup_storage_type cgroup_storage_type(
struct bpf_map *map)
{ … }
struct bpf_cgroup_storage *
cgroup_storage_lookup(struct bpf_cgroup_storage_map *map,
void *key, bool locked);
struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(struct bpf_prog *prog,
enum bpf_cgroup_storage_type stype);
void bpf_cgroup_storage_free(struct bpf_cgroup_storage *storage);
void bpf_cgroup_storage_link(struct bpf_cgroup_storage *storage,
struct cgroup *cgroup,
enum bpf_attach_type type);
void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage);
int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *map);
int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key, void *value);
int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key,
void *value, u64 flags);
static inline bool cgroup_bpf_sock_enabled(struct sock *sk,
enum cgroup_bpf_attach_type type)
{ … }
#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) …
#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) …
#define BPF_CGROUP_RUN_SK_PROG(sk, atype) …
#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) …
#define BPF_CGROUP_RUN_PROG_INET_SOCK_RELEASE(sk) …
#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) …
#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) …
#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, uaddrlen, atype) …
#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, atype, t_ctx) …
#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, uaddrlen, atype, bind_flags) …
#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) …
#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_UNIX_CONNECT_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx) …
#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx) …
#define BPF_CGROUP_RUN_PROG_UNIX_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx) …
#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk, uaddr, uaddrlen) …
#define BPF_CGROUP_RUN_PROG_SOCK_OPS_SK(sock_ops, sk) …
#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) …
#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(atype, major, minor, access) …
#define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos) …
#define BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock, level, optname, optval, optlen, \
kernel_optval) …
#define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, optlen, \
max_optlen, retval) …
#define BPF_CGROUP_RUN_PROG_GETSOCKOPT_KERN(sock, level, optname, optval, \
optlen, retval) …
int cgroup_bpf_prog_attach(const union bpf_attr *attr,
enum bpf_prog_type ptype, struct bpf_prog *prog);
int cgroup_bpf_prog_detach(const union bpf_attr *attr,
enum bpf_prog_type ptype);
int cgroup_bpf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog);
int cgroup_bpf_prog_query(const union bpf_attr *attr,
union bpf_attr __user *uattr);
const struct bpf_func_proto *
cgroup_common_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog);
const struct bpf_func_proto *
cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog);
#else
static inline int cgroup_bpf_inherit(struct cgroup *cgrp) { return 0; }
static inline void cgroup_bpf_offline(struct cgroup *cgrp) {}
static inline int cgroup_bpf_prog_attach(const union bpf_attr *attr,
enum bpf_prog_type ptype,
struct bpf_prog *prog)
{
return -EINVAL;
}
static inline int cgroup_bpf_prog_detach(const union bpf_attr *attr,
enum bpf_prog_type ptype)
{
return -EINVAL;
}
static inline int cgroup_bpf_link_attach(const union bpf_attr *attr,
struct bpf_prog *prog)
{
return -EINVAL;
}
static inline int cgroup_bpf_prog_query(const union bpf_attr *attr,
union bpf_attr __user *uattr)
{
return -EINVAL;
}
static inline const struct bpf_func_proto *
cgroup_common_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
return NULL;
}
static inline const struct bpf_func_proto *
cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
return NULL;
}
static inline int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux,
struct bpf_map *map) { return 0; }
static inline struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(
struct bpf_prog *prog, enum bpf_cgroup_storage_type stype) { return NULL; }
static inline void bpf_cgroup_storage_free(
struct bpf_cgroup_storage *storage) {}
static inline int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key,
void *value) {
return 0;
}
static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map,
void *key, void *value, u64 flags) {
return 0;
}
#define cgroup_bpf_enabled …
#define BPF_CGROUP_RUN_SA_PROG_LOCK …
#define BPF_CGROUP_RUN_SA_PROG …
#define BPF_CGROUP_PRE_CONNECT_ENABLED …
#define BPF_CGROUP_RUN_PROG_INET_INGRESS …
#define BPF_CGROUP_RUN_PROG_INET_EGRESS …
#define BPF_CGROUP_RUN_PROG_INET_SOCK …
#define BPF_CGROUP_RUN_PROG_INET_SOCK_RELEASE …
#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK …
#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND …
#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND …
#define BPF_CGROUP_RUN_PROG_INET4_CONNECT …
#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK …
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT …
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK …
#define BPF_CGROUP_RUN_PROG_UNIX_CONNECT_LOCK …
#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_UNIX_SENDMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK …
#define BPF_CGROUP_RUN_PROG_SOCK_OPS …
#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP …
#define BPF_CGROUP_RUN_PROG_SYSCTL …
#define BPF_CGROUP_RUN_PROG_GETSOCKOPT …
#define BPF_CGROUP_RUN_PROG_GETSOCKOPT_KERN …
#define BPF_CGROUP_RUN_PROG_SETSOCKOPT …
#define for_each_cgroup_storage_type …
#endif
#endif