diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 02:22:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-30 02:22:46 +0000 |
commit | df66ab078d7415dcd983ff92d225098db2c7244a (patch) | |
tree | b8c6ffe2ccf913c52d04e69d9c2d62181f738ed4 /src/core/bpf/socket_bind/socket-bind-api.bpf.h | |
parent | Releasing progress-linux version 252.23-1~deb12u1~progress6.99u1. (diff) | |
download | systemd-df66ab078d7415dcd983ff92d225098db2c7244a.tar.xz systemd-df66ab078d7415dcd983ff92d225098db2c7244a.zip |
Merging upstream version 252.25.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/core/bpf/socket_bind/socket-bind-api.bpf.h')
-rw-r--r-- | src/core/bpf/socket_bind/socket-bind-api.bpf.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/bpf/socket_bind/socket-bind-api.bpf.h b/src/core/bpf/socket_bind/socket-bind-api.bpf.h index 277b9bb..4fe08f1 100644 --- a/src/core/bpf/socket_bind/socket-bind-api.bpf.h +++ b/src/core/bpf/socket_bind/socket-bind-api.bpf.h @@ -7,13 +7,17 @@ */ #include <linux/types.h> +#include <stdint.h> /* * Bind rule is matched with socket fields accessible to cgroup/bind{4,6} hook * through bpf_sock_addr struct. - * 'address_family' is expected to be one of AF_UNSPEC, AF_INET or AF_INET6. + * 'address_family' is expected to be one of AF_UNSPEC, AF_INET, AF_INET6 or the + * magic SOCKET_BIND_RULE_AF_MATCH_NOTHING. * Matching by family is bypassed for rules with AF_UNSPEC set, which makes the * rest of a rule applicable for both IPv4 and IPv6 addresses. + * If SOCKET_BIND_RULE_AF_MATCH_NOTHING is set the rule fails unconditionally + * and other checks are skipped. * If matching by family is either successful or bypassed, a rule and a socket * are matched by ip protocol. * If 'protocol' is 0, matching is bypassed. @@ -49,3 +53,4 @@ struct socket_bind_rule { }; #define SOCKET_BIND_MAX_RULES 128 +#define SOCKET_BIND_RULE_AF_MATCH_NOTHING UINT32_MAX |