diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-25 02:54:52 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-25 02:54:52 +0000 |
commit | 51fac37bb20c9440a9a4e0a20846c139364d6d13 (patch) | |
tree | 77c11a0dffc2c15542689f3a51d12d5076c477e8 /src/core/bpf/socket_bind/socket-bind-api.bpf.h | |
parent | Adding upstream version 255.4. (diff) | |
download | systemd-482852d4dabdac616bdcf24b5c2d2f973272fcc3.tar.xz systemd-482852d4dabdac616bdcf24b5c2d2f973272fcc3.zip |
Adding upstream version 255.5.upstream/255.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/core/bpf/socket_bind/socket-bind-api.bpf.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/bpf/socket_bind/socket-bind-api.bpf.h b/src/core/bpf/socket_bind/socket-bind-api.bpf.h index 277b9bb..4fe08f1 100644 --- a/src/core/bpf/socket_bind/socket-bind-api.bpf.h +++ b/src/core/bpf/socket_bind/socket-bind-api.bpf.h @@ -7,13 +7,17 @@ */ #include <linux/types.h> +#include <stdint.h> /* * Bind rule is matched with socket fields accessible to cgroup/bind{4,6} hook * through bpf_sock_addr struct. - * 'address_family' is expected to be one of AF_UNSPEC, AF_INET or AF_INET6. + * 'address_family' is expected to be one of AF_UNSPEC, AF_INET, AF_INET6 or the + * magic SOCKET_BIND_RULE_AF_MATCH_NOTHING. * Matching by family is bypassed for rules with AF_UNSPEC set, which makes the * rest of a rule applicable for both IPv4 and IPv6 addresses. + * If SOCKET_BIND_RULE_AF_MATCH_NOTHING is set the rule fails unconditionally + * and other checks are skipped. * If matching by family is either successful or bypassed, a rule and a socket * are matched by ip protocol. * If 'protocol' is 0, matching is bypassed. @@ -49,3 +53,4 @@ struct socket_bind_rule { }; #define SOCKET_BIND_MAX_RULES 128 +#define SOCKET_BIND_RULE_AF_MATCH_NOTHING UINT32_MAX |