On Fri, Oct 4, 2019 at 8:58 AM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote: > > Always use init_net flow dissector BPF program if it's attached and fall > back to the per-net namespace one. Also, deny installing new programs if > there is already one attached to the root namespace. > Users can still detach their BPF programs, but can't attach any > new ones (-EEXIST). > > Cc: Petar Penkov <ppenkov@xxxxxxxxxx> > Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx> Acked-by: Song Liu <songliubraving@xxxxxx>
