On Tue, Apr 18, 2023 at 03:10:33PM +0200, Florian Westphal wrote:
> @@ -1560,6 +1562,13 @@ union bpf_attr {
> */
> __u64 cookie;
> } tracing;
> + struct {
> + __u32 pf;
> + __u32 hooknum;
> + __s32 prio;
> + __u32 flags;
> + __u64 reserved[2];
> + } netfilter;
> };
> } link_create;
>
> @@ -6410,6 +6419,12 @@ struct bpf_link_info {
> struct {
> __u32 map_id;
> } struct_ops;
> + struct {
> + __u32 pf;
> + __u32 hooknum;
> + __s32 priority;
> + __u32 flags;
> + } netfilter;
> };
> } __attribute__((aligned(8)));
...
> +int bpf_nf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
> +{
> + struct net *net = current->nsproxy->net_ns;
> + struct bpf_link_primer link_primer;
> + struct bpf_nf_link *link;
> + int err;
> +
> + if (attr->link_create.flags)
> + return -EINVAL;
> +
> + if (attr->link_create.netfilter.reserved[0] | attr->link_create.netfilter.reserved[1])
> + return -EINVAL;
Why add 'reserved' name that we cannot change later?
I think 'flags' is enough.
> + link->hook_ops.pf = attr->link_create.netfilter.pf;
> + link->hook_ops.priority = attr->link_create.netfilter.prio;
let's use the same name in both cases ? Either prio or priority. Both sound fine.
> + link->hook_ops.hooknum = attr->link_create.netfilter.hooknum;
