matthias
/
iproute2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

{f, m}_bpf: don't allow specifying multiple bpf programs 

Both BPF filter and action will allow users to specify run
multiple times, and only the last one will be considered by
the kernel.  Explicitly refuse such command lines.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
This commit is contained in:
Jakub Kicinski 2017-11-23 18:12:05 -08:00 committed by Stephen Hemminger
parent 65fdae3d18
commit 67c857df80
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tc/f_bpf.c
View File

@ -101,6 +101,9 @@ static int bpf_parse_opt(struct filter_util *qu, char *handle,
while (argc > 0) {
if (matches(*argv, "run") == 0) {
NEXT_ARG();
if (seen_run)
duparg("run", *argv);
opt_bpf:
seen_run = true;
cfg.type = bpf_type;

3
tc/m_bpf.c
View File

@ -96,6 +96,9 @@ static int bpf_parse_opt(struct action_util *a, int *ptr_argc, char ***ptr_argv,
while (argc > 0) {
if (matches(*argv, "run") == 0) {
NEXT_ARG();
if (seen_run)
duparg("run", *argv);
opt_bpf:
seen_run = true;
cfg.type = bpf_type;