From 67c857df807f490363aea61f5d7ff8dd7063516e Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Thu, 23 Nov 2017 18:12:05 -0800
Subject: [PATCH] {f, m}_bpf: don't allow specifying multiple bpf programs

Both BPF filter and action will allow users to specify run
multiple times, and only the last one will be considered by
the kernel.  Explicitly refuse such command lines.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
---
 tc/f_bpf.c | 3 +++
 tc/m_bpf.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/tc/f_bpf.c b/tc/f_bpf.c
index 21ba759c..f598784e 100644
--- a/tc/f_bpf.c
+++ b/tc/f_bpf.c
@@ -101,6 +101,9 @@ static int bpf_parse_opt(struct filter_util *qu, char *handle,
 	while (argc > 0) {
 		if (matches(*argv, "run") == 0) {
 			NEXT_ARG();
+
+			if (seen_run)
+				duparg("run", *argv);
 opt_bpf:
 			seen_run = true;
 			cfg.type = bpf_type;
diff --git a/tc/m_bpf.c b/tc/m_bpf.c
index e275afd0..1c1f71cd 100644
--- a/tc/m_bpf.c
+++ b/tc/m_bpf.c
@@ -96,6 +96,9 @@ static int bpf_parse_opt(struct action_util *a, int *ptr_argc, char ***ptr_argv,
 	while (argc > 0) {
 		if (matches(*argv, "run") == 0) {
 			NEXT_ARG();
+
+			if (seen_run)
+				duparg("run", *argv);
 opt_bpf:
 			seen_run = true;
 			cfg.type = bpf_type;