On Monday 2015-11-23 18:35, David Laight wrote:
>From: Florian Westphal
>> Sent: 21 November 2015 16:56
>> > +struct xt_cgroup_info_v1 {
>> > + charpath[PATH_MAX];
>> > + __u32 classid;
>> > +
>> > + /* kernel internal data */
>> > + void*priv __attribute__((a
From: Florian Westphal
> Sent: 21 November 2015 16:56
> > +struct xt_cgroup_info_v1 {
> > + __u8has_path;
> > + __u8has_classid;
> > + __u8invert_path;
> > + __u8invert_classid;
> > + charpath[PATH_MAX];
> > + __u32 c
Hello,
On Mon, Nov 23, 2015 at 01:43:01PM +0100, Daniel Wagner wrote:
> Hi Tejun,
>
> On 11/21/2015 05:14 PM, Tejun Heo wrote:> +static int
> > cgroup_mt_check_v1(const struct xt_mtchk_param *par)
> > +{
> > + struct xt_cgroup_info_v1 *info = par->matchinfo;
> > + struct cgroup *cgrp;
> > +
>
Hello, Daniel.
On Mon, Nov 23, 2015 at 02:43:12PM +0100, Daniel Borkmann wrote:
...
> Haven't looked deeply into kernfs, but if it's possible to get the object
> from the struct file eventually, you could let iptables frontend open that
> path and just pass the fd down. Would be sizeof(int) vs PAT
On 11/23/2015 02:43 PM, Daniel Borkmann wrote:
On 11/21/2015 07:54 PM, Florian Westphal wrote:
Tejun Heo wrote:
On Sat, Nov 21, 2015 at 05:56:06PM +0100, Florian Westphal wrote:
+struct xt_cgroup_info_v1 {
+__u8has_path;
+__u8has_classid;
+__u8invert_path;
On 11/21/2015 07:54 PM, Florian Westphal wrote:
Tejun Heo wrote:
On Sat, Nov 21, 2015 at 05:56:06PM +0100, Florian Westphal wrote:
+struct xt_cgroup_info_v1 {
+ __u8has_path;
+ __u8has_classid;
+ __u8invert_path;
+ __u8inv
Hi Tejun,
On 11/21/2015 05:14 PM, Tejun Heo wrote:> +static int
> cgroup_mt_check_v1(const struct xt_mtchk_param *par)
> +{
> + struct xt_cgroup_info_v1 *info = par->matchinfo;
> + struct cgroup *cgrp;
> +
> + if ((info->invert_path & ~1) || (info->invert_classid & ~1))
> +
On Saturday 2015-11-21 19:54, Florian Westphal wrote:
>
>The only other question I have is wheter PATH_MAX might be a possible
>ABI breaker in future. It would have to be guaranteed that this is the
>same size forever, else you'd get strange errors on rule insertion if
>the sizes of the kernel an
Tejun Heo wrote:
> On Sat, Nov 21, 2015 at 05:56:06PM +0100, Florian Westphal wrote:
> > > +struct xt_cgroup_info_v1 {
> > > + __u8has_path;
> > > + __u8has_classid;
> > > + __u8invert_path;
> > > + __u8invert_classid;
> > > + charpath[PA
Hello,
On Sat, Nov 21, 2015 at 05:56:06PM +0100, Florian Westphal wrote:
> > +struct xt_cgroup_info_v1 {
> > + __u8has_path;
> > + __u8has_classid;
> > + __u8invert_path;
> > + __u8invert_classid;
> > + charpath[PATH_MAX];
> > +
Tejun Heo wrote:
> This patch implements xt_cgroup path match which matches cgroup2
> membership of the associated socket. The match is recursive and
> invertible.
>
> For rationales on introducing another cgroup based match, please refer
> to a preceding commit "sock, cgroup: add sock->sk_cgrou
This patch implements xt_cgroup path match which matches cgroup2
membership of the associated socket. The match is recursive and
invertible.
For rationales on introducing another cgroup based match, please refer
to a preceding commit "sock, cgroup: add sock->sk_cgroup".
v3: Folded into xt_cgroup
12 matches
Mail list logo
