Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Unverified Commit dbc56a6a authored by Chenbo Feng's avatar Chenbo Feng Committed by derfelot
Browse files

FROMLIST: [net-next,v2,1/2] bpf: Allow CGROUP_SKB eBPF program to access sk_buff 

This allows cgroup eBPF program to classify packet based on their
protocol or other detail information. Currently program need
CAP_NET_ADMIN privilege to attach a cgroup eBPF program, and A
process with CAP_NET_ADMIN can already see all packets on the system,
for example, by creating an iptables rules that causes the packet to
be passed to userspace via NFLOG.

(url: http://patchwork.ozlabs.org/patch/769459/

)

Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Bug: 30950746
Change-Id: I11bef84ce26cf8b8f1b89483c32a7fcdd61ae926
parent 4b8933fd
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment