rookie099
Reputation: 2607
What is the exact relationship between BPF filters in a single chain
I have an network interface $dev which already had a BPF filter attached to a special qdisc ingress (with pref 1 and direct-action). I have added another one (with pref 2). tc filter show dev $dev ingress reports the following:
filter protocol all pref 1 bpf chain 0
filter protocol all pref 1 bpf chain 0 handle 0x1 some.o:[some-section] direct-action \
not_in_hw id ... tag ... jited
filter protocol all pref 2 bpf chain 1
filter protocol all pref 2 bpf chain 1 handle 0x1 other.o:[other-section] \
not_in_hw id ... tag ... jited
What is the relationship between chained filters in such a case: Will the secondary one (i.e. mine) always see the same traffic as the first or does it depend on what the first one has returned, esp. given that it uses direct-action? I suspect the second is true but am not yet certain.
Upvotes: 1
Views: 244
Answers (1)
pchaigno
Reputation: 13113
What the second BPF programs in the chain sees depends on what the first returns. You can read that logic in cls_bpf_classify().
Upvotes: 1
Related Questions
- What is the difference between BPF and eBPF?
- write and read netfilter connectrack using eBPF/XDP
- How can an ebpf program change kernel execution flow or call kernel functions?
- How to protect an eBPF firewall in traffic filter (tc-bpf)
- Map sharing between different ebpf program types
- Removing individual BPF filter
- eBPF packet filter not giving me correct data
- net/core/filter.c and linux/bpf/verifier.c
- Write packet filtering program in ebpf
- who creates map in BPF