diff options
| author | Kai Lüke <kailueke@riseup.net> | 2019-04-23 12:14:20 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-06-25 09:56:16 +0200 |
| commit | fab347489fcfafbc8367c86afc637ce1b81ae59e (patch) | |
| tree | 25eb895a90940163ff7e6f0e3d8c0054433ae6d1 /src/core/cgroup.h | |
| parent | 2d901d33a90ef9d3fe01ac66c4894c9e6bf48ce0 (diff) | |
| download | systemd-fab347489fcfafbc8367c86afc637ce1b81ae59e.tar.gz | |
bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath=
Takes a single /sys/fs/bpf/pinned_prog string as argument, but may be
specified multiple times. An empty assignment resets all previous filters.
Closes https://github.com/systemd/systemd/issues/10227
Diffstat (limited to 'src/core/cgroup.h')
| -rw-r--r-- | src/core/cgroup.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/core/cgroup.h b/src/core/cgroup.h index fe347ea114..d1537c503e 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -114,6 +114,9 @@ struct CGroupContext { LIST_HEAD(IPAddressAccessItem, ip_address_allow); LIST_HEAD(IPAddressAccessItem, ip_address_deny); + char **ip_filters_ingress; + char **ip_filters_egress; + /* For legacy hierarchies */ uint64_t cpu_shares; uint64_t startup_cpu_shares; |