From cd09a5f3c116261fc8d2aaee9c02a192af33b327 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 8 Jun 2021 16:30:45 +0200 Subject: =?UTF-8?q?core:=20rename=20socket-bind.[ch]=20=E2=86=92=20bpf-soc?= =?UTF-8?q?ket-bind.[ch]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The other BPF infra has a file name prefix of "bpf-" hence do so here too. --- src/core/bpf-socket-bind.c | 252 +++++++++++++++++++++++++++++++++++++++++++++ src/core/bpf-socket-bind.h | 15 +++ src/core/cgroup.c | 6 +- src/core/load-fragment.c | 2 +- src/core/meson.build | 8 +- src/core/socket-bind.c | 252 --------------------------------------------- src/core/socket-bind.h | 15 --- src/core/unit-serialize.c | 6 +- src/core/unit.c | 2 +- 9 files changed, 279 insertions(+), 279 deletions(-) create mode 100644 src/core/bpf-socket-bind.c create mode 100644 src/core/bpf-socket-bind.h delete mode 100644 src/core/socket-bind.c delete mode 100644 src/core/socket-bind.h (limited to 'src/core') diff --git a/src/core/bpf-socket-bind.c b/src/core/bpf-socket-bind.c new file mode 100644 index 0000000000..0ef3b6e568 --- /dev/null +++ b/src/core/bpf-socket-bind.c @@ -0,0 +1,252 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#if BPF_FRAMEWORK +#include +#endif + +#include "fd-util.h" +#include "bpf-socket-bind.h" + +#if BPF_FRAMEWORK +/* libbpf, clang, llvm and bpftool compile time dependencies are satisfied */ +#include "bpf-dlopen.h" +#include "bpf-link.h" +#include "bpf/socket_bind/socket-bind.skel.h" +#include "bpf/socket_bind/socket-bind-api.bpf.h" + +static struct socket_bind_bpf *socket_bind_bpf_free(struct socket_bind_bpf *obj) { + /* socket_bind_bpf__destroy handles object == NULL case */ + (void) socket_bind_bpf__destroy(obj); + + return NULL; +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(struct socket_bind_bpf *, socket_bind_bpf_free); + +static int update_rules_map( + int map_fd, + CGroupSocketBindItem *head) { + + CGroupSocketBindItem *item; + uint32_t i = 0; + + assert(map_fd >= 0); + + LIST_FOREACH(socket_bind_items, item, head) { + struct socket_bind_rule val = { + .address_family = (uint32_t) item->address_family, + .nr_ports = item->nr_ports, + .port_min = item->port_min, + }; + + uint32_t key = i++; + + if (sym_bpf_map_update_elem(map_fd, &key, &val, BPF_ANY) != 0) + return -errno; + } + + return 0; +} + +static int prepare_socket_bind_bpf( + Unit *u, + CGroupSocketBindItem *allow, + CGroupSocketBindItem *deny, + struct socket_bind_bpf **ret_obj) { + + _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; + size_t allow_count = 0, deny_count = 0; + int allow_map_fd, deny_map_fd, r; + CGroupSocketBindItem *item; + + assert(ret_obj); + + LIST_FOREACH(socket_bind_items, item, allow) + allow_count++; + + LIST_FOREACH(socket_bind_items, item, deny) + deny_count++; + + if (allow_count > SOCKET_BIND_MAX_RULES) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), + "Maximum number of socket bind rules=%u is exceeded", SOCKET_BIND_MAX_RULES); + + if (deny_count > SOCKET_BIND_MAX_RULES) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), + "Maximum number of socket bind rules=%u is exceeded", SOCKET_BIND_MAX_RULES); + + obj = socket_bind_bpf__open(); + if (!obj) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, SYNTHETIC_ERRNO(ENOMEM), + "Failed to open BPF object"); + + if (sym_bpf_map__resize(obj->maps.sd_bind_allow, MAX(allow_count, 1u)) != 0) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno, + "Failed to resize BPF map '%s': %m", sym_bpf_map__name(obj->maps.sd_bind_allow)); + + if (sym_bpf_map__resize(obj->maps.sd_bind_deny, MAX(deny_count, 1u)) != 0) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno, + "Failed to resize BPF map '%s': %m", sym_bpf_map__name(obj->maps.sd_bind_deny)); + + if (socket_bind_bpf__load(obj) != 0) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, + "Failed to load BPF object: %m"); + + allow_map_fd = sym_bpf_map__fd(obj->maps.sd_bind_allow); + assert(allow_map_fd >= 0); + + r = update_rules_map(allow_map_fd, allow); + if (r < 0) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r, + "Failed to put socket bind allow rules into BPF map '%s'", + sym_bpf_map__name(obj->maps.sd_bind_allow)); + + deny_map_fd = sym_bpf_map__fd(obj->maps.sd_bind_deny); + assert(deny_map_fd >= 0); + + r = update_rules_map(deny_map_fd, deny); + if (r < 0) + return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r, + "Failed to put socket bind deny rules into BPF map '%s'", + sym_bpf_map__name(obj->maps.sd_bind_deny)); + + *ret_obj = TAKE_PTR(obj); + return 0; +} + +int bpf_socket_bind_supported(void) { + _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; + int r; + + r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); + if (r < 0) + return log_debug_errno(r, "Can't determine whether the unified hierarchy is used: %m"); + if (r == 0) { + log_debug("Not running with unified cgroup hierarchy, BPF is not supported"); + return false; + } + + if (dlopen_bpf() < 0) + return false; + + if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, /*ifindex=*/0)) { + log_debug("BPF program type cgroup_sock_addr is not supported"); + return false; + } + + r = prepare_socket_bind_bpf(/*unit=*/NULL, /*allow_rules=*/NULL, /*deny_rules=*/NULL, &obj); + if (r < 0) { + log_debug_errno(r, "BPF based socket_bind is not supported: %m"); + return false; + } + + return can_link_bpf_program(obj->progs.sd_bind4); +} + +int bpf_socket_bind_add_initial_link_fd(Unit *u, int fd) { + int r; + + assert(u); + + if (!u->initial_socket_bind_link_fds) { + u->initial_socket_bind_link_fds = fdset_new(); + if (!u->initial_socket_bind_link_fds) + return log_oom(); + } + + r = fdset_put(u->initial_socket_bind_link_fds, fd); + if (r < 0) + return log_unit_error_errno(u, r, "Failed to put socket-bind BPF link fd %d to initial fdset", fd); + + return 0; +} + +static int socket_bind_install_impl(Unit *u) { + _cleanup_(bpf_link_freep) struct bpf_link *ipv4 = NULL, *ipv6 = NULL; + _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; + _cleanup_free_ char *cgroup_path = NULL; + _cleanup_close_ int cgroup_fd = -1; + CGroupContext *cc; + int r; + + assert(u); + + cc = unit_get_cgroup_context(u); + if (!cc) + return 0; + + r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, NULL, &cgroup_path); + if (r < 0) + return log_unit_error_errno(u, r, "Failed to get cgroup path: %m"); + + if (!cc->socket_bind_allow && !cc->socket_bind_deny) + return 0; + + r = prepare_socket_bind_bpf(u, cc->socket_bind_allow, cc->socket_bind_deny, &obj); + if (r < 0) + return log_unit_error_errno(u, r, "Failed to load BPF object: %m"); + + cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC, 0); + if (cgroup_fd < 0) + return log_unit_error_errno(u, errno, "Failed to open cgroup=%s for reading: %m", cgroup_path); + + ipv4 = sym_bpf_program__attach_cgroup(obj->progs.sd_bind4, cgroup_fd); + r = sym_libbpf_get_error(ipv4); + if (r != 0) + return log_unit_error_errno(u, r, "Failed to link '%s' cgroup-bpf program: %m", + sym_bpf_program__name(obj->progs.sd_bind4)); + + ipv6 = sym_bpf_program__attach_cgroup(obj->progs.sd_bind6, cgroup_fd); + r = sym_libbpf_get_error(ipv6); + if (r != 0) + return log_unit_error_errno(u, r, "Failed to link '%s' cgroup-bpf program: %m", + sym_bpf_program__name(obj->progs.sd_bind6)); + + u->ipv4_socket_bind_link = TAKE_PTR(ipv4); + u->ipv6_socket_bind_link = TAKE_PTR(ipv6); + + return 0; +} + +int bpf_socket_bind_install(Unit *u) { + int r; + + assert(u); + + r = socket_bind_install_impl(u); + if (r == -ENOMEM) + return r; + + fdset_close(u->initial_socket_bind_link_fds); + return r; +} + +int bpf_serialize_socket_bind(Unit *u, FILE *f, FDSet *fds) { + int r; + + assert(u); + + r = serialize_bpf_link(f, fds, "ipv4-socket-bind-bpf-link", u->ipv4_socket_bind_link); + if (r < 0) + return r; + + return serialize_bpf_link(f, fds, "ipv6-socket-bind-bpf-link", u->ipv6_socket_bind_link); +} + +#else /* ! BPF_FRAMEWORK */ +int bpf_socket_bind_supported(void) { + return false; +} + +int bpf_socket_bind_add_initial_link_fd(Unit *u, int fd) { + return 0; +} + +int bpf_socket_bind_install(Unit *u) { + return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP), "Failed to install socket bind: BPF framework is not supported"); +} + +int bpf_serialize_socket_bind(Unit *u, FILE *f, FDSet *fds) { + return 0; +} +#endif diff --git a/src/core/bpf-socket-bind.h b/src/core/bpf-socket-bind.h new file mode 100644 index 0000000000..c8c75adaf6 --- /dev/null +++ b/src/core/bpf-socket-bind.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ +#pragma once + +#include "fdset.h" +#include "unit.h" + +int bpf_socket_bind_supported(void); + +/* Add BPF link fd created before daemon-reload or daemon-reexec. FDs will be closed at the end of + * socket_bind_install. */ +int bpf_socket_bind_add_initial_link_fd(Unit *u, int fd); + +int bpf_socket_bind_install(Unit *u); + +int bpf_serialize_socket_bind(Unit *u, FILE *f, FDSet *fds); diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 7fde1efce4..3cec8a5786 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -10,6 +10,7 @@ #include "bpf-devices.h" #include "bpf-firewall.h" #include "bpf-foreign.h" +#include "bpf-socket-bind.h" #include "btrfs-util.h" #include "bus-error.h" #include "cgroup-setup.h" @@ -26,7 +27,6 @@ #include "percent-util.h" #include "process-util.h" #include "procfs-util.h" -#include "socket-bind.h" #include "special.h" #include "stat-util.h" #include "stdio-util.h" @@ -1096,7 +1096,7 @@ static void cgroup_apply_firewall(Unit *u) { static void cgroup_apply_socket_bind(Unit *u) { assert(u); - (void) socket_bind_install(u); + (void) bpf_socket_bind_install(u); } static int cgroup_apply_devices(Unit *u) { @@ -3126,7 +3126,7 @@ static int cg_bpf_mask_supported(CGroupMask *ret) { mask |= CGROUP_MASK_BPF_FOREIGN; /* BPF-based bind{4|6} hooks */ - r = socket_bind_supported(); + r = bpf_socket_bind_supported(); if (r > 0) mask |= CGROUP_MASK_BPF_SOCKET_BIND; diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index c6fca7135c..46b6549d16 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -20,6 +20,7 @@ #include "alloc-util.h" #include "bpf-firewall.h" #include "bpf-program.h" +#include "bpf-socket-bind.h" #include "bus-error.h" #include "bus-internal.h" #include "bus-util.h" @@ -55,7 +56,6 @@ #endif #include "securebits-util.h" #include "signal-util.h" -#include "socket-bind.h" #include "socket-netlink.h" #include "specifier.h" #include "stat-util.h" diff --git a/src/core/meson.build b/src/core/meson.build index e696d27727..f0d2c6f642 100644 --- a/src/core/meson.build +++ b/src/core/meson.build @@ -13,6 +13,8 @@ libcore_sources = ''' bpf-firewall.h bpf-foreign.c bpf-foreign.h + bpf-socket-bind.c + bpf-socket-bind.h cgroup.c cgroup.h core-varlink.c @@ -83,10 +85,10 @@ libcore_sources = ''' load-fragment.h locale-setup.c locale-setup.h - manager.c - manager.h manager-dump.c manager-dump.h + manager.c + manager.h mount.c mount.h namespace.c @@ -107,8 +109,6 @@ libcore_sources = ''' slice.h smack-setup.c smack-setup.h - socket-bind.c - socket-bind.h socket.c socket.h swap.c diff --git a/src/core/socket-bind.c b/src/core/socket-bind.c deleted file mode 100644 index 11818733ab..0000000000 --- a/src/core/socket-bind.c +++ /dev/null @@ -1,252 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ - -#if BPF_FRAMEWORK -#include -#endif - -#include "fd-util.h" -#include "socket-bind.h" - -#if BPF_FRAMEWORK -/* libbpf, clang, llvm and bpftool compile time dependencies are satisfied */ -#include "bpf-dlopen.h" -#include "bpf-link.h" -#include "bpf/socket_bind/socket-bind.skel.h" -#include "bpf/socket_bind/socket-bind-api.bpf.h" - -static struct socket_bind_bpf *socket_bind_bpf_free(struct socket_bind_bpf *obj) { - /* socket_bind_bpf__destroy handles object == NULL case */ - (void) socket_bind_bpf__destroy(obj); - - return NULL; -} - -DEFINE_TRIVIAL_CLEANUP_FUNC(struct socket_bind_bpf *, socket_bind_bpf_free); - -static int update_rules_map( - int map_fd, - CGroupSocketBindItem *head) { - - CGroupSocketBindItem *item; - uint32_t i = 0; - - assert(map_fd >= 0); - - LIST_FOREACH(socket_bind_items, item, head) { - struct socket_bind_rule val = { - .address_family = (uint32_t) item->address_family, - .nr_ports = item->nr_ports, - .port_min = item->port_min, - }; - - uint32_t key = i++; - - if (sym_bpf_map_update_elem(map_fd, &key, &val, BPF_ANY) != 0) - return -errno; - } - - return 0; -} - -static int prepare_socket_bind_bpf( - Unit *u, - CGroupSocketBindItem *allow, - CGroupSocketBindItem *deny, - struct socket_bind_bpf **ret_obj) { - - _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; - size_t allow_count = 0, deny_count = 0; - int allow_map_fd, deny_map_fd, r; - CGroupSocketBindItem *item; - - assert(ret_obj); - - LIST_FOREACH(socket_bind_items, item, allow) - allow_count++; - - LIST_FOREACH(socket_bind_items, item, deny) - deny_count++; - - if (allow_count > SOCKET_BIND_MAX_RULES) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), - "Maximum number of socket bind rules=%u is exceeded", SOCKET_BIND_MAX_RULES); - - if (deny_count > SOCKET_BIND_MAX_RULES) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), - "Maximum number of socket bind rules=%u is exceeded", SOCKET_BIND_MAX_RULES); - - obj = socket_bind_bpf__open(); - if (!obj) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, SYNTHETIC_ERRNO(ENOMEM), - "Failed to open BPF object"); - - if (sym_bpf_map__resize(obj->maps.sd_bind_allow, MAX(allow_count, 1u)) != 0) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno, - "Failed to resize BPF map '%s': %m", sym_bpf_map__name(obj->maps.sd_bind_allow)); - - if (sym_bpf_map__resize(obj->maps.sd_bind_deny, MAX(deny_count, 1u)) != 0) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, errno, - "Failed to resize BPF map '%s': %m", sym_bpf_map__name(obj->maps.sd_bind_deny)); - - if (socket_bind_bpf__load(obj) != 0) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_DEBUG, errno, - "Failed to load BPF object: %m"); - - allow_map_fd = sym_bpf_map__fd(obj->maps.sd_bind_allow); - assert(allow_map_fd >= 0); - - r = update_rules_map(allow_map_fd, allow); - if (r < 0) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r, - "Failed to put socket bind allow rules into BPF map '%s'", - sym_bpf_map__name(obj->maps.sd_bind_allow)); - - deny_map_fd = sym_bpf_map__fd(obj->maps.sd_bind_deny); - assert(deny_map_fd >= 0); - - r = update_rules_map(deny_map_fd, deny); - if (r < 0) - return log_unit_full_errno(u, u ? LOG_ERR : LOG_WARNING, r, - "Failed to put socket bind deny rules into BPF map '%s'", - sym_bpf_map__name(obj->maps.sd_bind_deny)); - - *ret_obj = TAKE_PTR(obj); - return 0; -} - -int socket_bind_supported(void) { - _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; - int r; - - r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER); - if (r < 0) - return log_debug_errno(r, "Can't determine whether the unified hierarchy is used: %m"); - if (r == 0) { - log_debug("Not running with unified cgroup hierarchy, BPF is not supported"); - return false; - } - - if (dlopen_bpf() < 0) - return false; - - if (!sym_bpf_probe_prog_type(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, /*ifindex=*/0)) { - log_debug("BPF program type cgroup_sock_addr is not supported"); - return false; - } - - r = prepare_socket_bind_bpf(/*unit=*/NULL, /*allow_rules=*/NULL, /*deny_rules=*/NULL, &obj); - if (r < 0) { - log_debug_errno(r, "BPF based socket_bind is not supported: %m"); - return false; - } - - return can_link_bpf_program(obj->progs.sd_bind4); -} - -int socket_bind_add_initial_link_fd(Unit *u, int fd) { - int r; - - assert(u); - - if (!u->initial_socket_bind_link_fds) { - u->initial_socket_bind_link_fds = fdset_new(); - if (!u->initial_socket_bind_link_fds) - return log_oom(); - } - - r = fdset_put(u->initial_socket_bind_link_fds, fd); - if (r < 0) - return log_unit_error_errno(u, r, "Failed to put socket-bind BPF link fd %d to initial fdset", fd); - - return 0; -} - -static int socket_bind_install_impl(Unit *u) { - _cleanup_(bpf_link_freep) struct bpf_link *ipv4 = NULL, *ipv6 = NULL; - _cleanup_(socket_bind_bpf_freep) struct socket_bind_bpf *obj = NULL; - _cleanup_free_ char *cgroup_path = NULL; - _cleanup_close_ int cgroup_fd = -1; - CGroupContext *cc; - int r; - - assert(u); - - cc = unit_get_cgroup_context(u); - if (!cc) - return 0; - - r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, NULL, &cgroup_path); - if (r < 0) - return log_unit_error_errno(u, r, "Failed to get cgroup path: %m"); - - if (!cc->socket_bind_allow && !cc->socket_bind_deny) - return 0; - - r = prepare_socket_bind_bpf(u, cc->socket_bind_allow, cc->socket_bind_deny, &obj); - if (r < 0) - return log_unit_error_errno(u, r, "Failed to load BPF object: %m"); - - cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC, 0); - if (cgroup_fd < 0) - return log_unit_error_errno(u, errno, "Failed to open cgroup=%s for reading: %m", cgroup_path); - - ipv4 = sym_bpf_program__attach_cgroup(obj->progs.sd_bind4, cgroup_fd); - r = sym_libbpf_get_error(ipv4); - if (r != 0) - return log_unit_error_errno(u, r, "Failed to link '%s' cgroup-bpf program: %m", - sym_bpf_program__name(obj->progs.sd_bind4)); - - ipv6 = sym_bpf_program__attach_cgroup(obj->progs.sd_bind6, cgroup_fd); - r = sym_libbpf_get_error(ipv6); - if (r != 0) - return log_unit_error_errno(u, r, "Failed to link '%s' cgroup-bpf program: %m", - sym_bpf_program__name(obj->progs.sd_bind6)); - - u->ipv4_socket_bind_link = TAKE_PTR(ipv4); - u->ipv6_socket_bind_link = TAKE_PTR(ipv6); - - return 0; -} - -int socket_bind_install(Unit *u) { - int r; - - assert(u); - - r = socket_bind_install_impl(u); - if (r == -ENOMEM) - return r; - - fdset_close(u->initial_socket_bind_link_fds); - return r; -} - -int serialize_socket_bind(Unit *u, FILE *f, FDSet *fds) { - int r; - - assert(u); - - r = serialize_bpf_link(f, fds, "ipv4-socket-bind-bpf-link", u->ipv4_socket_bind_link); - if (r < 0) - return r; - - return serialize_bpf_link(f, fds, "ipv6-socket-bind-bpf-link", u->ipv6_socket_bind_link); -} - -#else /* ! BPF_FRAMEWORK */ -int socket_bind_supported(void) { - return false; -} - -int socket_bind_add_initial_link_fd(Unit *u, int fd) { - return 0; -} - -int socket_bind_install(Unit *u) { - return log_unit_debug_errno(u, SYNTHETIC_ERRNO(EOPNOTSUPP), "Failed to install socket bind: BPF framework is not supported"); -} - -int serialize_socket_bind(Unit *u, FILE *f, FDSet *fds) { - return 0; -} -#endif diff --git a/src/core/socket-bind.h b/src/core/socket-bind.h deleted file mode 100644 index 2a6e71a9b9..0000000000 --- a/src/core/socket-bind.h +++ /dev/null @@ -1,15 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ -#pragma once - -#include "fdset.h" -#include "unit.h" - -int socket_bind_supported(void); - -/* Add BPF link fd created before daemon-reload or daemon-reexec. - * FDs will be closed at the end of socket_bind_install. */ -int socket_bind_add_initial_link_fd(Unit *u, int fd); - -int socket_bind_install(Unit *u); - -int serialize_socket_bind(Unit *u, FILE *f, FDSet *fds); diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c index 4da69769a6..f8a1ca7b75 100644 --- a/src/core/unit-serialize.c +++ b/src/core/unit-serialize.c @@ -1,5 +1,6 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ +#include "bpf-socket-bind.h" #include "bus-util.h" #include "dbus.h" #include "fileio-label.h" @@ -7,7 +8,6 @@ #include "format-util.h" #include "parse-util.h" #include "serialize.h" -#include "socket-bind.h" #include "string-table.h" #include "unit-serialize.h" #include "user-util.h" @@ -164,7 +164,7 @@ int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool switching_root) { (void) serialize_cgroup_mask(f, "cgroup-enabled-mask", u->cgroup_enabled_mask); (void) serialize_cgroup_mask(f, "cgroup-invalidated-mask", u->cgroup_invalidated_mask); - (void) serialize_socket_bind(u, f, fds); + (void) bpf_serialize_socket_bind(u, f, fds); if (uid_is_valid(u->ref_uid)) (void) serialize_item_format(f, "ref-uid", UID_FMT, u->ref_uid); @@ -389,7 +389,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { continue; } - (void) socket_bind_add_initial_link_fd(u, fd); + (void) bpf_socket_bind_add_initial_link_fd(u, fd); } continue; } diff --git a/src/core/unit.c b/src/core/unit.c index 9609c87f85..de407d20a8 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -12,6 +12,7 @@ #include "alloc-util.h" #include "bpf-firewall.h" #include "bpf-foreign.h" +#include "bpf-socket-bind.h" #include "bus-common-errors.h" #include "bus-util.h" #include "cgroup-setup.h" @@ -41,7 +42,6 @@ #include "rm-rf.h" #include "set.h" #include "signal-util.h" -#include "socket-bind.h" #include "sparse-endian.h" #include "special.h" #include "specifier.h" -- cgit v1.2.1