{f, m}_bpf: don't allow specifying multiple bpf programs

Both BPF filter and action will allow users to specify run
multiple times, and only the last one will be considered by
the kernel.  Explicitly refuse such command lines.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>

diff --git a/tc/f_bpf.c b/tc/f_bpf.c
index 21ba759c4b01768b625cbc257dba520476262f59..f598784e8b0852f46caca340f4bd8cc476da9dfb 100644 (file)
--- a/tc/f_bpf.c
+++ b/tc/f_bpf.c
@@ -101,6 +101,9 @@ static int bpf_parse_opt(struct filter_util *qu, char *handle,
        while (argc > 0) {
                if (matches(*argv, "run") == 0) {
                        NEXT_ARG();
+
+                       if (seen_run)
+                               duparg("run", *argv);
 opt_bpf:
                        seen_run = true;
                        cfg.type = bpf_type;

diff --git a/tc/m_bpf.c b/tc/m_bpf.c
index e275afd01fb32ad1eda6b1dfcfcbe38d4f3c0e3b..1c1f71cdb83f9ac6522658315b6cf1671fb1f97b 100644 (file)
--- a/tc/m_bpf.c
+++ b/tc/m_bpf.c
@@ -96,6 +96,9 @@ static int bpf_parse_opt(struct action_util *a, int *ptr_argc, char ***ptr_argv,
        while (argc > 0) {
                if (matches(*argv, "run") == 0) {
                        NEXT_ARG();
+
+                       if (seen_run)
+                               duparg("run", *argv);
 opt_bpf:
                        seen_run = true;
                        cfg.type = bpf_type;