From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Fri, 24 Nov 2017 02:12:05 +0000 (-0800)
Subject: {f, m}_bpf: don't allow specifying multiple bpf programs
X-Git-Tag: v4.15.0~113
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67c857df807f490363aea61f5d7ff8dd7063516e;p=thirdparty%2Fiproute2.git

{f, m}_bpf: don't allow specifying multiple bpf programs

Both BPF filter and action will allow users to specify run
multiple times, and only the last one will be considered by
the kernel.  Explicitly refuse such command lines.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
---

diff --git a/tc/f_bpf.c b/tc/f_bpf.c
index 21ba759c4..f598784e8 100644
--- a/tc/f_bpf.c
+++ b/tc/f_bpf.c
@@ -101,6 +101,9 @@ static int bpf_parse_opt(struct filter_util *qu, char *handle,
 	while (argc > 0) {
 		if (matches(*argv, "run") == 0) {
 			NEXT_ARG();
+
+			if (seen_run)
+				duparg("run", *argv);
 opt_bpf:
 			seen_run = true;
 			cfg.type = bpf_type;
diff --git a/tc/m_bpf.c b/tc/m_bpf.c
index e275afd01..1c1f71cdb 100644
--- a/tc/m_bpf.c
+++ b/tc/m_bpf.c
@@ -96,6 +96,9 @@ static int bpf_parse_opt(struct action_util *a, int *ptr_argc, char ***ptr_argv,
 	while (argc > 0) {
 		if (matches(*argv, "run") == 0) {
 			NEXT_ARG();
+
+			if (seen_run)
+				duparg("run", *argv);
 opt_bpf:
 			seen_run = true;
 			cfg.type = bpf_type;