projects / linux-2.6-block.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bpf: minimal support for programs hooked into netfilter framework
[linux-2.6-block.git] / kernel / bpf / verifier.c
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1e05355facdcc34fb19f6456a567930be04caec4..fc7281d39e4602fe295353df8dc76e523457c8b2 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -13816,6 +13816,9 @@ static int check_return_code(struct bpf_verifier_env *env)
                }
                break;
 
+       case BPF_PROG_TYPE_NETFILTER:
+               range = tnum_range(NF_DROP, NF_ACCEPT);
+               break;
        case BPF_PROG_TYPE_EXT:
                /* freplace program can return anything as its return value
                 * depends on the to-be-replaced kernel func or bpf program.
Linux 6.x block layer and io_uring tree(s)