Constant BPF_F_ALLOW_OVERRIDE
pub const BPF_F_ALLOW_OVERRIDE: i32 = 1;dep_nc only.Expand description
cgroup-bpf attach flags used in BPF_PROG_ATTACH command
NONE(default): No further bpf programs allowed in the subtree.
BPF_F_ALLOW_OVERRIDE: If a sub-cgroup installs some bpf program,
the program in this cgroup yields to sub-cgroup program.
BPF_F_ALLOW_MULTI: If a sub-cgroup installs some bpf program,
that cgroup program gets run in addition to the program in this cgroup.
Only one program is allowed to be attached to a cgroup with
NONE or BPF_F_ALLOW_OVERRIDE flag.
Attaching another program on top of NONE or BPF_F_ALLOW_OVERRIDE will
release old program and attach the new one. Attach flags has to match.
Multiple programs are allowed to be attached to a cgroup with
BPF_F_ALLOW_MULTI flag. They are executed in FIFO order
(those that were attached first, run first)
The programs of sub-cgroup are executed first, then programs of
this cgroup and then programs of parent cgroup.
When children program makes decision (like picking TCP CA or sock bind)
parent program has a chance to override it.
A cgroup with MULTI or OVERRIDE flag allows any attach flags in sub-cgroups. A cgroup with NONE doesn’t allow any programs in sub-cgroups. Ex1: cgrp1 (MULTI progs A, B) -> cgrp2 (OVERRIDE prog C) -> cgrp3 (MULTI prog D) -> cgrp4 (OVERRIDE prog E) -> cgrp5 (NONE prog F) the event in cgrp5 triggers execution of F,D,A,B in that order. if prog F is detached, the execution is E,D,A,B if prog F and D are detached, the execution is E,A,B if prog F, E and D are detached, the execution is C,A,B
All eligible programs are executed regardless of return code from earlier programs.