Re: [PATCH v4] bpftool: Add 'prepend' option for tcx attach to insert at chain start

Next message: Juri Lelli: "Re: [PATCH 05/12] sched: Move sched_class::prio_changed() into the change pattern"
Previous message: Guenter Roeck: "Re: [PATCH] hwmon: (dell-smm) Add Dell G15 5510 to fan control whitelist"
In reply to: Quentin Monnet: "Re: [PATCH v4] bpftool: Add 'prepend' option for tcx attach to insert at chain start"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Borkmann

Date: Wed Jan 14 2026 - 09:20:12 EST

On 1/12/26 4:45 AM, gyutae.opensource@xxxxxxxxxxxxx wrote:

From: Gyutae Bae <gyutae.bae@xxxxxxxxxxxxx>

Add support for the 'prepend' option when attaching tcx_ingress and
tcx_egress programs. This option allows inserting a BPF program at
the beginning of the TCX chain instead of appending it at the end.

The implementation uses BPF_F_BEFORE flag which automatically inserts
the program at the beginning of the chain when no relative reference
is specified.

This change includes:
- Modify do_attach_tcx() to support prepend insertion using BPF_F_BEFORE
- Update documentation to describe the new 'prepend' option
- Add bash completion support for the 'prepend' option on tcx attach types
- Add example usage in the documentation
- Add validation to reject 'overwrite' for non-XDP attach types

The 'prepend' option is only valid for tcx_ingress and tcx_egress attach
types. For XDP attach types, the existing 'overwrite' option remains
available.

Example usage:
# bpftool net attach tcx_ingress name tc_prog dev lo prepend

This feature is useful when the order of program execution in the TCX
chain matters and users need to ensure certain programs run first.

Acked-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>