bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields
as a follow on to patch 70006af955
("bpf: allow eBPF access skb fields")
this patch allows 'protocol' and 'vlan_tci' fields to be accessible
from extended BPF programs.
The usage of 'protocol', 'vlan_present' and 'vlan_tci' fields is the same as
corresponding SKF_AD_PROTOCOL, SKF_AD_VLAN_TAG_PRESENT and SKF_AD_VLAN_TAG
accesses in classic BPF.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
9cf7867c24
commit
c249739579
3 changed files with 62 additions and 22 deletions
|
@ -178,6 +178,9 @@ struct __sk_buff {
|
||||||
__u32 pkt_type;
|
__u32 pkt_type;
|
||||||
__u32 mark;
|
__u32 mark;
|
||||||
__u32 queue_mapping;
|
__u32 queue_mapping;
|
||||||
|
__u32 protocol;
|
||||||
|
__u32 vlan_present;
|
||||||
|
__u32 vlan_tci;
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* _UAPI__LINUX_BPF_H__ */
|
#endif /* _UAPI__LINUX_BPF_H__ */
|
||||||
|
|
|
@ -177,6 +177,35 @@ static u32 convert_skb_access(int skb_field, int dst_reg, int src_reg,
|
||||||
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
|
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
|
||||||
offsetof(struct sk_buff, queue_mapping));
|
offsetof(struct sk_buff, queue_mapping));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case SKF_AD_PROTOCOL:
|
||||||
|
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
|
||||||
|
|
||||||
|
/* dst_reg = *(u16 *) (src_reg + offsetof(protocol)) */
|
||||||
|
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
|
||||||
|
offsetof(struct sk_buff, protocol));
|
||||||
|
/* dst_reg = ntohs(dst_reg) [emitting a nop or swap16] */
|
||||||
|
*insn++ = BPF_ENDIAN(BPF_FROM_BE, dst_reg, 16);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SKF_AD_VLAN_TAG:
|
||||||
|
case SKF_AD_VLAN_TAG_PRESENT:
|
||||||
|
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
|
||||||
|
BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
|
||||||
|
|
||||||
|
/* dst_reg = *(u16 *) (src_reg + offsetof(vlan_tci)) */
|
||||||
|
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
|
||||||
|
offsetof(struct sk_buff, vlan_tci));
|
||||||
|
if (skb_field == SKF_AD_VLAN_TAG) {
|
||||||
|
*insn++ = BPF_ALU32_IMM(BPF_AND, dst_reg,
|
||||||
|
~VLAN_TAG_PRESENT);
|
||||||
|
} else {
|
||||||
|
/* dst_reg >>= 12 */
|
||||||
|
*insn++ = BPF_ALU32_IMM(BPF_RSH, dst_reg, 12);
|
||||||
|
/* dst_reg &= 1 */
|
||||||
|
*insn++ = BPF_ALU32_IMM(BPF_AND, dst_reg, 1);
|
||||||
|
}
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
return insn - insn_buf;
|
return insn - insn_buf;
|
||||||
|
@ -190,13 +219,8 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
|
||||||
|
|
||||||
switch (fp->k) {
|
switch (fp->k) {
|
||||||
case SKF_AD_OFF + SKF_AD_PROTOCOL:
|
case SKF_AD_OFF + SKF_AD_PROTOCOL:
|
||||||
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
|
cnt = convert_skb_access(SKF_AD_PROTOCOL, BPF_REG_A, BPF_REG_CTX, insn);
|
||||||
|
insn += cnt - 1;
|
||||||
/* A = *(u16 *) (CTX + offsetof(protocol)) */
|
|
||||||
*insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
|
|
||||||
offsetof(struct sk_buff, protocol));
|
|
||||||
/* A = ntohs(A) [emitting a nop or swap16] */
|
|
||||||
*insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16);
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SKF_AD_OFF + SKF_AD_PKTTYPE:
|
case SKF_AD_OFF + SKF_AD_PKTTYPE:
|
||||||
|
@ -242,22 +266,15 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SKF_AD_OFF + SKF_AD_VLAN_TAG:
|
case SKF_AD_OFF + SKF_AD_VLAN_TAG:
|
||||||
case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT:
|
cnt = convert_skb_access(SKF_AD_VLAN_TAG,
|
||||||
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
|
BPF_REG_A, BPF_REG_CTX, insn);
|
||||||
BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000);
|
insn += cnt - 1;
|
||||||
|
break;
|
||||||
|
|
||||||
/* A = *(u16 *) (CTX + offsetof(vlan_tci)) */
|
case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT:
|
||||||
*insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
|
cnt = convert_skb_access(SKF_AD_VLAN_TAG_PRESENT,
|
||||||
offsetof(struct sk_buff, vlan_tci));
|
BPF_REG_A, BPF_REG_CTX, insn);
|
||||||
if (fp->k == SKF_AD_OFF + SKF_AD_VLAN_TAG) {
|
insn += cnt - 1;
|
||||||
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A,
|
|
||||||
~VLAN_TAG_PRESENT);
|
|
||||||
} else {
|
|
||||||
/* A >>= 12 */
|
|
||||||
*insn++ = BPF_ALU32_IMM(BPF_RSH, BPF_REG_A, 12);
|
|
||||||
/* A &= 1 */
|
|
||||||
*insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 1);
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SKF_AD_OFF + SKF_AD_PAY_OFFSET:
|
case SKF_AD_OFF + SKF_AD_PAY_OFFSET:
|
||||||
|
@ -1215,6 +1232,17 @@ static u32 sk_filter_convert_ctx_access(int dst_reg, int src_reg, int ctx_off,
|
||||||
|
|
||||||
case offsetof(struct __sk_buff, queue_mapping):
|
case offsetof(struct __sk_buff, queue_mapping):
|
||||||
return convert_skb_access(SKF_AD_QUEUE, dst_reg, src_reg, insn);
|
return convert_skb_access(SKF_AD_QUEUE, dst_reg, src_reg, insn);
|
||||||
|
|
||||||
|
case offsetof(struct __sk_buff, protocol):
|
||||||
|
return convert_skb_access(SKF_AD_PROTOCOL, dst_reg, src_reg, insn);
|
||||||
|
|
||||||
|
case offsetof(struct __sk_buff, vlan_present):
|
||||||
|
return convert_skb_access(SKF_AD_VLAN_TAG_PRESENT,
|
||||||
|
dst_reg, src_reg, insn);
|
||||||
|
|
||||||
|
case offsetof(struct __sk_buff, vlan_tci):
|
||||||
|
return convert_skb_access(SKF_AD_VLAN_TAG,
|
||||||
|
dst_reg, src_reg, insn);
|
||||||
}
|
}
|
||||||
|
|
||||||
return insn - insn_buf;
|
return insn - insn_buf;
|
||||||
|
|
|
@ -658,6 +658,15 @@ static struct bpf_test tests[] = {
|
||||||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||||
offsetof(struct __sk_buff, queue_mapping)),
|
offsetof(struct __sk_buff, queue_mapping)),
|
||||||
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
|
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||||
|
offsetof(struct __sk_buff, protocol)),
|
||||||
|
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||||
|
offsetof(struct __sk_buff, vlan_present)),
|
||||||
|
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||||
|
offsetof(struct __sk_buff, vlan_tci)),
|
||||||
|
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
|
||||||
BPF_EXIT_INSN(),
|
BPF_EXIT_INSN(),
|
||||||
},
|
},
|
||||||
.result = ACCEPT,
|
.result = ACCEPT,
|
||||||
|
|
Loading…
Reference in a new issue