| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200123130816.24815-1-kalimuthu.velappan@broadcom.com>
Date: Thu, 23 Jan 2020 05:08:12 -0800
From: Kalimuthu Velappan <kalimuthu.velappan@...adcom.com>
To: kalimuthu.velappan@...adcom.com
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Andrii Nakryiko <andriin@...com>,
"David S. Miller" <davem@...emloft.net>,
Stanislav Fomichev <sdf@...gle.com>,
Quentin Monnet <quentin.monnet@...ronome.com>,
Andrey Ignatov <rdna@...com>,
netdev@...r.kernel.org (open list:BPF (Safe dynamic programs and tools)),
bpf@...r.kernel.org (open list:BPF (Safe dynamic programs and tools)),
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] Support for nlattr and nested_nlattr attribute search in EBPF filter
Added attribute search and nested attribute support in EBPF filter
functionality.
Signed-off-by: Kalimuthu Velappan <kalimuthu.velappan@...adcom.com>
---
include/uapi/linux/bpf.h | 5 ++++-
net/core/filter.c | 22 ++++++++++++++++++++++
tools/include/uapi/linux/bpf.h | 4 +++-
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index dbbcf0b..ac9794c 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2938,7 +2938,10 @@ union bpf_attr {
FN(probe_read_user), \
FN(probe_read_kernel), \
FN(probe_read_user_str), \
- FN(probe_read_kernel_str),
+ FN(probe_read_kernel_str), \
+ FN(skb_get_nlattr), \
+ FN(skb_get_nlattr_nest),
+
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
diff --git a/net/core/filter.c b/net/core/filter.c
index 538f6a7..56a87e1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2699,6 +2699,24 @@ static const struct bpf_func_proto bpf_set_hash_invalid_proto = {
.arg1_type = ARG_PTR_TO_CTX,
};
+static const struct bpf_func_proto bpf_skb_get_nlattr_proto = {
+ .func = bpf_skb_get_nlattr,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_CTX,
+ .arg2_type = ARG_ANYTHING,
+ .arg3_type = ARG_ANYTHING,
+};
+
+static const struct bpf_func_proto skb_get_nlattr_nest_proto = {
+ .func = bpf_skb_get_nlattr_nest,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_CTX,
+ .arg2_type = ARG_ANYTHING,
+ .arg3_type = ARG_ANYTHING,
+};
+
BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash)
{
/* Set user specified hash as L4(+), so that it gets returned
@@ -6091,6 +6109,10 @@ sk_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_socket_uid_proto;
case BPF_FUNC_perf_event_output:
return &bpf_skb_event_output_proto;
+ case BPF_FUNC_skb_get_nlattr:
+ return &bpf_skb_get_nlattr_proto;
+ case BPF_FUNC_skb_get_nlattr_nest:
+ return &skb_get_nlattr_nest_proto;
default:
return bpf_base_func_proto(func_id);
}
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index dbbcf0b..3bfbc0e 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2938,7 +2938,9 @@ union bpf_attr {
FN(probe_read_user), \
FN(probe_read_kernel), \
FN(probe_read_user_str), \
- FN(probe_read_kernel_str),
+ FN(probe_read_kernel_str), \
+ FN(skb_get_nlattr), \
+ FN(skb_get_nlattr_nest),
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
--
2.7.4
Powered by blists - more mailing lists