lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 16 Oct 2012 08:46:38 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Ani Sinha <ani@...stanetworks.com>
Cc:	netdev@...r.kernel.org
Subject: Re: bpf filter : support for vlan tag

On Mon, 2012-10-15 at 19:10 -0700, Ani Sinha wrote:
> Hi :
> 
> I was looking at the kernel side implementation of the BPF filter. I
> do not see any code that supports filtering of packets based on
> provided vlan tag information from the skbuff. This will make it
> impossible to provide any filter to tcpdump that will filter packets
> based on the tag information if libpcap uses the kernel filter.
> 
> Any help will be much appreciated.

Right, we need a basic support, using a new ancillary definition.

Is the following patch enough to address your need, or do you also need
access to vlan_tx_tag_present() ?

diff --git a/include/linux/filter.h b/include/linux/filter.h
index 24d251f..0218e41 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -123,6 +123,7 @@ enum {
 	BPF_S_ANC_CPU,
 	BPF_S_ANC_ALU_XOR_X,
 	BPF_S_ANC_SECCOMP_LD_W,
+	BPF_S_ANC_VLAN_TAG,
 };
 
 #endif /* __LINUX_FILTER_H__ */
diff --git a/net/core/filter.c b/net/core/filter.c
index 3d92ebb..de4a5dc 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -341,6 +341,9 @@ load_b:
 		case BPF_S_ANC_CPU:
 			A = raw_smp_processor_id();
 			continue;
+		case BPF_S_ANC_VLAN_TAG:
+			A = vlan_tx_tag_get(skb);
+			continue;
 		case BPF_S_ANC_NLATTR: {
 			struct nlattr *nla;
 
@@ -600,6 +603,7 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
 			ANCILLARY(RXHASH);
 			ANCILLARY(CPU);
 			ANCILLARY(ALU_XOR_X);
+			ANCILLARY(VLAN_TAG);
 			}
 		}
 		ftest->code = code;


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists