lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 15 Jan 2023 16:16:11 +0900
From:   "Daniel T. Lee" <danieltimlee@...il.com>
To:     Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Yonghong Song <yhs@...com>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>
Cc:     bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: [bpf-next 08/10] samples/bpf: replace BPF programs header with net_shared.h

This commit applies "net_shared.h" to BPF programs to remove existing
network related header dependencies. Also, this commit removes
unnecessary headers before applying "vmlinux.h" to the BPF programs.

Mostly, endianness conversion function has been applied to the source.
In addition, several macros have been defined to fulfill the INET,
TC-related constants.

Signed-off-by: Daniel T. Lee <danieltimlee@...il.com>
---
 samples/bpf/net_shared.h         |  6 ++++++
 samples/bpf/sock_flags_kern.c    | 10 +++++-----
 samples/bpf/test_cgrp2_tc_kern.c |  6 ++----
 samples/bpf/test_lwt_bpf.c       |  3 ++-
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/samples/bpf/net_shared.h b/samples/bpf/net_shared.h
index 04b29b217d25..e9429af9aa44 100644
--- a/samples/bpf/net_shared.h
+++ b/samples/bpf/net_shared.h
@@ -2,6 +2,9 @@
 #ifndef _NET_SHARED_H
 #define _NET_SHARED_H
 
+#define AF_INET		2
+#define AF_INET6	10
+
 #define ETH_ALEN 6
 #define ETH_P_802_3_MIN 0x0600
 #define ETH_P_8021Q 0x8100
@@ -11,6 +14,9 @@
 #define ETH_P_ARP 0x0806
 #define IPPROTO_ICMPV6 58
 
+#define TC_ACT_OK		0
+#define TC_ACT_SHOT		2
+
 #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
 	__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
 #define bpf_ntohs(x)		__builtin_bswap16(x)
diff --git a/samples/bpf/sock_flags_kern.c b/samples/bpf/sock_flags_kern.c
index 1d58cb9b6fa4..84837ed48eb3 100644
--- a/samples/bpf/sock_flags_kern.c
+++ b/samples/bpf/sock_flags_kern.c
@@ -1,5 +1,5 @@
+#include "net_shared.h"
 #include <uapi/linux/bpf.h>
-#include <linux/socket.h>
 #include <linux/net.h>
 #include <uapi/linux/in.h>
 #include <uapi/linux/in6.h>
@@ -17,10 +17,10 @@ int bpf_prog1(struct bpf_sock *sk)
 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
 	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
 
-	/* block PF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets
+	/* block AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets
 	 * ie., make ping6 fail
 	 */
-	if (sk->family == PF_INET6 &&
+	if (sk->family == AF_INET6 &&
 	    sk->type == SOCK_DGRAM   &&
 	    sk->protocol == IPPROTO_ICMPV6)
 		return 0;
@@ -35,10 +35,10 @@ int bpf_prog2(struct bpf_sock *sk)
 
 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
 
-	/* block PF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets
+	/* block AF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets
 	 * ie., make ping fail
 	 */
-	if (sk->family == PF_INET &&
+	if (sk->family == AF_INET &&
 	    sk->type == SOCK_DGRAM  &&
 	    sk->protocol == IPPROTO_ICMP)
 		return 0;
diff --git a/samples/bpf/test_cgrp2_tc_kern.c b/samples/bpf/test_cgrp2_tc_kern.c
index 737ce3eb8944..45a2f01d2029 100644
--- a/samples/bpf/test_cgrp2_tc_kern.c
+++ b/samples/bpf/test_cgrp2_tc_kern.c
@@ -5,10 +5,8 @@
  * License as published by the Free Software Foundation.
  */
 #define KBUILD_MODNAME "foo"
-#include <uapi/linux/if_ether.h>
-#include <uapi/linux/in6.h>
+#include "net_shared.h"
 #include <uapi/linux/ipv6.h>
-#include <uapi/linux/pkt_cls.h>
 #include <uapi/linux/bpf.h>
 #include <bpf/bpf_helpers.h>
 
@@ -42,7 +40,7 @@ int handle_egress(struct __sk_buff *skb)
 	if (data + sizeof(*eth) + sizeof(*ip6h) > data_end)
 		return TC_ACT_OK;
 
-	if (eth->h_proto != htons(ETH_P_IPV6) ||
+	if (eth->h_proto != bpf_htons(ETH_P_IPV6) ||
 	    ip6h->nexthdr != IPPROTO_ICMPV6) {
 		bpf_trace_printk(dont_care_msg, sizeof(dont_care_msg),
 				 eth->h_proto, ip6h->nexthdr);
diff --git a/samples/bpf/test_lwt_bpf.c b/samples/bpf/test_lwt_bpf.c
index f53dab88d231..fc093fbc760a 100644
--- a/samples/bpf/test_lwt_bpf.c
+++ b/samples/bpf/test_lwt_bpf.c
@@ -10,6 +10,7 @@
  * General Public License for more details.
  */
 
+#include "net_shared.h"
 #include <stdint.h>
 #include <stddef.h>
 #include <linux/bpf.h>
@@ -176,7 +177,7 @@ static inline int __do_push_ll_and_redirect(struct __sk_buff *skb)
 		printk("skb_change_head() failed: %d", ret);
 	}
 
-	ehdr.h_proto = __constant_htons(ETH_P_IP);
+	ehdr.h_proto = bpf_htons(ETH_P_IP);
 	memcpy(&ehdr.h_source, &smac, 6);
 	memcpy(&ehdr.h_dest, &dmac, 6);
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ