net: filter: add vlan tag access
BPF filters lack ability to access skb->vlan_tci This patch adds two new ancillary accessors : SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb) SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb) This allows libpcap/tcpdump to use a kernel filter instead of having to fallback to accept all packets, then filter them in user space. Signed-off-by: Eric Dumazet <edumazet@google.com> Suggested-by: Ani Sinha <ani@aristanetworks.com> Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0f6ae8f14e
commit
f3335031b9
@ -123,6 +123,8 @@ enum {
|
|||||||
BPF_S_ANC_CPU,
|
BPF_S_ANC_CPU,
|
||||||
BPF_S_ANC_ALU_XOR_X,
|
BPF_S_ANC_ALU_XOR_X,
|
||||||
BPF_S_ANC_SECCOMP_LD_W,
|
BPF_S_ANC_SECCOMP_LD_W,
|
||||||
|
BPF_S_ANC_VLAN_TAG,
|
||||||
|
BPF_S_ANC_VLAN_TAG_PRESENT,
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif /* __LINUX_FILTER_H__ */
|
#endif /* __LINUX_FILTER_H__ */
|
||||||
|
@ -127,7 +127,9 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */
|
|||||||
#define SKF_AD_RXHASH 32
|
#define SKF_AD_RXHASH 32
|
||||||
#define SKF_AD_CPU 36
|
#define SKF_AD_CPU 36
|
||||||
#define SKF_AD_ALU_XOR_X 40
|
#define SKF_AD_ALU_XOR_X 40
|
||||||
#define SKF_AD_MAX 44
|
#define SKF_AD_VLAN_TAG 44
|
||||||
|
#define SKF_AD_VLAN_TAG_PRESENT 48
|
||||||
|
#define SKF_AD_MAX 52
|
||||||
#define SKF_NET_OFF (-0x100000)
|
#define SKF_NET_OFF (-0x100000)
|
||||||
#define SKF_LL_OFF (-0x200000)
|
#define SKF_LL_OFF (-0x200000)
|
||||||
|
|
||||||
|
@ -39,6 +39,7 @@
|
|||||||
#include <linux/reciprocal_div.h>
|
#include <linux/reciprocal_div.h>
|
||||||
#include <linux/ratelimit.h>
|
#include <linux/ratelimit.h>
|
||||||
#include <linux/seccomp.h>
|
#include <linux/seccomp.h>
|
||||||
|
#include <linux/if_vlan.h>
|
||||||
|
|
||||||
/* No hurry in this branch
|
/* No hurry in this branch
|
||||||
*
|
*
|
||||||
@ -341,6 +342,12 @@ load_b:
|
|||||||
case BPF_S_ANC_CPU:
|
case BPF_S_ANC_CPU:
|
||||||
A = raw_smp_processor_id();
|
A = raw_smp_processor_id();
|
||||||
continue;
|
continue;
|
||||||
|
case BPF_S_ANC_VLAN_TAG:
|
||||||
|
A = vlan_tx_tag_get(skb);
|
||||||
|
continue;
|
||||||
|
case BPF_S_ANC_VLAN_TAG_PRESENT:
|
||||||
|
A = !!vlan_tx_tag_present(skb);
|
||||||
|
continue;
|
||||||
case BPF_S_ANC_NLATTR: {
|
case BPF_S_ANC_NLATTR: {
|
||||||
struct nlattr *nla;
|
struct nlattr *nla;
|
||||||
|
|
||||||
@ -600,6 +607,8 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
|
|||||||
ANCILLARY(RXHASH);
|
ANCILLARY(RXHASH);
|
||||||
ANCILLARY(CPU);
|
ANCILLARY(CPU);
|
||||||
ANCILLARY(ALU_XOR_X);
|
ANCILLARY(ALU_XOR_X);
|
||||||
|
ANCILLARY(VLAN_TAG);
|
||||||
|
ANCILLARY(VLAN_TAG_PRESENT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ftest->code = code;
|
ftest->code = code;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user