aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2012-10-26 22:26:17 -0400
committerDavid S. Miller <davem@davemloft.net>2012-10-31 14:00:15 -0400
commitf3335031b9452baebfe49b8b5e55d3fe0c4677d1 (patch)
treec73f4d2827d3b58b4866488a35b4b462e52713ba
parent0f6ae8f14e7a6a068e9a98a0d3484ffa6bf2c6bb (diff)
net: filter: add vlan tag access
BPF filters lack ability to access skb->vlan_tci This patch adds two new ancillary accessors : SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb) SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb) This allows libpcap/tcpdump to use a kernel filter instead of having to fallback to accept all packets, then filter them in user space. Signed-off-by: Eric Dumazet <edumazet@google.com> Suggested-by: Ani Sinha <ani@aristanetworks.com> Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/filter.h2
-rw-r--r--include/uapi/linux/filter.h4
-rw-r--r--net/core/filter.c9
3 files changed, 14 insertions, 1 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 24d251f3bab0..c9f0005c35e2 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -123,6 +123,8 @@ enum {
123 BPF_S_ANC_CPU, 123 BPF_S_ANC_CPU,
124 BPF_S_ANC_ALU_XOR_X, 124 BPF_S_ANC_ALU_XOR_X,
125 BPF_S_ANC_SECCOMP_LD_W, 125 BPF_S_ANC_SECCOMP_LD_W,
126 BPF_S_ANC_VLAN_TAG,
127 BPF_S_ANC_VLAN_TAG_PRESENT,
126}; 128};
127 129
128#endif /* __LINUX_FILTER_H__ */ 130#endif /* __LINUX_FILTER_H__ */
diff --git a/include/uapi/linux/filter.h b/include/uapi/linux/filter.h
index 3d7922433aba..9cfde6941099 100644
--- a/include/uapi/linux/filter.h
+++ b/include/uapi/linux/filter.h
@@ -127,7 +127,9 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */
127#define SKF_AD_RXHASH 32 127#define SKF_AD_RXHASH 32
128#define SKF_AD_CPU 36 128#define SKF_AD_CPU 36
129#define SKF_AD_ALU_XOR_X 40 129#define SKF_AD_ALU_XOR_X 40
130#define SKF_AD_MAX 44 130#define SKF_AD_VLAN_TAG 44
131#define SKF_AD_VLAN_TAG_PRESENT 48
132#define SKF_AD_MAX 52
131#define SKF_NET_OFF (-0x100000) 133#define SKF_NET_OFF (-0x100000)
132#define SKF_LL_OFF (-0x200000) 134#define SKF_LL_OFF (-0x200000)
133 135
diff --git a/net/core/filter.c b/net/core/filter.c
index 3d92ebb7fbcf..5a114d41bf11 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -39,6 +39,7 @@
39#include <linux/reciprocal_div.h> 39#include <linux/reciprocal_div.h>
40#include <linux/ratelimit.h> 40#include <linux/ratelimit.h>
41#include <linux/seccomp.h> 41#include <linux/seccomp.h>
42#include <linux/if_vlan.h>
42 43
43/* No hurry in this branch 44/* No hurry in this branch
44 * 45 *
@@ -341,6 +342,12 @@ load_b:
341 case BPF_S_ANC_CPU: 342 case BPF_S_ANC_CPU:
342 A = raw_smp_processor_id(); 343 A = raw_smp_processor_id();
343 continue; 344 continue;
345 case BPF_S_ANC_VLAN_TAG:
346 A = vlan_tx_tag_get(skb);
347 continue;
348 case BPF_S_ANC_VLAN_TAG_PRESENT:
349 A = !!vlan_tx_tag_present(skb);
350 continue;
344 case BPF_S_ANC_NLATTR: { 351 case BPF_S_ANC_NLATTR: {
345 struct nlattr *nla; 352 struct nlattr *nla;
346 353
@@ -600,6 +607,8 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
600 ANCILLARY(RXHASH); 607 ANCILLARY(RXHASH);
601 ANCILLARY(CPU); 608 ANCILLARY(CPU);
602 ANCILLARY(ALU_XOR_X); 609 ANCILLARY(ALU_XOR_X);
610 ANCILLARY(VLAN_TAG);
611 ANCILLARY(VLAN_TAG_PRESENT);
603 } 612 }
604 } 613 }
605 ftest->code = code; 614 ftest->code = code;