diff options
author | Eric Dumazet <edumazet@google.com> | 2012-10-26 22:26:17 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-10-31 14:00:15 -0400 |
commit | f3335031b9452baebfe49b8b5e55d3fe0c4677d1 (patch) | |
tree | c73f4d2827d3b58b4866488a35b4b462e52713ba | |
parent | 0f6ae8f14e7a6a068e9a98a0d3484ffa6bf2c6bb (diff) |
net: filter: add vlan tag access
BPF filters lack ability to access skb->vlan_tci
This patch adds two new ancillary accessors :
SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb)
SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb)
This allows libpcap/tcpdump to use a kernel filter instead of
having to fallback to accept all packets, then filter them in
user space.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Ani Sinha <ani@aristanetworks.com>
Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/filter.h | 2 | ||||
-rw-r--r-- | include/uapi/linux/filter.h | 4 | ||||
-rw-r--r-- | net/core/filter.c | 9 |
3 files changed, 14 insertions, 1 deletions
diff --git a/include/linux/filter.h b/include/linux/filter.h index 24d251f3bab0..c9f0005c35e2 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h | |||
@@ -123,6 +123,8 @@ enum { | |||
123 | BPF_S_ANC_CPU, | 123 | BPF_S_ANC_CPU, |
124 | BPF_S_ANC_ALU_XOR_X, | 124 | BPF_S_ANC_ALU_XOR_X, |
125 | BPF_S_ANC_SECCOMP_LD_W, | 125 | BPF_S_ANC_SECCOMP_LD_W, |
126 | BPF_S_ANC_VLAN_TAG, | ||
127 | BPF_S_ANC_VLAN_TAG_PRESENT, | ||
126 | }; | 128 | }; |
127 | 129 | ||
128 | #endif /* __LINUX_FILTER_H__ */ | 130 | #endif /* __LINUX_FILTER_H__ */ |
diff --git a/include/uapi/linux/filter.h b/include/uapi/linux/filter.h index 3d7922433aba..9cfde6941099 100644 --- a/include/uapi/linux/filter.h +++ b/include/uapi/linux/filter.h | |||
@@ -127,7 +127,9 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */ | |||
127 | #define SKF_AD_RXHASH 32 | 127 | #define SKF_AD_RXHASH 32 |
128 | #define SKF_AD_CPU 36 | 128 | #define SKF_AD_CPU 36 |
129 | #define SKF_AD_ALU_XOR_X 40 | 129 | #define SKF_AD_ALU_XOR_X 40 |
130 | #define SKF_AD_MAX 44 | 130 | #define SKF_AD_VLAN_TAG 44 |
131 | #define SKF_AD_VLAN_TAG_PRESENT 48 | ||
132 | #define SKF_AD_MAX 52 | ||
131 | #define SKF_NET_OFF (-0x100000) | 133 | #define SKF_NET_OFF (-0x100000) |
132 | #define SKF_LL_OFF (-0x200000) | 134 | #define SKF_LL_OFF (-0x200000) |
133 | 135 | ||
diff --git a/net/core/filter.c b/net/core/filter.c index 3d92ebb7fbcf..5a114d41bf11 100644 --- a/net/core/filter.c +++ b/net/core/filter.c | |||
@@ -39,6 +39,7 @@ | |||
39 | #include <linux/reciprocal_div.h> | 39 | #include <linux/reciprocal_div.h> |
40 | #include <linux/ratelimit.h> | 40 | #include <linux/ratelimit.h> |
41 | #include <linux/seccomp.h> | 41 | #include <linux/seccomp.h> |
42 | #include <linux/if_vlan.h> | ||
42 | 43 | ||
43 | /* No hurry in this branch | 44 | /* No hurry in this branch |
44 | * | 45 | * |
@@ -341,6 +342,12 @@ load_b: | |||
341 | case BPF_S_ANC_CPU: | 342 | case BPF_S_ANC_CPU: |
342 | A = raw_smp_processor_id(); | 343 | A = raw_smp_processor_id(); |
343 | continue; | 344 | continue; |
345 | case BPF_S_ANC_VLAN_TAG: | ||
346 | A = vlan_tx_tag_get(skb); | ||
347 | continue; | ||
348 | case BPF_S_ANC_VLAN_TAG_PRESENT: | ||
349 | A = !!vlan_tx_tag_present(skb); | ||
350 | continue; | ||
344 | case BPF_S_ANC_NLATTR: { | 351 | case BPF_S_ANC_NLATTR: { |
345 | struct nlattr *nla; | 352 | struct nlattr *nla; |
346 | 353 | ||
@@ -600,6 +607,8 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) | |||
600 | ANCILLARY(RXHASH); | 607 | ANCILLARY(RXHASH); |
601 | ANCILLARY(CPU); | 608 | ANCILLARY(CPU); |
602 | ANCILLARY(ALU_XOR_X); | 609 | ANCILLARY(ALU_XOR_X); |
610 | ANCILLARY(VLAN_TAG); | ||
611 | ANCILLARY(VLAN_TAG_PRESENT); | ||
603 | } | 612 | } |
604 | } | 613 | } |
605 | ftest->code = code; | 614 | ftest->code = code; |