Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f3335031 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

net: filter: add vlan tag access 



BPF filters lack ability to access skb->vlan_tci

This patch adds two new ancillary accessors :

SKF_AD_VLAN_TAG         (44) mapped to vlan_tx_tag_get(skb)

SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb)

This allows libpcap/tcpdump to use a kernel filter instead of
having to fallback to accept all packets, then filter them in
user space.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Suggested-by: default avatarAni Sinha <ani@aristanetworks.com>
Suggested-by: default avatarDaniel Borkmann <danborkmann@iogearbox.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0f6ae8f1

include/linux/filter.h

+2 −0
Original line number Diff line number Diff line
@@ -123,6 +123,8 @@ enum { 
	BPF_S_ANC_CPU,

	BPF_S_ANC_ALU_XOR_X,

	BPF_S_ANC_SECCOMP_LD_W,

	BPF_S_ANC_VLAN_TAG,

	BPF_S_ANC_VLAN_TAG_PRESENT,

};



#endif /* __LINUX_FILTER_H__ */

include/uapi/linux/filter.h

+3 −1
Original line number Diff line number Diff line
@@ -127,7 +127,9 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */ 
#define SKF_AD_RXHASH	32

#define SKF_AD_CPU	36

#define SKF_AD_ALU_XOR_X	40

#define SKF_AD_MAX	44

#define SKF_AD_VLAN_TAG	44

#define SKF_AD_VLAN_TAG_PRESENT 48

#define SKF_AD_MAX	52

#define SKF_NET_OFF   (-0x100000)

#define SKF_LL_OFF    (-0x200000)

net/core/filter.c

+9 −0
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ 
#include <linux/reciprocal_div.h>

#include <linux/ratelimit.h>

#include <linux/seccomp.h>

#include <linux/if_vlan.h>



/* No hurry in this branch

 *
@@ -341,6 +342,12 @@ unsigned int sk_run_filter(const struct sk_buff *skb, 
		case BPF_S_ANC_CPU:

			A = raw_smp_processor_id();

			continue;

		case BPF_S_ANC_VLAN_TAG:

			A = vlan_tx_tag_get(skb);

			continue;

		case BPF_S_ANC_VLAN_TAG_PRESENT:

			A = !!vlan_tx_tag_present(skb);

			continue;

		case BPF_S_ANC_NLATTR: {

			struct nlattr *nla;
@@ -600,6 +607,8 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) 
			ANCILLARY(RXHASH);

			ANCILLARY(CPU);

			ANCILLARY(ALU_XOR_X);

			ANCILLARY(VLAN_TAG);

			ANCILLARY(VLAN_TAG_PRESENT);

			}

		}

		ftest->code = code;