[PATCH] Support for nlattr and nested_nlattr attribute search in EBPF filter

Kalimuthu Velappan <kalimuthu.velappan@xxxxxxxxxxxx> · Thu, 23 Jan 2020 05:08:12 -0800

Added attribute search and nested attribute support in EBPF filter
functionality.

Signed-off-by: Kalimuthu Velappan <kalimuthu.velappan@xxxxxxxxxxxx>
---
 include/uapi/linux/bpf.h       |  5 ++++-
 net/core/filter.c              | 22 ++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h |  4 +++-
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index dbbcf0b..ac9794c 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2938,7 +2938,10 @@ union bpf_attr {
 	FN(probe_read_user),		\
 	FN(probe_read_kernel),		\
 	FN(probe_read_user_str),	\
-	FN(probe_read_kernel_str),
+	FN(probe_read_kernel_str),  \
+	FN(skb_get_nlattr),     \
+	FN(skb_get_nlattr_nest),
+
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
  * function eBPF program intends to call
diff --git a/net/core/filter.c b/net/core/filter.c
index 538f6a7..56a87e1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2699,6 +2699,24 @@ static const struct bpf_func_proto bpf_set_hash_invalid_proto = {
 	.arg1_type	= ARG_PTR_TO_CTX,
 };
 
+static const struct bpf_func_proto bpf_skb_get_nlattr_proto = {
+	.func		= bpf_skb_get_nlattr,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_PTR_TO_CTX,
+	.arg2_type  = ARG_ANYTHING,
+	.arg3_type  = ARG_ANYTHING,
+};
+
+static const struct bpf_func_proto skb_get_nlattr_nest_proto = {
+	.func		= bpf_skb_get_nlattr_nest,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_PTR_TO_CTX,
+	.arg2_type  = ARG_ANYTHING,
+	.arg3_type  = ARG_ANYTHING,
+};
+
 BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash)
 {
 	/* Set user specified hash as L4(+), so that it gets returned
@@ -6091,6 +6109,10 @@ sk_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 		return &bpf_get_socket_uid_proto;
 	case BPF_FUNC_perf_event_output:
 		return &bpf_skb_event_output_proto;
+	case BPF_FUNC_skb_get_nlattr:
+		return &bpf_skb_get_nlattr_proto;
+	case BPF_FUNC_skb_get_nlattr_nest:
+		return &skb_get_nlattr_nest_proto;
 	default:
 		return bpf_base_func_proto(func_id);
 	}
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index dbbcf0b..3bfbc0e 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2938,7 +2938,9 @@ union bpf_attr {
 	FN(probe_read_user),		\
 	FN(probe_read_kernel),		\
 	FN(probe_read_user_str),	\
-	FN(probe_read_kernel_str),
+	FN(probe_read_kernel_str),  \
+	FN(skb_get_nlattr),     \
+	FN(skb_get_nlattr_nest),
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
  * function eBPF program intends to call
-- 
2.7.4







