Hi Daniel, There are few network applications relying on Netlink subsystem to get notifications for net-device attribute changes like MTU, Speed, Oper-Status, Name, slave, slave info, etc. The Netlink subsystem notifies the application on every attribute change regardless of what is being needed for the application. The attribute search support in EBPF filter helps to filter the Netlink packets based on the specific set of attributes that are needed for the application. The classical BPF supports attribute search but that doesn't support MAPS. The extended BPF supports MAPS, but the attribute search is not enabled. Hence this patch enables the support for attribute search in EBPF. Thanks Kals On Thu, Jan 23, 2020 at 9:27 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote: > > On 1/23/20 2:08 PM, Kalimuthu Velappan wrote: > > Added attribute search and nested attribute support in EBPF filter > > functionality. > > Your commit describes what the code does, but not the rationale why it's needed > resp. the use-case you're trying to solve with this. > > Also, why it cannot be resolved in native BPF? > > > Signed-off-by: Kalimuthu Velappan <kalimuthu.velappan@xxxxxxxxxxxx> > > --- > > include/uapi/linux/bpf.h | 5 ++++- > > net/core/filter.c | 22 ++++++++++++++++++++++ > > tools/include/uapi/linux/bpf.h | 4 +++- > > 3 files changed, 29 insertions(+), 2 deletions(-) > > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > index dbbcf0b..ac9794c 100644 > > --- a/include/uapi/linux/bpf.h > > +++ b/include/uapi/linux/bpf.h > > @@ -2938,7 +2938,10 @@ union bpf_attr { > > FN(probe_read_user), \ > > FN(probe_read_kernel), \ > > FN(probe_read_user_str), \ > > - FN(probe_read_kernel_str), > > + FN(probe_read_kernel_str), \ > > + FN(skb_get_nlattr), \ > > + FN(skb_get_nlattr_nest), > > + > > This is not on latest bpf-next tree. > > > /* integer value in 'imm' field of BPF_CALL instruction selects which helper > > * function eBPF program intends to call > > diff --git a/net/core/filter.c b/net/core/filter.c > > index 538f6a7..56a87e1 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -2699,6 +2699,24 @@ static const struct bpf_func_proto bpf_set_hash_invalid_proto = { > > .arg1_type = ARG_PTR_TO_CTX, > > }; > > > > +static const struct bpf_func_proto bpf_skb_get_nlattr_proto = { > > + .func = bpf_skb_get_nlattr, > > + .gpl_only = false, > > + .ret_type = RET_INTEGER, > > + .arg1_type = ARG_PTR_TO_CTX, > > + .arg2_type = ARG_ANYTHING, > > + .arg3_type = ARG_ANYTHING, > > +}; > > + > > +static const struct bpf_func_proto skb_get_nlattr_nest_proto = { > > + .func = bpf_skb_get_nlattr_nest, > > + .gpl_only = false, > > + .ret_type = RET_INTEGER, > > + .arg1_type = ARG_PTR_TO_CTX, > > + .arg2_type = ARG_ANYTHING, > > + .arg3_type = ARG_ANYTHING, > > +}; > > + > > BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash) -- Thanks - Kals