On Sat, Mar 15, 2014 at 12:03 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Fri, Mar 14, 2014 at 09:04:50PM -0700, Alexei Starovoitov wrote: > [...] >> In the patches I sent, ebpf is _not_ exposed to the user. > > From your last patch: http://patchwork.ozlabs.org/patch/329713/ > > diff --git a/include/uapi/linux/filter.h b/include/uapi/linux/filter.h > index 8eb9ccaa5b48..4e98fe16ba88 100644 > --- a/include/uapi/linux/filter.h > +++ b/include/uapi/linux/filter.h > @@ -1,5 +1,6 @@ > /* > * Linux Socket Filter Data Structures > + * Extended BPF is Copyright (c) 2011-2014, PLUMgrid, http://plumgrid.com > */ > > #ifndef _UAPI__LINUX_FILTER_H__ > @@ -19,7 +20,7 @@ > * Try and keep these values and structures similar to BSD, > * especially > * the BPF code definitions which need to match so you can share > * filters > */ > - > + > struct sock_filter { /* Filter block */ > __u16 code; /* Actual filter code */ > __u8 jt; /* Jump true */ > @@ -27,6 +28,14 @@ struct sock_filter { /* Filter block */ > __u32 k; /* Generic multiuse field */ > }; > > +struct sock_filter_ext { > + __u8 code; /* opcode */ > + __u8 a_reg:4; /* dest register */ > + __u8 x_reg:4; /* source register */ > + __s16 off; /* signed offset */ > + __s32 imm; /* signed immediate constant */ > +}; > + > struct sock_fprog { /* Required for SO_ATTACH_FILTER. */ > unsigned short len; /* Number of filter blocks */ > struct sock_filter __user *filter; > > That sock_filter_ext structure is exposed to userspace as well as many > other new BPF_* macros that you have defined. For the first few versions of the patchset they were in linux/bpf.h, but then it was suggested to put them into uapi/linux/filter.h to make the whole thing consistent with existing sock_filter structure. So yes, uapi header is changed as: include/uapi/linux/filter.h | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) but there is no way to use these #define from user space at present. As I said I think it's safe to expose it, because these defines won't change, but if there is a concern I can move it back into linux/bpf.h Thanks Alexei -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
