~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_bpf.c

Version: ~ [ linux-5.8-rc5 ] ~ [ linux-5.7.8 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.51 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.132 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.188 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.230 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.230 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Xtables module to match packets using a BPF filter.
  2  * Copyright 2013 Google Inc.
  3  * Written by Willem de Bruijn <willemb@google.com>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License version 2 as
  7  * published by the Free Software Foundation.
  8  */
  9 
 10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 11 
 12 #include <linux/module.h>
 13 #include <linux/syscalls.h>
 14 #include <linux/skbuff.h>
 15 #include <linux/filter.h>
 16 #include <linux/bpf.h>
 17 
 18 #include <linux/netfilter/xt_bpf.h>
 19 #include <linux/netfilter/x_tables.h>
 20 
 21 MODULE_AUTHOR("Willem de Bruijn <willemb@google.com>");
 22 MODULE_DESCRIPTION("Xtables: BPF filter match");
 23 MODULE_LICENSE("GPL");
 24 MODULE_ALIAS("ipt_bpf");
 25 MODULE_ALIAS("ip6t_bpf");
 26 
 27 static int __bpf_mt_check_bytecode(struct sock_filter *insns, __u16 len,
 28                                    struct bpf_prog **ret)
 29 {
 30         struct sock_fprog_kern program;
 31 
 32         if (len > XT_BPF_MAX_NUM_INSTR)
 33                 return -EINVAL;
 34 
 35         program.len = len;
 36         program.filter = insns;
 37 
 38         if (bpf_prog_create(ret, &program)) {
 39                 pr_info_ratelimited("check failed: parse error\n");
 40                 return -EINVAL;
 41         }
 42 
 43         return 0;
 44 }
 45 
 46 static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret)
 47 {
 48         struct bpf_prog *prog;
 49 
 50         prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
 51         if (IS_ERR(prog))
 52                 return PTR_ERR(prog);
 53 
 54         *ret = prog;
 55         return 0;
 56 }
 57 
 58 static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)
 59 {
 60         if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)
 61                 return -EINVAL;
 62 
 63         *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);
 64         return PTR_ERR_OR_ZERO(*ret);
 65 }
 66 
 67 static int bpf_mt_check(const struct xt_mtchk_param *par)
 68 {
 69         struct xt_bpf_info *info = par->matchinfo;
 70 
 71         return __bpf_mt_check_bytecode(info->bpf_program,
 72                                        info->bpf_program_num_elem,
 73                                        &info->filter);
 74 }
 75 
 76 static int bpf_mt_check_v1(const struct xt_mtchk_param *par)
 77 {
 78         struct xt_bpf_info_v1 *info = par->matchinfo;
 79 
 80         if (info->mode == XT_BPF_MODE_BYTECODE)
 81                 return __bpf_mt_check_bytecode(info->bpf_program,
 82                                                info->bpf_program_num_elem,
 83                                                &info->filter);
 84         else if (info->mode == XT_BPF_MODE_FD_ELF)
 85                 return __bpf_mt_check_fd(info->fd, &info->filter);
 86         else if (info->mode == XT_BPF_MODE_PATH_PINNED)
 87                 return __bpf_mt_check_path(info->path, &info->filter);
 88         else
 89                 return -EINVAL;
 90 }
 91 
 92 static bool bpf_mt(const struct sk_buff *skb, struct xt_action_param *par)
 93 {
 94         const struct xt_bpf_info *info = par->matchinfo;
 95 
 96         return BPF_PROG_RUN(info->filter, skb);
 97 }
 98 
 99 static bool bpf_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
100 {
101         const struct xt_bpf_info_v1 *info = par->matchinfo;
102 
103         return !!bpf_prog_run_save_cb(info->filter, (struct sk_buff *) skb);
104 }
105 
106 static void bpf_mt_destroy(const struct xt_mtdtor_param *par)
107 {
108         const struct xt_bpf_info *info = par->matchinfo;
109 
110         bpf_prog_destroy(info->filter);
111 }
112 
113 static void bpf_mt_destroy_v1(const struct xt_mtdtor_param *par)
114 {
115         const struct xt_bpf_info_v1 *info = par->matchinfo;
116 
117         bpf_prog_destroy(info->filter);
118 }
119 
120 static struct xt_match bpf_mt_reg[] __read_mostly = {
121         {
122                 .name           = "bpf",
123                 .revision       = 0,
124                 .family         = NFPROTO_UNSPEC,
125                 .checkentry     = bpf_mt_check,
126                 .match          = bpf_mt,
127                 .destroy        = bpf_mt_destroy,
128                 .matchsize      = sizeof(struct xt_bpf_info),
129                 .usersize       = offsetof(struct xt_bpf_info, filter),
130                 .me             = THIS_MODULE,
131         },
132         {
133                 .name           = "bpf",
134                 .revision       = 1,
135                 .family         = NFPROTO_UNSPEC,
136                 .checkentry     = bpf_mt_check_v1,
137                 .match          = bpf_mt_v1,
138                 .destroy        = bpf_mt_destroy_v1,
139                 .matchsize      = sizeof(struct xt_bpf_info_v1),
140                 .usersize       = offsetof(struct xt_bpf_info_v1, filter),
141                 .me             = THIS_MODULE,
142         },
143 };
144 
145 static int __init bpf_mt_init(void)
146 {
147         return xt_register_matches(bpf_mt_reg, ARRAY_SIZE(bpf_mt_reg));
148 }
149 
150 static void __exit bpf_mt_exit(void)
151 {
152         xt_unregister_matches(bpf_mt_reg, ARRAY_SIZE(bpf_mt_reg));
153 }
154 
155 module_init(bpf_mt_init);
156 module_exit(bpf_mt_exit);
157 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp