~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_bpf.c

Version: ~ [ linux-5.17-rc1 ] ~ [ linux-5.16.2 ] ~ [ linux-5.15.16 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.93 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.173 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.225 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.262 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.297 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.299 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-only
  2 /* Xtables module to match packets using a BPF filter.
  3  * Copyright 2013 Google Inc.
  4  * Written by Willem de Bruijn <willemb@google.com>
  5  */
  6 
  7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  8 
  9 #include <linux/module.h>
 10 #include <linux/syscalls.h>
 11 #include <linux/skbuff.h>
 12 #include <linux/filter.h>
 13 #include <linux/bpf.h>
 14 
 15 #include <linux/netfilter/xt_bpf.h>
 16 #include <linux/netfilter/x_tables.h>
 17 
 18 MODULE_AUTHOR("Willem de Bruijn <willemb@google.com>");
 19 MODULE_DESCRIPTION("Xtables: BPF filter match");
 20 MODULE_LICENSE("GPL");
 21 MODULE_ALIAS("ipt_bpf");
 22 MODULE_ALIAS("ip6t_bpf");
 23 
 24 static int __bpf_mt_check_bytecode(struct sock_filter *insns, __u16 len,
 25                                    struct bpf_prog **ret)
 26 {
 27         struct sock_fprog_kern program;
 28 
 29         if (len > XT_BPF_MAX_NUM_INSTR)
 30                 return -EINVAL;
 31 
 32         program.len = len;
 33         program.filter = insns;
 34 
 35         if (bpf_prog_create(ret, &program)) {
 36                 pr_info_ratelimited("check failed: parse error\n");
 37                 return -EINVAL;
 38         }
 39 
 40         return 0;
 41 }
 42 
 43 static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret)
 44 {
 45         struct bpf_prog *prog;
 46 
 47         prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);
 48         if (IS_ERR(prog))
 49                 return PTR_ERR(prog);
 50 
 51         *ret = prog;
 52         return 0;
 53 }
 54 
 55 static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)
 56 {
 57         if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)
 58                 return -EINVAL;
 59 
 60         *ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);
 61         return PTR_ERR_OR_ZERO(*ret);
 62 }
 63 
 64 static int bpf_mt_check(const struct xt_mtchk_param *par)
 65 {
 66         struct xt_bpf_info *info = par->matchinfo;
 67 
 68         return __bpf_mt_check_bytecode(info->bpf_program,
 69                                        info->bpf_program_num_elem,
 70                                        &info->filter);
 71 }
 72 
 73 static int bpf_mt_check_v1(const struct xt_mtchk_param *par)
 74 {
 75         struct xt_bpf_info_v1 *info = par->matchinfo;
 76 
 77         if (info->mode == XT_BPF_MODE_BYTECODE)
 78                 return __bpf_mt_check_bytecode(info->bpf_program,
 79                                                info->bpf_program_num_elem,
 80                                                &info->filter);
 81         else if (info->mode == XT_BPF_MODE_FD_ELF)
 82                 return __bpf_mt_check_fd(info->fd, &info->filter);
 83         else if (info->mode == XT_BPF_MODE_PATH_PINNED)
 84                 return __bpf_mt_check_path(info->path, &info->filter);
 85         else
 86                 return -EINVAL;
 87 }
 88 
 89 static bool bpf_mt(const struct sk_buff *skb, struct xt_action_param *par)
 90 {
 91         const struct xt_bpf_info *info = par->matchinfo;
 92 
 93         return BPF_PROG_RUN(info->filter, skb);
 94 }
 95 
 96 static bool bpf_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
 97 {
 98         const struct xt_bpf_info_v1 *info = par->matchinfo;
 99 
100         return !!bpf_prog_run_save_cb(info->filter, (struct sk_buff *) skb);
101 }
102 
103 static void bpf_mt_destroy(const struct xt_mtdtor_param *par)
104 {
105         const struct xt_bpf_info *info = par->matchinfo;
106 
107         bpf_prog_destroy(info->filter);
108 }
109 
110 static void bpf_mt_destroy_v1(const struct xt_mtdtor_param *par)
111 {
112         const struct xt_bpf_info_v1 *info = par->matchinfo;
113 
114         bpf_prog_destroy(info->filter);
115 }
116 
117 static struct xt_match bpf_mt_reg[] __read_mostly = {
118         {
119                 .name           = "bpf",
120                 .revision       = 0,
121                 .family         = NFPROTO_UNSPEC,
122                 .checkentry     = bpf_mt_check,
123                 .match          = bpf_mt,
124                 .destroy        = bpf_mt_destroy,
125                 .matchsize      = sizeof(struct xt_bpf_info),
126                 .usersize       = offsetof(struct xt_bpf_info, filter),
127                 .me             = THIS_MODULE,
128         },
129         {
130                 .name           = "bpf",
131                 .revision       = 1,
132                 .family         = NFPROTO_UNSPEC,
133                 .checkentry     = bpf_mt_check_v1,
134                 .match          = bpf_mt_v1,
135                 .destroy        = bpf_mt_destroy_v1,
136                 .matchsize      = sizeof(struct xt_bpf_info_v1),
137                 .usersize       = offsetof(struct xt_bpf_info_v1, filter),
138                 .me             = THIS_MODULE,
139         },
140 };
141 
142 static int __init bpf_mt_init(void)
143 {
144         return xt_register_matches(bpf_mt_reg, ARRAY_SIZE(bpf_mt_reg));
145 }
146 
147 static void __exit bpf_mt_exit(void)
148 {
149         xt_unregister_matches(bpf_mt_reg, ARRAY_SIZE(bpf_mt_reg));
150 }
151 
152 module_init(bpf_mt_init);
153 module_exit(bpf_mt_exit);
154 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp