| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Linux Socket Filter Data Structures |
| 3 | */ |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 4 | #ifndef __LINUX_FILTER_H__ |
| 5 | #define __LINUX_FILTER_H__ |
| 6 | |
| Arun Sharma | 60063497 | 2011-07-26 16:09:06 -0700 | [diff] [blame] | 7 | #include <linux/atomic.h> |
| Will Drewry | 0c5fe1b | 2012-04-12 16:47:53 -0500 | [diff] [blame] | 8 | #include <linux/compat.h> |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 9 | #include <linux/workqueue.h> |
| David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 10 | #include <uapi/linux/filter.h> |
| Heiko Carstens | 792d4b5 | 2011-05-22 07:08:11 +0000 | [diff] [blame] | 11 | |
| Will Drewry | 0c5fe1b | 2012-04-12 16:47:53 -0500 | [diff] [blame] | 12 | #ifdef CONFIG_COMPAT |
| 13 | /* |
| 14 | * A struct sock_filter is architecture independent. |
| 15 | */ |
| 16 | struct compat_sock_fprog { |
| 17 | u16 len; |
| 18 | compat_uptr_t filter; /* struct sock_filter * */ |
| 19 | }; |
| 20 | #endif |
| 21 | |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 22 | struct sock_fprog_kern { |
| 23 | u16 len; |
| 24 | struct sock_filter *filter; |
| 25 | }; |
| 26 | |
| Heiko Carstens | 792d4b5 | 2011-05-22 07:08:11 +0000 | [diff] [blame] | 27 | struct sk_buff; |
| 28 | struct sock; |
| 29 | |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 30 | struct sk_filter { |
| Stephen Hemminger | b715631 | 2008-04-10 01:33:47 -0700 | [diff] [blame] | 31 | atomic_t refcnt; |
| Daniel Borkmann | f8bbbfc | 2014-03-28 18:58:18 +0100 | [diff] [blame] | 32 | u32 jited:1, /* Is our filter JIT'ed? */ |
| 33 | len:31; /* Number of filter blocks */ |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 34 | struct sock_fprog_kern *orig_prog; /* Original BPF program */ |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 35 | struct rcu_head rcu; |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 36 | unsigned int (*bpf_func)(const struct sk_buff *skb, |
| 37 | const struct sock_filter *filter); |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 38 | union { |
| 39 | struct sock_filter insns[0]; |
| 40 | struct work_struct work; |
| 41 | }; |
| Stephen Hemminger | b715631 | 2008-04-10 01:33:47 -0700 | [diff] [blame] | 42 | }; |
| 43 | |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 44 | static inline unsigned int sk_filter_size(unsigned int proglen) |
| Stephen Hemminger | b715631 | 2008-04-10 01:33:47 -0700 | [diff] [blame] | 45 | { |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 46 | return max(sizeof(struct sk_filter), |
| 47 | offsetof(struct sk_filter, insns[proglen])); |
| Stephen Hemminger | b715631 | 2008-04-10 01:33:47 -0700 | [diff] [blame] | 48 | } |
| 49 | |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 50 | #define sk_filter_proglen(fprog) \ |
| 51 | (fprog->len * sizeof(fprog->filter[0])) |
| 52 | |
| Stephen Hemminger | 43db6d6 | 2008-04-10 01:43:09 -0700 | [diff] [blame] | 53 | extern int sk_filter(struct sock *sk, struct sk_buff *skb); |
| Eric Dumazet | 62ab081 | 2010-12-06 20:50:09 +0000 | [diff] [blame] | 54 | extern unsigned int sk_run_filter(const struct sk_buff *skb, |
| Eric Dumazet | 93aaae2 | 2010-11-19 09:49:59 -0800 | [diff] [blame] | 55 | const struct sock_filter *filter); |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 56 | |
| Jiri Pirko | 302d663 | 2012-03-31 11:01:19 +0000 | [diff] [blame] | 57 | extern int sk_unattached_filter_create(struct sk_filter **pfp, |
| 58 | struct sock_fprog *fprog); |
| 59 | extern void sk_unattached_filter_destroy(struct sk_filter *fp); |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 60 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 61 | extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); |
| Pavel Emelyanov | 55b3332 | 2007-10-17 21:21:26 -0700 | [diff] [blame] | 62 | extern int sk_detach_filter(struct sock *sk); |
| Daniel Borkmann | a3ea269 | 2014-03-28 18:58:19 +0100 | [diff] [blame^] | 63 | |
| Dan Carpenter | 4f25af2 | 2011-10-17 21:04:20 +0000 | [diff] [blame] | 64 | extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen); |
| Pavel Emelyanov | a8fc927 | 2012-11-01 02:01:48 +0000 | [diff] [blame] | 65 | extern int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, unsigned len); |
| Nicolas Dichtel | ed13998 | 2013-06-05 15:30:55 +0200 | [diff] [blame] | 66 | extern void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to); |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 67 | |
| 68 | #ifdef CONFIG_BPF_JIT |
| Xi Wang | 20074f3 | 2013-05-01 16:24:08 -0400 | [diff] [blame] | 69 | #include <stdarg.h> |
| Chen Gang | a691ce7 | 2013-03-28 15:24:53 +0000 | [diff] [blame] | 70 | #include <linux/linkage.h> |
| 71 | #include <linux/printk.h> |
| 72 | |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 73 | extern void bpf_jit_compile(struct sk_filter *fp); |
| 74 | extern void bpf_jit_free(struct sk_filter *fp); |
| Daniel Borkmann | 7961780 | 2013-03-21 22:22:03 +0100 | [diff] [blame] | 75 | |
| 76 | static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, |
| 77 | u32 pass, void *image) |
| 78 | { |
| Eric Dumazet | 1649544 | 2013-05-17 16:57:37 +0000 | [diff] [blame] | 79 | pr_err("flen=%u proglen=%u pass=%u image=%pK\n", |
| Daniel Borkmann | 7961780 | 2013-03-21 22:22:03 +0100 | [diff] [blame] | 80 | flen, proglen, pass, image); |
| 81 | if (image) |
| Eric Dumazet | 1649544 | 2013-05-17 16:57:37 +0000 | [diff] [blame] | 82 | print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, |
| Daniel Borkmann | 7961780 | 2013-03-21 22:22:03 +0100 | [diff] [blame] | 83 | 16, 1, image, proglen, false); |
| 84 | } |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 85 | #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns) |
| 86 | #else |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 87 | #include <linux/slab.h> |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 88 | static inline void bpf_jit_compile(struct sk_filter *fp) |
| 89 | { |
| 90 | } |
| 91 | static inline void bpf_jit_free(struct sk_filter *fp) |
| 92 | { |
| Alexei Starovoitov | d45ed4a | 2013-10-04 00:14:06 -0700 | [diff] [blame] | 93 | kfree(fp); |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 94 | } |
| 95 | #define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns) |
| 96 | #endif |
| 97 | |
| Michal Sekletar | ea02f94 | 2014-01-17 17:09:45 +0100 | [diff] [blame] | 98 | static inline int bpf_tell_extensions(void) |
| 99 | { |
| Daniel Borkmann | 3769229 | 2014-01-21 00:19:37 +0100 | [diff] [blame] | 100 | return SKF_AD_MAX; |
| Michal Sekletar | ea02f94 | 2014-01-17 17:09:45 +0100 | [diff] [blame] | 101 | } |
| 102 | |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 103 | enum { |
| 104 | BPF_S_RET_K = 1, |
| 105 | BPF_S_RET_A, |
| 106 | BPF_S_ALU_ADD_K, |
| 107 | BPF_S_ALU_ADD_X, |
| 108 | BPF_S_ALU_SUB_K, |
| 109 | BPF_S_ALU_SUB_X, |
| 110 | BPF_S_ALU_MUL_K, |
| 111 | BPF_S_ALU_MUL_X, |
| 112 | BPF_S_ALU_DIV_X, |
| Eric Dumazet | b6069a9 | 2012-09-07 22:03:35 +0000 | [diff] [blame] | 113 | BPF_S_ALU_MOD_K, |
| 114 | BPF_S_ALU_MOD_X, |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 115 | BPF_S_ALU_AND_K, |
| 116 | BPF_S_ALU_AND_X, |
| 117 | BPF_S_ALU_OR_K, |
| 118 | BPF_S_ALU_OR_X, |
| Daniel Borkmann | 9e49e88 | 2012-09-24 02:23:59 +0000 | [diff] [blame] | 119 | BPF_S_ALU_XOR_K, |
| 120 | BPF_S_ALU_XOR_X, |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 121 | BPF_S_ALU_LSH_K, |
| 122 | BPF_S_ALU_LSH_X, |
| 123 | BPF_S_ALU_RSH_K, |
| 124 | BPF_S_ALU_RSH_X, |
| 125 | BPF_S_ALU_NEG, |
| 126 | BPF_S_LD_W_ABS, |
| 127 | BPF_S_LD_H_ABS, |
| 128 | BPF_S_LD_B_ABS, |
| 129 | BPF_S_LD_W_LEN, |
| 130 | BPF_S_LD_W_IND, |
| 131 | BPF_S_LD_H_IND, |
| 132 | BPF_S_LD_B_IND, |
| 133 | BPF_S_LD_IMM, |
| 134 | BPF_S_LDX_W_LEN, |
| 135 | BPF_S_LDX_B_MSH, |
| 136 | BPF_S_LDX_IMM, |
| 137 | BPF_S_MISC_TAX, |
| 138 | BPF_S_MISC_TXA, |
| 139 | BPF_S_ALU_DIV_K, |
| 140 | BPF_S_LD_MEM, |
| 141 | BPF_S_LDX_MEM, |
| 142 | BPF_S_ST, |
| 143 | BPF_S_STX, |
| 144 | BPF_S_JMP_JA, |
| 145 | BPF_S_JMP_JEQ_K, |
| 146 | BPF_S_JMP_JEQ_X, |
| 147 | BPF_S_JMP_JGE_K, |
| 148 | BPF_S_JMP_JGE_X, |
| 149 | BPF_S_JMP_JGT_K, |
| 150 | BPF_S_JMP_JGT_X, |
| 151 | BPF_S_JMP_JSET_K, |
| 152 | BPF_S_JMP_JSET_X, |
| 153 | /* Ancillary data */ |
| 154 | BPF_S_ANC_PROTOCOL, |
| 155 | BPF_S_ANC_PKTTYPE, |
| 156 | BPF_S_ANC_IFINDEX, |
| 157 | BPF_S_ANC_NLATTR, |
| 158 | BPF_S_ANC_NLATTR_NEST, |
| 159 | BPF_S_ANC_MARK, |
| 160 | BPF_S_ANC_QUEUE, |
| 161 | BPF_S_ANC_HATYPE, |
| 162 | BPF_S_ANC_RXHASH, |
| 163 | BPF_S_ANC_CPU, |
| Jiri Pirko | ffe06c1 | 2012-03-31 11:01:20 +0000 | [diff] [blame] | 164 | BPF_S_ANC_ALU_XOR_X, |
| Will Drewry | 46b325c | 2012-04-12 16:47:52 -0500 | [diff] [blame] | 165 | BPF_S_ANC_SECCOMP_LD_W, |
| Eric Dumazet | f333503 | 2012-10-27 02:26:17 +0000 | [diff] [blame] | 166 | BPF_S_ANC_VLAN_TAG, |
| 167 | BPF_S_ANC_VLAN_TAG_PRESENT, |
| Daniel Borkmann | 3e5289d | 2013-03-19 06:39:31 +0000 | [diff] [blame] | 168 | BPF_S_ANC_PAY_OFFSET, |
| Eric Dumazet | 0a14842 | 2011-04-20 09:27:32 +0000 | [diff] [blame] | 169 | }; |
| 170 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 171 | #endif /* __LINUX_FILTER_H__ */ |