From ea02f9411d9faa3553ed09ce0ec9f00ceae9885e Mon Sep 17 00:00:00 2001 From: Michal Sekletar Date: Fri, 17 Jan 2014 17:09:45 +0100 Subject: net: introduce SO_BPF_EXTENSIONS For user space packet capturing libraries such as libpcap, there's currently only one way to check which BPF extensions are supported by the kernel, that is, commit aa1113d9f85d ("net: filter: return -EINVAL if BPF_S_ANC* operation is not supported"). For querying all extensions at once this might be rather inconvenient. Therefore, this patch introduces a new option which can be used as an argument for getsockopt(), and allows one to obtain information about which BPF extensions are supported by the current kernel. As David Miller suggests, we do not need to define any bits right now and status quo can just return 0 in order to state that this versions supports SKF_AD_PROTOCOL up to SKF_AD_PAY_OFFSET. Later additions to BPF extensions need to add their bits to the bpf_tell_extensions() function, as documented in the comment. Signed-off-by: Michal Sekletar Cc: David Miller Reviewed-by: Daniel Borkmann Signed-off-by: David S. Miller --- include/linux/filter.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include/linux/filter.h') diff --git a/include/linux/filter.h b/include/linux/filter.h index ff4e40cd45b1..1a95a2dcf113 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -83,6 +83,17 @@ static inline void bpf_jit_free(struct sk_filter *fp) #define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns) #endif +static inline int bpf_tell_extensions(void) +{ + /* When adding new BPF extension it is necessary to enumerate + * it here, so userspace software which wants to know what is + * supported can do so by inspecting return value of this + * function + */ + + return 0; +} + enum { BPF_S_RET_K = 1, BPF_S_RET_A, -- cgit v1.2.3 From 37692299319db31f33f04ce418604781fa5710fb Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Tue, 21 Jan 2014 00:19:37 +0100 Subject: net: filter: let bpf_tell_extensions return SKF_AD_MAX Michal Sekletar added in commit ea02f9411d9f ("net: introduce SO_BPF_EXTENSIONS") a facility where user space can enquire the BPF ancillary instruction set, which is imho a step into the right direction for letting user space high-level to BPF optimizers make an informed decision for possibly using these extensions. The original rationale was to return through a getsockopt(2) a bitfield of which instructions are supported and which are not, as of right now, we just return 0 to indicate a base support for SKF_AD_PROTOCOL up to SKF_AD_PAY_OFFSET. Limitations of this approach are that this API which we need to maintain for a long time can only support a maximum of 32 extensions, and needs to be additionally maintained/updated when each new extension that comes in. I thought about this a bit more and what we can do here to overcome this is to just return SKF_AD_MAX. Since we never remove any extension since we cannot break user space and always linearly increase SKF_AD_MAX on each newly added extension, user space can make a decision on what extensions are supported in the whole set of extensions and which aren't, by just checking which of them from the whole set have an offset < SKF_AD_MAX of the underlying kernel. Since SKF_AD_MAX must be updated each time we add new ones, we don't need to introduce an additional enum and got maintenance for free. At some point in time when SO_BPF_EXTENSIONS becomes ubiquitous for most kernels, then an application can simply make use of this and easily be run on newer or older underlying kernels without needing to be recompiled, of course. Since that is for 3.14, it's not too late to do this change. Cc: Michal Sekletar Cc: Eric Dumazet Signed-off-by: Daniel Borkmann Acked-by: Michal Sekletar Signed-off-by: David S. Miller --- include/linux/filter.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'include/linux/filter.h') diff --git a/include/linux/filter.h b/include/linux/filter.h index 1a95a2dcf113..e568c8ef896b 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -85,13 +85,7 @@ static inline void bpf_jit_free(struct sk_filter *fp) static inline int bpf_tell_extensions(void) { - /* When adding new BPF extension it is necessary to enumerate - * it here, so userspace software which wants to know what is - * supported can do so by inspecting return value of this - * function - */ - - return 0; + return SKF_AD_MAX; } enum { -- cgit v1.2.3