net: filter: add vlan tag access

BPF filters lack ability to access skb->vlan_tci This patch adds two new ancillary accessors : SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb) SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb) This allows libpcap/tcpdump to use a kernel filter instead of having to fallback to accept all packets, then filter them in user space. Signed-off-by: Eric Dumazet <edumazet@google.com> Suggested-by: Ani Sinha <ani@aristanetworks.com> Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>

net: filter: add vlan tag access
BPF filters lack ability to access skb->vlan_tci This patch adds two new ancillary accessors : SKF_AD_VLAN_TAG (44) mapped to vlan_tx_tag_get(skb) SKF_AD_VLAN_TAG_PRESENT (48) mapped to vlan_tx_tag_present(skb) This allows libpcap/tcpdump to use a kernel filter instead of having to fallback to accept all packets, then filter them in user space. Signed-off-by: Eric Dumazet <edumazet@google.com> Suggested-by: Ani Sinha <ani@aristanetworks.com> Suggested-by: Daniel Borkmann <danborkmann@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet · David S. Miller
1 parent 0f6ae8f14e
Showing 3 changed files with 14 additions and 1 deletions Side-by-side Diff
include/linux/filter.h
include/uapi/linux/filter.h
net/core/filter.c
@@ -123,6 +123,8 @@
 	BPF_S_ANC_CPU,
 	BPF_S_ANC_ALU_XOR_X,
 	BPF_S_ANC_SECCOMP_LD_W,
+	BPF_S_ANC_VLAN_TAG,
+	BPF_S_ANC_VLAN_TAG_PRESENT,
 };
  
 #endif /* __LINUX_FILTER_H__ */
@@ -127,7 +127,9 @@
 #define SKF_AD_RXHASH	32
 #define SKF_AD_CPU	36
 #define SKF_AD_ALU_XOR_X	40
-#define SKF_AD_MAX	44
+#define SKF_AD_VLAN_TAG	44
+#define SKF_AD_VLAN_TAG_PRESENT 48
+#define SKF_AD_MAX	52
 #define SKF_NET_OFF   (-0x100000)
 #define SKF_LL_OFF    (-0x200000)
  
@@ -39,6 +39,7 @@
 #include <linux/reciprocal_div.h>
 #include <linux/ratelimit.h>
 #include <linux/seccomp.h>
+#include <linux/if_vlan.h>
  
 /* No hurry in this branch
  *
@@ -341,6 +342,12 @@
 		case BPF_S_ANC_CPU:
 			A = raw_smp_processor_id();
 			continue;
+		case BPF_S_ANC_VLAN_TAG:
+			A = vlan_tx_tag_get(skb);
+			continue;
+		case BPF_S_ANC_VLAN_TAG_PRESENT:
+			A = !!vlan_tx_tag_present(skb);
+			continue;
 		case BPF_S_ANC_NLATTR: {
 			struct nlattr *nla;
  
@@ -600,6 +607,8 @@
 			ANCILLARY(RXHASH);
 			ANCILLARY(CPU);
 			ANCILLARY(ALU_XOR_X);
+			ANCILLARY(VLAN_TAG);
+			ANCILLARY(VLAN_TAG_PRESENT);
 			}
 		}
 		ftest->code = code;
...	...	@@ -123,6 +123,8 @@
123	123	BPF_S_ANC_CPU,
124	124	BPF_S_ANC_ALU_XOR_X,
125	125	BPF_S_ANC_SECCOMP_LD_W,
	126	+ BPF_S_ANC_VLAN_TAG,
	127	+ BPF_S_ANC_VLAN_TAG_PRESENT,
126	128	};
127	129
128	130	#endif /* __LINUX_FILTER_H__ */
...	...	@@ -127,7 +127,9 @@
127	127	#define SKF_AD_RXHASH 32
128	128	#define SKF_AD_CPU 36
129	129	#define SKF_AD_ALU_XOR_X 40
130		-#define SKF_AD_MAX 44
	130	+#define SKF_AD_VLAN_TAG 44
	131	+#define SKF_AD_VLAN_TAG_PRESENT 48
	132	+#define SKF_AD_MAX 52
131	133	#define SKF_NET_OFF (-0x100000)
132	134	#define SKF_LL_OFF (-0x200000)
133	135
...	...	@@ -39,6 +39,7 @@
39	39	#include <linux/reciprocal_div.h>
40	40	#include <linux/ratelimit.h>
41	41	#include <linux/seccomp.h>
	42	+#include <linux/if_vlan.h>
42	43
43	44	/* No hurry in this branch
44	45	*
...	...	@@ -341,6 +342,12 @@
341	342	case BPF_S_ANC_CPU:
342	343	A = raw_smp_processor_id();
343	344	continue;
	345	+ case BPF_S_ANC_VLAN_TAG:
	346	+ A = vlan_tx_tag_get(skb);
	347	+ continue;
	348	+ case BPF_S_ANC_VLAN_TAG_PRESENT:
	349	+ A = !!vlan_tx_tag_present(skb);
	350	+ continue;
344	351	case BPF_S_ANC_NLATTR: {
345	352	struct nlattr *nla;
346	353
...	...	@@ -600,6 +607,8 @@
600	607	ANCILLARY(RXHASH);
601	608	ANCILLARY(CPU);
602	609	ANCILLARY(ALU_XOR_X);
	610	+ ANCILLARY(VLAN_TAG);
	611	+ ANCILLARY(VLAN_TAG_PRESENT);
603	612	}
604	613	}
605	614	ftest->code = code;