Skip to content

Commit 0b8c707

Browse files
borkmanndavem330
borkmann
authored and
davem330
committed
ebpf, filter: do not convert skb->protocol to host endianess during runtime
Commit c249739 ("bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields") has added support for accessing protocol, vlan_present and vlan_tci into the skb offset map. As referenced in the below discussion, accessing skb->protocol from an eBPF program should be converted without handling endianess. The reason for this is that an eBPF program could simply do a check more naturally, by f.e. testing skb->protocol == htons(ETH_P_IP), where the LLVM compiler resolves htons() against a constant automatically during compilation time, as opposed to an otherwise needed run time conversion. After all, the way of programming both from a user perspective differs quite a lot, i.e. bpf_asm ["ld proto"] versus a C subset/LLVM. Reference: https://patchwork.ozlabs.org/patch/450819/ Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent c4a6853 commit 0b8c707

File tree

1 file changed

+14
-15
lines changed

1 file changed

+14
-15
lines changed

net/core/filter.c

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -178,16 +178,6 @@ static u32 convert_skb_access(int skb_field, int dst_reg, int src_reg,
178178
offsetof(struct sk_buff, queue_mapping));
179179
break;
180180

181-
case SKF_AD_PROTOCOL:
182-
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
183-
184-
/* dst_reg = *(u16 *) (src_reg + offsetof(protocol)) */
185-
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
186-
offsetof(struct sk_buff, protocol));
187-
/* dst_reg = ntohs(dst_reg) [emitting a nop or swap16] */
188-
*insn++ = BPF_ENDIAN(BPF_FROM_BE, dst_reg, 16);
189-
break;
190-
191181
case SKF_AD_VLAN_TAG:
192182
case SKF_AD_VLAN_TAG_PRESENT:
193183
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2);
@@ -219,8 +209,13 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
219209

220210
switch (fp->k) {
221211
case SKF_AD_OFF + SKF_AD_PROTOCOL:
222-
cnt = convert_skb_access(SKF_AD_PROTOCOL, BPF_REG_A, BPF_REG_CTX, insn);
223-
insn += cnt - 1;
212+
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
213+
214+
/* A = *(u16 *) (CTX + offsetof(protocol)) */
215+
*insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX,
216+
offsetof(struct sk_buff, protocol));
217+
/* A = ntohs(A) [emitting a nop or swap16] */
218+
*insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16);
224219
break;
225220

226221
case SKF_AD_OFF + SKF_AD_PKTTYPE:
@@ -1224,6 +1219,13 @@ static u32 sk_filter_convert_ctx_access(int dst_reg, int src_reg, int ctx_off,
12241219
offsetof(struct sk_buff, len));
12251220
break;
12261221

1222+
case offsetof(struct __sk_buff, protocol):
1223+
BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2);
1224+
1225+
*insn++ = BPF_LDX_MEM(BPF_H, dst_reg, src_reg,
1226+
offsetof(struct sk_buff, protocol));
1227+
break;
1228+
12271229
case offsetof(struct __sk_buff, mark):
12281230
return convert_skb_access(SKF_AD_MARK, dst_reg, src_reg, insn);
12291231

@@ -1233,9 +1235,6 @@ static u32 sk_filter_convert_ctx_access(int dst_reg, int src_reg, int ctx_off,
12331235
case offsetof(struct __sk_buff, queue_mapping):
12341236
return convert_skb_access(SKF_AD_QUEUE, dst_reg, src_reg, insn);
12351237

1236-
case offsetof(struct __sk_buff, protocol):
1237-
return convert_skb_access(SKF_AD_PROTOCOL, dst_reg, src_reg, insn);
1238-
12391238
case offsetof(struct __sk_buff, vlan_present):
12401239
return convert_skb_access(SKF_AD_VLAN_TAG_PRESENT,
12411240
dst_reg, src_reg, insn);

0 commit comments

Comments
 (0)