From da5fea5743073ef610350c947b827d4dc55f2d44 Mon Sep 17 00:00:00 2001 From: Kalimuthu Velappan Date: Fri, 4 Dec 2020 00:45:12 -0800 Subject: [PATCH] eBPF helper function for attribute search in the netlink message There are few network applications relying on Netlink subsystem to get notifications for net-device attribute changes like MTU, Speed, Oper-Status, Name, slave, slave info, etc. The Netlink subsystem notifies the application on every attribute change regardless of what is needed for the application. The attribute search support in EBPF filter helps to filter the Netlink packets based on the specific set of attributes that are needed for the application. The classical BPF supports attribute search but that doesn't support MAPS. The extended BPF supports MAPS, but the attribute search is not enabled. Hence this patch enables the support for attribute search in EBPF. This patch adds the support for following helper function. FN(skb_get_nlattr), FN(skb_get_nlattr_nest) skb_get_nlattr: Find a specific attribute in a stream of attributes skb_get_nlattr_nest: Find a specific attribute in a stream of nested attributes --- patch/netlink-socket-attribute-filter.patch | 70 +++++++++++++++++++++ patch/series | 1 + 2 files changed, 71 insertions(+) create mode 100644 patch/netlink-socket-attribute-filter.patch diff --git a/patch/netlink-socket-attribute-filter.patch b/patch/netlink-socket-attribute-filter.patch new file mode 100644 index 000000000..f15416edd --- /dev/null +++ b/patch/netlink-socket-attribute-filter.patch @@ -0,0 +1,70 @@ +diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h +index d143e27..64e86c2 100644 +--- a/include/uapi/linux/bpf.h ++++ b/include/uapi/linux/bpf.h +@@ -2228,7 +2228,9 @@ union bpf_attr { + FN(get_current_cgroup_id), \ + FN(get_local_storage), \ + FN(sk_select_reuseport), \ +- FN(skb_ancestor_cgroup_id), ++ FN(skb_ancestor_cgroup_id), \ ++ FN(skb_get_nlattr), \ ++ FN(skb_get_nlattr_nest), + + /* integer value in 'imm' field of BPF_CALL instruction selects which helper + * function eBPF program intends to call +diff --git a/net/core/filter.c b/net/core/filter.c +index 40b3af0..98e3995 100644 +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -2477,6 +2477,24 @@ static const struct bpf_func_proto bpf_set_hash_invalid_proto = { + .arg1_type = ARG_PTR_TO_CTX, + }; + ++static const struct bpf_func_proto bpf_skb_get_nlattr_proto = { ++ .func = bpf_skb_get_nlattr, ++ .gpl_only = false, ++ .ret_type = RET_INTEGER, ++ .arg1_type = ARG_PTR_TO_CTX, ++ .arg2_type = ARG_ANYTHING, ++ .arg3_type = ARG_ANYTHING, ++}; ++ ++static const struct bpf_func_proto skb_get_nlattr_nest_proto = { ++ .func = bpf_skb_get_nlattr_nest, ++ .gpl_only = false, ++ .ret_type = RET_INTEGER, ++ .arg1_type = ARG_PTR_TO_CTX, ++ .arg2_type = ARG_ANYTHING, ++ .arg3_type = ARG_ANYTHING, ++}; ++ + BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash) + { + /* Set user specified hash as L4(+), so that it gets returned +@@ -4976,6 +4994,10 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) + return &bpf_set_hash_proto; + case BPF_FUNC_perf_event_output: + return &bpf_skb_event_output_proto; ++ case BPF_FUNC_skb_get_nlattr: ++ return &bpf_skb_get_nlattr_proto; ++ case BPF_FUNC_skb_get_nlattr_nest: ++ return &skb_get_nlattr_nest_proto; + case BPF_FUNC_get_smp_processor_id: + return &bpf_get_smp_processor_id_proto; + case BPF_FUNC_skb_under_cgroup: +diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h +index bf4cd92..b35b72d 100644 +--- a/tools/include/uapi/linux/bpf.h ++++ b/tools/include/uapi/linux/bpf.h +@@ -2226,7 +2226,9 @@ union bpf_attr { + FN(get_current_cgroup_id), \ + FN(get_local_storage), \ + FN(sk_select_reuseport), \ +- FN(skb_ancestor_cgroup_id), ++ FN(skb_ancestor_cgroup_id), \ ++ FN(skb_get_nlattr), \ ++ FN(skb_get_nlattr_nest), + + /* integer value in 'imm' field of BPF_CALL instruction selects which helper + * function eBPF program intends to call diff --git a/patch/series b/patch/series index 32f66c8fc..890669cca 100755 --- a/patch/series +++ b/patch/series @@ -38,6 +38,7 @@ netlink-add-NLA_MIN_LEN.patch macsec-Netlink-support-of-XPN-cipher-suites-IEEE-802.patch Support-for-fullcone-nat.patch driver-ixgbe-external-phy.patch +netlink-socket-attribute-filter.patch # # This series applies on GIT commit 1451b36b2b0d62178e42f648d8a18131af18f7d8 # Tkernel-sched-core-fix-cgroup-fork-race.patch