diff options
author | Willem de Bruijn <willemb@google.com> | 2016-12-08 17:09:38 -0500 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-10 14:04:28 +0100 |
commit | f17f9ace8a84f6986235fc2d0fedc1fd5148a3bd (patch) | |
tree | d6bb856a7278cb57c8280fb18f8685ae894b554a /include/linux | |
parent | bb50942a62b2d76810babc0b1150895d9e5ef229 (diff) |
extensions: libxt_bpf: support ebpf pinned objects
Exercise the new kernel feature introduced in commit 2c16d6033264
("netfilter: xt_bpf: support ebpf") to load pinned eBPF programs.
The new interface allows instantiating a bpf match using
-m bpf --object-pinned ${PATH}
where ${PATH} points to a node in a bpf virtual filesystem. See
also the revised man page.
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/xt_bpf.h | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/include/linux/netfilter/xt_bpf.h b/include/linux/netfilter/xt_bpf.h index 5dda450e..b97725af 100644 --- a/include/linux/netfilter/xt_bpf.h +++ b/include/linux/netfilter/xt_bpf.h @@ -2,16 +2,39 @@ #define _XT_BPF_H #include <linux/filter.h> +#include <linux/limits.h> #include <linux/types.h> #define XT_BPF_MAX_NUM_INSTR 64 +#define XT_BPF_PATH_MAX (XT_BPF_MAX_NUM_INSTR * sizeof(struct sock_filter)) + +struct bpf_prog; struct xt_bpf_info { __u16 bpf_program_num_elem; struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; /* only used in the kernel */ - struct sk_filter *filter __attribute__((aligned(8))); + struct bpf_prog *filter __attribute__((aligned(8))); +}; + +enum xt_bpf_modes { + XT_BPF_MODE_BYTECODE, + XT_BPF_MODE_FD_PINNED, + XT_BPF_MODE_FD_ELF, +}; + +struct xt_bpf_info_v1 { + __u16 mode; + __u16 bpf_program_num_elem; + __s32 fd; + union { + struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; + char path[XT_BPF_PATH_MAX]; + }; + + /* only used in the kernel */ + struct bpf_prog *filter __attribute__((aligned(8))); }; #endif /*_XT_BPF_H */ |