summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorWillem de Bruijn <willemb@google.com>2016-12-08 17:09:38 -0500
committerPablo Neira Ayuso <pablo@netfilter.org>2016-12-10 14:04:28 +0100
commitf17f9ace8a84f6986235fc2d0fedc1fd5148a3bd (patch)
treed6bb856a7278cb57c8280fb18f8685ae894b554a /include
parentbb50942a62b2d76810babc0b1150895d9e5ef229 (diff)
extensions: libxt_bpf: support ebpf pinned objects
Exercise the new kernel feature introduced in commit 2c16d6033264 ("netfilter: xt_bpf: support ebpf") to load pinned eBPF programs. The new interface allows instantiating a bpf match using -m bpf --object-pinned ${PATH} where ${PATH} points to a node in a bpf virtual filesystem. See also the revised man page. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/xt_bpf.h25
1 files changed, 24 insertions, 1 deletions
diff --git a/include/linux/netfilter/xt_bpf.h b/include/linux/netfilter/xt_bpf.h
index 5dda450e..b97725af 100644
--- a/include/linux/netfilter/xt_bpf.h
+++ b/include/linux/netfilter/xt_bpf.h
@@ -2,16 +2,39 @@
#define _XT_BPF_H
#include <linux/filter.h>
+#include <linux/limits.h>
#include <linux/types.h>
#define XT_BPF_MAX_NUM_INSTR 64
+#define XT_BPF_PATH_MAX (XT_BPF_MAX_NUM_INSTR * sizeof(struct sock_filter))
+
+struct bpf_prog;
struct xt_bpf_info {
__u16 bpf_program_num_elem;
struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
/* only used in the kernel */
- struct sk_filter *filter __attribute__((aligned(8)));
+ struct bpf_prog *filter __attribute__((aligned(8)));
+};
+
+enum xt_bpf_modes {
+ XT_BPF_MODE_BYTECODE,
+ XT_BPF_MODE_FD_PINNED,
+ XT_BPF_MODE_FD_ELF,
+};
+
+struct xt_bpf_info_v1 {
+ __u16 mode;
+ __u16 bpf_program_num_elem;
+ __s32 fd;
+ union {
+ struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
+ char path[XT_BPF_PATH_MAX];
+ };
+
+ /* only used in the kernel */
+ struct bpf_prog *filter __attribute__((aligned(8)));
};
#endif /*_XT_BPF_H */