From patchwork Sat Mar 15 19:03:01 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pablo Neira Ayuso <pablo@netfilter.org>
X-Patchwork-Id: 330671
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id B7C7C2C00A7
	for <incoming@patchwork.ozlabs.org>;
	Sun, 16 Mar 2014 06:04:15 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756108AbaCOTDS (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sat, 15 Mar 2014 15:03:18 -0400
Received: from mail.us.es ([193.147.175.20]:58508 "EHLO mail.us.es"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755987AbaCOTDR (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Sat, 15 Mar 2014 15:03:17 -0400
Received: (qmail 5247 invoked from network); 15 Mar 2014 20:03:14 +0100
Received: from unknown (HELO us.es) (192.168.2.11)
	by us.es with SMTP; 15 Mar 2014 20:03:14 +0100
Received: (qmail 17462 invoked by uid 507); 15 Mar 2014 19:03:14 -0000
X-Qmail-Scanner-Diagnostics: from 127.0.0.1 by antivirus1 (envelope-from
	<pneira@us.es>, uid 501) with qmail-scanner-2.10
	(clamdscan: 0.98.1/18604. spamassassin: 3.3.2.  
	Clear:RC:1(127.0.0.1):SA:0(-97.6/7.5):.
	Processed in 12.277969 secs); 15 Mar 2014 19:03:14 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on antivirus1
X-Spam-Level: 
X-Spam-Status: No, score=-97.6 required=7.5 tests=BAYES_50,RCVD_IN_BRBL,
	RCVD_IN_BRBL_LASTEXT,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,
	RDNS_DYNAMIC, SMTPAUTH_US, SPF_HELO_FAIL,
	USER_IN_WHITELIST autolearn=disabled version=3.3.2
X-Spam-ASN: AS12715 188.78.0.0/16
X-Envelope-From: pneira@us.es
Received: from unknown (HELO antivirus1) (127.0.0.1)
	by us.es with SMTP; 15 Mar 2014 19:03:02 -0000
Received: from 192.168.1.13 (192.168.1.13)
	by antivirus1 (F-Secure/fsigk_smtp/412/antivirus1);
	Sat, 15 Mar 2014 20:03:02 +0100 (CET)
X-Virus-Status: clean(F-Secure/fsigk_smtp/412/antivirus1)
Received: (qmail 10325 invoked from network); 15 Mar 2014 20:03:02 +0100
Received: from 243.234.78.188.dynamic.jazztel.es (HELO us.es)
	(1984lsi@188.78.234.243)
	by mail.us.es with AES128-SHA encrypted SMTP;
	15 Mar 2014 20:03:02 +0100
Date: Sat, 15 Mar 2014 20:03:01 +0100
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alexei Starovoitov <ast@plumgrid.com>
Cc: Daniel Borkmann <dborkman@redhat.com>, netfilter-devel@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>,
	Network Development <netdev@vger.kernel.org>,
	Patrick McHardy <kaber@trash.net>, Eric Dumazet <eric.dumazet@gmail.com>,
	LKML <linux-kernel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH RFC 0/9] socket filtering using nf_tables
Message-ID: <20140315190301.GA4458@localhost>
References: <1394529560-3490-1-git-send-email-pablo@netfilter.org>
	<531EE5A2.7090501@redhat.com>
	<CAMEtUuyJne-8uNtOAK7EcFFQNXz9m7J2DDLGH_GbYe6oWZx1pQ@mail.gmail.com>
	<20140312091500.GA4638@localhost>
	<CAMEtUuztfWniTr+3u6ttuygvG=xYdp0ANn_w9MGqacQvHrXtWA@mail.gmail.com>
	<20140313122913.GA4898@localhost>
	<CAMEtUuwV2=8sVdmfKSOytC8LKsw2RX+fgfxvucSVV0=L0XEkOg@mail.gmail.com>
	<20140314181600.GA2809@localhost>
	<CAMEtUuzFkCgpvMy-V5iZycfpLQmebc_Jq-MedD=FJn-EEDkdcg@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: 
 <CAMEtUuzFkCgpvMy-V5iZycfpLQmebc_Jq-MedD=FJn-EEDkdcg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

On Fri, Mar 14, 2014 at 09:04:50PM -0700, Alexei Starovoitov wrote:
[...]
> In the patches I sent, ebpf is _not_ exposed to the user.

From your last patch: http://patchwork.ozlabs.org/patch/329713/

        __u16   code;   /* Actual filter code */
        __u8    jt;     /* Jump true */
@@ -27,6 +28,14 @@  struct sock_filter {        /* Filter block */
        __u32   k;      /* Generic multiuse field */
 };
 
+struct sock_filter_ext {
+       __u8    code;    /* opcode */
+       __u8    a_reg:4; /* dest register */
+       __u8    x_reg:4; /* source register */
+       __s16   off;     /* signed offset */
+       __s32   imm;     /* signed immediate constant */
+};
+
 struct sock_fprog {    /* Required for SO_ATTACH_FILTER. */
        unsigned short          len;    /* Number of filter blocks */
        struct sock_filter __user *filter;

That sock_filter_ext structure is exposed to userspace as well as many
other new BPF_* macros that you have defined.
---
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/uapi/linux/filter.h b/include/uapi/linux/filter.h
index 8eb9ccaa5b48..4e98fe16ba88 100644
--- a/include/uapi/linux/filter.h
+++ b/include/uapi/linux/filter.h
@@ -1,5 +1,6 @@ 
 /*
  * Linux Socket Filter Data Structures
+ * Extended BPF is Copyright (c) 2011-2014, PLUMgrid, http://plumgrid.com
  */
 
 #ifndef _UAPI__LINUX_FILTER_H__
@@ -19,7 +20,7 @@ 
  *     Try and keep these values and structures similar to BSD,
  *     especially
  *     the BPF code definitions which need to match so you can share
  *     filters
  */
- 
+
 struct sock_filter {   /* Filter block */