On 5/3/18 6:45 PM, Daniel Borkmann wrote:
>> + .ret_type = RET_INTEGER,
>> + .arg1_type = ARG_PTR_TO_CTX,
>> + .arg2_type = ARG_PTR_TO_MEM,
>> + .arg3_type = ARG_CONST_SIZE,
>> + .arg4_type = ARG_ANYTHING,
>> +};
>> +
>> +BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, skb,
>> + struct bpf_fib_lookup *, params, int, plen, u32, flags)
>> +{
>> + if (plen < sizeof(*params))
>> + return -EINVAL;
>> +
>> + switch (params->family) {
>> +#if IS_ENABLED(CONFIG_INET)
>> + case AF_INET:
>> + return bpf_ipv4_fib_lookup(dev_net(skb->dev), params, flags);
>> +#endif
>> +#if IS_ENABLED(CONFIG_IPV6)
>> + case AF_INET6:
>> + return bpf_ipv6_fib_lookup(dev_net(skb->dev), params, flags);
>> +#endif
>> + }
>> + return -ENOTSUPP;
>> +}
>> +
>> +static const struct bpf_func_proto bpf_skb_fib_lookup_proto = {
>> + .func = bpf_skb_fib_lookup,
>> + .gpl_only = true,
>> + .pkt_access = true,
>
> ... this should both not be marked as pkt_access = true. What this means is
> that
> arg2, which is the struct bpf_fib_lookup, could come from the raw packet
> buffer.
leftover from the first version which did pass in the packet. Will remove.
