On 06/19/2018 08:00 PM, Tushar Dave wrote:
[...]
> +int sg_filter_run(struct sock *sk, struct scatterlist *sg)
> +{
> + struct sk_filter *filter;
> + int err;
> +
> + rcu_read_lock();
> + filter = rcu_dereference(sk->sk_filter);
> + if (filter) {
> + struct bpf_scatterlist bpfsg;
> + int num_sg;
> +
> + if (!sg) {
> + err = -EINVAL;
> + goto out;
> + }
> +
> + num_sg = sg_nents(sg);
> + if (num_sg <= 0) {
> + err = -EINVAL;
> + goto out;
> + }
> +
> + /* We store a reference to the sg list so it can later used by
> + * eBPF helpers to retrieve the next sg element.
> + */
> + bpfsg.num_sg = num_sg;
> + bpfsg.cur_sg = 0;
> + bpfsg.sg = sg;
> +
> + /* For the first sg element, we store the pkt access pointers
> + * into start and end so eBPF program can have pkt access using
> + * data and data_end. The pkt access for subsequent element of
> + * sg list is possible when eBPF program invokes bpf_sg_next
> + * which takes care of setting start and end to the correct sg
> + * element.
> + */
> + bpfsg.start = sg_virt(sg);
> + bpfsg.end = bpfsg.start + sg->length;
> + BPF_PROG_RUN(filter->prog, &bpfsg);
Return code here from BPF prog is ignored entirely, I thought you wanted to
use it also for dropping packets? If UAPI would get frozen like this then it's
baked in stone.
> + }
> +out:
> + rcu_read_unlock();
> +
> + return err;
> +}
> +EXPORT_SYMBOL(sg_filter_run);
