On 06/29/2018 01:32 AM, Daniel Borkmann wrote:
On 06/19/2018 08:00 PM, Tushar Dave wrote: [...]+int sg_filter_run(struct sock *sk, struct scatterlist *sg) +{ + struct sk_filter *filter; + int err; + + rcu_read_lock(); + filter = rcu_dereference(sk->sk_filter); + if (filter) { + struct bpf_scatterlist bpfsg; + int num_sg; + + if (!sg) { + err = -EINVAL; + goto out; + } + + num_sg = sg_nents(sg); + if (num_sg <= 0) { + err = -EINVAL; + goto out; + } + + /* We store a reference to the sg list so it can later used by + * eBPF helpers to retrieve the next sg element. + */ + bpfsg.num_sg = num_sg; + bpfsg.cur_sg = 0; + bpfsg.sg = sg; + + /* For the first sg element, we store the pkt access pointers + * into start and end so eBPF program can have pkt access using + * data and data_end. The pkt access for subsequent element of + * sg list is possible when eBPF program invokes bpf_sg_next + * which takes care of setting start and end to the correct sg + * element. + */ + bpfsg.start = sg_virt(sg); + bpfsg.end = bpfsg.start + sg->length; + BPF_PROG_RUN(filter->prog, &bpfsg);Return code here from BPF prog is ignored entirely, I thought you wanted to use it also for dropping packets? If UAPI would get frozen like this then it's baked in stone.
Yeah, I am going to add return code necessary for pass, drop and forward. I will do that. Thanks. -Tushar
+ } +out: + rcu_read_unlock(); + + return err; +} +EXPORT_SYMBOL(sg_filter_run);
