[RFC bpf-next 3/7] bpf: sync tools/include/uapi/linux/bpf.h for pcap support

[Alan Maguire]

sync bpf.h updates for bpf_pcap helper and associated definitions

Signed-off-by: Alan Maguire <alan.magu...@oracle.com>
---
 tools/include/uapi/linux/bpf.h | 92 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 91 insertions(+), 1 deletion(-)

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 77c6be9..13f86d3 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2750,6 +2750,54 @@ struct bpf_stack_build_id {
  *             **-EOPNOTSUPP** kernel configuration does not enable SYN cookies
  *
  *             **-EPROTONOSUPPORT** IP packet version is not 4 or 6
+ *
+ * int bpf_pcap(void *data, u32 size, struct bpf_map *map, int protocol,
+ *             u64 flags)
+ *     Description
+ *             Write packet data from *data* into a special BPF perf event
+ *              held by *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This
+ *             perf event has the same attributes as perf events generated
+ *             by bpf_perf_event_output.  For skb and xdp programs, *data*
+ *             is the relevant context, while for tracing programs,
+ *             *data* must be a pointer to a **struct sk_buff** derived
+ *             from kprobe or tracepoint arguments.
+ *
+ *             Metadata for this event is a **struct bpf_pcap_hdr**; this
+ *             contains the capture length, actual packet length and
+ *             the starting protocol.
+ *
+ *             The max number of bytes of context to store is specified via
+ *             *size*.
+ *
+ *             The flags value can be used to specify an id value of up
+ *             to 48 bits; the id can be used to correlate captured packets
+ *             with other trace data, since the passed-in flags value is stored
+ *             stored in the **struct bpf_pcap_hdr** in the **flags** field.
+ *             Specifying **BPF_F_PCAP_ID_IIFINDEX** and a non-zero value in
+ *             the id portion of the flags limits capture events to skbs
+ *             with the specified incoming ifindex, allowing limiting of
+ *             tracing to the the associated interface.  Specifying
+ *             **BPF_F_PCAP_STRICT_TYPE** will cause *bpf_pcap* to return
+ *             -EPROTO and skip capture if a specific protocol is specified
+ *             and it does not match the current skb.  These additional flags
+ *             are only valid (and useful) for tracing programs.
+ *
+ *             The *protocol* value specifies the protocol type of the start
+ *             of the packet so that packet capture can carry out
+ *             interpretation.  See **pcap-linktype** (7) for details on
+ *             the supported values.
+ *
+ *     Return
+ *             0 on success, or a negative error in case of failure.
+ *             -ENOENT will be returned if the associated perf event
+ *             map entry is empty, the skb is zero-length,  or the incoming
+ *             ifindex was specified and we failed to match.
+ *             -EPROTO will be returned if **BPF_PCAP_TYPE_UNSET** is specified
+ *             and no protocol can be determined, or if we specify a protocol
+ *             along with **BPF_F_PCAP_STRICT_TYPE** and the skb protocol does
+ *             not match.
+ *             -EINVAL will be returned if the flags value is invalid.
+ *
  */
 #define __BPF_FUNC_MAPPER(FN)          \
        FN(unspec),                     \
@@ -2862,7 +2910,8 @@ struct bpf_stack_build_id {
        FN(sk_storage_get),             \
        FN(sk_storage_delete),          \
        FN(send_signal),                \
-       FN(tcp_gen_syncookie),
+       FN(tcp_gen_syncookie),          \
+       FN(pcap),
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
  * function eBPF program intends to call
@@ -2941,6 +2990,11 @@ enum bpf_func_id {
 /* BPF_FUNC_sk_storage_get flags */
 #define BPF_SK_STORAGE_GET_F_CREATE    (1ULL << 0)
 
+/* BPF_FUNC_pcap flags */
+#define        BPF_F_PCAP_ID_MASK              0xffffffffffff
+#define BPF_F_PCAP_ID_IIFINDEX         (1ULL << 48)
+#define BPF_F_PCAP_STRICT_TYPE         (1ULL << 56)
+
 /* Mode for BPF_FUNC_skb_adjust_room helper. */
 enum bpf_adj_room_mode {
        BPF_ADJ_ROOM_NET,
@@ -3613,4 +3667,40 @@ struct bpf_sockopt {
        __s32   retval;
 };
 
+/* bpf_pcap_hdr contains information related to a particular packet capture
+ * flow.  It specifies
+ *
+ * - a magic number BPF_PCAP_MAGIC which identifies the perf event as
+ *   a pcap-related event.
+ * - a starting protocol is the protocol associated with the header
+ * - a flags value, copied from the flags value passed into bpf_pcap().
+ *   IDs can be used to correlate packet capture data and other tracing data.
+ *
+ * bpf_pcap_hdr also contains the information relating to the to-be-captured
+ * packet, and closely corresponds to the struct pcap_pkthdr used by
+ * pcap_dump (3PCAP).  The bpf_pcap helper sets ktime_ns (nanoseconds since
+ * boot) to the ktime_ns value; to get sensible pcap times this value should
+ * be converted to a struct timeval time since epoch in the struct pcap_pkthdr.
+ *
+ * When bpf_pcap() is used, a "struct bpf_pcap_hdr" is stored as we
+ * need both information about the particular packet and the protocol
+ * we are capturing.
+ */
+
+#define BPF_PCAP_MAGIC         0xb7fca7
+
+struct bpf_pcap_hdr {
+       __u32                   magic;
+       int                     protocol;
+       __u64                   flags;
+       __u64                   ktime_ns;
+       __u32                   tot_len;
+       __u32                   cap_len;
+       __u8                    data[0];
+};
+
+#define BPF_PCAP_TYPE_UNSET    -1
+#define BPF_PCAP_TYPE_ETH      1
+#define        BPF_PCAP_TYPE_IP        12
+
 #endif /* _UAPI__LINUX_BPF_H__ */
-- 
1.8.3.1