socket: properly support SO_ATTACH_FILTER sockopt #274
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The SO_ATTACH_FILTER socket option requires special handling as it is not
passing a self-contained structure to the kernel but a pointer to user
memory holding the actual BPF bytecode.
In order to properly support this, first rework the ucode value to C struct
conversion callback machinery to pass an indirect struct base pointer,
allowing conversion callbacks to realloc the struct memory as needed.
Finally introduce custom uv to C conversion for the BPF data which accepts
either a raw bytecode string, an array of opcode arrays or a flat array of
opcode values which are converted into a C array of struct sock_filter
records appended to the reallocated struct memory.
Attaching a BPF program equivalent to the tcpdump expression
`vlan 20 && ether proto 0x1234` would then look like this:
sock.setopt(SOL_SOCKET, SO_ATTACH_FILTER, {
filter: [
[ 0x28, 0, 0, 0x0000000c ],
[ 0x15, 2, 0, 0x00008100 ],
[ 0x15, 1, 0, 0x000088a8 ],
[ 0x15, 0, 6, 0x00009100 ],
[ 0x28, 0, 0, 0x0000000e ],
[ 0x54, 0, 0, 0x00000fff ],
[ 0x15, 0, 3, 0x00000014 ],
[ 0x28, 0, 0, 0x00000010 ],
[ 0x15, 0, 1, 0x00001234 ],
[ 0x6, 0, 0, 0x00040000 ],
[ 0x6, 0, 0, 0x00000000 ],
]
});
Signed-off-by: Jo-Philipp Wich <[email protected]>
jow-
force-pushed
the
socket-filter-sockopt-support
branch
from
1f810a6 to
001ced1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The SO_ATTACH_FILTER socket option requires special handling as it is not passing a self-contained structure to the kernel but a pointer to user memory holding the actual BPF bytecode.
In order to properly support this, first rework the ucode value to C struct conversion callback machinery to pass an indirect struct base pointer, allowing conversion callbacks to realloc the struct memory as needed.
Finally introduce custom uv to C conversion for the BPF data which accepts either a raw bytecode string, an array of opcode arrays or a flat array of opcode values which are converted into a C array of struct sock_filter records appended to the reallocated struct memory.
Attaching a BPF program equivalent to the tcpdump expression
vlan 20 && ether proto 0x1234would then look like this: