From: Patrick McHardy <kaber@trash.net>
To: Paul LeoNerd Evans <leonerd@leonerd.org.uk>
Cc: netdev@vger.kernel.org
Subject: Re: [RFC] BPF program access to transport header
Date: Fri, 30 Apr 2010 22:15:09 +0200 [thread overview]
Message-ID: <4BDB3A4D.5020507@trash.net> (raw)
In-Reply-To: <20100430193916.GZ19334@cel.leo>
Paul LeoNerd Evans wrote:
> Via the SKF_NET_OFF extension area, a BPF program has nice easy access
> to the network header, wherever it might happen to be in the packet.
> This makes it simpler to write filters on e.g. IPv4 headers, knowing
> that fields will always be at simple offsets relative to SKF_NET_OFF.
> Using the data at WORD[SKF_AD_PROTO] it's easy also to find out what
> network protocol this is.
>
> I would like to provide similar for the transport header. Without doing
> so, it is very hard to parse e.g. UDP or TCP headers that may be
> contained within IPv6 protocol, because of the linked-list way IPv6
> headers chain on to each other. BPF doesn't provide a while() loop or
> any kind of backward jump, meaning the filter program has to be
> loop-unrolled a static number of times. This quickly leads to very large
> programs.
>
> I forsee a number of issues with trying to provide this:
>
> * How to provide the protocol number (e.g. 6 for TCP, 1 for ICMP) to
> the BPF program
Using one of the registers?
> * How to obtain the transport offset - AIUI, the skf_transport_offset()
> won't actually be set yet by the time the filter program runs.
For IPv4 its trivial. For IPv6 you could use ipv6_skip_exthdr().
A slightly more flexible way would be to use something like the
netfilter ipv6_find_hdr() function to get the offset of any header
type. The protocol number could be returned in one of the registers
(the other one would contain the offset).
> * What to do if the underlying protocol doesn't support a transport
> layer above it - e.g. ARP.
I'd say simply abort the filter.
> Ideally, this would make it easy to filter, say, TCP destination port
> 80, by doing the following:
>
> LD WORD[SKF_AD_PROTO]
> JEQ ETHERTYPE_IPV4, 1, fail
> JEQ ETHERTYPE_IPv6, 0, fail
>
> LD WORD[SKF_AD_TRANSPROTO]
> JEQ IPPROTO_TCP, 0, fail
>
> LD WORD[SKF_TRANS_OFF+0]
> JEQ 80, 0, fail
>
> LD len
> RET A
>
> fail:
> RET 0
>
> In this short simple BPF program we've avoided all the issues involved
> with trying to parse IPv6 headers.
>
> Can we make this work?
next prev parent reply other threads:[~2010-04-30 20:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-30 19:39 [RFC] BPF program access to transport header Paul LeoNerd Evans
2010-04-30 20:15 ` Patrick McHardy [this message]
2010-04-30 22:10 ` Paul LeoNerd Evans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BDB3A4D.5020507@trash.net \
--to=kaber@trash.net \
--cc=leonerd@leonerd.org.uk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.