Re: RFC: New BPF 'LOOP' instruction

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Paul LeoNerd Evans <leonerd@leonerd.org.uk>
To: David Miller <davem@davemloft.net>, netdev@vger.kernel.org
Cc: andi@firstfloor.org
Subject: Re: RFC: New BPF 'LOOP' instruction
Date: Tue, 3 Aug 2010 14:34:43 +0100	[thread overview]
Message-ID: <20100803133442.GQ11110@cel.leo> (raw)
In-Reply-To: <20100803.060754.26959298.davem@davemloft.net>

[-- Attachment #1: Type: text/plain, Size: 2260 bytes --]

On Tue, Aug 03, 2010 at 06:07:54AM -0700, David Miller wrote:
> > How about simply adding a "skip ipv6 extension headers until header type
> > X" opcode?
> > 
> > I bet that would solve most of the problems here in practice.
> 
> BPF really should not have protocol specific opcodes.

You mean like the LD MSH instruction, the "load a byte, mask by 0x0f then
shift up two bits" one that's specific to fetching an IPv4 header length?

Lets look at this another way around then. Ignore my LOOP instruction
idea.

Already -right now- BPF has the SKF_NET_OFF + SFK_AD_PROTO information.
Lets consider an Ethernet/IP/TCP packet we've received:

[Ethernet header | IP header | TCP header ....]
^                ^
|                |
|                +-- SKF_NET_OFF is here
+-- 0 is here

SKF_AD_PROTO == 0x0800 (IPv4)


What if we added a new constant SKF_TRANS_OFF to store the start address
of the transport header, and a new SKF_AD storage area for the transport
protocol:

[Ethernet header | IP header | TCP header ....]
^                ^           ^
|                |           |
|                |           +--  SKF_TRANS_OFF is here
|                +-- SKF_NET_OFF is here
+-- 0 is here

SKF_AD_PROTO == 0x0800 (IPv4)
SKF_AD_TRANSPROTO == 6 (IPPROTO_TCP)


Now it's easy to see how IPv6 header processing fits into this. No
longer do we have to calculate the length of the IPv6 header, we can
just start off directly looking at the TCP header. I wanted TCP port 80;
no problem:

    LD BYTE[SKF_AD_PROTO]
    JEQ 0x0800, 1, #reject
    JEQ 0x86dd, 0, #reject
    LD BYTE[SKF_AD_TRANSPROTO]
    JEQ 6, 0, #reject
    LD BYTE[SKF_NET_OFF+0]
    JEQ 80, #accept, 0
    LD BYTE[SKF_NET_OFF+2]
    JEQ 80, 0, #reject
  accept:
    LD len
    RET A
  reject:
    RET 0

Hey presto; I've just accepted TCP src or dest port 80 on IPv4 or IPv6
without having any code to actually -parse- IPv4 or '6 headers.


Does this sound workable?

-- 
Paul "LeoNerd" Evans

leonerd@leonerd.org.uk
ICQ# 4135350       |  Registered Linux# 179460
http://www.leonerd.org.uk/

-- 
Paul "LeoNerd" Evans

leonerd@leonerd.org.uk
ICQ# 4135350       |  Registered Linux# 179460
http://www.leonerd.org.uk/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 190 bytes --]

next prev parent reply	other threads:[~2010-08-03 13:34 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-02 11:03 RFC: New BGF 'LOOP' instruction Paul LeoNerd Evans
2010-08-02 11:13 ` RFC: New BPF " Paul LeoNerd Evans
2010-08-02 20:16 ` RFC: New BGF " Hagen Paul Pfeifer
2010-08-03  5:18   ` David Miller
2010-08-03  7:07     ` Paul LeoNerd Evans
2010-08-03  7:19       ` David Miller
2010-08-03  9:10         ` Hagen Paul Pfeifer
2010-08-03 13:40           ` Paul LeoNerd Evans
2010-08-03  9:03     ` Hagen Paul Pfeifer
2010-08-03  7:18   ` RFC: New BPF " Paul LeoNerd Evans
2010-08-03  5:13 ` RFC: New BGF " David Miller
2010-08-03  7:04   ` Paul LeoNerd Evans
2010-08-03  7:18     ` David Miller
2010-08-03 12:58       ` Andi Kleen
2010-08-03 13:07         ` David Miller
2010-08-03 13:34           ` Paul LeoNerd Evans [this message]
2010-08-03 13:42             ` RFC: New BPF " Paul LeoNerd Evans
2010-08-03 14:09             ` Rémi Denis-Courmont
2010-08-03 14:13               ` Paul LeoNerd Evans
2010-08-03 14:16                 ` Rémi Denis-Courmont
2010-08-03 14:19                   ` Paul LeoNerd Evans
2010-08-03 15:17                     ` Rémi Denis-Courmont
2010-08-03 15:27                       ` Paul LeoNerd Evans
2010-08-03 14:05           ` RFC: New BGF " Andi Kleen
2010-08-03 14:11             ` Paul LeoNerd Evans
2010-08-03 14:34               ` Paul LeoNerd Evans

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100803133442.GQ11110@cel.leo \
    --to=leonerd@leonerd.org.uk \
    --cc=andi@firstfloor.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).