filter: add ANC_PAY_OFFSET instruction for loading payload start offset
authorDaniel Borkmann <dborkman@redhat.com>
Tue, 19 Mar 2013 06:39:31 +0000 (06:39 +0000)
committerDavid S. Miller <davem@davemloft.net>
Wed, 20 Mar 2013 17:15:45 +0000 (13:15 -0400)
commit3e5289d5e3f98b7b5b8cac32e9e5a7004c067436
tree0e8c8a370dd758fdbefe689b627105c3fff8018f
parentf77668dc25b27270fe589031b22c432c3462b1d8
filter: add ANC_PAY_OFFSET instruction for loading payload start offset

It is very useful to do dynamic truncation of packets. In particular,
we're interested to push the necessary header bytes to the user space and
cut off user payload that should probably not be transferred for some reasons
(e.g. privacy, speed, or others). With the ancillary extension PAY_OFFSET,
we can load it into the accumulator, and return it. E.g. in bpfc syntax ...

        ld #poff        ; { 0x20, 0, 0, 0xfffff034 },
        ret a           ; { 0x16, 0, 0, 0x00000000 },

... as a filter will accomplish this without having to do a big hackery in
a BPF filter itself. Follow-up JIT implementations are welcome.

Thanks to Eric Dumazet for suggesting and discussing this during the
Netfilter Workshop in Copenhagen.

Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/filter.h
include/uapi/linux/filter.h
net/core/filter.c