diff options
| author | Paul Chaignon <paul.chaignon@gmail.com> | 2023-09-06 15:38:44 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2023-09-13 07:31:19 +0000 |
| commit | d966708639b67fe767995dfab47bf4296201993f (patch) | |
| tree | 4b67608ccaf394b1e16bdac43745e338af9fe0a9 /sys/linux | |
| parent | ea2ace1b4710cee59bacacb344281c9d4887cc15 (diff) | |
sys/linux: cover BPF links for BPF netfilter programs
Commit [1] upstream added support for attaching BPF netfilter programs
through the BPF_LINK_CREATE bpf(2) command. This commit adds the
syzkaller counterpart.
1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=84601d6ee68ae820d
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/bpf.txt | 10 | ||||
| -rw-r--r-- | sys/linux/bpf.txt.const | 3 |
2 files changed, 13 insertions, 0 deletions
diff --git a/sys/linux/bpf.txt b/sys/linux/bpf.txt index c4c86049d..bfe59f9db 100644 --- a/sys/linux/bpf.txt +++ b/sys/linux/bpf.txt @@ -224,12 +224,20 @@ link_create_tracing { cookie int64 } +link_create_netfilter { + pf flags[nfproto, int32] + hooknum flags[nf_dev_hooks, int32] + priority int32 + flags flags[bpf_link_create_netfilter_flags, int32] +} + link_create_arg_extra [ target_btf_id bpf_btf_id iter link_create_iter perf_event link_create_perf_event kprobe_multi link_create_kprobe_multi tracing link_create_tracing + netfilter link_create_netfilter ] type bpf_link_create_arg_t[PROG_FD, TARGET_FD, ATTACH_TYPE, FLAGS] { @@ -1031,3 +1039,5 @@ bpf_core_relo_kind = BPF_CORE_FIELD_BYTE_OFFSET, BPF_CORE_FIELD_BYTE_SIZE, BPF_C bpf_obj_get_flags = BPF_F_PATH_FD, BPF_F_RDONLY, BPF_F_WRONLY bpf_cgroup_iter_order = BPF_CGROUP_ITER_SELF_ONLY, BPF_CGROUP_ITER_DESCENDANTS_PRE, BPF_CGROUP_ITER_DESCENDANTS_POST, BPF_CGROUP_ITER_ANCESTORS_UP bpf_link_create_kprobe_multi_flags = BPF_F_KPROBE_MULTI_RETURN +nf_dev_hooks = NF_NETDEV_INGRESS, NF_NETDEV_EGRESS +bpf_link_create_netfilter_flags = BPF_F_NETFILTER_IP_DEFRAG diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const index 18e669d7a..12526dadc 100644 --- a/sys/linux/bpf.txt.const +++ b/sys/linux/bpf.txt.const @@ -73,6 +73,7 @@ BPF_F_KPROBE_MULTI_RETURN = 1 BPF_F_LINK = 8192 BPF_F_LOCK = 4 BPF_F_MMAPABLE = 1024 +BPF_F_NETFILTER_IP_DEFRAG = 1 BPF_F_NO_COMMON_LRU = 2 BPF_F_NO_PREALLOC = 1 BPF_F_NUMA_NODE = 4 @@ -290,6 +291,8 @@ BTF_KIND_VOLATILE = 9 BTF_MAGIC = 60319 BTF_VERSION = 1 MAX_BPF_REG = 11 +NF_NETDEV_EGRESS = 1 +NF_NETDEV_INGRESS = 0 XDP_FLAGS_DRV_MODE = 4 XDP_FLAGS_HW_MODE = 8 XDP_FLAGS_REPLACE = 16 |