From d966708639b67fe767995dfab47bf4296201993f Mon Sep 17 00:00:00 2001
From: Paul Chaignon <paul.chaignon@gmail.com>
Date: Wed, 6 Sep 2023 15:38:44 +0200
Subject: sys/linux: cover BPF links for BPF netfilter programs

Commit [1] upstream added support for attaching BPF netfilter programs
through the BPF_LINK_CREATE bpf(2) command. This commit adds the
syzkaller counterpart.

1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=84601d6ee68ae820d
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
---
 sys/linux/bpf.txt       | 10 ++++++++++
 sys/linux/bpf.txt.const |  3 +++
 2 files changed, 13 insertions(+)

(limited to 'sys/linux')

diff --git a/sys/linux/bpf.txt b/sys/linux/bpf.txt
index c4c86049d..bfe59f9db 100644
--- a/sys/linux/bpf.txt
+++ b/sys/linux/bpf.txt
@@ -224,12 +224,20 @@ link_create_tracing {
 	cookie		int64
 }
 
+link_create_netfilter {
+	pf		flags[nfproto, int32]
+	hooknum		flags[nf_dev_hooks, int32]
+	priority	int32
+	flags		flags[bpf_link_create_netfilter_flags, int32]
+}
+
 link_create_arg_extra [
 	target_btf_id	bpf_btf_id
 	iter		link_create_iter
 	perf_event	link_create_perf_event
 	kprobe_multi	link_create_kprobe_multi
 	tracing		link_create_tracing
+	netfilter	link_create_netfilter
 ]
 
 type bpf_link_create_arg_t[PROG_FD, TARGET_FD, ATTACH_TYPE, FLAGS] {
@@ -1031,3 +1039,5 @@ bpf_core_relo_kind = BPF_CORE_FIELD_BYTE_OFFSET, BPF_CORE_FIELD_BYTE_SIZE, BPF_C
 bpf_obj_get_flags = BPF_F_PATH_FD, BPF_F_RDONLY, BPF_F_WRONLY
 bpf_cgroup_iter_order = BPF_CGROUP_ITER_SELF_ONLY, BPF_CGROUP_ITER_DESCENDANTS_PRE, BPF_CGROUP_ITER_DESCENDANTS_POST, BPF_CGROUP_ITER_ANCESTORS_UP
 bpf_link_create_kprobe_multi_flags = BPF_F_KPROBE_MULTI_RETURN
+nf_dev_hooks = NF_NETDEV_INGRESS, NF_NETDEV_EGRESS
+bpf_link_create_netfilter_flags = BPF_F_NETFILTER_IP_DEFRAG
diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const
index 18e669d7a..12526dadc 100644
--- a/sys/linux/bpf.txt.const
+++ b/sys/linux/bpf.txt.const
@@ -73,6 +73,7 @@ BPF_F_KPROBE_MULTI_RETURN = 1
 BPF_F_LINK = 8192
 BPF_F_LOCK = 4
 BPF_F_MMAPABLE = 1024
+BPF_F_NETFILTER_IP_DEFRAG = 1
 BPF_F_NO_COMMON_LRU = 2
 BPF_F_NO_PREALLOC = 1
 BPF_F_NUMA_NODE = 4
@@ -290,6 +291,8 @@ BTF_KIND_VOLATILE = 9
 BTF_MAGIC = 60319
 BTF_VERSION = 1
 MAX_BPF_REG = 11
+NF_NETDEV_EGRESS = 1
+NF_NETDEV_INGRESS = 0
 XDP_FLAGS_DRV_MODE = 4
 XDP_FLAGS_HW_MODE = 8
 XDP_FLAGS_REPLACE = 16
-- 
cgit mrf-deployment