1 /*
2 * Linux Socket Filter Data Structures
3 */
4
5 #ifndef __LINUX_FILTER_H__
6 #define __LINUX_FILTER_H__
7
8 #include <linux/compiler.h>
9 #include <linux/types.h>
10
11 #ifdef __KERNEL__
12 #include <linux/atomic.h>
13 #include <linux/compat.h>
14 #endif
15
16 /*
17 * Current version of the filter code architecture.
18 */
19 #define BPF_MAJOR_VERSION 1
20 #define BPF_MINOR_VERSION 1
21
22 /*
23 * Try and keep these values and structures similar to BSD, especially
24 * the BPF code definitions which need to match so you can share filters
25 */
26
27 struct sock_filter { /* Filter block */
28 __u16 code; /* Actual filter code */
29 __u8 jt; /* Jump true */
30 __u8 jf; /* Jump false */
31 __u32 k; /* Generic multiuse field */
32 };
33
34 struct sock_fprog { /* Required for SO_ATTACH_FILTER. */
35 unsigned short len; /* Number of filter blocks */
36 struct sock_filter __user *filter;
37 };
38
39 /*
40 * Instruction classes
41 */
42
43 #define BPF_CLASS(code) ((code) & 0x07)
44 #define BPF_LD 0x00
45 #define BPF_LDX 0x01
46 #define BPF_ST 0x02
47 #define BPF_STX 0x03
48 #define BPF_ALU 0x04
49 #define BPF_JMP 0x05
50 #define BPF_RET 0x06
51 #define BPF_MISC 0x07
52
53 /* ld/ldx fields */
54 #define BPF_SIZE(code) ((code) & 0x18)
55 #define BPF_W 0x00
56 #define BPF_H 0x08
57 #define BPF_B 0x10
58 #define BPF_MODE(code) ((code) & 0xe0)
59 #define BPF_IMM 0x00
60 #define BPF_ABS 0x20
61 #define BPF_IND 0x40
62 #define BPF_MEM 0x60
63 #define BPF_LEN 0x80
64 #define BPF_MSH 0xa0
65
66 /* alu/jmp fields */
67 #define BPF_OP(code) ((code) & 0xf0)
68 #define BPF_ADD 0x00
69 #define BPF_SUB 0x10
70 #define BPF_MUL 0x20
71 #define BPF_DIV 0x30
72 #define BPF_OR 0x40
73 #define BPF_AND 0x50
74 #define BPF_LSH 0x60
75 #define BPF_RSH 0x70
76 #define BPF_NEG 0x80
77 #define BPF_JA 0x00
78 #define BPF_JEQ 0x10
79 #define BPF_JGT 0x20
80 #define BPF_JGE 0x30
81 #define BPF_JSET 0x40
82 #define BPF_SRC(code) ((code) & 0x08)
83 #define BPF_K 0x00
84 #define BPF_X 0x08
85
86 /* ret - BPF_K and BPF_X also apply */
87 #define BPF_RVAL(code) ((code) & 0x18)
88 #define BPF_A 0x10
89
90 /* misc */
91 #define BPF_MISCOP(code) ((code) & 0xf8)
92 #define BPF_TAX 0x00
93 #define BPF_TXA 0x80
94
95 #ifndef BPF_MAXINSNS
96 #define BPF_MAXINSNS 4096
97 #endif
98
99 /*
100 * Macros for filter block array initializers.
101 */
102 #ifndef BPF_STMT
103 #define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k }
104 #endif
105 #ifndef BPF_JUMP
106 #define BPF_JUMP(code, k, jt, jf) { (unsigned short)(code), jt, jf, k }
107 #endif
108
109 /*
110 * Number of scratch memory words for: BPF_ST and BPF_STX
111 */
112 #define BPF_MEMWORDS 16
113
114 /* RATIONALE. Negative offsets are invalid in BPF.
115 We use them to reference ancillary data.
116 Unlike introduction new instructions, it does not break
117 existing compilers/optimizers.
118 */
119 #define SKF_AD_OFF (-0x1000)
120 #define SKF_AD_PROTOCOL 0
121 #define SKF_AD_PKTTYPE 4
122 #define SKF_AD_IFINDEX 8
123 #define SKF_AD_NLATTR 12
124 #define SKF_AD_NLATTR_NEST 16
125 #define SKF_AD_MARK 20
126 #define SKF_AD_QUEUE 24
127 #define SKF_AD_HATYPE 28
128 #define SKF_AD_RXHASH 32
129 #define SKF_AD_CPU 36
130 #define SKF_AD_MAX 40
131 #define SKF_NET_OFF (-0x100000)
132 #define SKF_LL_OFF (-0x200000)
133
134 #ifdef __KERNEL__
135
136 #ifdef CONFIG_COMPAT
137 /*
138 * A struct sock_filter is architecture independent.
139 */
140 struct compat_sock_fprog {
141 u16 len;
142 compat_uptr_t filter; /* struct sock_filter * */
143 };
144 #endif
145
146 struct sk_buff;
147 struct sock;
148
149 struct sk_filter
150 {
151 atomic_t refcnt;
152 unsigned int len; /* Number of filter blocks */
153 unsigned int (*bpf_func)(const struct sk_buff *skb,
154 const struct sock_filter *filter);
155 struct rcu_head rcu;
156 struct sock_filter insns[0];
157 };
158
sk_filter_len(const struct sk_filter * fp)159 static inline unsigned int sk_filter_len(const struct sk_filter *fp)
160 {
161 return fp->len * sizeof(struct sock_filter) + sizeof(*fp);
162 }
163
164 extern int sk_filter(struct sock *sk, struct sk_buff *skb);
165 extern unsigned int sk_run_filter(const struct sk_buff *skb,
166 const struct sock_filter *filter);
167 extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
168 extern int sk_detach_filter(struct sock *sk);
169 extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen);
170
171 #ifdef CONFIG_BPF_JIT
172 extern void bpf_jit_compile(struct sk_filter *fp);
173 extern void bpf_jit_free(struct sk_filter *fp);
174 #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns)
175 #else
bpf_jit_compile(struct sk_filter * fp)176 static inline void bpf_jit_compile(struct sk_filter *fp)
177 {
178 }
bpf_jit_free(struct sk_filter * fp)179 static inline void bpf_jit_free(struct sk_filter *fp)
180 {
181 }
182 #define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns)
183 #endif
184
185 enum {
186 BPF_S_RET_K = 1,
187 BPF_S_RET_A,
188 BPF_S_ALU_ADD_K,
189 BPF_S_ALU_ADD_X,
190 BPF_S_ALU_SUB_K,
191 BPF_S_ALU_SUB_X,
192 BPF_S_ALU_MUL_K,
193 BPF_S_ALU_MUL_X,
194 BPF_S_ALU_DIV_X,
195 BPF_S_ALU_AND_K,
196 BPF_S_ALU_AND_X,
197 BPF_S_ALU_OR_K,
198 BPF_S_ALU_OR_X,
199 BPF_S_ALU_LSH_K,
200 BPF_S_ALU_LSH_X,
201 BPF_S_ALU_RSH_K,
202 BPF_S_ALU_RSH_X,
203 BPF_S_ALU_NEG,
204 BPF_S_LD_W_ABS,
205 BPF_S_LD_H_ABS,
206 BPF_S_LD_B_ABS,
207 BPF_S_LD_W_LEN,
208 BPF_S_LD_W_IND,
209 BPF_S_LD_H_IND,
210 BPF_S_LD_B_IND,
211 BPF_S_LD_IMM,
212 BPF_S_LDX_W_LEN,
213 BPF_S_LDX_B_MSH,
214 BPF_S_LDX_IMM,
215 BPF_S_MISC_TAX,
216 BPF_S_MISC_TXA,
217 BPF_S_ALU_DIV_K,
218 BPF_S_LD_MEM,
219 BPF_S_LDX_MEM,
220 BPF_S_ST,
221 BPF_S_STX,
222 BPF_S_JMP_JA,
223 BPF_S_JMP_JEQ_K,
224 BPF_S_JMP_JEQ_X,
225 BPF_S_JMP_JGE_K,
226 BPF_S_JMP_JGE_X,
227 BPF_S_JMP_JGT_K,
228 BPF_S_JMP_JGT_X,
229 BPF_S_JMP_JSET_K,
230 BPF_S_JMP_JSET_X,
231 /* Ancillary data */
232 BPF_S_ANC_PROTOCOL,
233 BPF_S_ANC_PKTTYPE,
234 BPF_S_ANC_IFINDEX,
235 BPF_S_ANC_NLATTR,
236 BPF_S_ANC_NLATTR_NEST,
237 BPF_S_ANC_MARK,
238 BPF_S_ANC_QUEUE,
239 BPF_S_ANC_HATYPE,
240 BPF_S_ANC_RXHASH,
241 BPF_S_ANC_CPU,
242 BPF_S_ANC_SECCOMP_LD_W,
243 };
244
245 #endif /* __KERNEL__ */
246
247 #endif /* __LINUX_FILTER_H__ */
248