Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method

[PATCH net-next V2 0/3] support changing steering policies in tuntap · Jason Wang <jasowang@redhat.com> · 2017-10-31
[PATCH net-next V2 1/3] tun: abstract flow steering logic · Jason Wang <jasowang@redhat.com> · 2017-10-31
Re: [PATCH net-next V2 1/3] tun: abstract flow steering logic · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2017-11-02
Re: [PATCH net-next V2 1/3] tun: abstract flow steering logic · Jason Wang <jasowang@redhat.com> · 2017-11-02
Re: [PATCH net-next V2 1/3] tun: abstract flow steering logic · "Michael S. Tsirkin" <mst@redhat.com> · 2017-11-02
Re: [PATCH net-next V2 1/3] tun: abstract flow steering logic · Jason Wang <jasowang@redhat.com> · 2017-11-02
Re: [PATCH net-next V2 1/3] tun: abstract flow steering logic · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2017-11-03
[PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-10-31
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · "Michael S. Tsirkin" <mst@redhat.com> · 2017-10-31
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-11-01
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · "Michael S. Tsirkin" <mst@redhat.com> · 2017-11-01
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Alexei Starovoitov <hidden> · 2017-11-01
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-11-02
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-11-02
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2017-11-03
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2017-11-03
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-11-08
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · "Michael S. Tsirkin" <mst@redhat.com> · 2017-11-08
Re: [PATCH net-next V2 3/3] tun: add eBPF based queue selection method · Jason Wang <jasowang@redhat.com> · 2017-11-08
[PATCH net-next V2 2/3] tun: introduce ioctls to set and get steering policies · Jason Wang <jasowang@redhat.com> · 2017-10-31
Re: [PATCH net-next V2 2/3] tun: introduce ioctls to set and get steering policies · Willem de Bruijn <willemdebruijn.kernel@gmail.com> · 2017-11-02

From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Date: 2017-11-03 08:56:59
Also in: lkml

On Tue, Oct 31, 2017 at 7:32 PM, Jason Wang [off-list ref] wrote:

This patch introduces an eBPF based queue selection method based on
the flow steering policy ops. Userspace could load an eBPF program
through TUNSETSTEERINGEBPF. This gives much more flexibility compare
to simple but hard coded policy in kernel.

Signed-off-by: Jason Wang <jasowang@redhat.com>
---
+static int tun_set_steering_ebpf(struct tun_struct *tun, void __user *data)
+{
+       struct bpf_prog *prog;
+       u32 fd;
+
+       if (copy_from_user(&fd, data, sizeof(fd)))
+               return -EFAULT;
+
+       prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_SOCKET_FILTER);

If the idea is to allow guests to pass BPF programs down to the host,
you may want to define a new program type that is more restrictive than
socket filter.

The external functions allowed for socket filters (sk_filter_func_proto)
are relatively few (compared to, say, clsact), but may still leak host
information to a guest. More importantly, guest security considerations
limits how we can extend socket filters later.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help