net: add skeleton of bpfilter kernel module
authorAlexei Starovoitov <ast@kernel.org>
Tue, 22 May 2018 02:22:30 +0000 (19:22 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 23 May 2018 17:23:40 +0000 (13:23 -0400)
commitd2ba09c17a0647f899d6c20a11bab9e6d3382f07
tree96f528cd9829377165a7357e02438248a88c93b9
parent449325b52b7a6208f65ed67d3484fd7b7184477b
net: add skeleton of bpfilter kernel module

bpfilter.ko consists of bpfilter_kern.c (normal kernel module code)
and user mode helper code that is embedded into bpfilter.ko

The steps to build bpfilter.ko are the following:
- main.c is compiled by HOSTCC into the bpfilter_umh elf executable file
- with quite a bit of objcopy and Makefile magic the bpfilter_umh elf file
  is converted into bpfilter_umh.o object file
  with _binary_net_bpfilter_bpfilter_umh_start and _end symbols
  Example:
  $ nm ./bld_x64/net/bpfilter/bpfilter_umh.o
  0000000000004cf8 T _binary_net_bpfilter_bpfilter_umh_end
  0000000000004cf8 A _binary_net_bpfilter_bpfilter_umh_size
  0000000000000000 T _binary_net_bpfilter_bpfilter_umh_start
- bpfilter_umh.o and bpfilter_kern.o are linked together into bpfilter.ko

bpfilter_kern.c is a normal kernel module code that calls
the fork_usermode_blob() helper to execute part of its own data
as a user mode process.

Notice that _binary_net_bpfilter_bpfilter_umh_start - end
is placed into .init.rodata section, so it's freed as soon as __init
function of bpfilter.ko is finished.
As part of __init the bpfilter.ko does first request/reply action
via two unix pipe provided by fork_usermode_blob() helper to
make sure that umh is healthy. If not it will kill it via pid.

Later bpfilter_process_sockopt() will be called from bpfilter hooks
in get/setsockopt() to pass iptable commands into umh via bpfilter.ko

If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will
kill umh as well.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
13 files changed:
include/linux/bpfilter.h [new file with mode: 0644]
include/uapi/linux/bpfilter.h [new file with mode: 0644]
net/Kconfig
net/Makefile
net/bpfilter/Kconfig [new file with mode: 0644]
net/bpfilter/Makefile [new file with mode: 0644]
net/bpfilter/bpfilter_kern.c [new file with mode: 0644]
net/bpfilter/main.c [new file with mode: 0644]
net/bpfilter/msgfmt.h [new file with mode: 0644]
net/ipv4/Makefile
net/ipv4/bpfilter/Makefile [new file with mode: 0644]
net/ipv4/bpfilter/sockopt.c [new file with mode: 0644]
net/ipv4/ip_sockglue.c