From 0dcceabb0c1bf2d4c12a748df9933fad303072a7 Mon Sep 17 00:00:00 2001 From: Alexei Starovoitov Date: Thu, 5 Jun 2014 14:39:36 -0700 Subject: [PATCH] net: filter: fix SKF_AD_PKTTYPE extension on big-endian BPF classic->internal converter broke SKF_AD_PKTTYPE extension, since pkt_type_offset() was failing to find skb->pkt_type field which is defined as: __u8 pkt_type:3, fclone:2, ipvs_property:1, peeked:1, nf_trace:1; Fix it by searching for 3 most significant bits and shift them by 5 at run-time Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter's instruction set") Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Tested-by: Daniel Borkmann Signed-off-by: David S. Miller --- net/core/filter.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index 4aec7b93f1a9..ab3c74e49f07 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -578,7 +578,11 @@ EXPORT_SYMBOL_GPL(sk_run_filter_int_skb); * to make sure its still a 3bit field starting at a byte boundary; * taken from arch/x86/net/bpf_jit_comp.c. */ +#ifdef __BIG_ENDIAN_BITFIELD +#define PKT_TYPE_MAX (7 << 5) +#else #define PKT_TYPE_MAX 7 +#endif static unsigned int pkt_type_offset(void) { struct sk_buff skb_probe = { .pkt_type = ~0, }; @@ -685,6 +689,13 @@ static bool convert_bpf_extensions(struct sock_filter *fp, insn->code = BPF_ALU | BPF_AND | BPF_K; insn->a_reg = A_REG; insn->imm = PKT_TYPE_MAX; +#ifdef __BIG_ENDIAN_BITFIELD + insn++; + + insn->code = BPF_ALU | BPF_RSH | BPF_K; + insn->a_reg = A_REG; + insn->imm = 5; +#endif break; case SKF_AD_OFF + SKF_AD_IFINDEX: