mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-16 17:23:55 +08:00
d2ba09c17a
bpfilter.ko consists of bpfilter_kern.c (normal kernel module code) and user mode helper code that is embedded into bpfilter.ko The steps to build bpfilter.ko are the following: - main.c is compiled by HOSTCC into the bpfilter_umh elf executable file - with quite a bit of objcopy and Makefile magic the bpfilter_umh elf file is converted into bpfilter_umh.o object file with _binary_net_bpfilter_bpfilter_umh_start and _end symbols Example: $ nm ./bld_x64/net/bpfilter/bpfilter_umh.o 0000000000004cf8 T _binary_net_bpfilter_bpfilter_umh_end 0000000000004cf8 A _binary_net_bpfilter_bpfilter_umh_size 0000000000000000 T _binary_net_bpfilter_bpfilter_umh_start - bpfilter_umh.o and bpfilter_kern.o are linked together into bpfilter.ko bpfilter_kern.c is a normal kernel module code that calls the fork_usermode_blob() helper to execute part of its own data as a user mode process. Notice that _binary_net_bpfilter_bpfilter_umh_start - end is placed into .init.rodata section, so it's freed as soon as __init function of bpfilter.ko is finished. As part of __init the bpfilter.ko does first request/reply action via two unix pipe provided by fork_usermode_blob() helper to make sure that umh is healthy. If not it will kill it via pid. Later bpfilter_process_sockopt() will be called from bpfilter hooks in get/setsockopt() to pass iptable commands into umh via bpfilter.ko If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will kill umh as well. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
31 lines
1.0 KiB
Makefile
31 lines
1.0 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the Linux BPFILTER layer.
|
|
#
|
|
|
|
hostprogs-y := bpfilter_umh
|
|
bpfilter_umh-objs := main.o
|
|
HOSTCFLAGS += -I. -Itools/include/
|
|
ifeq ($(CONFIG_BPFILTER_UMH), y)
|
|
# builtin bpfilter_umh should be compiled with -static
|
|
# since rootfs isn't mounted at the time of __init
|
|
# function is called and do_execv won't find elf interpreter
|
|
HOSTLDFLAGS += -static
|
|
endif
|
|
|
|
# a bit of elf magic to convert bpfilter_umh binary into a binary blob
|
|
# inside bpfilter_umh.o elf file referenced by
|
|
# _binary_net_bpfilter_bpfilter_umh_start symbol
|
|
# which bpfilter_kern.c passes further into umh blob loader at run-time
|
|
quiet_cmd_copy_umh = GEN $@
|
|
cmd_copy_umh = echo ':' > $(obj)/.bpfilter_umh.o.cmd; \
|
|
$(OBJCOPY) -I binary -O $(CONFIG_OUTPUT_FORMAT) \
|
|
-B `$(OBJDUMP) -f $<|grep architecture|cut -d, -f1|cut -d' ' -f2` \
|
|
--rename-section .data=.init.rodata $< $@
|
|
|
|
$(obj)/bpfilter_umh.o: $(obj)/bpfilter_umh
|
|
$(call cmd,copy_umh)
|
|
|
|
obj-$(CONFIG_BPFILTER_UMH) += bpfilter.o
|
|
bpfilter-objs += bpfilter_kern.o bpfilter_umh.o
|