• A
    net: add skeleton of bpfilter kernel module · d2ba09c1
    Alexei Starovoitov 提交于
    bpfilter.ko consists of bpfilter_kern.c (normal kernel module code)
    and user mode helper code that is embedded into bpfilter.ko
    
    The steps to build bpfilter.ko are the following:
    - main.c is compiled by HOSTCC into the bpfilter_umh elf executable file
    - with quite a bit of objcopy and Makefile magic the bpfilter_umh elf file
      is converted into bpfilter_umh.o object file
      with _binary_net_bpfilter_bpfilter_umh_start and _end symbols
      Example:
      $ nm ./bld_x64/net/bpfilter/bpfilter_umh.o
      0000000000004cf8 T _binary_net_bpfilter_bpfilter_umh_end
      0000000000004cf8 A _binary_net_bpfilter_bpfilter_umh_size
      0000000000000000 T _binary_net_bpfilter_bpfilter_umh_start
    - bpfilter_umh.o and bpfilter_kern.o are linked together into bpfilter.ko
    
    bpfilter_kern.c is a normal kernel module code that calls
    the fork_usermode_blob() helper to execute part of its own data
    as a user mode process.
    
    Notice that _binary_net_bpfilter_bpfilter_umh_start - end
    is placed into .init.rodata section, so it's freed as soon as __init
    function of bpfilter.ko is finished.
    As part of __init the bpfilter.ko does first request/reply action
    via two unix pipe provided by fork_usermode_blob() helper to
    make sure that umh is healthy. If not it will kill it via pid.
    
    Later bpfilter_process_sockopt() will be called from bpfilter hooks
    in get/setsockopt() to pass iptable commands into umh via bpfilter.ko
    
    If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will
    kill umh as well.
    Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    d2ba09c1
bpfilter.h 487 字节