ebpf: implement vlan filter

Basic filter allowing only a list of VLANs.

diff --git a/ebpf/Makefile.am b/ebpf/Makefile.am
index 7e9158be4ee6514d2336c5e7dfd4a16c6b2ece7d..f71767a8d7070ce45a6f5b15d512e4a34f1c115f 100644 (file)
--- a/ebpf/Makefile.am
+++ b/ebpf/Makefile.am
@@ -1,6 +1,6 @@
 if BUILD_EBPF
 
-all: lb.bpf filter.bpf bypass_filter.bpf xdp_filter.bpf
+all: lb.bpf filter.bpf bypass_filter.bpf xdp_filter.bpf vlan_filter.bpf
 
 %.bpf: %.c
        ${CC} -Wall -O2 -D__KERNEL__ -D__ASM_SYSREG_H -emit-llvm -c $< -o - | ${LLC} -march=bpf -filetype=obj -o $@

diff --git a/ebpf/vlan_filter.c b/ebpf/vlan_filter.c
new file mode 100644 (file)
index 0000000..f3913d8
--- /dev/null
+++ b/ebpf/vlan_filter.c
@@ -0,0 +1,24 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <linux/bpf.h>
+
+#include "bpf_helpers.h"
+
+#define LINUX_VERSION_CODE 263682
+
+int SEC("filter") hashfilter(struct __sk_buff *skb) {
+    uint16_t vlan_id = skb->vlan_tci & 0x0fff;
+    /* accept VLAN 2 and 4 and drop the rest */
+    switch (vlan_id) {
+        case 2:
+        case 4:
+            return -1;
+        default:
+            return 0;
+    }
+    return 0;
+}
+
+char __license[] SEC("license") = "GPL";
+
+uint32_t __version SEC("version") = LINUX_VERSION_CODE;