From 899bea8248cee35d54760a5e7d61a76af8e64411 Mon Sep 17 00:00:00 2001 From: Shouvik Kar Date: Tue, 12 May 2026 16:32:42 +0530 Subject: io_uring/net: allow filtering on IORING_OP_CONNECT This adds custom filtering for IORING_OP_CONNECT, where the target family is always exposed, and (for AF_INET / AF_INET6) port and address are exposed. port and v4_addr are in network byte order so filter authors can compare against on-wire constants. Skip population unless addr_len covers the populated fields, to avoid leaking stale io_async_msghdr data on short connects. Signed-off-by: Shouvik Kar Link: https://patch.msgid.link/20260512110242.26219-1-auxcorelabs@gmail.com Signed-off-by: Jens Axboe --- include/uapi/linux/io_uring/bpf_filter.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'include/uapi/linux/io_uring') diff --git a/include/uapi/linux/io_uring/bpf_filter.h b/include/uapi/linux/io_uring/bpf_filter.h index 1b461d792a7b..ce7d78ab13b3 100644 --- a/include/uapi/linux/io_uring/bpf_filter.h +++ b/include/uapi/linux/io_uring/bpf_filter.h @@ -27,6 +27,22 @@ struct io_uring_bpf_ctx { __u64 mode; __u64 resolve; } open; + /* + * For CONNECT: fields are populated only when addr_len covers + * them; unpopulated fields are zero from the caller-side memset + * in io_uring_populate_bpf_ctx(). port and v4_addr are network + * byte order. Filters may only issue BPF_LD|BPF_W|BPF_ABS at + * 4-byte aligned offsets; load + mask for sub-word fields. + */ + struct { + __u32 family; /* sa_family_t zero-extended */ + __be16 port; + __u8 pad[2]; + union { + __be32 v4_addr; + __u8 v6_addr[16]; + }; + } connect; }; }; -- cgit v1.2.3