BPF_MISC+BPF_COP and BPF_COPX

[Mindaugas Rasiukevicius]

Rui Paulo <rpaulo at felyko.com> wrote:
> > 
> > Comments?
> 
> 
> Why do you need this in the first place? 

It provides us a capability to offload more complex packet processing.
My primary user would be NPF in NetBSD, e.g. one of the operations is to
lookup an IP address in a table/ipset.

> Are you sure this is a safe design? Adding this functionality to BPF
> makes me a little nervous as an error in the implementation leads to
> kernel code execution (I could be able to call random kernel functions).

This is functionality is for a custom use of BPF.  There would be no
coprocessor by default and the instruction would essentially be a NOP.
Perhaps I was not clear on bpf_set_cop(9) - it is a kernel routine, so
the user would be a kernel subsystem which has a full control over the
functions it provides.  The functions are predetermined, not random.

-- 
Mindaugas