eBPF helper function for attribute search in the netlink message

There are few network applications relying on Netlink subsystem to get
notifications for net-device attribute changes like MTU, Speed,
Oper-Status, Name, slave, slave info, etc. The Netlink subsystem
notifies the application on every attribute change regardless of what
is needed for the application. The attribute search support in
EBPF filter helps to filter the Netlink packets based on the specific
set of attributes that are needed for the application.

The classical BPF supports attribute search but that doesn't support
MAPS. The extended BPF supports MAPS, but the attribute search is not
enabled. Hence this patch enables the support for attribute search in
EBPF.

This patch adds the support for following helper function.
    FN(skb_get_nlattr),
    FN(skb_get_nlattr_nest)

skb_get_nlattr:
    Find a specific attribute in a stream of attributes

skb_get_nlattr_nest:
    Find a specific attribute in a stream of nested attributes

patch/netlink-socket-attribute-filter.patch

@@ -0,0 +1,70 @@
+diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
+index d143e27..64e86c2 100644
+--- a/include/uapi/linux/bpf.h
++++ b/include/uapi/linux/bpf.h
+@@ -2228,7 +2228,9 @@ union bpf_attr {
+ 	FN(get_current_cgroup_id),	\
+ 	FN(get_local_storage),		\
+ 	FN(sk_select_reuseport),	\
+-	FN(skb_ancestor_cgroup_id),
++	FN(skb_ancestor_cgroup_id), \
++	FN(skb_get_nlattr),         \
++	FN(skb_get_nlattr_nest),
+
+ /* integer value in 'imm' field of BPF_CALL instruction selects which helper
+  * function eBPF program intends to call
+diff --git a/net/core/filter.c b/net/core/filter.c
+index 40b3af0..98e3995 100644
+--- a/net/core/filter.c
++++ b/net/core/filter.c
+@@ -2477,6 +2477,24 @@ static const struct bpf_func_proto bpf_set_hash_invalid_proto = {
+ 	.arg1_type	= ARG_PTR_TO_CTX,
+ };
+
++static const struct bpf_func_proto bpf_skb_get_nlattr_proto = {
++	.func       = bpf_skb_get_nlattr,
++	.gpl_only   = false,
++	.ret_type   = RET_INTEGER,
++	.arg1_type  = ARG_PTR_TO_CTX,
++	.arg2_type  = ARG_ANYTHING,
++	.arg3_type  = ARG_ANYTHING,
++};
++
++static const struct bpf_func_proto skb_get_nlattr_nest_proto = {
++	.func       = bpf_skb_get_nlattr_nest,
++	.gpl_only   = false,
++	.ret_type   = RET_INTEGER,
++	.arg1_type  = ARG_PTR_TO_CTX,
++	.arg2_type  = ARG_ANYTHING,
++	.arg3_type  = ARG_ANYTHING,
++};
++
+ BPF_CALL_2(bpf_set_hash, struct sk_buff *, skb, u32, hash)
+ {
+ 	/* Set user specified hash as L4(+), so that it gets returned
+@@ -4976,6 +4994,10 @@ tc_cls_act_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
+ 		return &bpf_set_hash_proto;
+ 	case BPF_FUNC_perf_event_output:
+ 		return &bpf_skb_event_output_proto;
++	case BPF_FUNC_skb_get_nlattr:
++		return &bpf_skb_get_nlattr_proto;
++	case BPF_FUNC_skb_get_nlattr_nest:
++		return &skb_get_nlattr_nest_proto;
+ 	case BPF_FUNC_get_smp_processor_id:
+ 		return &bpf_get_smp_processor_id_proto;
+ 	case BPF_FUNC_skb_under_cgroup:
+diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
+index bf4cd92..b35b72d 100644
+--- a/tools/include/uapi/linux/bpf.h
++++ b/tools/include/uapi/linux/bpf.h
+@@ -2226,7 +2226,9 @@ union bpf_attr {
+ 	FN(get_current_cgroup_id),	\
+ 	FN(get_local_storage),		\
+ 	FN(sk_select_reuseport),	\
+-	FN(skb_ancestor_cgroup_id),
++	FN(skb_ancestor_cgroup_id), \
++	FN(skb_get_nlattr),         \
++	FN(skb_get_nlattr_nest),
+
+ /* integer value in 'imm' field of BPF_CALL instruction selects which helper
+  * function eBPF program intends to call

patch/series

@@ -38,6 +38,7 @@ netlink-add-NLA_MIN_LEN.patch
 macsec-Netlink-support-of-XPN-cipher-suites-IEEE-802.patch
 Support-for-fullcone-nat.patch
 driver-ixgbe-external-phy.patch
+netlink-socket-attribute-filter.patch
 #
 # This series applies on GIT commit 1451b36b2b0d62178e42f648d8a18131af18f7d8
 # Tkernel-sched-core-fix-cgroup-fork-race.patch