forked from Minki/linux
samples, bpf: Refactor tail call user progs with libbpf
BPF tail call uses the BPF_MAP_TYPE_PROG_ARRAY type map for calling into other BPF programs and this PROG_ARRAY should be filled prior to use. Currently, samples with the PROG_ARRAY type MAP fill this program array with bpf_load. For bpf_load to fill this map, kernel BPF program must specify the section with specific format of <prog_type>/<array_idx> (e.g. SEC("socket/0")) But by using libbpf instead of bpf_load, user program can specify which programs should be added to PROG_ARRAY. The advantage of this approach is that you can selectively add only the programs you want, rather than adding all of them to PROG_ARRAY, and it's much more intuitive than the traditional approach. This commit refactors user programs with the PROG_ARRAY type MAP with libbpf instead of using bpf_load. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20200516040608.1377876-4-danieltimlee@gmail.com
This commit is contained in:
parent
63841bc083
commit
bc1a85977b
@ -63,12 +63,12 @@ TRACE_HELPERS := ../../tools/testing/selftests/bpf/trace_helpers.o
|
||||
fds_example-objs := fds_example.o
|
||||
sockex1-objs := sockex1_user.o
|
||||
sockex2-objs := sockex2_user.o
|
||||
sockex3-objs := bpf_load.o sockex3_user.o
|
||||
sockex3-objs := sockex3_user.o
|
||||
tracex1-objs := tracex1_user.o $(TRACE_HELPERS)
|
||||
tracex2-objs := tracex2_user.o
|
||||
tracex3-objs := tracex3_user.o
|
||||
tracex4-objs := tracex4_user.o
|
||||
tracex5-objs := bpf_load.o tracex5_user.o $(TRACE_HELPERS)
|
||||
tracex5-objs := tracex5_user.o $(TRACE_HELPERS)
|
||||
tracex6-objs := tracex6_user.o
|
||||
tracex7-objs := tracex7_user.o
|
||||
test_probe_write_user-objs := bpf_load.o test_probe_write_user_user.o
|
||||
|
@ -1,18 +1,13 @@
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
#include <stdio.h>
|
||||
#include <assert.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <bpf/bpf.h>
|
||||
#include "bpf_load.h"
|
||||
#include <bpf/libbpf.h>
|
||||
#include "sock_example.h"
|
||||
#include <unistd.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <sys/resource.h>
|
||||
|
||||
#define PARSE_IP 3
|
||||
#define PARSE_IP_PROG_FD (prog_fd[0])
|
||||
#define PROG_ARRAY_FD (map_fd[0])
|
||||
|
||||
struct flow_key_record {
|
||||
__be32 src;
|
||||
__be32 dst;
|
||||
@ -30,31 +25,55 @@ struct pair {
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
int i, sock, key, fd, main_prog_fd, jmp_table_fd, hash_map_fd;
|
||||
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
|
||||
struct bpf_program *prog;
|
||||
struct bpf_object *obj;
|
||||
char filename[256];
|
||||
const char *title;
|
||||
FILE *f;
|
||||
int i, sock, err, id, key = PARSE_IP;
|
||||
struct bpf_prog_info info = {};
|
||||
uint32_t info_len = sizeof(info);
|
||||
|
||||
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
||||
setrlimit(RLIMIT_MEMLOCK, &r);
|
||||
|
||||
if (load_bpf_file(filename)) {
|
||||
printf("%s", bpf_log_buf);
|
||||
return 1;
|
||||
obj = bpf_object__open_file(filename, NULL);
|
||||
if (libbpf_get_error(obj)) {
|
||||
fprintf(stderr, "ERROR: opening BPF object file failed\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Test fd array lookup which returns the id of the bpf_prog */
|
||||
err = bpf_obj_get_info_by_fd(PARSE_IP_PROG_FD, &info, &info_len);
|
||||
assert(!err);
|
||||
err = bpf_map_lookup_elem(PROG_ARRAY_FD, &key, &id);
|
||||
assert(!err);
|
||||
assert(id == info.id);
|
||||
/* load BPF program */
|
||||
if (bpf_object__load(obj)) {
|
||||
fprintf(stderr, "ERROR: loading BPF object file failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
jmp_table_fd = bpf_object__find_map_fd_by_name(obj, "jmp_table");
|
||||
hash_map_fd = bpf_object__find_map_fd_by_name(obj, "hash_map");
|
||||
if (jmp_table_fd < 0 || hash_map_fd < 0) {
|
||||
fprintf(stderr, "ERROR: finding a map in obj file failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
bpf_object__for_each_program(prog, obj) {
|
||||
fd = bpf_program__fd(prog);
|
||||
|
||||
title = bpf_program__title(prog, false);
|
||||
if (sscanf(title, "socket/%d", &key) != 1) {
|
||||
fprintf(stderr, "ERROR: finding prog failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (key == 0)
|
||||
main_prog_fd = fd;
|
||||
else
|
||||
bpf_map_update_elem(jmp_table_fd, &key, &fd, BPF_ANY);
|
||||
}
|
||||
|
||||
sock = open_raw_sock("lo");
|
||||
|
||||
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd[4],
|
||||
/* attach BPF program to socket */
|
||||
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &main_prog_fd,
|
||||
sizeof(__u32)) == 0);
|
||||
|
||||
if (argc > 1)
|
||||
@ -69,8 +88,8 @@ int main(int argc, char **argv)
|
||||
|
||||
sleep(1);
|
||||
printf("IP src.port -> dst.port bytes packets\n");
|
||||
while (bpf_map_get_next_key(map_fd[2], &key, &next_key) == 0) {
|
||||
bpf_map_lookup_elem(map_fd[2], &next_key, &value);
|
||||
while (bpf_map_get_next_key(hash_map_fd, &key, &next_key) == 0) {
|
||||
bpf_map_lookup_elem(hash_map_fd, &next_key, &value);
|
||||
printf("%s.%05d -> %s.%05d %12lld %12lld\n",
|
||||
inet_ntoa((struct in_addr){htonl(next_key.src)}),
|
||||
next_key.port16[0],
|
||||
@ -80,5 +99,8 @@ int main(int argc, char **argv)
|
||||
key = next_key;
|
||||
}
|
||||
}
|
||||
|
||||
cleanup:
|
||||
bpf_object__close(obj);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,15 +1,21 @@
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
#include <stdio.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <linux/filter.h>
|
||||
#include <linux/seccomp.h>
|
||||
#include <sys/prctl.h>
|
||||
#include <bpf/bpf.h>
|
||||
#include "bpf_load.h"
|
||||
#include <bpf/libbpf.h>
|
||||
#include <sys/resource.h>
|
||||
#include "trace_helpers.h"
|
||||
|
||||
#ifdef __mips__
|
||||
#define MAX_ENTRIES 6000 /* MIPS n64 syscalls start at 5000 */
|
||||
#else
|
||||
#define MAX_ENTRIES 1024
|
||||
#endif
|
||||
|
||||
/* install fake seccomp program to enable seccomp code path inside the kernel,
|
||||
* so that our kprobe attached to seccomp_phase1() can be triggered
|
||||
*/
|
||||
@ -28,16 +34,57 @@ static void install_accept_all_seccomp(void)
|
||||
|
||||
int main(int ac, char **argv)
|
||||
{
|
||||
FILE *f;
|
||||
char filename[256];
|
||||
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
|
||||
struct bpf_link *link = NULL;
|
||||
struct bpf_program *prog;
|
||||
struct bpf_object *obj;
|
||||
int key, fd, progs_fd;
|
||||
char filename[256];
|
||||
const char *title;
|
||||
FILE *f;
|
||||
|
||||
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
||||
setrlimit(RLIMIT_MEMLOCK, &r);
|
||||
|
||||
if (load_bpf_file(filename)) {
|
||||
printf("%s", bpf_log_buf);
|
||||
return 1;
|
||||
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
||||
obj = bpf_object__open_file(filename, NULL);
|
||||
if (libbpf_get_error(obj)) {
|
||||
fprintf(stderr, "ERROR: opening BPF object file failed\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
prog = bpf_object__find_program_by_name(obj, "bpf_prog1");
|
||||
if (!prog) {
|
||||
printf("finding a prog in obj file failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* load BPF program */
|
||||
if (bpf_object__load(obj)) {
|
||||
fprintf(stderr, "ERROR: loading BPF object file failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
link = bpf_program__attach(prog);
|
||||
if (libbpf_get_error(link)) {
|
||||
fprintf(stderr, "ERROR: bpf_program__attach failed\n");
|
||||
link = NULL;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
progs_fd = bpf_object__find_map_fd_by_name(obj, "progs");
|
||||
if (progs_fd < 0) {
|
||||
fprintf(stderr, "ERROR: finding a map in obj file failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
bpf_object__for_each_program(prog, obj) {
|
||||
title = bpf_program__title(prog, false);
|
||||
/* register only syscalls to PROG_ARRAY */
|
||||
if (sscanf(title, "kprobe/%d", &key) != 1)
|
||||
continue;
|
||||
|
||||
fd = bpf_program__fd(prog);
|
||||
bpf_map_update_elem(progs_fd, &key, &fd, BPF_ANY);
|
||||
}
|
||||
|
||||
install_accept_all_seccomp();
|
||||
@ -47,5 +94,8 @@ int main(int ac, char **argv)
|
||||
|
||||
read_trace_pipe();
|
||||
|
||||
cleanup:
|
||||
bpf_link__destroy(link);
|
||||
bpf_object__close(obj);
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user