leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

samples: bpf: Refactor test_cgrp2_sock2 program with libbpf

Browse Source 
This commit refactors the existing cgroup program with libbpf bpf
loader. The original test_cgrp2_sock2 has keeped the bpf program
attached to the cgroup hierarchy even after the exit of user program.
To implement the same functionality with libbpf, this commit uses the
BPF_LINK_PINNING to pin the link attachment even after it is closed.

Since this uses LINK instead of ATTACH, detach of bpf program from
cgroup with 'test_cgrp2_sock' is not used anymore.

The code to mount the bpf was added to the .sh file in case the bpff
was not mounted on /sys/fs/bpf. Additionally, to fix the problem that
shell script cannot find the binary object from the current path,
relative path './' has been added in front of binary.

Fixes: 554ae6e792 ("samples/bpf: add userspace example for prohibiting sockets")
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20201124090310.24374-3-danieltimlee@gmail.com
This commit is contained in:
Daniel T. Lee 2020-11-24 09:03:05 +00:00 committed by Andrii Nakryiko
parent c5815ac7e2
commit d89af13c92
3 changed files with 66 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
samples/bpf/Makefile
View File

@ -82,7 +82,7 @@ test_overhead-objs := bpf_load.o test_overhead_user.o
test_cgrp2_array_pin-objs := test_cgrp2_array_pin.o test_cgrp2_array_pin-objs := test_cgrp2_array_pin.o
test_cgrp2_attach-objs := test_cgrp2_attach.o test_cgrp2_attach-objs := test_cgrp2_attach.o
test_cgrp2_sock-objs := test_cgrp2_sock.o test_cgrp2_sock-objs := test_cgrp2_sock.o
test_cgrp2_sock2-objs := bpf_load.o test_cgrp2_sock2.o test_cgrp2_sock2-objs := test_cgrp2_sock2.o
xdp1-objs := xdp1_user.o xdp1-objs := xdp1_user.o
# reuse xdp1 source intentionally # reuse xdp1 source intentionally
xdp2-objs := xdp1_user.o xdp2-objs := xdp1_user.o

69
samples/bpf/test_cgrp2_sock2.c
View File

@ -20,9 +20,9 @@
#include <net/if.h> #include <net/if.h>
#include <linux/bpf.h> #include <linux/bpf.h>
#include <bpf/bpf.h> #include <bpf/bpf.h>
#include <bpf/libbpf.h>
#include "bpf_insn.h" #include "bpf_insn.h"
#include "bpf_load.h"
static int usage(const char *argv0) static int usage(const char *argv0)
{ {
@ -32,37 +32,64 @@ static int usage(const char *argv0)
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int cg_fd, ret, filter_id = 0; int cg_fd, err, ret = EXIT_FAILURE, filter_id = 0, prog_cnt = 0;
const char *link_pin_path = "/sys/fs/bpf/test_cgrp2_sock2";
struct bpf_link *link = NULL;
struct bpf_program *progs[2];
struct bpf_program *prog;
struct bpf_object *obj;
if (argc < 3) if (argc < 3)
return usage(argv[0]); return usage(argv[0]);
cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY);
if (cg_fd < 0) {
printf("Failed to open cgroup path: '%s'\n", strerror(errno));
return EXIT_FAILURE;
}
if (load_bpf_file(argv[2]))
return EXIT_FAILURE;
printf("Output from kernel verifier:\n%s\n-------\n", bpf_log_buf);
if (argc > 3) if (argc > 3)
filter_id = atoi(argv[3]); filter_id = atoi(argv[3]);
cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY);
if (cg_fd < 0) {
printf("Failed to open cgroup path: '%s'\n", strerror(errno));
return ret;
}
obj = bpf_object__open_file(argv[2], NULL);
if (libbpf_get_error(obj)) {
printf("ERROR: opening BPF object file failed\n");
return ret;
}
bpf_object__for_each_program(prog, obj) {
progs[prog_cnt] = prog;
prog_cnt++;
}
if (filter_id >= prog_cnt) { if (filter_id >= prog_cnt) {
printf("Invalid program id; program not found in file\n"); printf("Invalid program id; program not found in file\n");
return EXIT_FAILURE; goto cleanup;
} }
ret = bpf_prog_attach(prog_fd[filter_id], cg_fd, /* load BPF program */
BPF_CGROUP_INET_SOCK_CREATE, 0); if (bpf_object__load(obj)) {
if (ret < 0) { printf("ERROR: loading BPF object file failed\n");
printf("Failed to attach prog to cgroup: '%s'\n", goto cleanup;
strerror(errno));
return EXIT_FAILURE;
} }
return EXIT_SUCCESS; link = bpf_program__attach_cgroup(progs[filter_id], cg_fd);
if (libbpf_get_error(link)) {
printf("ERROR: bpf_program__attach failed\n");
link = NULL;
goto cleanup;
}
err = bpf_link__pin(link, link_pin_path);
if (err < 0) {
printf("ERROR: bpf_link__pin failed: %d\n", err);
goto cleanup;
}
ret = EXIT_SUCCESS;
cleanup:
bpf_link__destroy(link);
bpf_object__close(obj);
return ret;
} }

21
samples/bpf/test_cgrp2_sock2.sh
View File

@ -1,6 +1,9 @@
#!/bin/bash #!/bin/bash
# SPDX-License-Identifier: GPL-2.0 # SPDX-License-Identifier: GPL-2.0
BPFFS=/sys/fs/bpf
LINK_PIN=$BPFFS/test_cgrp2_sock2
function config_device { function config_device {
ip netns add at_ns0 ip netns add at_ns0
ip link add veth0 type veth peer name veth0b ip link add veth0 type veth peer name veth0b
@ -21,16 +24,22 @@ function config_cgroup {
echo $$ >> /tmp/cgroupv2/foo/cgroup.procs echo $$ >> /tmp/cgroupv2/foo/cgroup.procs
} }
function config_bpffs {
if mount | grep $BPFFS > /dev/null; then
echo "bpffs already mounted"
else
echo "bpffs not mounted. Mounting..."
mount -t bpf none $BPFFS
fi
}
function attach_bpf { function attach_bpf {
test_cgrp2_sock2 /tmp/cgroupv2/foo sock_flags_kern.o $1 ./test_cgrp2_sock2 /tmp/cgroupv2/foo sock_flags_kern.o $1
[ $? -ne 0 ] && exit 1 [ $? -ne 0 ] && exit 1
} }
function cleanup { function cleanup {
if [ -d /tmp/cgroupv2/foo ]; then rm -rf $LINK_PIN
test_cgrp2_sock -d /tmp/cgroupv2/foo
fi
ip link del veth0b ip link del veth0b
ip netns delete at_ns0 ip netns delete at_ns0
umount /tmp/cgroupv2 umount /tmp/cgroupv2
@ -42,6 +51,7 @@ cleanup 2>/dev/null
set -e set -e
config_device config_device
config_cgroup config_cgroup
config_bpffs
set +e set +e
# #
@ -62,6 +72,9 @@ if [ $? -eq 0 ]; then
exit 1 exit 1
fi fi
rm -rf $LINK_PIN
sleep 1 # Wait for link detach
# #
# Test 2 - fail ping # Test 2 - fail ping
# #