linux/kernel/trace
Daniel Borkmann bd570ff970 bpf: add event output helper for notifications/sampling/logging
This patch adds a new helper for cls/act programs that can push events
to user space applications. For networking, this can be f.e. for sampling,
debugging, logging purposes or pushing of arbitrary wake-up events. The
idea is similar to a43eec3042 ("bpf: introduce bpf_perf_event_output()
helper") and 39111695b1 ("samples: bpf: add bpf_perf_event_output example").

The eBPF program utilizes a perf event array map that user space populates
with fds from perf_event_open(), the eBPF program calls into the helper
f.e. as skb_event_output(skb, &my_map, BPF_F_CURRENT_CPU, raw, sizeof(raw))
so that the raw data is pushed into the fd f.e. at the map index of the
current CPU.

User space can poll/mmap/etc on this and has a data channel for receiving
events that can be post-processed. The nice thing is that since the eBPF
program and user space application making use of it are tightly coupled,
they can define their own arbitrary raw data format and what/when they
want to push.

While f.e. packet headers could be one part of the meta data that is being
pushed, this is not a substitute for things like packet sockets as whole
packet is not being pushed and push is only done in a single direction.
Intention is more of a generically usable, efficient event pipe to applications.
Workflow is that tc can pin the map and applications can attach themselves
e.g. after cls/act setup to one or multiple map slots, demuxing is done by
the eBPF program.

Adding this facility is with minimal effort, it reuses the helper
introduced in a43eec3042 ("bpf: introduce bpf_perf_event_output() helper")
and we get its functionality for free by overloading its BPF_FUNC_ identifier
for cls/act programs, ctx is currently unused, but will be made use of in
future. Example will be added to iproute2's BPF example files.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-04-19 20:26:11 -04:00
..
blktrace.c kernel/...: convert pr_warning to pr_warn 2016-03-22 15:36:02 -07:00
bpf_trace.c bpf: add event output helper for notifications/sampling/logging 2016-04-19 20:26:11 -04:00
ftrace.c Nothing major this round. Mostly small clean ups and fixes. 2016-03-24 10:52:25 -07:00
Kconfig Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
Makefile bpf: Fix the build on BPF_SYSCALL=y && !CONFIG_TRACING kernels, make it more configurable 2015-04-02 16:28:06 +02:00
power-traces.c cpufreq: powernv/tracing: Add powernv_throttle tracepoint 2016-02-05 02:38:02 +01:00
ring_buffer_benchmark.c ring_buffer: Remove unneeded smp_wmb() before wakeup of reader benchmark 2015-11-03 16:19:02 -05:00
ring_buffer.c ring-buffer: Process commits whenever moving to a new page. 2015-11-25 15:24:05 -05:00
rpm-traces.c
trace_benchmark.c tracing: Only benchmark the time tracepoints take if tracing is on 2015-11-02 13:34:58 -05:00
trace_benchmark.h
trace_branch.c tracing: Remove {start,stop}_branch_trace 2015-10-21 10:10:09 -04:00
trace_clock.c tracing: Export tracing clock functions 2015-05-12 15:56:57 -04:00
trace_entries.h tracing: %pF is only for function pointers 2015-03-25 08:57:22 -04:00
trace_event_perf.c perf: split perf_trace_buf_prepare into alloc and update parts 2016-04-07 21:04:26 -04:00
trace_events_filter_test.h
trace_events_filter.c tracing: Make ftrace_event_field checking functions available 2016-03-08 11:19:29 -05:00
trace_events_trigger.c tracing: Use flags instead of bool in trigger structure 2016-03-08 11:19:36 -05:00
trace_events.c bpf: sanitize bpf tracepoint access 2016-04-07 21:04:26 -04:00
trace_export.c tracing: ftrace_event_is_function() can return boolean 2015-11-02 14:28:05 -05:00
trace_functions_graph.c arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections 2016-03-25 16:37:42 -07:00
trace_functions.c tracing: Make tracer_flags use the right set_flag callback 2016-03-08 11:19:08 -05:00
trace_irqsoff.c tracing: Remove redundant reset per-CPU buff in irqsoff tracer 2016-03-18 16:39:11 -04:00
trace_kdb.c tracing: Move trace_flags from global to a trace_array field 2015-09-30 15:22:55 -04:00
trace_kprobe.c perf: split perf_trace_buf_prepare into alloc and update parts 2016-04-07 21:04:26 -04:00
trace_mmiotrace.c kernel/...: convert pr_warning to pr_warn 2016-03-22 15:36:02 -07:00
trace_nop.c tracing: Fix typoes in code comment and printk in trace_nop.c 2016-03-08 11:23:57 -05:00
trace_output.c tracing: Record and show NMI state 2016-03-22 18:04:10 -04:00
trace_output.h tracing: Turn seq_print_user_ip() into a static function 2015-09-28 10:16:12 -04:00
trace_printk.c tracing: Fix trace_printk() to print when not using bprintk() 2016-03-22 18:02:40 -04:00
trace_probe.c kernel/...: convert pr_warning to pr_warn 2016-03-22 15:36:02 -07:00
trace_probe.h kernel/trace_probe: is_good_name can be boolean 2015-09-22 13:11:30 -04:00
trace_sched_switch.c sched/core: Fix trace_sched_switch() 2015-10-06 17:08:15 +02:00
trace_sched_wakeup.c Most of the changes are clean ups and small fixes. Some of them have 2015-11-06 13:30:20 -08:00
trace_selftest_dynamic.c
trace_selftest.c
trace_seq.c tracing: use %*pb[l] to print bitmaps including cpumasks and nodemasks 2015-02-13 21:21:37 -08:00
trace_stack.c tracing, kasan: Silence Kasan warning in check_stack of stack_tracer 2016-02-19 12:36:44 -05:00
trace_stat.c kernel/...: convert pr_warning to pr_warn 2016-03-22 15:36:02 -07:00
trace_stat.h
trace_syscalls.c perf: split perf_trace_buf_prepare into alloc and update parts 2016-04-07 21:04:26 -04:00
trace_uprobe.c perf: split perf_trace_buf_prepare into alloc and update parts 2016-04-07 21:04:26 -04:00
trace.c Nothing major this round. Mostly small clean ups and fixes. 2016-03-24 10:52:25 -07:00
trace.h tracing: Record and show NMI state 2016-03-22 18:04:10 -04:00