libbpf: Add link-based API for tcx
Implement tcx BPF link support for libbpf. The bpf_program__attach_fd() API has been refactored slightly in order to pass bpf_link_create_opts pointer as input. A new bpf_program__attach_tcx() has been added on top of this which allows for passing all relevant data via extensible struct bpf_tcx_opts. The program sections tcx/ingress and tcx/egress correspond to the hook locations for tc ingress and egress, respectively. For concrete usage examples, see the extensive selftests that have been developed as part of this series. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/r/20230719140858.13224-5-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Daniel Borkmann
Alexei Starovoitov
parent
fe20ce3a51
commit
55cc376847
|
|
@ -719,9 +719,9 @@ int bpf_link_create(int prog_fd, int target_fd,
|
|||
const struct bpf_link_create_opts *opts)
|
||||
{
|
||||
const size_t attr_sz = offsetofend(union bpf_attr, link_create);
|
||||
__u32 target_btf_id, iter_info_len;
|
||||
__u32 target_btf_id, iter_info_len, relative_id;
|
||||
int fd, err, relative_fd;
|
||||
union bpf_attr attr;
|
||||
int fd, err;
|
||||
|
||||
if (!OPTS_VALID(opts, bpf_link_create_opts))
|
||||
return libbpf_err(-EINVAL);
|
||||
|
|
@ -783,6 +783,22 @@ int bpf_link_create(int prog_fd, int target_fd,
|
|||
if (!OPTS_ZEROED(opts, netfilter))
|
||||
return libbpf_err(-EINVAL);
|
||||
break;
|
||||
case BPF_TCX_INGRESS:
|
||||
case BPF_TCX_EGRESS:
|
||||
relative_fd = OPTS_GET(opts, tcx.relative_fd, 0);
|
||||
relative_id = OPTS_GET(opts, tcx.relative_id, 0);
|
||||
if (relative_fd && relative_id)
|
||||
return libbpf_err(-EINVAL);
|
||||
if (relative_id) {
|
||||
attr.link_create.tcx.relative_id = relative_id;
|
||||
attr.link_create.flags |= BPF_F_ID;
|
||||
} else {
|
||||
attr.link_create.tcx.relative_fd = relative_fd;
|
||||
}
|
||||
attr.link_create.tcx.expected_revision = OPTS_GET(opts, tcx.expected_revision, 0);
|
||||
if (!OPTS_ZEROED(opts, tcx))
|
||||
return libbpf_err(-EINVAL);
|
||||
break;
|
||||
default:
|
||||
if (!OPTS_ZEROED(opts, flags))
|
||||
return libbpf_err(-EINVAL);
|
||||
|
|
|
|||
|
|
@ -401,6 +401,11 @@ struct bpf_link_create_opts {
|
|||
__s32 priority;
|
||||
__u32 flags;
|
||||
} netfilter;
|
||||
struct {
|
||||
__u32 relative_fd;
|
||||
__u32 relative_id;
|
||||
__u64 expected_revision;
|
||||
} tcx;
|
||||
};
|
||||
size_t :0;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -134,6 +134,7 @@ static const char * const link_type_name[] = {
|
|||
[BPF_LINK_TYPE_KPROBE_MULTI] = "kprobe_multi",
|
||||
[BPF_LINK_TYPE_STRUCT_OPS] = "struct_ops",
|
||||
[BPF_LINK_TYPE_NETFILTER] = "netfilter",
|
||||
[BPF_LINK_TYPE_TCX] = "tcx",
|
||||
};
|
||||
|
||||
static const char * const map_type_name[] = {
|
||||
|
|
@ -11854,11 +11855,10 @@ static int attach_lsm(const struct bpf_program *prog, long cookie, struct bpf_li
|
|||
}
|
||||
|
||||
static struct bpf_link *
|
||||
bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id,
|
||||
const char *target_name)
|
||||
bpf_program_attach_fd(const struct bpf_program *prog,
|
||||
int target_fd, const char *target_name,
|
||||
const struct bpf_link_create_opts *opts)
|
||||
{
|
||||
DECLARE_LIBBPF_OPTS(bpf_link_create_opts, opts,
|
||||
.target_btf_id = btf_id);
|
||||
enum bpf_attach_type attach_type;
|
||||
char errmsg[STRERR_BUFSIZE];
|
||||
struct bpf_link *link;
|
||||
|
|
@ -11876,7 +11876,7 @@ bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id
|
|||
link->detach = &bpf_link__detach_fd;
|
||||
|
||||
attach_type = bpf_program__expected_attach_type(prog);
|
||||
link_fd = bpf_link_create(prog_fd, target_fd, attach_type, &opts);
|
||||
link_fd = bpf_link_create(prog_fd, target_fd, attach_type, opts);
|
||||
if (link_fd < 0) {
|
||||
link_fd = -errno;
|
||||
free(link);
|
||||
|
|
@ -11892,19 +11892,54 @@ bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id
|
|||
struct bpf_link *
|
||||
bpf_program__attach_cgroup(const struct bpf_program *prog, int cgroup_fd)
|
||||
{
|
||||
return bpf_program__attach_fd(prog, cgroup_fd, 0, "cgroup");
|
||||
return bpf_program_attach_fd(prog, cgroup_fd, "cgroup", NULL);
|
||||
}
|
||||
|
||||
struct bpf_link *
|
||||
bpf_program__attach_netns(const struct bpf_program *prog, int netns_fd)
|
||||
{
|
||||
return bpf_program__attach_fd(prog, netns_fd, 0, "netns");
|
||||
return bpf_program_attach_fd(prog, netns_fd, "netns", NULL);
|
||||
}
|
||||
|
||||
struct bpf_link *bpf_program__attach_xdp(const struct bpf_program *prog, int ifindex)
|
||||
{
|
||||
/* target_fd/target_ifindex use the same field in LINK_CREATE */
|
||||
return bpf_program__attach_fd(prog, ifindex, 0, "xdp");
|
||||
return bpf_program_attach_fd(prog, ifindex, "xdp", NULL);
|
||||
}
|
||||
|
||||
struct bpf_link *
|
||||
bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
|
||||
const struct bpf_tcx_opts *opts)
|
||||
{
|
||||
LIBBPF_OPTS(bpf_link_create_opts, link_create_opts);
|
||||
__u32 relative_id;
|
||||
int relative_fd;
|
||||
|
||||
if (!OPTS_VALID(opts, bpf_tcx_opts))
|
||||
return libbpf_err_ptr(-EINVAL);
|
||||
|
||||
relative_id = OPTS_GET(opts, relative_id, 0);
|
||||
relative_fd = OPTS_GET(opts, relative_fd, 0);
|
||||
|
||||
/* validate we don't have unexpected combinations of non-zero fields */
|
||||
if (!ifindex) {
|
||||
pr_warn("prog '%s': target netdevice ifindex cannot be zero\n",
|
||||
prog->name);
|
||||
return libbpf_err_ptr(-EINVAL);
|
||||
}
|
||||
if (relative_fd && relative_id) {
|
||||
pr_warn("prog '%s': relative_fd and relative_id cannot be set at the same time\n",
|
||||
prog->name);
|
||||
return libbpf_err_ptr(-EINVAL);
|
||||
}
|
||||
|
||||
link_create_opts.tcx.expected_revision = OPTS_GET(opts, expected_revision, 0);
|
||||
link_create_opts.tcx.relative_fd = relative_fd;
|
||||
link_create_opts.tcx.relative_id = relative_id;
|
||||
link_create_opts.flags = OPTS_GET(opts, flags, 0);
|
||||
|
||||
/* target_fd/target_ifindex use the same field in LINK_CREATE */
|
||||
return bpf_program_attach_fd(prog, ifindex, "tcx", &link_create_opts);
|
||||
}
|
||||
|
||||
struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
|
||||
|
|
@ -11926,11 +11961,16 @@ struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
|
|||
}
|
||||
|
||||
if (target_fd) {
|
||||
LIBBPF_OPTS(bpf_link_create_opts, target_opts);
|
||||
|
||||
btf_id = libbpf_find_prog_btf_id(attach_func_name, target_fd);
|
||||
if (btf_id < 0)
|
||||
return libbpf_err_ptr(btf_id);
|
||||
|
||||
return bpf_program__attach_fd(prog, target_fd, btf_id, "freplace");
|
||||
target_opts.target_btf_id = btf_id;
|
||||
|
||||
return bpf_program_attach_fd(prog, target_fd, "freplace",
|
||||
&target_opts);
|
||||
} else {
|
||||
/* no target, so use raw_tracepoint_open for compatibility
|
||||
* with old kernels
|
||||
|
|
|
|||
|
|
@ -733,6 +733,21 @@ LIBBPF_API struct bpf_link *
|
|||
bpf_program__attach_netfilter(const struct bpf_program *prog,
|
||||
const struct bpf_netfilter_opts *opts);
|
||||
|
||||
struct bpf_tcx_opts {
|
||||
/* size of this struct, for forward/backward compatibility */
|
||||
size_t sz;
|
||||
__u32 flags;
|
||||
__u32 relative_fd;
|
||||
__u32 relative_id;
|
||||
__u64 expected_revision;
|
||||
size_t :0;
|
||||
};
|
||||
#define bpf_tcx_opts__last_field expected_revision
|
||||
|
||||
LIBBPF_API struct bpf_link *
|
||||
bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
|
||||
const struct bpf_tcx_opts *opts);
|
||||
|
||||
struct bpf_map;
|
||||
|
||||
LIBBPF_API struct bpf_link *bpf_map__attach_struct_ops(const struct bpf_map *map);
|
||||
|
|
|
|||
|
|
@ -397,4 +397,5 @@ LIBBPF_1.3.0 {
|
|||
bpf_obj_pin_opts;
|
||||
bpf_prog_detach_opts;
|
||||
bpf_program__attach_netfilter;
|
||||
bpf_program__attach_tcx;
|
||||
} LIBBPF_1.2.0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue