43371c83f3
Now that libbpf under tools/lib/bpf/* is synced with the version from
samples/bpf, we can get rid most of the libbpf library here.
Committer notes:
Built it in a docker fedora rawhide container and ran it in the f25 host, seems
to work just like it did before this patch, i.e. the switch to tools/lib/bpf/
doesn't seem to have introduced problems and Joe said he tested it with
all the entries in samples/bpf/ and other code he found:
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux headers_install
<SNIP>
[root@f5065a7d6272 linux]# rm -rf /tmp/build/linux/samples/bpf/
[root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux samples/bpf/
make[1]: Entering directory '/tmp/build/linux'
CHK include/config/kernel.release
HOSTCC scripts/basic/fixdep
GEN ./Makefile
CHK include/generated/uapi/linux/version.h
Using /git/linux as source for kernel
CHK include/generated/utsrelease.h
HOSTCC scripts/basic/bin2c
HOSTCC arch/x86/tools/relocs_32.o
HOSTCC arch/x86/tools/relocs_64.o
LD samples/bpf/built-in.o
<SNIP>
HOSTCC samples/bpf/fds_example.o
HOSTCC samples/bpf/sockex1_user.o
/git/linux/samples/bpf/fds_example.c: In function 'bpf_prog_create':
/git/linux/samples/bpf/fds_example.c:63:6: warning: passing argument 2 of 'bpf_load_program' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
insns, insns_cnt, "GPL", 0,
^~~~~
In file included from /git/linux/samples/bpf/libbpf.h:5:0,
from /git/linux/samples/bpf/bpf_load.h:4,
from /git/linux/samples/bpf/fds_example.c:15:
/git/linux/tools/lib/bpf/bpf.h:31:5: note: expected 'struct bpf_insn *' but argument is of type 'const struct bpf_insn *'
int bpf_load_program(enum bpf_prog_type type, struct bpf_insn *insns,
^~~~~~~~~~~~~~~~
HOSTCC samples/bpf/sockex2_user.o
<SNIP>
HOSTCC samples/bpf/xdp_tx_iptunnel_user.o
clang -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/6.2.1/include -I/git/linux/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/git/linux/include -I./include -I/git/linux/arch/x86/include/uapi -I/git/linux/include/uapi -I./include/generated/uapi -include /git/linux/include/linux/kconfig.h \
-D__KERNEL__ -D__ASM_SYSREG_H -Wno-unused-value -Wno-pointer-sign \
-Wno-compare-distinct-pointer-types \
-Wno-gnu-variable-sized-type-not-at-end \
-Wno-address-of-packed-member -Wno-tautological-compare \
-O2 -emit-llvm -c /git/linux/samples/bpf/sockex1_kern.c -o -| llc -march=bpf -filetype=obj -o samples/bpf/sockex1_kern.o
HOSTLD samples/bpf/tc_l2_redirect
<SNIP>
HOSTLD samples/bpf/lwt_len_hist
HOSTLD samples/bpf/xdp_tx_iptunnel
make[1]: Leaving directory '/tmp/build/linux'
[root@f5065a7d6272 linux]#
And then, in the host:
[root@jouet bpf]# mount | grep "docker.*devicemapper\/"
/dev/mapper/docker-253:0-1705076-9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 on /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 type xfs (rw,relatime,context="system_u:object_r:container_file_t:s0:c73,c276",nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota)
[root@jouet bpf]# cd /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9/rootfs/tmp/build/linux/samples/bpf/
[root@jouet bpf]# file offwaketime
offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f423d171e0487b2f802b6a792657f0f3c8f6d155, not stripped
[root@jouet bpf]# readelf -SW offwaketime
offwaketime offwaketime_kern.o offwaketime_user.o
[root@jouet bpf]# readelf -SW offwaketime_kern.o
There are 11 section headers, starting at offset 0x700:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .strtab STRTAB 0000000000000000 000658 0000a8 00 0 0 1
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8
[ 4] .relkprobe/try_to_wake_up REL 0000000000000000 0005a8 000020 10 10 3 8
[ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8
[ 6] .reltracepoint/sched/sched_switch REL 0000000000000000 0005c8 000090 10 10 5 8
[ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4
[ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1
[ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4
[10] .symtab SYMTAB 0000000000000000 000488 000120 18 1 4 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[root@jouet bpf]# ./offwaketime | head -3
qemu-system-x86;entry_SYSCALL_64_fastpath;sys_ppoll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;hrtimer_wakeup;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter_state;cpuidle_enter;call_cpuidle;cpu_startup_entry;rest_init;start_kernel;x86_64_start_reservations;x86_64_start_kernel;start_cpu;;swapper/0 4
firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 1
swapper/2;start_cpu;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 61
[root@jouet bpf]#
Signed-off-by: Joe Stringer <joe@ovn.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@fb.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: netdev@vger.kernel.org
Link: 5c40f54a52
.patch
Link: http://lkml.kernel.org/n/tip-xr8twtx7sjh5821g8qw47yxk@git.kernel.org
[ Use -I$(srctree)/tools/lib/ to support out of source code tree builds, as noticed by Wang Nan ]
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
137 lines
2.7 KiB
C
137 lines
2.7 KiB
C
/* eBPF example program:
|
|
*
|
|
* - Creates arraymap in kernel with 4 bytes keys and 8 byte values
|
|
*
|
|
* - Loads eBPF program
|
|
*
|
|
* The eBPF program accesses the map passed in to store two pieces of
|
|
* information. The number of invocations of the program, which maps
|
|
* to the number of packets received, is stored to key 0. Key 1 is
|
|
* incremented on each iteration by the number of bytes stored in
|
|
* the skb.
|
|
*
|
|
* - Attaches the new program to a cgroup using BPF_PROG_ATTACH
|
|
*
|
|
* - Every second, reads map[0] and map[1] to see how many bytes and
|
|
* packets were seen on any socket of tasks in the given cgroup.
|
|
*/
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <assert.h>
|
|
#include <unistd.h>
|
|
|
|
#include <linux/bpf.h>
|
|
|
|
#include "libbpf.h"
|
|
#include "cgroup_helpers.h"
|
|
|
|
#define FOO "/foo"
|
|
#define BAR "/foo/bar/"
|
|
#define PING_CMD "ping -c1 -w1 127.0.0.1"
|
|
|
|
char bpf_log_buf[BPF_LOG_BUF_SIZE];
|
|
|
|
static int prog_load(int verdict)
|
|
{
|
|
int ret;
|
|
struct bpf_insn prog[] = {
|
|
BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */
|
|
BPF_EXIT_INSN(),
|
|
};
|
|
size_t insns_cnt = sizeof(prog) / sizeof(struct bpf_insn);
|
|
|
|
ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SKB,
|
|
prog, insns_cnt, "GPL", 0,
|
|
bpf_log_buf, BPF_LOG_BUF_SIZE);
|
|
|
|
if (ret < 0) {
|
|
log_err("Loading program");
|
|
printf("Output from verifier:\n%s\n-------\n", bpf_log_buf);
|
|
return 0;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
int drop_prog, allow_prog, foo = 0, bar = 0, rc = 0;
|
|
|
|
allow_prog = prog_load(1);
|
|
if (!allow_prog)
|
|
goto err;
|
|
|
|
drop_prog = prog_load(0);
|
|
if (!drop_prog)
|
|
goto err;
|
|
|
|
if (setup_cgroup_environment())
|
|
goto err;
|
|
|
|
/* Create cgroup /foo, get fd, and join it */
|
|
foo = create_and_get_cgroup(FOO);
|
|
if (!foo)
|
|
goto err;
|
|
|
|
if (join_cgroup(FOO))
|
|
goto err;
|
|
|
|
if (bpf_prog_attach(drop_prog, foo, BPF_CGROUP_INET_EGRESS)) {
|
|
log_err("Attaching prog to /foo");
|
|
goto err;
|
|
}
|
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
/* Create cgroup /foo/bar, get fd, and join it */
|
|
bar = create_and_get_cgroup(BAR);
|
|
if (!bar)
|
|
goto err;
|
|
|
|
if (join_cgroup(BAR))
|
|
goto err;
|
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS)) {
|
|
log_err("Attaching prog to /foo/bar");
|
|
goto err;
|
|
}
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
|
|
if (bpf_prog_detach(bar, BPF_CGROUP_INET_EGRESS)) {
|
|
log_err("Detaching program from /foo/bar");
|
|
goto err;
|
|
}
|
|
|
|
assert(system(PING_CMD) != 0);
|
|
|
|
if (bpf_prog_attach(allow_prog, bar, BPF_CGROUP_INET_EGRESS)) {
|
|
log_err("Attaching prog to /foo/bar");
|
|
goto err;
|
|
}
|
|
|
|
if (bpf_prog_detach(foo, BPF_CGROUP_INET_EGRESS)) {
|
|
log_err("Detaching program from /foo");
|
|
goto err;
|
|
}
|
|
|
|
assert(system(PING_CMD) == 0);
|
|
|
|
goto out;
|
|
|
|
err:
|
|
rc = 1;
|
|
|
|
out:
|
|
close(foo);
|
|
close(bar);
|
|
cleanup_cgroup_environment();
|
|
return rc;
|
|
}
|