[mirror_ubuntu-eoan-kernel.git] / samples / bpf / test_cgrp2_sock.c

/* eBPF example program:
 *
 * - Loads eBPF program
 *
 *   The eBPF program sets the sk_bound_dev_if index in new AF_INET{6}
 *   sockets opened by processes in the cgroup.
 *
 * - Attaches the new program to a cgroup using BPF_PROG_ATTACH
 */

#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <net/if.h>
#include <inttypes.h>
#include <linux/bpf.h>

#include "libbpf.h"

char bpf_log_buf[BPF_LOG_BUF_SIZE];

static int prog_load(__u32 idx, __u32 mark, __u32 prio)
{
	/* save pointer to context */
	struct bpf_insn prog_start[] = {
		BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
	};
	struct bpf_insn prog_end[] = {
		BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */
		BPF_EXIT_INSN(),
	};

	/* set sk_bound_dev_if on socket */
	struct bpf_insn prog_dev[] = {
		BPF_MOV64_IMM(BPF_REG_3, idx),
		BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, bound_dev_if)),
		BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, bound_dev_if)),
	};

	/* set mark on socket */
	struct bpf_insn prog_mark[] = {
		BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
		BPF_MOV64_IMM(BPF_REG_3, mark),
		BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, mark)),
		BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, mark)),
	};

	/* set priority on socket */
	struct bpf_insn prog_prio[] = {
		BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
		BPF_MOV64_IMM(BPF_REG_3, prio),
		BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, priority)),
		BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, priority)),
	};

	struct bpf_insn *prog;
	size_t insns_cnt;
	void *p;
	int ret;

	insns_cnt = sizeof(prog_start) + sizeof(prog_end);
	if (idx)
		insns_cnt += sizeof(prog_dev);

	if (mark)
		insns_cnt += sizeof(prog_mark);

	if (prio)
		insns_cnt += sizeof(prog_prio);

	p = prog = malloc(insns_cnt);
	if (!prog) {
		fprintf(stderr, "Failed to allocate memory for instructions\n");
		return EXIT_FAILURE;
	}

	memcpy(p, prog_start, sizeof(prog_start));
	p += sizeof(prog_start);

	if (idx) {
		memcpy(p, prog_dev, sizeof(prog_dev));
		p += sizeof(prog_dev);
	}

	if (mark) {
		memcpy(p, prog_mark, sizeof(prog_mark));
		p += sizeof(prog_mark);
	}

	if (prio) {
		memcpy(p, prog_prio, sizeof(prog_prio));
		p += sizeof(prog_prio);
	}

	memcpy(p, prog_end, sizeof(prog_end));
	p += sizeof(prog_end);

	insns_cnt /= sizeof(struct bpf_insn);

	ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SOCK, prog, insns_cnt,
				"GPL", 0, bpf_log_buf, BPF_LOG_BUF_SIZE);

	free(prog);

	return ret;
}

static int usage(const char *argv0)
{
	printf("Usage: %s -b bind-to-dev -m mark -p prio cg-path\n", argv0);
	return EXIT_FAILURE;
}

int main(int argc, char **argv)
{
	__u32 idx = 0, mark = 0, prio = 0;
	const char *cgrp_path = NULL;
	int cg_fd, prog_fd, ret;
	int rc;

	while ((rc = getopt(argc, argv, "b:m:p:")) != -1) {
		switch (rc) {
		case 'b':
			idx = if_nametoindex(optarg);
			if (!idx) {
				idx = strtoumax(optarg, NULL, 0);
				if (!idx) {
					printf("Invalid device name\n");
					return EXIT_FAILURE;
				}
			}
			break;
		case 'm':
			mark = strtoumax(optarg, NULL, 0);
			break;
		case 'p':
			prio = strtoumax(optarg, NULL, 0);
			break;
		default:
			return usage(argv[0]);
		}
	}

	if (optind == argc)
		return usage(argv[0]);

	cgrp_path = argv[optind];
	if (!cgrp_path) {
		fprintf(stderr, "cgroup path not given\n");
		return EXIT_FAILURE;
	}

	if (!idx && !mark && !prio) {
		fprintf(stderr,
			"One of device, mark or priority must be given\n");
		return EXIT_FAILURE;
	}

	cg_fd = open(cgrp_path, O_DIRECTORY | O_RDONLY);
	if (cg_fd < 0) {
		printf("Failed to open cgroup path: '%s'\n", strerror(errno));
		return EXIT_FAILURE;
	}

	prog_fd = prog_load(idx, mark, prio);
	if (prog_fd < 0) {
		printf("Failed to load prog: '%s'\n", strerror(errno));
		printf("Output from kernel verifier:\n%s\n-------\n",
		       bpf_log_buf);
		return EXIT_FAILURE;
	}

	ret = bpf_prog_attach(prog_fd, cg_fd, BPF_CGROUP_INET_SOCK_CREATE, 0);
	if (ret < 0) {
		printf("Failed to attach prog to cgroup: '%s'\n",
		       strerror(errno));
		return EXIT_FAILURE;
	}

	return EXIT_SUCCESS;
}
Commit	Line	Data
ad2805dc DA	1	/* eBPF example program:
	2	*
	3	* - Loads eBPF program
	4	*
	5	* The eBPF program sets the sk_bound_dev_if index in new AF_INET{6}
	6	* sockets opened by processes in the cgroup.
	7	*
	8	* - Attaches the new program to a cgroup using BPF_PROG_ATTACH
	9	*/
	10
	11	#define _GNU_SOURCE
	12
	13	#include <stdio.h>
	14	#include <stdlib.h>
	15	#include <stddef.h>
	16	#include <string.h>
	17	#include <unistd.h>
	18	#include <assert.h>
	19	#include <errno.h>
	20	#include <fcntl.h>
	21	#include <net/if.h>
fa38aa17	22	#include <inttypes.h>
ad2805dc DA	23	#include <linux/bpf.h>
	24
	25	#include "libbpf.h"
	26
d40fc181 JS	27	char bpf_log_buf[BPF_LOG_BUF_SIZE];
d40fc181 JS	28
fa38aa17	29	static int prog_load(__u32 idx, __u32 mark, __u32 prio)
ad2805dc	30	{
fa38aa17 DA	31	/* save pointer to context */
fa38aa17 DA	32	struct bpf_insn prog_start[] = {
ad2805dc	33	BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
fa38aa17 DA	34	};
	35	struct bpf_insn prog_end[] = {
	36	BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */
	37	BPF_EXIT_INSN(),
	38	};
	39
	40	/* set sk_bound_dev_if on socket */
	41	struct bpf_insn prog_dev[] = {
ad2805dc DA	42	BPF_MOV64_IMM(BPF_REG_3, idx),
	43	BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, bound_dev_if)),
	44	BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, bound_dev_if)),
ad2805dc DA	45	};
ad2805dc DA	46
fa38aa17 DA	47	/* set mark on socket */
	48	struct bpf_insn prog_mark[] = {
	49	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
	50	BPF_MOV64_IMM(BPF_REG_3, mark),
	51	BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, mark)),
	52	BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, mark)),
	53	};
	54
	55	/* set priority on socket */
	56	struct bpf_insn prog_prio[] = {
	57	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
	58	BPF_MOV64_IMM(BPF_REG_3, prio),
	59	BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, priority)),
	60	BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, priority)),
	61	};
	62
	63	struct bpf_insn *prog;
	64	size_t insns_cnt;
	65	void *p;
	66	int ret;
	67
	68	insns_cnt = sizeof(prog_start) + sizeof(prog_end);
	69	if (idx)
	70	insns_cnt += sizeof(prog_dev);
	71
	72	if (mark)
	73	insns_cnt += sizeof(prog_mark);
	74
	75	if (prio)
	76	insns_cnt += sizeof(prog_prio);
	77
	78	p = prog = malloc(insns_cnt);
	79	if (!prog) {
	80	fprintf(stderr, "Failed to allocate memory for instructions\n");
	81	return EXIT_FAILURE;
	82	}
	83
	84	memcpy(p, prog_start, sizeof(prog_start));
	85	p += sizeof(prog_start);
	86
	87	if (idx) {
	88	memcpy(p, prog_dev, sizeof(prog_dev));
	89	p += sizeof(prog_dev);
	90	}
	91
	92	if (mark) {
	93	memcpy(p, prog_mark, sizeof(prog_mark));
	94	p += sizeof(prog_mark);
	95	}
	96
	97	if (prio) {
	98	memcpy(p, prog_prio, sizeof(prog_prio));
	99	p += sizeof(prog_prio);
	100	}
	101
	102	memcpy(p, prog_end, sizeof(prog_end));
	103	p += sizeof(prog_end);
	104
	105	insns_cnt /= sizeof(struct bpf_insn);
	106
	107	ret = bpf_load_program(BPF_PROG_TYPE_CGROUP_SOCK, prog, insns_cnt,
d40fc181	108	"GPL", 0, bpf_log_buf, BPF_LOG_BUF_SIZE);
fa38aa17 DA	109
	110	free(prog);
	111
	112	return ret;
ad2805dc DA	113	}
	114
	115	static int usage(const char *argv0)
	116	{
fa38aa17	117	printf("Usage: %s -b bind-to-dev -m mark -p prio cg-path\n", argv0);
ad2805dc DA	118	return EXIT_FAILURE;
	119	}
	120
	121	int main(int argc, char **argv)
	122	{
fa38aa17 DA	123	__u32 idx = 0, mark = 0, prio = 0;
fa38aa17 DA	124	const char *cgrp_path = NULL;
ad2805dc	125	int cg_fd, prog_fd, ret;
fa38aa17 DA	126	int rc;
	127
	128	while ((rc = getopt(argc, argv, "b:m:p:")) != -1) {
	129	switch (rc) {
	130	case 'b':
	131	idx = if_nametoindex(optarg);
	132	if (!idx) {
	133	idx = strtoumax(optarg, NULL, 0);
	134	if (!idx) {
	135	printf("Invalid device name\n");
	136	return EXIT_FAILURE;
	137	}
	138	}
	139	break;
	140	case 'm':
	141	mark = strtoumax(optarg, NULL, 0);
	142	break;
	143	case 'p':
	144	prio = strtoumax(optarg, NULL, 0);
	145	break;
	146	default:
	147	return usage(argv[0]);
	148	}
	149	}
ad2805dc	150
fa38aa17	151	if (optind == argc)
ad2805dc DA	152	return usage(argv[0]);
ad2805dc DA	153
fa38aa17 DA	154	cgrp_path = argv[optind];
	155	if (!cgrp_path) {
	156	fprintf(stderr, "cgroup path not given\n");
ad2805dc DA	157	return EXIT_FAILURE;
	158	}
	159
fa38aa17 DA	160	if (!idx && !mark && !prio) {
	161	fprintf(stderr,
	162	"One of device, mark or priority must be given\n");
	163	return EXIT_FAILURE;
	164	}
	165
	166	cg_fd = open(cgrp_path, O_DIRECTORY \| O_RDONLY);
ad2805dc DA	167	if (cg_fd < 0) {
	168	printf("Failed to open cgroup path: '%s'\n", strerror(errno));
	169	return EXIT_FAILURE;
	170	}
	171
fa38aa17	172	prog_fd = prog_load(idx, mark, prio);
ad2805dc DA	173	if (prog_fd < 0) {
ad2805dc DA	174	printf("Failed to load prog: '%s'\n", strerror(errno));
fa38aa17 DA	175	printf("Output from kernel verifier:\n%s\n-------\n",
fa38aa17 DA	176	bpf_log_buf);
ad2805dc DA	177	return EXIT_FAILURE;
	178	}
	179
7f677633	180	ret = bpf_prog_attach(prog_fd, cg_fd, BPF_CGROUP_INET_SOCK_CREATE, 0);
ad2805dc DA	181	if (ret < 0) {
	182	printf("Failed to attach prog to cgroup: '%s'\n",
	183	strerror(errno));
	184	return EXIT_FAILURE;
	185	}
	186
	187	return EXIT_SUCCESS;
	188	}