]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/f_bpf.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into net-next
[mirror_iproute2.git] / tc / f_bpf.c
1 /*
2 * f_bpf.c BPF-based Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Daniel Borkmann <dborkman@redhat.com>
10 */
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <syslog.h>
16 #include <fcntl.h>
17 #include <libgen.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <string.h>
22 #include <stdbool.h>
23 #include <errno.h>
24 #include <limits.h>
25 #include <linux/filter.h>
26 #include <linux/if.h>
27
28 #include "utils.h"
29 #include "tc_util.h"
30 #include "tc_bpf.h"
31
32 static const enum bpf_prog_type bpf_type = BPF_PROG_TYPE_SCHED_CLS;
33
34 static void explain(void)
35 {
36 fprintf(stderr, "Usage: ... bpf ...\n");
37 fprintf(stderr, "\n");
38 fprintf(stderr, "BPF use case:\n");
39 fprintf(stderr, " bytecode BPF_BYTECODE\n");
40 fprintf(stderr, " bytecode-file FILE\n");
41 fprintf(stderr, "\n");
42 fprintf(stderr, "eBPF use case:\n");
43 fprintf(stderr, " object-file FILE [ section CLS_NAME ] [ export UDS_FILE ]");
44 fprintf(stderr, " [ verbose ] [ direct-action ]\n");
45 fprintf(stderr, "\n");
46 fprintf(stderr, "Common remaining options:\n");
47 fprintf(stderr, " [ action ACTION_SPEC ]\n");
48 fprintf(stderr, " [ classid CLASSID ]\n");
49 fprintf(stderr, "\n");
50 fprintf(stderr, "Where BPF_BYTECODE := \'s,c t f k,c t f k,c t f k,...\'\n");
51 fprintf(stderr, "c,t,f,k and s are decimals; s denotes number of 4-tuples\n");
52 fprintf(stderr, "\n");
53 fprintf(stderr, "Where FILE points to a file containing the BPF_BYTECODE string,\n");
54 fprintf(stderr, "an ELF file containing eBPF map definitions and bytecode.\n");
55 fprintf(stderr, "\n");
56 fprintf(stderr, "Where CLS_NAME refers to the section name containing the\n");
57 fprintf(stderr, "classifier (default \'%s\').\n", bpf_default_section(bpf_type));
58 fprintf(stderr, "\n");
59 fprintf(stderr, "Where UDS_FILE points to a unix domain socket file in order\n");
60 fprintf(stderr, "to hand off control of all created eBPF maps to an agent.\n");
61 fprintf(stderr, "\n");
62 fprintf(stderr, "ACTION_SPEC := ... look at individual actions\n");
63 fprintf(stderr, "NOTE: CLASSID is parsed as hexadecimal input.\n");
64 }
65
66 static int bpf_parse_opt(struct filter_util *qu, char *handle,
67 int argc, char **argv, struct nlmsghdr *n)
68 {
69 struct tcmsg *t = NLMSG_DATA(n);
70 const char *bpf_uds_name = NULL;
71 const char *bpf_sec_name = NULL;
72 unsigned int bpf_flags = 0;
73 char *bpf_obj = NULL;
74 struct rtattr *tail;
75 bool seen_run = false;
76 long h = 0;
77 int ret = 0;
78
79 if (argc == 0)
80 return 0;
81
82 if (handle) {
83 h = strtol(handle, NULL, 0);
84 if (h == LONG_MIN || h == LONG_MAX) {
85 fprintf(stderr, "Illegal handle \"%s\", must be "
86 "numeric.\n", handle);
87 return -1;
88 }
89 }
90
91 t->tcm_handle = h;
92
93 tail = (struct rtattr *)(((void *)n) + NLMSG_ALIGN(n->nlmsg_len));
94 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
95
96 while (argc > 0) {
97 if (matches(*argv, "run") == 0) {
98 struct sock_filter bpf_ops[BPF_MAXINSNS];
99 bool from_file, ebpf, bpf_verbose;
100 int ret;
101
102 NEXT_ARG();
103 opt_bpf:
104 bpf_sec_name = bpf_default_section(bpf_type);
105 bpf_verbose = false;
106 ebpf = false;
107 seen_run = true;
108
109 if (strcmp(*argv, "bytecode-file") == 0 ||
110 strcmp(*argv, "bcf") == 0) {
111 from_file = true;
112 } else if (strcmp(*argv, "bytecode") == 0 ||
113 strcmp(*argv, "bc") == 0) {
114 from_file = false;
115 } else if (strcmp(*argv, "object-file") == 0 ||
116 strcmp(*argv, "obj") == 0) {
117 ebpf = true;
118 } else {
119 fprintf(stderr, "What is \"%s\"?\n", *argv);
120 explain();
121 return -1;
122 }
123
124 NEXT_ARG();
125 if (ebpf) {
126 bpf_uds_name = getenv(BPF_ENV_UDS);
127 bpf_obj = *argv;
128
129 NEXT_ARG_FWD();
130
131 if (argc > 0 &&
132 (strcmp(*argv, "section") == 0 ||
133 strcmp(*argv, "sec") == 0)) {
134 NEXT_ARG();
135 bpf_sec_name = *argv;
136 NEXT_ARG_FWD();
137 }
138 if (argc > 0 && !bpf_uds_name &&
139 (strcmp(*argv, "export") == 0 ||
140 strcmp(*argv, "exp") == 0)) {
141 NEXT_ARG();
142 bpf_uds_name = *argv;
143 NEXT_ARG_FWD();
144 }
145 if (argc > 0 &&
146 (strcmp(*argv, "verbose") == 0 ||
147 strcmp(*argv, "verb") == 0)) {
148 bpf_verbose = true;
149 NEXT_ARG_FWD();
150 }
151
152 PREV_ARG();
153 }
154
155 ret = ebpf ? bpf_open_object(bpf_obj, bpf_type, bpf_sec_name,
156 bpf_verbose) :
157 bpf_parse_ops(argc, argv, bpf_ops, from_file);
158 if (ret < 0) {
159 fprintf(stderr, "%s\n", ebpf ?
160 "Could not load object" :
161 "Illegal \"bytecode\"");
162 return -1;
163 }
164
165 if (ebpf) {
166 char bpf_name[256];
167
168 bpf_obj = basename(bpf_obj);
169
170 snprintf(bpf_name, sizeof(bpf_name), "%s:[%s]",
171 bpf_obj, bpf_sec_name);
172
173 addattr32(n, MAX_MSG, TCA_BPF_FD, ret);
174 addattrstrz(n, MAX_MSG, TCA_BPF_NAME, bpf_name);
175 } else {
176 addattr16(n, MAX_MSG, TCA_BPF_OPS_LEN, ret);
177 addattr_l(n, MAX_MSG, TCA_BPF_OPS, &bpf_ops,
178 ret * sizeof(struct sock_filter));
179 }
180 } else if (matches(*argv, "classid") == 0 ||
181 strcmp(*argv, "flowid") == 0) {
182 unsigned int handle;
183
184 NEXT_ARG();
185 if (get_tc_classid(&handle, *argv)) {
186 fprintf(stderr, "Illegal \"classid\"\n");
187 return -1;
188 }
189 addattr32(n, MAX_MSG, TCA_BPF_CLASSID, handle);
190 } else if (matches(*argv, "direct-action") == 0 ||
191 matches(*argv, "da") == 0) {
192 bpf_flags |= TCA_BPF_FLAG_ACT_DIRECT;
193 } else if (matches(*argv, "action") == 0) {
194 NEXT_ARG();
195 if (parse_action(&argc, &argv, TCA_BPF_ACT, n)) {
196 fprintf(stderr, "Illegal \"action\"\n");
197 return -1;
198 }
199 continue;
200 } else if (matches(*argv, "police") == 0) {
201 NEXT_ARG();
202 if (parse_police(&argc, &argv, TCA_BPF_POLICE, n)) {
203 fprintf(stderr, "Illegal \"police\"\n");
204 return -1;
205 }
206 continue;
207 } else if (strcmp(*argv, "help") == 0) {
208 explain();
209 return -1;
210 } else {
211 if (!seen_run)
212 goto opt_bpf;
213
214 fprintf(stderr, "What is \"%s\"?\n", *argv);
215 explain();
216 return -1;
217 }
218
219 NEXT_ARG_FWD();
220 }
221
222 if (bpf_obj && bpf_flags)
223 addattr32(n, MAX_MSG, TCA_BPF_FLAGS, bpf_flags);
224
225 tail->rta_len = (((void *)n) + n->nlmsg_len) - (void *)tail;
226
227 if (bpf_uds_name)
228 ret = bpf_send_map_fds(bpf_uds_name, bpf_obj);
229
230 return ret;
231 }
232
233 static int bpf_print_opt(struct filter_util *qu, FILE *f,
234 struct rtattr *opt, __u32 handle)
235 {
236 struct rtattr *tb[TCA_BPF_MAX + 1];
237
238 if (opt == NULL)
239 return 0;
240
241 parse_rtattr_nested(tb, TCA_BPF_MAX, opt);
242
243 if (handle)
244 fprintf(f, "handle 0x%x ", handle);
245
246 if (tb[TCA_BPF_CLASSID]) {
247 SPRINT_BUF(b1);
248 fprintf(f, "flowid %s ",
249 sprint_tc_classid(rta_getattr_u32(tb[TCA_BPF_CLASSID]), b1));
250 }
251
252 if (tb[TCA_BPF_NAME])
253 fprintf(f, "%s ", rta_getattr_str(tb[TCA_BPF_NAME]));
254 else if (tb[TCA_BPF_FD])
255 fprintf(f, "pfd %u ", rta_getattr_u32(tb[TCA_BPF_FD]));
256
257 if (tb[TCA_BPF_FLAGS]) {
258 unsigned int flags = rta_getattr_u32(tb[TCA_BPF_FLAGS]);
259
260 if (flags & TCA_BPF_FLAG_ACT_DIRECT)
261 fprintf(f, "direct-action ");
262 }
263
264 if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN]) {
265 bpf_print_ops(f, tb[TCA_BPF_OPS],
266 rta_getattr_u16(tb[TCA_BPF_OPS_LEN]));
267 fprintf(f, "\n");
268 }
269
270 if (tb[TCA_BPF_POLICE]) {
271 fprintf(f, "\n");
272 tc_print_police(f, tb[TCA_BPF_POLICE]);
273 }
274
275 if (tb[TCA_BPF_ACT]) {
276 tc_print_action(f, tb[TCA_BPF_ACT]);
277 }
278
279 return 0;
280 }
281
282 struct filter_util bpf_filter_util = {
283 .id = "bpf",
284 .parse_fopt = bpf_parse_opt,
285 .print_fopt = bpf_print_opt,
286 };
Upstream mirror of iproute2