samples, bpf: Refactor tail call user progs with libbpf

BPF tail call uses the BPF_MAP_TYPE_PROG_ARRAY type map for calling
into other BPF programs and this PROG_ARRAY should be filled prior to
use. Currently, samples with the PROG_ARRAY type MAP fill this program
array with bpf_load. For bpf_load to fill this map, kernel BPF program
must specify the section with specific format of <prog_type>/<array_idx>
(e.g. SEC("socket/0"))

But by using libbpf instead of bpf_load, user program can specify which
programs should be added to PROG_ARRAY. The advantage of this approach
is that you can selectively add only the programs you want, rather than
adding all of them to PROG_ARRAY, and it's much more intuitive than the
traditional approach.

This commit refactors user programs with the PROG_ARRAY type MAP with
libbpf instead of using bpf_load.

Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200516040608.1377876-4-danieltimlee@gmail.com
This commit is contained in:
Daniel T. Lee 2020-05-16 13:06:06 +09:00 committed by Daniel Borkmann
parent 63841bc083
commit bc1a85977b
3 changed files with 103 additions and 31 deletions

View File

@ -63,12 +63,12 @@ TRACE_HELPERS := ../../tools/testing/selftests/bpf/trace_helpers.o
fds_example-objs := fds_example.o fds_example-objs := fds_example.o
sockex1-objs := sockex1_user.o sockex1-objs := sockex1_user.o
sockex2-objs := sockex2_user.o sockex2-objs := sockex2_user.o
sockex3-objs := bpf_load.o sockex3_user.o sockex3-objs := sockex3_user.o
tracex1-objs := tracex1_user.o $(TRACE_HELPERS) tracex1-objs := tracex1_user.o $(TRACE_HELPERS)
tracex2-objs := tracex2_user.o tracex2-objs := tracex2_user.o
tracex3-objs := tracex3_user.o tracex3-objs := tracex3_user.o
tracex4-objs := tracex4_user.o tracex4-objs := tracex4_user.o
tracex5-objs := bpf_load.o tracex5_user.o $(TRACE_HELPERS) tracex5-objs := tracex5_user.o $(TRACE_HELPERS)
tracex6-objs := tracex6_user.o tracex6-objs := tracex6_user.o
tracex7-objs := tracex7_user.o tracex7-objs := tracex7_user.o
test_probe_write_user-objs := bpf_load.o test_probe_write_user_user.o test_probe_write_user-objs := bpf_load.o test_probe_write_user_user.o

View File

@ -1,18 +1,13 @@
// SPDX-License-Identifier: GPL-2.0 // SPDX-License-Identifier: GPL-2.0
#include <stdio.h> #include <stdio.h>
#include <assert.h> #include <assert.h>
#include <linux/bpf.h>
#include <bpf/bpf.h> #include <bpf/bpf.h>
#include "bpf_load.h" #include <bpf/libbpf.h>
#include "sock_example.h" #include "sock_example.h"
#include <unistd.h> #include <unistd.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <sys/resource.h> #include <sys/resource.h>
#define PARSE_IP 3
#define PARSE_IP_PROG_FD (prog_fd[0])
#define PROG_ARRAY_FD (map_fd[0])
struct flow_key_record { struct flow_key_record {
__be32 src; __be32 src;
__be32 dst; __be32 dst;
@ -30,31 +25,55 @@ struct pair {
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int i, sock, key, fd, main_prog_fd, jmp_table_fd, hash_map_fd;
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
struct bpf_program *prog;
struct bpf_object *obj;
char filename[256]; char filename[256];
const char *title;
FILE *f; FILE *f;
int i, sock, err, id, key = PARSE_IP;
struct bpf_prog_info info = {};
uint32_t info_len = sizeof(info);
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
setrlimit(RLIMIT_MEMLOCK, &r); setrlimit(RLIMIT_MEMLOCK, &r);
if (load_bpf_file(filename)) { obj = bpf_object__open_file(filename, NULL);
printf("%s", bpf_log_buf); if (libbpf_get_error(obj)) {
return 1; fprintf(stderr, "ERROR: opening BPF object file failed\n");
return 0;
} }
/* Test fd array lookup which returns the id of the bpf_prog */ /* load BPF program */
err = bpf_obj_get_info_by_fd(PARSE_IP_PROG_FD, &info, &info_len); if (bpf_object__load(obj)) {
assert(!err); fprintf(stderr, "ERROR: loading BPF object file failed\n");
err = bpf_map_lookup_elem(PROG_ARRAY_FD, &key, &id); goto cleanup;
assert(!err); }
assert(id == info.id);
jmp_table_fd = bpf_object__find_map_fd_by_name(obj, "jmp_table");
hash_map_fd = bpf_object__find_map_fd_by_name(obj, "hash_map");
if (jmp_table_fd < 0 || hash_map_fd < 0) {
fprintf(stderr, "ERROR: finding a map in obj file failed\n");
goto cleanup;
}
bpf_object__for_each_program(prog, obj) {
fd = bpf_program__fd(prog);
title = bpf_program__title(prog, false);
if (sscanf(title, "socket/%d", &key) != 1) {
fprintf(stderr, "ERROR: finding prog failed\n");
goto cleanup;
}
if (key == 0)
main_prog_fd = fd;
else
bpf_map_update_elem(jmp_table_fd, &key, &fd, BPF_ANY);
}
sock = open_raw_sock("lo"); sock = open_raw_sock("lo");
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd[4], /* attach BPF program to socket */
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &main_prog_fd,
sizeof(__u32)) == 0); sizeof(__u32)) == 0);
if (argc > 1) if (argc > 1)
@ -69,8 +88,8 @@ int main(int argc, char **argv)
sleep(1); sleep(1);
printf("IP src.port -> dst.port bytes packets\n"); printf("IP src.port -> dst.port bytes packets\n");
while (bpf_map_get_next_key(map_fd[2], &key, &next_key) == 0) { while (bpf_map_get_next_key(hash_map_fd, &key, &next_key) == 0) {
bpf_map_lookup_elem(map_fd[2], &next_key, &value); bpf_map_lookup_elem(hash_map_fd, &next_key, &value);
printf("%s.%05d -> %s.%05d %12lld %12lld\n", printf("%s.%05d -> %s.%05d %12lld %12lld\n",
inet_ntoa((struct in_addr){htonl(next_key.src)}), inet_ntoa((struct in_addr){htonl(next_key.src)}),
next_key.port16[0], next_key.port16[0],
@ -80,5 +99,8 @@ int main(int argc, char **argv)
key = next_key; key = next_key;
} }
} }
cleanup:
bpf_object__close(obj);
return 0; return 0;
} }

View File

@ -1,15 +1,21 @@
// SPDX-License-Identifier: GPL-2.0 // SPDX-License-Identifier: GPL-2.0
#include <stdio.h> #include <stdio.h>
#include <linux/bpf.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
#include <linux/filter.h> #include <linux/filter.h>
#include <linux/seccomp.h> #include <linux/seccomp.h>
#include <sys/prctl.h> #include <sys/prctl.h>
#include <bpf/bpf.h> #include <bpf/bpf.h>
#include "bpf_load.h" #include <bpf/libbpf.h>
#include <sys/resource.h> #include <sys/resource.h>
#include "trace_helpers.h" #include "trace_helpers.h"
#ifdef __mips__
#define MAX_ENTRIES 6000 /* MIPS n64 syscalls start at 5000 */
#else
#define MAX_ENTRIES 1024
#endif
/* install fake seccomp program to enable seccomp code path inside the kernel, /* install fake seccomp program to enable seccomp code path inside the kernel,
* so that our kprobe attached to seccomp_phase1() can be triggered * so that our kprobe attached to seccomp_phase1() can be triggered
*/ */
@ -28,16 +34,57 @@ static void install_accept_all_seccomp(void)
int main(int ac, char **argv) int main(int ac, char **argv)
{ {
FILE *f;
char filename[256];
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
struct bpf_link *link = NULL;
struct bpf_program *prog;
struct bpf_object *obj;
int key, fd, progs_fd;
char filename[256];
const char *title;
FILE *f;
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
setrlimit(RLIMIT_MEMLOCK, &r); setrlimit(RLIMIT_MEMLOCK, &r);
if (load_bpf_file(filename)) { snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
printf("%s", bpf_log_buf); obj = bpf_object__open_file(filename, NULL);
return 1; if (libbpf_get_error(obj)) {
fprintf(stderr, "ERROR: opening BPF object file failed\n");
return 0;
}
prog = bpf_object__find_program_by_name(obj, "bpf_prog1");
if (!prog) {
printf("finding a prog in obj file failed\n");
goto cleanup;
}
/* load BPF program */
if (bpf_object__load(obj)) {
fprintf(stderr, "ERROR: loading BPF object file failed\n");
goto cleanup;
}
link = bpf_program__attach(prog);
if (libbpf_get_error(link)) {
fprintf(stderr, "ERROR: bpf_program__attach failed\n");
link = NULL;
goto cleanup;
}
progs_fd = bpf_object__find_map_fd_by_name(obj, "progs");
if (progs_fd < 0) {
fprintf(stderr, "ERROR: finding a map in obj file failed\n");
goto cleanup;
}
bpf_object__for_each_program(prog, obj) {
title = bpf_program__title(prog, false);
/* register only syscalls to PROG_ARRAY */
if (sscanf(title, "kprobe/%d", &key) != 1)
continue;
fd = bpf_program__fd(prog);
bpf_map_update_elem(progs_fd, &key, &fd, BPF_ANY);
} }
install_accept_all_seccomp(); install_accept_all_seccomp();
@ -47,5 +94,8 @@ int main(int ac, char **argv)
read_trace_pipe(); read_trace_pipe();
cleanup:
bpf_link__destroy(link);
bpf_object__close(obj);
return 0; return 0;
} }