From: Quentin Deslandes <qde@naccy.de>
To: <qde@naccy.de>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Mykola Lysenko <mykolal@fb.com>, Shuah Khan <shuah@kernel.org>,
Dmitrii Banshchikov <me@ubique.spb.ru>,
<linux-kernel@vger.kernel.org>, <bpf@vger.kernel.org>,
<linux-kselftest@vger.kernel.org>, <netdev@vger.kernel.org>,
Kernel Team <kernel-team@meta.com>
Subject: [PATCH bpf-next v3 07/16] bpfilter: add support for TC bytecode generation
Date: Sat, 24 Dec 2022 01:03:53 +0100 [thread overview]
Message-ID: <20221224000402.476079-8-qde@naccy.de> (raw)
In-Reply-To: <20221224000402.476079-1-qde@naccy.de>
Add code generation support for TC hooks.
Co-developed-by: Dmitrii Banshchikov <me@ubique.spb.ru>
Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
Signed-off-by: Quentin Deslandes <qde@naccy.de>
---
net/bpfilter/codegen.c | 151 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 151 insertions(+)
diff --git a/net/bpfilter/codegen.c b/net/bpfilter/codegen.c
index 545bc7aeb77c..e7ae7dfa5118 100644
--- a/net/bpfilter/codegen.c
+++ b/net/bpfilter/codegen.c
@@ -8,6 +8,8 @@
#include "../../include/uapi/linux/bpfilter.h"
+#include <linux/pkt_cls.h>
+
#include <unistd.h>
#include <sys/syscall.h>
@@ -15,6 +17,8 @@
#include <stdlib.h>
#include <string.h>
+#include <bpf/libbpf.h>
+
#include "logger.h"
enum fixup_insn_type {
@@ -390,6 +394,150 @@ static void unload_maps(struct codegen *codegen)
}
}
+static int tc_gen_inline_prologue(struct codegen *codegen)
+{
+ EMIT(codegen, BPF_MOV64_REG(CODEGEN_REG_CTX, BPF_REG_ARG1));
+ EMIT(codegen, BPF_MOV64_REG(CODEGEN_REG_RUNTIME_CTX, BPF_REG_FP));
+ EMIT(codegen, BPF_MOV32_IMM(CODEGEN_REG_RETVAL, TC_ACT_OK));
+
+ return 0;
+}
+
+static int tc_load_packet_data(struct codegen *codegen, int dst_reg)
+{
+ EMIT(codegen, BPF_LDX_MEM(BPF_W, dst_reg, CODEGEN_REG_CTX,
+ offsetof(struct __sk_buff, data)));
+
+ return 0;
+}
+
+static int tc_load_packet_data_end(struct codegen *codegen, int dst_reg)
+{
+ EMIT(codegen, BPF_LDX_MEM(BPF_W, CODEGEN_REG_DATA_END, CODEGEN_REG_CTX,
+ offsetof(struct __sk_buff, data_end)));
+
+ return 0;
+}
+
+static int tc_emit_ret_code(struct codegen *codegen, int ret_code)
+{
+ int tc_ret_code;
+
+ if (ret_code == BPFILTER_NF_ACCEPT)
+ tc_ret_code = TC_ACT_UNSPEC;
+ else if (ret_code == BPFILTER_NF_DROP)
+ tc_ret_code = TC_ACT_SHOT;
+ else
+ return -EINVAL;
+
+ EMIT(codegen, BPF_MOV32_IMM(BPF_REG_0, tc_ret_code));
+
+ return 0;
+}
+
+static int tc_gen_inline_epilogue(struct codegen *codegen)
+{
+ EMIT(codegen, BPF_EXIT_INSN());
+
+ return 0;
+}
+
+struct tc_img_ctx {
+ int fd;
+ struct bpf_tc_hook hook;
+ struct bpf_tc_opts opts;
+};
+
+static int tc_load_img(struct codegen *codegen)
+{
+ struct tc_img_ctx *img_ctx;
+ int fd;
+ int r;
+
+ if (codegen->img_ctx) {
+ BFLOG_ERR("TC context missing from codegen");
+ return -EINVAL;
+ }
+
+ img_ctx = calloc(1, sizeof(*img_ctx));
+ if (!img_ctx) {
+ BFLOG_ERR("out of memory");
+ return -ENOMEM;
+ }
+
+ img_ctx->hook.sz = sizeof(img_ctx->hook);
+ img_ctx->hook.ifindex = 2;
+ img_ctx->hook.attach_point = codegen->bpf_tc_hook;
+
+ fd = load_img(codegen);
+ if (fd < 0) {
+ BFLOG_ERR("failed to load TC codegen image: %s", STRERR(fd));
+ r = fd;
+ goto err_free;
+ }
+
+ r = bpf_tc_hook_create(&img_ctx->hook);
+ if (r && r != -EEXIST) {
+ BFLOG_ERR("failed to create TC hook: %s\n", STRERR(r));
+ goto err_free;
+ }
+
+ img_ctx->opts.sz = sizeof(img_ctx->opts);
+ img_ctx->opts.handle = codegen->iptables_hook;
+ img_ctx->opts.priority = 0;
+ img_ctx->opts.prog_fd = fd;
+ r = bpf_tc_attach(&img_ctx->hook, &img_ctx->opts);
+ if (r) {
+ BFLOG_ERR("failed to attach TC program: %s", STRERR(r));
+ goto err_free;
+ }
+
+ img_ctx->fd = fd;
+ codegen->img_ctx = img_ctx;
+
+ return fd;
+
+err_free:
+ if (fd > -1)
+ close(fd);
+ free(img_ctx);
+ return r;
+}
+
+static void tc_unload_img(struct codegen *codegen)
+{
+ struct tc_img_ctx *img_ctx;
+ int r;
+
+ BUG_ON(!codegen->img_ctx);
+
+ img_ctx = (struct tc_img_ctx *)codegen->img_ctx;
+ img_ctx->opts.flags = 0;
+ img_ctx->opts.prog_fd = 0;
+ img_ctx->opts.prog_id = 0;
+ r = bpf_tc_detach(&img_ctx->hook, &img_ctx->opts);
+ if (r)
+ BFLOG_EMERG("failed to detach TC program: %s", STRERR(r));
+
+ BUG_ON(img_ctx->fd < 0);
+ close(img_ctx->fd);
+ free(img_ctx);
+
+ codegen->img_ctx = NULL;
+
+ unload_img(codegen);
+}
+
+static const struct codegen_ops tc_codegen_ops = {
+ .gen_inline_prologue = tc_gen_inline_prologue,
+ .load_packet_data = tc_load_packet_data,
+ .load_packet_data_end = tc_load_packet_data_end,
+ .emit_ret_code = tc_emit_ret_code,
+ .gen_inline_epilogue = tc_gen_inline_epilogue,
+ .load_img = tc_load_img,
+ .unload_img = tc_unload_img,
+};
+
void create_shared_codegen(struct shared_codegen *shared_codegen)
{
shared_codegen->maps_refcnt = 0;
@@ -413,6 +561,9 @@ int create_codegen(struct codegen *codegen, enum bpf_prog_type type)
memset(codegen, 0, sizeof(*codegen));
switch (type) {
+ case BPF_PROG_TYPE_SCHED_CLS:
+ codegen->codegen_ops = &tc_codegen_ops;
+ break;
default:
BFLOG_ERR("unsupported BPF program type %d", type);
return -EINVAL;
--
2.38.1
next prev parent reply other threads:[~2022-12-24 0:05 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-24 0:03 [PATCH bpf-next v3 00/16] bpfilter Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 01/16] bpfilter: add types for usermode helper Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 02/16] tools: add bpfilter usermode helper header Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 03/16] bpfilter: add logging facility Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 04/16] bpfilter: add map container Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 05/16] bpfilter: add runtime context Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 06/16] bpfilter: add BPF bytecode generation infrastructure Quentin Deslandes
2022-12-24 0:03 ` Quentin Deslandes [this message]
2022-12-24 0:03 ` [PATCH bpf-next v3 08/16] bpfilter: add match structure Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 09/16] bpfilter: add support for src/dst addr and ports Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 10/16] bpfilter: add target structure Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 11/16] bpfilter: add rule structure Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 12/16] bpfilter: add table structure Quentin Deslandes
2022-12-24 0:03 ` [PATCH bpf-next v3 13/16] bpfilter: add table code generation Quentin Deslandes
2022-12-24 0:04 ` [PATCH bpf-next v3 14/16] bpfilter: add setsockopt() support Quentin Deslandes
2022-12-24 0:04 ` [PATCH bpf-next v3 15/16] bpfilter: add filter table Quentin Deslandes
2022-12-24 0:04 ` [PATCH bpf-next v3 16/16] bpfilter: handle setsockopt() calls Quentin Deslandes
2022-12-27 18:22 ` [PATCH bpf-next v3 00/16] bpfilter Alexei Starovoitov
2023-01-03 11:38 ` Florian Westphal
2023-01-06 14:15 ` Quentin Deslandes
2023-01-12 3:03 ` Florian Westphal
2023-01-03 11:45 ` Florian Westphal
2023-01-06 14:43 ` Quentin Deslandes
2023-01-12 3:17 ` Florian Westphal
2023-01-25 10:25 ` Quentin Deslandes
-- strict thread matches above, loose matches on Subject: below --
2022-12-23 23:40 Quentin Deslandes
2022-12-23 23:40 ` [PATCH bpf-next v3 07/16] bpfilter: add support for TC bytecode generation Quentin Deslandes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221224000402.476079-8-qde@naccy.de \
--to=qde@naccy.de \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kernel-team@meta.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=me@ubique.spb.ru \
--cc=mykolal@fb.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox