From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: netfilter-devel@vger.kernel.org, bpf@vger.kernel.org,
dxu@dxuuu.xyz, qde@naccy.de, Florian Westphal <fw@strlen.de>
Subject: [PATCH bpf-next v2 5/6] tools: bpftool: print netfilter link info
Date: Thu, 13 Apr 2023 15:32:27 +0200 [thread overview]
Message-ID: <20230413133228.20790-6-fw@strlen.de> (raw)
In-Reply-To: <20230413133228.20790-1-fw@strlen.de>
Dump protocol family, hook and priority value:
$ bpftool link
2: type 10 prog 20
pf: 2, hook 1, prio -128
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tools/bpf/bpftool/link.c | 24 ++++++++++++++++++++++++
tools/include/uapi/linux/bpf.h | 15 +++++++++++++++
tools/lib/bpf/libbpf.c | 1 +
3 files changed, 40 insertions(+)
diff --git a/tools/bpf/bpftool/link.c b/tools/bpf/bpftool/link.c
index f985b79cca27..a2ea85d1ebbf 100644
--- a/tools/bpf/bpftool/link.c
+++ b/tools/bpf/bpftool/link.c
@@ -135,6 +135,18 @@ static void show_iter_json(struct bpf_link_info *info, json_writer_t *wtr)
}
}
+static void show_netfilter_json(const struct bpf_link_info *info, json_writer_t *wtr)
+{
+ jsonw_uint_field(json_wtr, "pf",
+ info->netfilter.pf);
+ jsonw_uint_field(json_wtr, "hook",
+ info->netfilter.hooknum);
+ jsonw_int_field(json_wtr, "prio",
+ info->netfilter.priority);
+ jsonw_uint_field(json_wtr, "flags",
+ info->netfilter.flags);
+}
+
static int get_prog_info(int prog_id, struct bpf_prog_info *info)
{
__u32 len = sizeof(*info);
@@ -195,6 +207,10 @@ static int show_link_close_json(int fd, struct bpf_link_info *info)
info->netns.netns_ino);
show_link_attach_type_json(info->netns.attach_type, json_wtr);
break;
+ case BPF_LINK_TYPE_NETFILTER:
+ show_netfilter_json(info, json_wtr);
+ break;
+
default:
break;
}
@@ -301,6 +317,14 @@ static int show_link_close_plain(int fd, struct bpf_link_info *info)
printf("\n\tnetns_ino %u ", info->netns.netns_ino);
show_link_attach_type_plain(info->netns.attach_type);
break;
+ case BPF_LINK_TYPE_NETFILTER:
+ printf("\n\tpf: %d, hook %u, prio %d",
+ info->netfilter.pf,
+ info->netfilter.hooknum,
+ info->netfilter.priority);
+ if (info->netfilter.flags)
+ printf(" flags 0x%x", info->netfilter.flags);
+ break;
default:
break;
}
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 3823100b7934..c93febc4c75f 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -986,6 +986,7 @@ enum bpf_prog_type {
BPF_PROG_TYPE_LSM,
BPF_PROG_TYPE_SK_LOOKUP,
BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */
+ BPF_PROG_TYPE_NETFILTER,
};
enum bpf_attach_type {
@@ -1050,6 +1051,7 @@ enum bpf_link_type {
BPF_LINK_TYPE_PERF_EVENT = 7,
BPF_LINK_TYPE_KPROBE_MULTI = 8,
BPF_LINK_TYPE_STRUCT_OPS = 9,
+ BPF_LINK_TYPE_NETFILTER = 10,
MAX_BPF_LINK_TYPE,
};
@@ -1560,6 +1562,13 @@ union bpf_attr {
*/
__u64 cookie;
} tracing;
+ struct {
+ __u32 pf;
+ __u32 hooknum;
+ __s32 prio;
+ __u32 flags;
+ __u64 reserved[2];
+ } netfilter;
};
} link_create;
@@ -6410,6 +6419,12 @@ struct bpf_link_info {
struct {
__u32 map_id;
} struct_ops;
+ struct {
+ __u32 pf;
+ __u32 hooknum;
+ __s32 priority;
+ __u32 flags;
+ } netfilter;
};
} __attribute__((aligned(8)));
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 49cd304ae3bc..ae27451002ae 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -8641,6 +8641,7 @@ static const struct bpf_sec_def section_defs[] = {
SEC_DEF("struct_ops+", STRUCT_OPS, 0, SEC_NONE),
SEC_DEF("struct_ops.s+", STRUCT_OPS, 0, SEC_SLEEPABLE),
SEC_DEF("sk_lookup", SK_LOOKUP, BPF_SK_LOOKUP, SEC_ATTACHABLE),
+ SEC_DEF("netfilter", NETFILTER, 0, SEC_NONE),
};
static size_t custom_sec_def_cnt;
--
2.39.2
next prev parent reply other threads:[~2023-04-13 13:35 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-13 13:32 [PATCH bpf-next v2 0/6] bpf: add netfilter program type Florian Westphal
2023-04-13 13:32 ` [PATCH bpf-next v2 1/6] bpf: add bpf_link support for BPF_NETFILTER programs Florian Westphal
2023-04-13 13:32 ` [PATCH bpf-next v2 2/6] bpf: minimal support for programs hooked into netfilter framework Florian Westphal
2023-04-13 13:32 ` [PATCH bpf-next v2 3/6] netfilter: nfnetlink hook: dump bpf prog id Florian Westphal
2023-04-13 13:32 ` [PATCH bpf-next v2 4/6] netfilter: disallow bpf hook attachment at same priority Florian Westphal
2023-04-13 13:32 ` Florian Westphal [this message]
2023-04-13 21:14 ` [PATCH bpf-next v2 5/6] tools: bpftool: print netfilter link info Quentin Monnet
2023-04-14 10:41 ` Florian Westphal
2023-04-14 13:20 ` Quentin Monnet
2023-04-14 14:49 ` Florian Westphal
2023-04-14 14:54 ` Quentin Monnet
2023-04-13 13:32 ` [PATCH bpf-next v2 6/6] bpf: add test_run support for netfilter program type Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230413133228.20790-6-fw@strlen.de \
--to=fw@strlen.de \
--cc=bpf@vger.kernel.org \
--cc=dxu@dxuuu.xyz \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=qde@naccy.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).