| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Aug 2018 21:52:01 -0500
From: Mauricio Vasquez <mauricio.vasquez@...ito.it>
To: Daniel Borkmann <daniel@...earbox.net>,
Alexei Starovoitov <ast@...nel.org>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next 3/3] bpf: add sample for BPF_MAP_TYPE_QUEUE
On 08/07/2018 08:44 AM, Daniel Borkmann wrote:
> On 08/06/2018 03:58 PM, Mauricio Vasquez B wrote:
>> The example is made by two parts, a eBPF program that consumes elements
>> from a FIFO queue and prints them in the screen and a user space
>> application that inserts new elements into the queue each time this is
>> executed.
>>
>> Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@...ito.it>
>> ---
>> samples/bpf/.gitignore | 1 +
>> samples/bpf/Makefile | 3 ++
>> samples/bpf/test_map_in_map_user.c | 9 +-----
>> samples/bpf/test_queuemap.sh | 37 +++++++++++++++++++++++++
>> samples/bpf/test_queuemap_kern.c | 51 +++++++++++++++++++++++++++++++++++
>> samples/bpf/test_queuemap_user.c | 53 ++++++++++++++++++++++++++++++++++++
>> 6 files changed, 147 insertions(+), 7 deletions(-)
>> create mode 100755 samples/bpf/test_queuemap.sh
>> create mode 100644 samples/bpf/test_queuemap_kern.c
>> create mode 100644 samples/bpf/test_queuemap_user.c
>>
>> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
>> index 8ae4940025f8..d7e518c1b3ed 100644
>> --- a/samples/bpf/.gitignore
>> +++ b/samples/bpf/.gitignore
>> @@ -26,6 +26,7 @@ test_lru_dist
>> test_map_in_map
>> test_overhead
>> test_probe_write_user
>> +test_queuemap
>> trace_event
>> trace_output
>> tracex1
>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
>> index f88d5683d6ee..624f4f4b81db 100644
>> --- a/samples/bpf/Makefile
>> +++ b/samples/bpf/Makefile
>> @@ -53,6 +53,7 @@ hostprogs-y += xdpsock
>> hostprogs-y += xdp_fwd
>> hostprogs-y += task_fd_query
>> hostprogs-y += xdp_sample_pkts
>> +hostprogs-y += test_queuemap
>>
>> # Libbpf dependencies
>> LIBBPF = $(TOOLS_PATH)/lib/bpf/libbpf.a
>> @@ -109,6 +110,7 @@ xdpsock-objs := xdpsock_user.o
>> xdp_fwd-objs := xdp_fwd_user.o
>> task_fd_query-objs := bpf_load.o task_fd_query_user.o $(TRACE_HELPERS)
>> xdp_sample_pkts-objs := xdp_sample_pkts_user.o $(TRACE_HELPERS)
>> +test_queuemap-objs := bpf_load.o test_queuemap_user.o
>>
>> # Tell kbuild to always build the programs
>> always := $(hostprogs-y)
>> @@ -166,6 +168,7 @@ always += xdpsock_kern.o
>> always += xdp_fwd_kern.o
>> always += task_fd_query_kern.o
>> always += xdp_sample_pkts_kern.o
>> +always += test_queuemap_kern.o
>>
>> HOSTCFLAGS += -I$(objtree)/usr/include
>> HOSTCFLAGS += -I$(srctree)/tools/lib/
>> diff --git a/samples/bpf/test_map_in_map_user.c b/samples/bpf/test_map_in_map_user.c
>> index e308858f7bcf..28edac94234e 100644
>> --- a/samples/bpf/test_map_in_map_user.c
>> +++ b/samples/bpf/test_map_in_map_user.c
>> @@ -1,10 +1,5 @@
>> -/*
>> - * Copyright (c) 2017 Facebook
>> - *
>> - * This program is free software; you can redistribute it and/or
>> - * modify it under the terms of version 2 of the GNU General Public
>> - * License as published by the Free Software Foundation.
>> - */
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright (c) 2018 Politecnico di Torino */
> I don't think you can remove above Copyright and replace it with a different one. ;)
Copy-paste on the wrong file. :/
>
>> #include <sys/resource.h>
>> #include <sys/socket.h>
>> #include <arpa/inet.h>
>> diff --git a/samples/bpf/test_queuemap.sh b/samples/bpf/test_queuemap.sh
>> new file mode 100755
>> index 000000000000..ed08c1fa8c2c
>> --- /dev/null
>> +++ b/samples/bpf/test_queuemap.sh
>> @@ -0,0 +1,37 @@
>> +#!/bin/bash
>> +# SPDX-License-Identifier: GPL-2.0
>> +
>> +[[ -z $TC ]] && TC='tc'
>> +[[ -z $IP ]] && IP='ip'
>> +
>> +TEST_QUEUE_USER='./test_queuemap'
>> +TEST_QUEUE_BPF='./test_queuemap_kern.o'
>> +
>> +function config {
>> + $IP netns add ns1
>> + $IP link add ve1 type veth peer name vens1
>> + $IP link set dev ve1 up
>> + $IP link set dev ve1 mtu 1500
>> + $IP link set dev vens1 netns ns1
>> +
>> + $IP -n ns1 link set dev lo up
>> + $IP -n ns1 link set dev vens1 up
>> + $IP -n ns1 addr add 10.1.1.101/24 dev vens1
>> +
>> + $IP addr add 10.1.1.1/24 dev ve1
>> + $TC qdisc add dev ve1 clsact
>> + $TC filter add dev ve1 ingress bpf da obj $TEST_QUEUE_BPF sec test_queue
>> +}
>> +
>> +function cleanup {
>> + set +e
>> + [[ -z $DEBUG ]] || set +x
>> + $IP netns delete ns1 >& /dev/null
>> + $IP link del ve1 >& /dev/null
>> + rm -f /sys/fs/bpf/tc/globals/queue
>> + [[ -z $DEBUG ]] || set -x
>> + set -e
>> +}
>> +
>> +cleanup
>> +config
>> diff --git a/samples/bpf/test_queuemap_kern.c b/samples/bpf/test_queuemap_kern.c
>> new file mode 100644
>> index 000000000000..2b496dafaffd
>> --- /dev/null
>> +++ b/samples/bpf/test_queuemap_kern.c
>> @@ -0,0 +1,51 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright (c) 2018 Politecnico di Torino */
>> +#define KBUILD_MODNAME "foo"
>> +#include <linux/ptrace.h>
>> +#include <linux/version.h>
>> +#include <uapi/linux/bpf.h>
>> +#include <uapi/linux/in6.h>
>> +#include <uapi/linux/pkt_cls.h>
>> +#include "bpf_helpers.h"
>> +
>> +#define PIN_GLOBAL_NS 2
>> +
>> +struct bpf_elf_map {
>> + __u32 type;
>> + __u32 key_size;
>> + __u32 value_size;
>> + __u32 max_entries;
>> + __u32 flags;
>> + __u32 id;
>> + __u32 pinning;
>> +};
>> +
>> +/* map #0 */
>> +struct bpf_elf_map SEC("maps") queue = {
>> + .type = BPF_MAP_TYPE_QUEUE,
>> + .key_size = 0,
>> + .value_size = sizeof(u32),
>> + .flags = BPF_F_QUEUE_FIFO,
>> + .max_entries = 1024,
>> + .pinning = PIN_GLOBAL_NS,
>> +};
>> +
>> +SEC("test_queue")
>> +int _test_queue(struct __sk_buff *skb)
>> +{
>> + char msg[] = "element is %u\n";
>> + char msg_no[] = "there are not elements\n";
>> +
>> + u32 *val = bpf_map_lookup_elem(&queue, NULL);
>> +
>> + if (!val) {
>> + bpf_trace_printk(msg_no, sizeof(msg_no));
>> + return TC_ACT_OK;
>> + }
>> +
>> + bpf_trace_printk(msg, sizeof(msg), *val);
> Could we add a more elaborate example? In cover letter and patch 1 which
> implements the map, you mention SNAT, perhaps it would be useful to make
> it a minimal sample app.
I'll try to create a minimal sample of a SNAT.
>
>> + return TC_ACT_OK;
>> +}
>> +
>> +char _license[] SEC("license") = "GPL";
>> +u32 _version SEC("version") = LINUX_VERSION_CODE;
>> diff --git a/samples/bpf/test_queuemap_user.c b/samples/bpf/test_queuemap_user.c
>> new file mode 100644
>> index 000000000000..68f9a5d54596
>> --- /dev/null
>> +++ b/samples/bpf/test_queuemap_user.c
>> @@ -0,0 +1,53 @@
>> +/*
>> + * Copyright (c) 2018 Politecnico di Torino
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of version 2 of the GNU General Public
>> + * License as published by the Free Software Foundation.
>> + */
>> +#include <sys/resource.h>
>> +#include <sys/socket.h>
>> +#include <arpa/inet.h>
>> +#include <stdint.h>
>> +#include <assert.h>
>> +#include <errno.h>
>> +#include <stdlib.h>
>> +#include <stdio.h>
>> +#include <bpf/bpf.h>
>> +#include "bpf_load.h"
>> +
>> +int queue_map;
>> +
>> +static void test_queue_map(void)
>> +{
>> + int ret;
>> + uint32_t i;
>> +
>> + queue_map = bpf_obj_get("/sys/fs/bpf/tc/globals/queue");
>> + if (queue_map < 0) {
>> + fprintf(stderr, "error getting map");
>> + return;
>> + }
>> +
>> + for (i = 0; i < 256; i++) {
>> + uint32_t v = 1000 - i*3;
>> +
>> + ret = bpf_map_update_elem(queue_map, NULL, &v, 0);
>> + if (ret)
>> + fprintf(stderr, "ret is %d\n", ret);
>> + }
>> +}
>> +
>> +int main(int argc, char **argv)
>> +{
>> + struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>> + char filename[256];
>> +
>> + assert(!setrlimit(RLIMIT_MEMLOCK, &r));
>> +
>> + snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
>> +
>> + test_queue_map();
>> +
>> + return 0;
>> +}
>>
>
Powered by blists - more mailing lists