| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0e8bf8ce-9993-1aa7-b8b1-a041d4e66597@iogearbox.net>
Date: Tue, 7 Aug 2018 15:44:59 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Mauricio Vasquez B <mauricio.vasquez@...ito.it>,
Alexei Starovoitov <ast@...nel.org>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next 3/3] bpf: add sample for BPF_MAP_TYPE_QUEUE
On 08/06/2018 03:58 PM, Mauricio Vasquez B wrote:
> The example is made by two parts, a eBPF program that consumes elements
> from a FIFO queue and prints them in the screen and a user space
> application that inserts new elements into the queue each time this is
> executed.
>
> Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@...ito.it>
> ---
> samples/bpf/.gitignore | 1 +
> samples/bpf/Makefile | 3 ++
> samples/bpf/test_map_in_map_user.c | 9 +-----
> samples/bpf/test_queuemap.sh | 37 +++++++++++++++++++++++++
> samples/bpf/test_queuemap_kern.c | 51 +++++++++++++++++++++++++++++++++++
> samples/bpf/test_queuemap_user.c | 53 ++++++++++++++++++++++++++++++++++++
> 6 files changed, 147 insertions(+), 7 deletions(-)
> create mode 100755 samples/bpf/test_queuemap.sh
> create mode 100644 samples/bpf/test_queuemap_kern.c
> create mode 100644 samples/bpf/test_queuemap_user.c
>
> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
> index 8ae4940025f8..d7e518c1b3ed 100644
> --- a/samples/bpf/.gitignore
> +++ b/samples/bpf/.gitignore
> @@ -26,6 +26,7 @@ test_lru_dist
> test_map_in_map
> test_overhead
> test_probe_write_user
> +test_queuemap
> trace_event
> trace_output
> tracex1
> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
> index f88d5683d6ee..624f4f4b81db 100644
> --- a/samples/bpf/Makefile
> +++ b/samples/bpf/Makefile
> @@ -53,6 +53,7 @@ hostprogs-y += xdpsock
> hostprogs-y += xdp_fwd
> hostprogs-y += task_fd_query
> hostprogs-y += xdp_sample_pkts
> +hostprogs-y += test_queuemap
>
> # Libbpf dependencies
> LIBBPF = $(TOOLS_PATH)/lib/bpf/libbpf.a
> @@ -109,6 +110,7 @@ xdpsock-objs := xdpsock_user.o
> xdp_fwd-objs := xdp_fwd_user.o
> task_fd_query-objs := bpf_load.o task_fd_query_user.o $(TRACE_HELPERS)
> xdp_sample_pkts-objs := xdp_sample_pkts_user.o $(TRACE_HELPERS)
> +test_queuemap-objs := bpf_load.o test_queuemap_user.o
>
> # Tell kbuild to always build the programs
> always := $(hostprogs-y)
> @@ -166,6 +168,7 @@ always += xdpsock_kern.o
> always += xdp_fwd_kern.o
> always += task_fd_query_kern.o
> always += xdp_sample_pkts_kern.o
> +always += test_queuemap_kern.o
>
> HOSTCFLAGS += -I$(objtree)/usr/include
> HOSTCFLAGS += -I$(srctree)/tools/lib/
> diff --git a/samples/bpf/test_map_in_map_user.c b/samples/bpf/test_map_in_map_user.c
> index e308858f7bcf..28edac94234e 100644
> --- a/samples/bpf/test_map_in_map_user.c
> +++ b/samples/bpf/test_map_in_map_user.c
> @@ -1,10 +1,5 @@
> -/*
> - * Copyright (c) 2017 Facebook
> - *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of version 2 of the GNU General Public
> - * License as published by the Free Software Foundation.
> - */
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2018 Politecnico di Torino */
I don't think you can remove above Copyright and replace it with a different one. ;)
> #include <sys/resource.h>
> #include <sys/socket.h>
> #include <arpa/inet.h>
> diff --git a/samples/bpf/test_queuemap.sh b/samples/bpf/test_queuemap.sh
> new file mode 100755
> index 000000000000..ed08c1fa8c2c
> --- /dev/null
> +++ b/samples/bpf/test_queuemap.sh
> @@ -0,0 +1,37 @@
> +#!/bin/bash
> +# SPDX-License-Identifier: GPL-2.0
> +
> +[[ -z $TC ]] && TC='tc'
> +[[ -z $IP ]] && IP='ip'
> +
> +TEST_QUEUE_USER='./test_queuemap'
> +TEST_QUEUE_BPF='./test_queuemap_kern.o'
> +
> +function config {
> + $IP netns add ns1
> + $IP link add ve1 type veth peer name vens1
> + $IP link set dev ve1 up
> + $IP link set dev ve1 mtu 1500
> + $IP link set dev vens1 netns ns1
> +
> + $IP -n ns1 link set dev lo up
> + $IP -n ns1 link set dev vens1 up
> + $IP -n ns1 addr add 10.1.1.101/24 dev vens1
> +
> + $IP addr add 10.1.1.1/24 dev ve1
> + $TC qdisc add dev ve1 clsact
> + $TC filter add dev ve1 ingress bpf da obj $TEST_QUEUE_BPF sec test_queue
> +}
> +
> +function cleanup {
> + set +e
> + [[ -z $DEBUG ]] || set +x
> + $IP netns delete ns1 >& /dev/null
> + $IP link del ve1 >& /dev/null
> + rm -f /sys/fs/bpf/tc/globals/queue
> + [[ -z $DEBUG ]] || set -x
> + set -e
> +}
> +
> +cleanup
> +config
> diff --git a/samples/bpf/test_queuemap_kern.c b/samples/bpf/test_queuemap_kern.c
> new file mode 100644
> index 000000000000..2b496dafaffd
> --- /dev/null
> +++ b/samples/bpf/test_queuemap_kern.c
> @@ -0,0 +1,51 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2018 Politecnico di Torino */
> +#define KBUILD_MODNAME "foo"
> +#include <linux/ptrace.h>
> +#include <linux/version.h>
> +#include <uapi/linux/bpf.h>
> +#include <uapi/linux/in6.h>
> +#include <uapi/linux/pkt_cls.h>
> +#include "bpf_helpers.h"
> +
> +#define PIN_GLOBAL_NS 2
> +
> +struct bpf_elf_map {
> + __u32 type;
> + __u32 key_size;
> + __u32 value_size;
> + __u32 max_entries;
> + __u32 flags;
> + __u32 id;
> + __u32 pinning;
> +};
> +
> +/* map #0 */
> +struct bpf_elf_map SEC("maps") queue = {
> + .type = BPF_MAP_TYPE_QUEUE,
> + .key_size = 0,
> + .value_size = sizeof(u32),
> + .flags = BPF_F_QUEUE_FIFO,
> + .max_entries = 1024,
> + .pinning = PIN_GLOBAL_NS,
> +};
> +
> +SEC("test_queue")
> +int _test_queue(struct __sk_buff *skb)
> +{
> + char msg[] = "element is %u\n";
> + char msg_no[] = "there are not elements\n";
> +
> + u32 *val = bpf_map_lookup_elem(&queue, NULL);
> +
> + if (!val) {
> + bpf_trace_printk(msg_no, sizeof(msg_no));
> + return TC_ACT_OK;
> + }
> +
> + bpf_trace_printk(msg, sizeof(msg), *val);
Could we add a more elaborate example? In cover letter and patch 1 which
implements the map, you mention SNAT, perhaps it would be useful to make
it a minimal sample app.
> + return TC_ACT_OK;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> +u32 _version SEC("version") = LINUX_VERSION_CODE;
> diff --git a/samples/bpf/test_queuemap_user.c b/samples/bpf/test_queuemap_user.c
> new file mode 100644
> index 000000000000..68f9a5d54596
> --- /dev/null
> +++ b/samples/bpf/test_queuemap_user.c
> @@ -0,0 +1,53 @@
> +/*
> + * Copyright (c) 2018 Politecnico di Torino
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2 of the GNU General Public
> + * License as published by the Free Software Foundation.
> + */
> +#include <sys/resource.h>
> +#include <sys/socket.h>
> +#include <arpa/inet.h>
> +#include <stdint.h>
> +#include <assert.h>
> +#include <errno.h>
> +#include <stdlib.h>
> +#include <stdio.h>
> +#include <bpf/bpf.h>
> +#include "bpf_load.h"
> +
> +int queue_map;
> +
> +static void test_queue_map(void)
> +{
> + int ret;
> + uint32_t i;
> +
> + queue_map = bpf_obj_get("/sys/fs/bpf/tc/globals/queue");
> + if (queue_map < 0) {
> + fprintf(stderr, "error getting map");
> + return;
> + }
> +
> + for (i = 0; i < 256; i++) {
> + uint32_t v = 1000 - i*3;
> +
> + ret = bpf_map_update_elem(queue_map, NULL, &v, 0);
> + if (ret)
> + fprintf(stderr, "ret is %d\n", ret);
> + }
> +}
> +
> +int main(int argc, char **argv)
> +{
> + struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
> + char filename[256];
> +
> + assert(!setrlimit(RLIMIT_MEMLOCK, &r));
> +
> + snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
> +
> + test_queue_map();
> +
> + return 0;
> +}
>
Powered by blists - more mailing lists