| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Sep 2018 11:26:43 -0700
From: Yonghong Song <yhs@...com>
To: <ast@...com>, <daniel@...earbox.net>, <netdev@...r.kernel.org>
CC: <kernel-team@...com>
Subject: [RFC PATCH bpf-next 0/4] tools/bpf: bpftool: add net support
The functionality to dump network driver and tc related bpf programs
are added. Currently, users can already use "ip link show <dev>"
and "tc filter show dev <dev> ..." to dump bpf program attachment
information for xdp programs and tc bpf programs.
The implementation here allows bpftool as a central place for
bpf introspection and users do not need to revert to other tools.
Also, we can make command simpler to dump bpf related information,
e.g., "bpftool net" is able to dump all xdp and tc bpf programs.
For example,
$ bpftool net
xdp [
]
netdev_filters [
ifindex 2 name handle_icmp flags direct-action flags_gen [not_in_hw ]
prog_id 3194 tag 846d29c14d0d7d26 act []
ifindex 2 name handle_egress flags direct-action flags_gen [not_in_hw ]
prog_id 3193 tag 387d281be9fe77aa
]
$ bpftool -jp net
[{
"xdp": [],
"netdev_filters": [{
"ifindex": 2,
"name": "handle_icmp",
"flags": "direct-action",
"flags_gen": ["not_in_hw"
],
"prog_id": 3194,
"tag": "846d29c14d0d7d26",
"act": []
},{
"ifindex": 2,
"name": "handle_egress",
"flags": "direct-action",
"flags_gen": ["not_in_hw"
],
"prog_id": 3193,
"tag": "387d281be9fe77aa"
}
]
}
]
This is labeled as RFC as
. the current command line as "bpftool net {show|list} [dev name]",
does this sound reasonable? When "dev name" is specified, only
bpf programs for that particular device are displayed.
. for some netlink attributes, currently I only print out the
raw numbers, maybe I should print better similar to iproute2?
. bpftool documentation and bash completion are not implemented.
Patch #1 sync'd kernel uapi header if_link.h to tools directory.
Patch #2 re-organized the bpf/lib bpf.c to have a separate file
for netlink related functions.
Patch #3 added additional netlink related functions.
Patch #4 implemented "bpftool net" command.
Yonghong Song (4):
tools/bpf: sync kernel uapi header if_link.h to tools
tools/bpf: move bpf/lib netlink related functions into a new file
tools/bpf: add more netlink functionalities in lib/bpf
tools/bpf: bpftool: add net support
tools/bpf/bpftool/main.c | 3 +-
tools/bpf/bpftool/main.h | 7 +
tools/bpf/bpftool/net.c | 219 +++++++++++++++++++
tools/bpf/bpftool/netlink_dumper.c | 261 +++++++++++++++++++++++
tools/bpf/bpftool/netlink_dumper.h | 103 +++++++++
tools/include/uapi/linux/if_link.h | 17 ++
tools/lib/bpf/Build | 2 +-
tools/lib/bpf/bpf.c | 129 ------------
tools/lib/bpf/libbpf.h | 16 ++
tools/lib/bpf/libbpf_errno.c | 1 +
tools/lib/bpf/netlink.c | 323 +++++++++++++++++++++++++++++
tools/lib/bpf/nlattr.c | 33 +--
tools/lib/bpf/nlattr.h | 38 ++++
13 files changed, 1009 insertions(+), 143 deletions(-)
create mode 100644 tools/bpf/bpftool/net.c
create mode 100644 tools/bpf/bpftool/netlink_dumper.c
create mode 100644 tools/bpf/bpftool/netlink_dumper.h
create mode 100644 tools/lib/bpf/netlink.c
--
2.17.1
Powered by blists - more mailing lists