| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180905235806.1536396-1-yhs@fb.com>
Date: Wed, 5 Sep 2018 16:58:02 -0700
From: Yonghong Song <yhs@...com>
To: <ast@...com>, <daniel@...earbox.net>, <netdev@...r.kernel.org>
CC: <kernel-team@...com>
Subject: [PATCH bpf-next 0/4] tools/bpf: add bpftool net support
As bpf usage becomes more pervasive, people starts to worry
about their cpu and memory cost. On a particular host,
people often wanted to know all running bpf programs
and their attachment context. So they can relate
a performance/memory anormly quickly to a particular bpf
program or an application.
bpftool already provides a pretty good coverage for perf
and cgroup related attachments. This patch set enabled
to dump attachment info for xdp and tc bpf programs.
Currently, users can already use "ip link show <dev>" and
"tc filter show dev <dev> ..." to dump bpf program attachment
information for xdp and tc bpf programs. The main reason
to implement such functionality in bpftool as well is for
better user experience. We want the bpftool to be the
ultimate tool for bpf introspection. The bpftool net
implementation will only present necessary bpf attachment
information to the user, ignoring most other ip/tc
specific information.
For example, the below is a pretty json print for xdp
and tc_filters.
$ ./bpftool -jp net
[{
"xdp": [{
"ifindex": 2,
"devname": "eth0",
"prog_id": 198
}
],
"tc_filters": [{
"ifindex": 2,
"kind": "qdisc_htb",
"name": "prefix_matcher.o:[cls_prefix_matcher_htb]",
"prog_id": 111727,
"tag": "d08fe3b4319bc2fd",
"act": []
},{
"ifindex": 2,
"kind": "qdisc_clsact_ingress",
"name": "fbflow_icmp",
"prog_id": 130246,
"tag": "3f265c7f26db62c9",
"act": []
},{
"ifindex": 2,
"kind": "qdisc_clsact_egress",
"name": "prefix_matcher.o:[cls_prefix_matcher_clsact]",
"prog_id": 111726,
"tag": "99a197826974c876"
},{
"ifindex": 2,
"kind": "qdisc_clsact_egress",
"name": "cls_fg_dscp",
"prog_id": 108619,
"tag": "dc4630674fd72dcc",
"act": []
},{
"ifindex": 2,
"kind": "qdisc_clsact_egress",
"name": "fbflow_egress",
"prog_id": 130245,
"tag": "72d2d830d6888d2c"
}
]
}
]
Patch #1 synced kernel uapi header if_link.h to tools directory.
Patch #2 moved tools/bpf/lib/bpf.c netlink related functions to
a new file. Patch #3 implemented additional functions
in libbpf which will be used in Patch #4.
Patch #4 implemented bpftool net support to dump
xdp and tc bpf program attachments.
Yonghong Song (4):
tools/bpf: sync kernel uapi header if_link.h to tools
tools/bpf: move bpf/lib netlink related functions into a new file
tools/bpf: add more netlink functionalities in lib/bpf
tools/bpf: bpftool: add net support
.../bpf/bpftool/Documentation/bpftool-net.rst | 133 +++++++
tools/bpf/bpftool/Documentation/bpftool.rst | 6 +-
tools/bpf/bpftool/bash-completion/bpftool | 17 +-
tools/bpf/bpftool/main.c | 3 +-
tools/bpf/bpftool/main.h | 7 +
tools/bpf/bpftool/net.c | 233 +++++++++++++
tools/bpf/bpftool/netlink_dumper.c | 181 ++++++++++
tools/bpf/bpftool/netlink_dumper.h | 103 ++++++
tools/include/uapi/linux/if_link.h | 17 +
tools/lib/bpf/Build | 2 +-
tools/lib/bpf/bpf.c | 129 -------
tools/lib/bpf/libbpf.h | 16 +
tools/lib/bpf/libbpf_errno.c | 1 +
tools/lib/bpf/netlink.c | 324 ++++++++++++++++++
tools/lib/bpf/nlattr.c | 33 +-
tools/lib/bpf/nlattr.h | 38 ++
16 files changed, 1094 insertions(+), 149 deletions(-)
create mode 100644 tools/bpf/bpftool/Documentation/bpftool-net.rst
create mode 100644 tools/bpf/bpftool/net.c
create mode 100644 tools/bpf/bpftool/netlink_dumper.c
create mode 100644 tools/bpf/bpftool/netlink_dumper.h
create mode 100644 tools/lib/bpf/netlink.c
--
2.17.1
Powered by blists - more mailing lists