| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACAyw9_fk-J66_mUHE9K1V2WBDrSKxPsRXxd8FTZQC+cQqVkaQ@mail.gmail.com> Date: Tue, 11 Sep 2018 09:37:30 +0100 From: Lorenz Bauer <lmb@...udflare.com> To: Jakub Kicinski <jakub.kicinski@...ronome.com> Cc: netdev@...r.kernel.org Subject: Re: Allow bpf_perf_event_output to access packet data On 10 September 2018 at 09:26, Jakub Kicinski <jakub.kicinski@...ronome.com> wrote: > The 0x20ffffffffULL will mean use the index in the map for current CPU > (0xffffffff), and output 32 bytes of the context (0x20 << 32). For > networking programs context means the packet (slightly confusingly). > > These are the relevant defines from bpf.h: > > /* BPF_FUNC_perf_event_output, BPF_FUNC_perf_event_read and > * BPF_FUNC_perf_event_read_value flags. > */ > #define BPF_F_INDEX_MASK 0xffffffffULL > #define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK > /* BPF_FUNC_perf_event_output for sk_buff input context. */ > #define BPF_F_CTXLEN_MASK (0xfffffULL << 32) > > Also check out: > > bpftool map event_pipe id $ID > > For simple way to dump the events in user space. Thanks for pointing me in the right direction! I managed to find samples/bpf/xdp_sample_pkts_kern.c as well, which was helpful. My next gotcha is that perf_event_output seems to ignore the sample_period parameter passed to perf_event_output. This is not a big problem since I can just implement the sampling in BPF, but am I missing something again? -- Lorenz Bauer | Systems Engineer 25 Lavington St., London SE1 0NZ www.cloudflare.com
Powered by blists - more mailing lists