lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190219053836.2086878-1-brakmo@fb.com>
Date:   Mon, 18 Feb 2019 21:38:36 -0800
From:   brakmo <brakmo@...com>
To:     netdev <netdev@...r.kernel.org>
CC:     Martin Lau <kafai@...com>, Alexei Starovoitov <ast@...com>,
        Daniel Borkmann --cc=Kernel Team 
        <"daniel@...earbox.netKernel-team"@fb.com>
Subject: [PATCH bpf-next 6/9] bpf: Sample program to load cg skb BPF programs

The program load_cg_skb can be used to load BPF_PROG_TYPE_CGROUP_SKB
type bpf_prog which currently can be attached to the ingress and egress
patch. It can also be used to detach the bpf_prog.

Examples:
  load_cg_skb [-i] <cg-path> <prog filename>
    Load and attaches a cg skb program to the specified cgroup.
    If "-i" is used, the program is attached as ingress (default is
    egress).
  load_cg_skb -r[i] <cg-path>
    Detaches the currnetly attached egress (or ingress if -ri is used)
    cg skb program from the specified cgroup.

Signed-off-by: Lawrence Brakmo <brakmo@...com>
---
 samples/bpf/Makefile      |   2 +
 samples/bpf/load_cg_skb.c | 109 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 samples/bpf/load_cg_skb.c

diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index a0ef7eddd0b3..0cf3347c7443 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -53,6 +53,7 @@ hostprogs-y += xdpsock
 hostprogs-y += xdp_fwd
 hostprogs-y += task_fd_query
 hostprogs-y += xdp_sample_pkts
+hostprogs-y += load_cg_skb
 
 # Libbpf dependencies
 LIBBPF = $(TOOLS_PATH)/lib/bpf/libbpf.a
@@ -109,6 +110,7 @@ xdpsock-objs := xdpsock_user.o
 xdp_fwd-objs := xdp_fwd_user.o
 task_fd_query-objs := bpf_load.o task_fd_query_user.o $(TRACE_HELPERS)
 xdp_sample_pkts-objs := xdp_sample_pkts_user.o $(TRACE_HELPERS)
+load_cg_skb-objs := bpf_load.o load_cg_skb.o
 
 # Tell kbuild to always build the programs
 always := $(hostprogs-y)
diff --git a/samples/bpf/load_cg_skb.c b/samples/bpf/load_cg_skb.c
new file mode 100644
index 000000000000..619ff834fc8c
--- /dev/null
+++ b/samples/bpf/load_cg_skb.c
@@ -0,0 +1,109 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2019 Facebook
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <linux/bpf.h>
+#include <bpf/bpf.h>
+#include "bpf_load.h"
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/unistd.h>
+
+static void usage(char *pname)
+{
+	printf("USAGE:\n  %s [-i] [-l] <cg-path> <prog filename>\n", pname);
+	printf("\tLoad and attach a cgroup/skb egress/ingress program to"
+	       " the specified\n"
+	       "\tcgroup\n"
+	       "\tIf \"-i\" is used, an ingress program is loaded (default is"
+	       " egress)\n"
+	       "\tIf \"-l\" is used, the program will continue to run"
+	       " printing the BPF log\n"
+	       "\tbuffer\n"
+	       "\tIf the specified filename does not end in \".o\", it"
+	       " appends \"_kern.o\"\n"
+	       "\tto the name\n\n");
+	printf("  %s -r <cg-path>\n", pname);
+	printf("\tDetaches the currently attached cgroup/skb egress program\n"
+	       "\tfrom the specified cgroup\n");
+	printf("  %s -ri <cg-path>\n", pname);
+	printf("\tDetaches the currently attached cgroup/skb ingress program\n"
+	       "\tfrom the specified cgroup\n\n");
+	exit(1);
+}
+
+int main(int argc, char **argv)
+{
+	int logFlag = 0;
+	int error = 0;
+	char *cg_path;
+	char fn[500];
+	char *prog;
+	int cg_fd;
+	int mode = BPF_CGROUP_INET_EGRESS;
+
+	if (argc < 3)
+		usage(argv[0]);
+
+	if (!strcmp(argv[1], "-i")) {
+		mode = BPF_CGROUP_INET_INGRESS;
+	} else if (!strncmp(argv[1], "-r", 2)) {
+		if (argv[1][2] == 'i')
+			mode = BPF_CGROUP_INET_INGRESS;
+		cg_path = argv[2];
+		cg_fd = open(cg_path, O_DIRECTORY, O_RDONLY);
+		error = bpf_prog_detach(cg_fd, mode);
+		if (error) {
+			printf("ERROR: bpf_prog_detach: %d (%s)\n",
+			       error, strerror(errno));
+			return 2;
+		}
+		return 0;
+	} else if (!strcmp(argv[1], "-h")) {
+		usage(argv[0]);
+	} else if (!strcmp(argv[1], "-l")) {
+		logFlag = 1;
+		if (argc < 4)
+			usage(argv[0]);
+	}
+
+	prog = argv[argc - 1];
+	cg_path = argv[argc - 2];
+	if (strlen(prog) > 480) {
+		fprintf(stderr, "ERROR: program name too long (> 480 chars)\n");
+		return 3;
+	}
+	cg_fd = open(cg_path, O_DIRECTORY, O_RDONLY);
+
+	if (!strcmp(prog + strlen(prog)-2, ".o"))
+		strcpy(fn, prog);
+	else
+		sprintf(fn, "%s_kern.o", prog);
+	if (logFlag)
+		printf("loading bpf file:%s\n", fn);
+	if (load_bpf_file(fn)) {
+		printf("ERROR: load_bpf_file failed for: %s\n", fn);
+		printf("%s", bpf_log_buf);
+		return 4;
+	}
+	if (logFlag)
+		printf("TCP BPF Loaded %s\n", fn);
+
+	error = bpf_prog_attach(prog_fd[0], cg_fd, BPF_CGROUP_INET_EGRESS, 0);
+	if (error) {
+		printf("ERROR: bpf_prog_attach: %d (%s)\n",
+		       error, strerror(errno));
+		return 5;
+	} else if (logFlag) {
+		read_trace_pipe();
+	}
+
+	return error;
+}
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ