| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Apr 2020 19:12:28 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Yonghong Song <yhs@...com>
Cc: Andrii Nakryiko <andriin@...com>, bpf <bpf@...r.kernel.org>,
Martin KaFai Lau <kafai@...com>,
Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...com>,
Daniel Borkmann <daniel@...earbox.net>,
Kernel Team <kernel-team@...com>
Subject: Re: [PATCH bpf-next v1 17/19] tools/bpf: selftests: add iterator
programs for ipv6_route and netlink
On Mon, Apr 27, 2020 at 1:18 PM Yonghong Song <yhs@...com> wrote:
>
> Two bpf programs are added in this patch for netlink and ipv6_route
> target. On my VM, I am able to achieve identical
> results compared to /proc/net/netlink and /proc/net/ipv6_route.
>
> $ cat /proc/net/netlink
> sk Eth Pid Groups Rmem Wmem Dump Locks Drops Inode
> 000000002c42d58b 0 0 00000000 0 0 0 2 0 7
> 00000000a4e8b5e1 0 1 00000551 0 0 0 2 0 18719
> 00000000e1b1c195 4 0 00000000 0 0 0 2 0 16422
> 000000007e6b29f9 6 0 00000000 0 0 0 2 0 16424
> ....
> 00000000159a170d 15 1862 00000002 0 0 0 2 0 1886
> 000000009aca4bc9 15 3918224839 00000002 0 0 0 2 0 19076
> 00000000d0ab31d2 15 1 00000002 0 0 0 2 0 18683
> 000000008398fb08 16 0 00000000 0 0 0 2 0 27
> $ cat /sys/fs/bpf/my_netlink
> sk Eth Pid Groups Rmem Wmem Dump Locks Drops Inode
> 000000002c42d58b 0 0 00000000 0 0 0 2 0 7
> 00000000a4e8b5e1 0 1 00000551 0 0 0 2 0 18719
> 00000000e1b1c195 4 0 00000000 0 0 0 2 0 16422
> 000000007e6b29f9 6 0 00000000 0 0 0 2 0 16424
> ....
> 00000000159a170d 15 1862 00000002 0 0 0 2 0 1886
> 000000009aca4bc9 15 3918224839 00000002 0 0 0 2 0 19076
> 00000000d0ab31d2 15 1 00000002 0 0 0 2 0 18683
> 000000008398fb08 16 0 00000000 0 0 0 2 0 27
>
> $ cat /proc/net/ipv6_route
> fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000000 00000001 eth0
> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
> 00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000003 00000000 80200001 lo
> fe80000000000000c04b03fffe7827ce 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0
> ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000003 00000000 00000001 eth0
> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
> $ cat /sys/fs/bpf/my_ipv6_route
> fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000001 00000000 00000001 eth0
> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
> 00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000003 00000000 80200001 lo
> fe80000000000000c04b03fffe7827ce 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000000 80200001 eth0
> ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000003 00000000 00000001 eth0
> 00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00000000 00200200 lo
>
> Signed-off-by: Yonghong Song <yhs@...com>
> ---
> .../selftests/bpf/progs/bpf_iter_ipv6_route.c | 69 +++++++++++++++++
> .../selftests/bpf/progs/bpf_iter_netlink.c | 77 +++++++++++++++++++
> 2 files changed, 146 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
> create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_netlink.c
>
> diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c b/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
> new file mode 100644
> index 000000000000..bed34521f997
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/bpf_iter_ipv6_route.c
> @@ -0,0 +1,69 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2020 Facebook */
> +#include "vmlinux.h"
> +#include <bpf/bpf_helpers.h>
> +#include <bpf/bpf_tracing.h>
> +#include <bpf/bpf_endian.h>
> +
> +char _license[] SEC("license") = "GPL";
> +
> +extern bool CONFIG_IPV6_SUBTREES __kconfig __weak;
> +
> +#define RTF_GATEWAY 0x0002
> +#define IFNAMSIZ 16
> +#define fib_nh_gw_family nh_common.nhc_gw_family
> +#define fib_nh_gw6 nh_common.nhc_gw.ipv6
> +#define fib_nh_dev nh_common.nhc_dev
> +
> +SEC("iter/ipv6_route")
> +int dump_ipv6_route(struct bpf_iter__ipv6_route *ctx)
> +{
> + static const char fmt1[] = "%pi6 %02x ";
> + static const char fmt2[] = "%pi6 ";
> + static const char fmt3[] = "00000000000000000000000000000000 ";
> + static const char fmt4[] = "%08x %08x %08x %08x %8s\n";
> + static const char fmt5[] = "%08x %08x %08x %08x\n";
> + static const char fmt7[] = "00000000000000000000000000000000 00 ";
> + struct seq_file *seq = ctx->meta->seq;
> + struct fib6_info *rt = ctx->rt;
> + const struct net_device *dev;
> + struct fib6_nh *fib6_nh;
> + unsigned int flags;
> + struct nexthop *nh;
> +
> + if (rt == (void *)0)
> + return 0;
> +
> + fib6_nh = &rt->fib6_nh[0];
> + flags = rt->fib6_flags;
> +
> + /* FIXME: nexthop_is_multipath is not handled here. */
> + nh = rt->nh;
> + if (rt->nh)
> + fib6_nh = &nh->nh_info->fib6_nh;
> +
> + BPF_SEQ_PRINTF(seq, fmt1, &rt->fib6_dst.addr, rt->fib6_dst.plen);
> +
> + if (CONFIG_IPV6_SUBTREES)
> + BPF_SEQ_PRINTF(seq, fmt1, &rt->fib6_src.addr,
> + rt->fib6_src.plen);
> + else
> + BPF_SEQ_PRINTF0(seq, fmt7);
Looking at these examples, I think BPF_SEQ_PRINTF should just assume
that fmt argument is string literal and do:
static const char ___tmp_fmt[] = fmt;
inside that macro. So one can just do:
BPF_SEQ_PRINTF(seq, "Hello, world!\n");
or
BPF_SEQ_PRINTF(seq, "My awesome template %d ==> %s\n", id, some_string);
WDYT?
> +
> + if (fib6_nh->fib_nh_gw_family) {
> + flags |= RTF_GATEWAY;
> + BPF_SEQ_PRINTF(seq, fmt2, &fib6_nh->fib_nh_gw6);
> + } else {
> + BPF_SEQ_PRINTF0(seq, fmt3);
> + }
> +
> + dev = fib6_nh->fib_nh_dev;
> + if (dev)
> + BPF_SEQ_PRINTF(seq, fmt4, rt->fib6_metric,
> + rt->fib6_ref.refs.counter, 0, flags, dev->name);
> + else
> + BPF_SEQ_PRINTF(seq, fmt4, rt->fib6_metric,
> + rt->fib6_ref.refs.counter, 0, flags);
> +
> + return 0;
> +}
[...]
Powered by blists - more mailing lists