lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221004231143.19190-10-daniel@iogearbox.net>
Date:   Wed,  5 Oct 2022 01:11:42 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     bpf@...r.kernel.org
Cc:     razor@...ckwall.org, ast@...nel.org, andrii@...nel.org,
        martin.lau@...ux.dev, john.fastabend@...il.com,
        joannelkoong@...il.com, memxor@...il.com, toke@...hat.com,
        joe@...ium.io, netdev@...r.kernel.org,
        Daniel Borkmann <daniel@...earbox.net>
Subject: [PATCH bpf-next 09/10] bpftool: Add support for tc fd-based attach types

Add support to dump fd-based attach types via bpftool. This includes both
the tc BPF link and attach ops programs. Dumped information contain the
attach location, function entry name, program ID, link ID when applicable
as well as the attach priority.

Example with tc BPF link:

  # ./bpftool net
  xdp:

  tc:
  lo(1) bpf/ingress tc_handler_in id 189 link 40 prio 1
  lo(1) bpf/egress tc_handler_eg id 190 link 39 prio 1

  flow_dissector:

Example with tc BPF attach ops and also one instance of old-style cls_bpf:

  # ./bpftool net
  xdp:

  tc:
  lo(1) bpf/ingress tc_handler_in id 201 prio 1
  lo(1) clsact/ingress tc_handler_old:[203] id 203

  flow_dissector:

Co-developed-by: Nikolay Aleksandrov <razor@...ckwall.org>
Signed-off-by: Nikolay Aleksandrov <razor@...ckwall.org>
Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
---
 tools/bpf/bpftool/net.c | 76 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 72 insertions(+), 4 deletions(-)

diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c
index 526a332c48e6..06658978b092 100644
--- a/tools/bpf/bpftool/net.c
+++ b/tools/bpf/bpftool/net.c
@@ -74,6 +74,11 @@ static const char * const attach_type_strings[] = {
 	[NET_ATTACH_TYPE_XDP_OFFLOAD]	= "xdpoffload",
 };
 
+static const char * const attach_loc_strings[] = {
+	[BPF_NET_INGRESS]		= "bpf/ingress",
+	[BPF_NET_EGRESS]		= "bpf/egress",
+};
+
 const size_t net_attach_type_size = ARRAY_SIZE(attach_type_strings);
 
 static enum net_attach_type parse_attach_type(const char *str)
@@ -420,8 +425,69 @@ static int dump_filter_nlmsg(void *cookie, void *msg, struct nlattr **tb)
 			      filter_info->devname, filter_info->ifindex);
 }
 
-static int show_dev_tc_bpf(int sock, unsigned int nl_pid,
-			   struct ip_devname_ifindex *dev)
+static int __show_dev_tc_bpf_name(__u32 id, char *name, size_t len)
+{
+	struct bpf_prog_info info = {};
+	__u32 ilen = sizeof(info);
+	int fd, ret;
+
+	fd = bpf_prog_get_fd_by_id(id);
+	if (fd < 0)
+		return fd;
+	ret = bpf_obj_get_info_by_fd(fd, &info, &ilen);
+	if (ret < 0)
+		goto out;
+	ret = -ENOENT;
+	if (info.name) {
+		get_prog_full_name(&info, fd, name, len);
+		ret = 0;
+	}
+out:
+	close(fd);
+	return ret;
+}
+
+static void __show_dev_tc_bpf(const struct ip_devname_ifindex *dev,
+			      const enum bpf_attach_type loc)
+{
+	__u32 i, prog_cnt, attach_flags = 0;
+	char prog_name[MAX_PROG_FULL_NAME];
+	struct bpf_query_info progs[64];
+	int ret;
+
+	memset(progs, 0, sizeof(progs));
+	prog_cnt = ARRAY_SIZE(progs);
+	ret = bpf_prog_query(dev->ifindex, loc, 0, &attach_flags,
+			     progs, &prog_cnt);
+	if (ret)
+		return;
+	for (i = 0; i < prog_cnt; i++) {
+		NET_START_OBJECT;
+		NET_DUMP_STR("devname", "%s", dev->devname);
+		NET_DUMP_UINT("ifindex", "(%u)", dev->ifindex);
+		NET_DUMP_STR("kind", " %s", attach_loc_strings[loc]);
+		ret = __show_dev_tc_bpf_name(progs[i].prog_id,
+					     prog_name,
+					     sizeof(prog_name));
+		if (!ret)
+			NET_DUMP_STR("name", " %s", prog_name);
+		NET_DUMP_UINT("id", " id %u", progs[i].prog_id);
+		if (progs[i].link_id)
+			NET_DUMP_UINT("link", " link %u",
+				      progs[i].link_id);
+		NET_DUMP_UINT("prio", " prio %u", progs[i].prio);
+		NET_END_OBJECT_FINAL;
+	}
+}
+
+static void show_dev_tc_bpf(struct ip_devname_ifindex *dev)
+{
+	__show_dev_tc_bpf(dev, BPF_NET_INGRESS);
+	__show_dev_tc_bpf(dev, BPF_NET_EGRESS);
+}
+
+static int show_dev_tc_bpf_legacy(int sock, unsigned int nl_pid,
+				  struct ip_devname_ifindex *dev)
 {
 	struct bpf_filter_t filter_info;
 	struct bpf_tcinfo_t tcinfo;
@@ -686,8 +752,10 @@ static int do_show(int argc, char **argv)
 	if (!ret) {
 		NET_START_ARRAY("tc", "%s:\n");
 		for (i = 0; i < dev_array.used_len; i++) {
-			ret = show_dev_tc_bpf(sock, nl_pid,
-					      &dev_array.devices[i]);
+			show_dev_tc_bpf(&dev_array.devices[i]);
+
+			ret = show_dev_tc_bpf_legacy(sock, nl_pid,
+						     &dev_array.devices[i]);
 			if (ret)
 				break;
 		}
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ