lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Sep 2023 23:30:25 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, martin.lau@...nel.org,
 razor@...ckwall.org, ast@...nel.org, andrii@...nel.org,
 john.fastabend@...il.com
Subject: Re: [PATCH bpf-next 4/8] libbpf: Add link-based API for meta

On 9/28/23 2:12 AM, Andrii Nakryiko wrote:
> On Mon, Sep 25, 2023 at 10:59 PM Daniel Borkmann <daniel@...earbox.net> wrote:
[...]
>> +struct bpf_link *
>> +bpf_program__attach_meta(const struct bpf_program *prog, int ifindex,
>> +                        bool peer_device, const struct bpf_meta_opts *opts)
> 
> you mentioned that there are plans to also support cases where there
> is no primary-peer. Is that going to be a primary-only setup or will
> it be some third option? If the latter, should this `bool peer_device`
> be an enum then?

Agree, enum is more flexible either way, will change it to that.

>> +{
>> +       LIBBPF_OPTS(bpf_link_create_opts, link_create_opts);
>> +       enum bpf_attach_type attach_type;
>> +       __u32 relative_id;
>> +       int relative_fd;
>> +
>> +       if (!OPTS_VALID(opts, bpf_meta_opts))
>> +               return libbpf_err_ptr(-EINVAL);
>> +
>> +       relative_id = OPTS_GET(opts, relative_id, 0);
>> +       relative_fd = OPTS_GET(opts, relative_fd, 0);
>> +       attach_type = peer_device ? BPF_META_PEER : BPF_META_PRIMARY;
>> +
>> +       /* validate we don't have unexpected combinations of non-zero fields */
>> +       if (!ifindex) {
>> +               pr_warn("prog '%s': target netdevice ifindex cannot be zero\n",
>> +                       prog->name);
>> +               return libbpf_err_ptr(-EINVAL);
>> +       }
>> +       if (relative_fd && relative_id) {
>> +               pr_warn("prog '%s': relative_fd and relative_id cannot be set at the same time\n",
>> +                       prog->name);
>> +               return libbpf_err_ptr(-EINVAL);
>> +       }
>> +
>> +       link_create_opts.meta.expected_revision = OPTS_GET(opts, expected_revision, 0);
>> +       link_create_opts.meta.relative_fd = relative_fd;
>> +       link_create_opts.meta.relative_id = relative_id;
>> +       link_create_opts.flags = OPTS_GET(opts, flags, 0);
>> +
>> +       return bpf_program_attach_fd_type(prog, ifindex, "meta", attach_type,
>> +                                         &link_create_opts);
>> +}
>> +
>>   struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
>>                                                int target_fd,
>>                                                const char *attach_func_name)
>> diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
>> index 0e52621cba43..827d29cf9a06 100644
>> --- a/tools/lib/bpf/libbpf.h
>> +++ b/tools/lib/bpf/libbpf.h
>> @@ -800,6 +800,21 @@ LIBBPF_API struct bpf_link *
>>   bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
>>                          const struct bpf_tcx_opts *opts);
>>
>> +struct bpf_meta_opts {
>> +       /* size of this struct, for forward/backward compatibility */
>> +       size_t sz;
>> +       __u32 flags;
>> +       __u32 relative_fd;
>> +       __u32 relative_id;
>> +       __u64 expected_revision;
> 
> nit: move flags to be the last, so we don't have that padding before
> expected_revision?

Sounds good, will do.

>> +       size_t :0;
>> +};
>> +#define bpf_meta_opts__last_field expected_revision
>> +
>> +LIBBPF_API struct bpf_link *
>> +bpf_program__attach_meta(const struct bpf_program *prog, int ifindex,
>> +                        bool peer_device, const struct bpf_meta_opts *opts);
>> +
>>   struct bpf_map;
>>
>>   LIBBPF_API struct bpf_link *bpf_map__attach_struct_ops(const struct bpf_map *map);
>> diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
>> index 57712321490f..2dd4fe2cba3d 100644
>> --- a/tools/lib/bpf/libbpf.map
>> +++ b/tools/lib/bpf/libbpf.map
>> @@ -397,6 +397,7 @@ LIBBPF_1.3.0 {
>>                  bpf_obj_pin_opts;
>>                  bpf_object__unpin;
>>                  bpf_prog_detach_opts;
>> +               bpf_program__attach_meta;
>>                  bpf_program__attach_netfilter;
>>                  bpf_program__attach_tcx;
>>                  bpf_program__attach_uprobe_multi;
>> --
>> 2.34.1
>>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ