Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 1 | /* |
| 2 | * f_bpf.c BPF-based Classifier |
| 3 | * |
| 4 | * This program is free software; you can distribute it and/or |
| 5 | * modify it under the terms of the GNU General Public License |
| 6 | * as published by the Free Software Foundation; either version |
| 7 | * 2 of the License, or (at your option) any later version. |
| 8 | * |
| 9 | * Authors: Daniel Borkmann <dborkman@redhat.com> |
| 10 | */ |
| 11 | |
| 12 | #include <stdio.h> |
| 13 | #include <stdlib.h> |
| 14 | #include <unistd.h> |
| 15 | #include <syslog.h> |
| 16 | #include <fcntl.h> |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 17 | #include <libgen.h> |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 18 | #include <sys/socket.h> |
| 19 | #include <netinet/in.h> |
| 20 | #include <arpa/inet.h> |
| 21 | #include <string.h> |
| 22 | #include <stdbool.h> |
| 23 | #include <errno.h> |
Natanael Copa | dd9cc0e | 2014-05-27 07:40:10 +0000 | [diff] [blame] | 24 | #include <limits.h> |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 25 | #include <linux/filter.h> |
| 26 | #include <linux/if.h> |
| 27 | |
| 28 | #include "utils.h" |
| 29 | #include "tc_util.h" |
Jiri Pirko | 1d129d1 | 2015-01-19 16:56:29 +0100 | [diff] [blame] | 30 | #include "tc_bpf.h" |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 31 | |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 32 | static const enum bpf_prog_type bpf_type = BPF_PROG_TYPE_SCHED_CLS; |
| 33 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 34 | static void explain(void) |
| 35 | { |
| 36 | fprintf(stderr, "Usage: ... bpf ...\n"); |
| 37 | fprintf(stderr, "\n"); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 38 | fprintf(stderr, "BPF use case:\n"); |
| 39 | fprintf(stderr, " bytecode BPF_BYTECODE\n"); |
| 40 | fprintf(stderr, " bytecode-file FILE\n"); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 41 | fprintf(stderr, "\n"); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 42 | fprintf(stderr, "eBPF use case:\n"); |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 43 | fprintf(stderr, " object-file FILE [ section CLS_NAME ] [ export UDS_FILE ]"); |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 44 | fprintf(stderr, " [ verbose ] [ direct-action ]\n"); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 45 | fprintf(stderr, "\n"); |
| 46 | fprintf(stderr, "Common remaining options:\n"); |
| 47 | fprintf(stderr, " [ action ACTION_SPEC ]\n"); |
| 48 | fprintf(stderr, " [ classid CLASSID ]\n"); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 49 | fprintf(stderr, "\n"); |
| 50 | fprintf(stderr, "Where BPF_BYTECODE := \'s,c t f k,c t f k,c t f k,...\'\n"); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 51 | fprintf(stderr, "c,t,f,k and s are decimals; s denotes number of 4-tuples\n"); |
| 52 | fprintf(stderr, "\n"); |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 53 | fprintf(stderr, "Where FILE points to a file containing the BPF_BYTECODE string,\n"); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 54 | fprintf(stderr, "an ELF file containing eBPF map definitions and bytecode.\n"); |
| 55 | fprintf(stderr, "\n"); |
| 56 | fprintf(stderr, "Where CLS_NAME refers to the section name containing the\n"); |
| 57 | fprintf(stderr, "classifier (default \'%s\').\n", bpf_default_section(bpf_type)); |
| 58 | fprintf(stderr, "\n"); |
| 59 | fprintf(stderr, "Where UDS_FILE points to a unix domain socket file in order\n"); |
| 60 | fprintf(stderr, "to hand off control of all created eBPF maps to an agent.\n"); |
| 61 | fprintf(stderr, "\n"); |
| 62 | fprintf(stderr, "ACTION_SPEC := ... look at individual actions\n"); |
Jamal Hadi Salim | 863ecb0 | 2014-10-06 07:41:21 -0400 | [diff] [blame] | 63 | fprintf(stderr, "NOTE: CLASSID is parsed as hexadecimal input.\n"); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 64 | } |
| 65 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 66 | static int bpf_parse_opt(struct filter_util *qu, char *handle, |
| 67 | int argc, char **argv, struct nlmsghdr *n) |
| 68 | { |
| 69 | struct tcmsg *t = NLMSG_DATA(n); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 70 | const char *bpf_uds_name = NULL; |
| 71 | const char *bpf_sec_name = NULL; |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 72 | unsigned int bpf_flags = 0; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 73 | char *bpf_obj = NULL; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 74 | struct rtattr *tail; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 75 | bool seen_run = false; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 76 | long h = 0; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 77 | int ret = 0; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 78 | |
| 79 | if (argc == 0) |
| 80 | return 0; |
| 81 | |
| 82 | if (handle) { |
| 83 | h = strtol(handle, NULL, 0); |
| 84 | if (h == LONG_MIN || h == LONG_MAX) { |
| 85 | fprintf(stderr, "Illegal handle \"%s\", must be " |
| 86 | "numeric.\n", handle); |
| 87 | return -1; |
| 88 | } |
| 89 | } |
| 90 | |
| 91 | t->tcm_handle = h; |
| 92 | |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 93 | tail = (struct rtattr *)(((void *)n) + NLMSG_ALIGN(n->nlmsg_len)); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 94 | addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0); |
| 95 | |
| 96 | while (argc > 0) { |
| 97 | if (matches(*argv, "run") == 0) { |
Jiri Pirko | 1d129d1 | 2015-01-19 16:56:29 +0100 | [diff] [blame] | 98 | struct sock_filter bpf_ops[BPF_MAXINSNS]; |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 99 | bool from_file, ebpf, bpf_verbose; |
Jiri Pirko | 1d129d1 | 2015-01-19 16:56:29 +0100 | [diff] [blame] | 100 | int ret; |
| 101 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 102 | NEXT_ARG(); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 103 | opt_bpf: |
| 104 | bpf_sec_name = bpf_default_section(bpf_type); |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 105 | bpf_verbose = false; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 106 | ebpf = false; |
| 107 | seen_run = true; |
| 108 | |
| 109 | if (strcmp(*argv, "bytecode-file") == 0 || |
| 110 | strcmp(*argv, "bcf") == 0) { |
| 111 | from_file = true; |
| 112 | } else if (strcmp(*argv, "bytecode") == 0 || |
| 113 | strcmp(*argv, "bc") == 0) { |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 114 | from_file = false; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 115 | } else if (strcmp(*argv, "object-file") == 0 || |
| 116 | strcmp(*argv, "obj") == 0) { |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 117 | ebpf = true; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 118 | } else { |
| 119 | fprintf(stderr, "What is \"%s\"?\n", *argv); |
| 120 | explain(); |
| 121 | return -1; |
| 122 | } |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 123 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 124 | NEXT_ARG(); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 125 | if (ebpf) { |
Nicolas Dichtel | 611f70b | 2015-07-23 09:17:41 +0200 | [diff] [blame] | 126 | bpf_uds_name = getenv(BPF_ENV_UDS); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 127 | bpf_obj = *argv; |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 128 | |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 129 | NEXT_ARG_FWD(); |
| 130 | |
| 131 | if (argc > 0 && |
| 132 | (strcmp(*argv, "section") == 0 || |
| 133 | strcmp(*argv, "sec") == 0)) { |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 134 | NEXT_ARG(); |
| 135 | bpf_sec_name = *argv; |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 136 | NEXT_ARG_FWD(); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 137 | } |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 138 | if (argc > 0 && !bpf_uds_name && |
Daniel Borkmann | 88eea53 | 2015-06-02 23:35:34 +0200 | [diff] [blame] | 139 | (strcmp(*argv, "export") == 0 || |
| 140 | strcmp(*argv, "exp") == 0)) { |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 141 | NEXT_ARG(); |
| 142 | bpf_uds_name = *argv; |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 143 | NEXT_ARG_FWD(); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 144 | } |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 145 | if (argc > 0 && |
| 146 | (strcmp(*argv, "verbose") == 0 || |
| 147 | strcmp(*argv, "verb") == 0)) { |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 148 | bpf_verbose = true; |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 149 | NEXT_ARG_FWD(); |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 150 | } |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 151 | |
| 152 | PREV_ARG(); |
| 153 | } |
| 154 | |
Daniel Borkmann | d937a74 | 2015-04-28 13:37:42 +0200 | [diff] [blame] | 155 | ret = ebpf ? bpf_open_object(bpf_obj, bpf_type, bpf_sec_name, |
| 156 | bpf_verbose) : |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 157 | bpf_parse_ops(argc, argv, bpf_ops, from_file); |
Jiri Pirko | 1d129d1 | 2015-01-19 16:56:29 +0100 | [diff] [blame] | 158 | if (ret < 0) { |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 159 | fprintf(stderr, "%s\n", ebpf ? |
| 160 | "Could not load object" : |
| 161 | "Illegal \"bytecode\""); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 162 | return -1; |
| 163 | } |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 164 | |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 165 | if (ebpf) { |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 166 | char bpf_name[256]; |
| 167 | |
| 168 | bpf_obj = basename(bpf_obj); |
| 169 | |
| 170 | snprintf(bpf_name, sizeof(bpf_name), "%s:[%s]", |
| 171 | bpf_obj, bpf_sec_name); |
| 172 | |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 173 | addattr32(n, MAX_MSG, TCA_BPF_FD, ret); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 174 | addattrstrz(n, MAX_MSG, TCA_BPF_NAME, bpf_name); |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 175 | } else { |
| 176 | addattr16(n, MAX_MSG, TCA_BPF_OPS_LEN, ret); |
| 177 | addattr_l(n, MAX_MSG, TCA_BPF_OPS, &bpf_ops, |
| 178 | ret * sizeof(struct sock_filter)); |
| 179 | } |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 180 | } else if (matches(*argv, "classid") == 0 || |
| 181 | strcmp(*argv, "flowid") == 0) { |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 182 | unsigned int handle; |
| 183 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 184 | NEXT_ARG(); |
| 185 | if (get_tc_classid(&handle, *argv)) { |
| 186 | fprintf(stderr, "Illegal \"classid\"\n"); |
| 187 | return -1; |
| 188 | } |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 189 | addattr32(n, MAX_MSG, TCA_BPF_CLASSID, handle); |
| 190 | } else if (matches(*argv, "direct-action") == 0 || |
| 191 | matches(*argv, "da") == 0) { |
| 192 | bpf_flags |= TCA_BPF_FLAG_ACT_DIRECT; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 193 | } else if (matches(*argv, "action") == 0) { |
| 194 | NEXT_ARG(); |
| 195 | if (parse_action(&argc, &argv, TCA_BPF_ACT, n)) { |
| 196 | fprintf(stderr, "Illegal \"action\"\n"); |
| 197 | return -1; |
| 198 | } |
| 199 | continue; |
| 200 | } else if (matches(*argv, "police") == 0) { |
| 201 | NEXT_ARG(); |
| 202 | if (parse_police(&argc, &argv, TCA_BPF_POLICE, n)) { |
| 203 | fprintf(stderr, "Illegal \"police\"\n"); |
| 204 | return -1; |
| 205 | } |
| 206 | continue; |
| 207 | } else if (strcmp(*argv, "help") == 0) { |
| 208 | explain(); |
| 209 | return -1; |
| 210 | } else { |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 211 | if (!seen_run) |
| 212 | goto opt_bpf; |
| 213 | |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 214 | fprintf(stderr, "What is \"%s\"?\n", *argv); |
| 215 | explain(); |
| 216 | return -1; |
| 217 | } |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 218 | |
| 219 | NEXT_ARG_FWD(); |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 220 | } |
| 221 | |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 222 | if (bpf_obj && bpf_flags) |
| 223 | addattr32(n, MAX_MSG, TCA_BPF_FLAGS, bpf_flags); |
| 224 | |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 225 | tail->rta_len = (((void *)n) + n->nlmsg_len) - (void *)tail; |
| 226 | |
| 227 | if (bpf_uds_name) |
Daniel Borkmann | 4bd6244 | 2015-04-16 21:20:06 +0200 | [diff] [blame] | 228 | ret = bpf_send_map_fds(bpf_uds_name, bpf_obj); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 229 | |
| 230 | return ret; |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 231 | } |
| 232 | |
| 233 | static int bpf_print_opt(struct filter_util *qu, FILE *f, |
| 234 | struct rtattr *opt, __u32 handle) |
| 235 | { |
| 236 | struct rtattr *tb[TCA_BPF_MAX + 1]; |
| 237 | |
| 238 | if (opt == NULL) |
| 239 | return 0; |
| 240 | |
| 241 | parse_rtattr_nested(tb, TCA_BPF_MAX, opt); |
| 242 | |
| 243 | if (handle) |
| 244 | fprintf(f, "handle 0x%x ", handle); |
| 245 | |
| 246 | if (tb[TCA_BPF_CLASSID]) { |
| 247 | SPRINT_BUF(b1); |
| 248 | fprintf(f, "flowid %s ", |
| 249 | sprint_tc_classid(rta_getattr_u32(tb[TCA_BPF_CLASSID]), b1)); |
| 250 | } |
| 251 | |
Daniel Borkmann | 11c39b5 | 2015-03-16 19:37:41 +0100 | [diff] [blame] | 252 | if (tb[TCA_BPF_NAME]) |
| 253 | fprintf(f, "%s ", rta_getattr_str(tb[TCA_BPF_NAME])); |
| 254 | else if (tb[TCA_BPF_FD]) |
| 255 | fprintf(f, "pfd %u ", rta_getattr_u32(tb[TCA_BPF_FD])); |
| 256 | |
Daniel Borkmann | faa8a46 | 2015-09-25 12:32:41 +0200 | [diff] [blame^] | 257 | if (tb[TCA_BPF_FLAGS]) { |
| 258 | unsigned int flags = rta_getattr_u32(tb[TCA_BPF_FLAGS]); |
| 259 | |
| 260 | if (flags & TCA_BPF_FLAG_ACT_DIRECT) |
| 261 | fprintf(f, "direct-action "); |
| 262 | } |
| 263 | |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 264 | if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN]) { |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 265 | bpf_print_ops(f, tb[TCA_BPF_OPS], |
| 266 | rta_getattr_u16(tb[TCA_BPF_OPS_LEN])); |
Daniel Borkmann | 6256f8c | 2015-04-01 17:57:44 +0200 | [diff] [blame] | 267 | fprintf(f, "\n"); |
| 268 | } |
Daniel Borkmann | d05df68 | 2013-10-28 12:35:33 +0100 | [diff] [blame] | 269 | |
| 270 | if (tb[TCA_BPF_POLICE]) { |
| 271 | fprintf(f, "\n"); |
| 272 | tc_print_police(f, tb[TCA_BPF_POLICE]); |
| 273 | } |
| 274 | |
| 275 | if (tb[TCA_BPF_ACT]) { |
| 276 | tc_print_action(f, tb[TCA_BPF_ACT]); |
| 277 | } |
| 278 | |
| 279 | return 0; |
| 280 | } |
| 281 | |
| 282 | struct filter_util bpf_filter_util = { |
| 283 | .id = "bpf", |
| 284 | .parse_fopt = bpf_parse_opt, |
| 285 | .print_fopt = bpf_print_opt, |
| 286 | }; |