09 Mar, 2016

1 commit

• 89b976070   samples/bpf: add map_flags to bpf loader ... Browse Code »

  note old loader is compatible with new kernel.
  map_flags are optional

  Signed-off-by: Alexei Starovoitov
  Signed-off-by: David S. Miller

  Alexei Starovoitov

  2016-03-09 04:28:32 +0800  

02 Apr, 2015

1 commit

• b896c4f95   samples/bpf: Add simple non-portable kprobe filter example ... Browse Code »

  tracex1_kern.c - C program compiled into BPF.

  It attaches to kprobe:netif_receive_skb()

  When skb->dev->name == "lo", it prints sample debug message into
  trace_pipe via bpf_trace_printk() helper function.

  tracex1_user.c - corresponding user space component that:
  - loads BPF program via bpf() syscall
  - opens kprobes:netif_receive_skb event via perf_event_open()
  syscall
  - attaches the program to event via ioctl(event_fd,
  PERF_EVENT_IOC_SET_BPF, prog_fd);
  - prints from trace_pipe

  Note, this BPF program is non-portable. It must be recompiled
  with current kernel headers. kprobe is not a stable ABI and
  BPF+kprobe scripts may no longer be meaningful when kernel
  internals change.

  No matter in what way the kernel changes, neither the kprobe,
  nor the BPF program can ever crash or corrupt the kernel,
  assuming the kprobes, perf and BPF subsystem has no bugs.

  The verifier will detect that the program is using
  bpf_trace_printk() and the kernel will print 'this is a DEBUG
  kernel' warning banner, which means that bpf_trace_printk()
  should be used for debugging of the BPF program only.

  Usage:
  $ sudo tracex1
  ping-19826 [000] d.s2 63103.382648: : skb ffff880466b1ca00 len 84
  ping-19826 [000] d.s2 63103.382684: : skb ffff880466b1d300 len 84

  ping-19826 [000] d.s2 63104.382533: : skb ffff880466b1ca00 len 84
  ping-19826 [000] d.s2 63104.382594: : skb ffff880466b1d300 len 84

  Signed-off-by: Alexei Starovoitov
  Cc: Arnaldo Carvalho de Melo
  Cc: Arnaldo Carvalho de Melo
  Cc: Daniel Borkmann
  Cc: David S. Miller
  Cc: Jiri Olsa
  Cc: Linus Torvalds
  Cc: Masami Hiramatsu
  Cc: Namhyung Kim
  Cc: Peter Zijlstra
  Cc: Peter Zijlstra
  Cc: Steven Rostedt
  Link: http://lkml.kernel.org/r/1427312966-8434-7-git-send-email-ast@plumgrid.com
  Signed-off-by: Ingo Molnar

  Alexei Starovoitov

  2015-04-02 19:25:50 +0800  

06 Dec, 2014

1 commit

• 03f4723ed   samples: bpf: example of stateful socket filtering ... Browse Code »

  this socket filter example does:
  - creates arraymap in kernel with key 4 bytes and value 8 bytes

  - loads eBPF program which assumes that packet is IPv4 and loads one byte of
  IP->proto from the packet and uses it as a key in a map

  r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
  *(u32*)(fp - 4) = r0;
  value = bpf_map_lookup_elem(map_fd, fp - 4);
  if (value)
  (*(u64*)value) += 1;

  - attaches this program to raw socket

  - every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
  to see how many packets of given protocol were seen on loopback interface

  Usage:
  $sudo samples/bpf/sock_example
  TCP 0 UDP 0 ICMP 0 packets
  TCP 187600 UDP 0 ICMP 4 packets
  TCP 376504 UDP 0 ICMP 8 packets
  TCP 563116 UDP 0 ICMP 12 packets
  TCP 753144 UDP 0 ICMP 16 packets

  Signed-off-by: Alexei Starovoitov
  Signed-off-by: David S. Miller

  Alexei Starovoitov

  2014-12-06 13:47:32 +0800