06 Dec, 2014
4 commits
-
sockex2_kern.c is purposefully large eBPF program in C.
llvm compiles ~200 lines of C code into ~300 eBPF instructions.It's similar to __skb_flow_dissect() to demonstrate that complex packet parsing
can be done by eBPF.
Then it uses (struct flow_keys)->dst IP address (or hash of ipv6 dst) to keep
stats of number of packets per IP.
User space loads eBPF program, attaches it to loopback interface and prints
dest_ip->#packets stats every second.Usage:
$sudo samples/bpf/sockex2
ip 127.0.0.1 count 19
ip 127.0.0.1 count 178115
ip 127.0.0.1 count 369437
ip 127.0.0.1 count 559841
ip 127.0.0.1 count 750539Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller -
this example does the same task as previous socket example
in assembler, but this one does it in C.eBPF program in kernel does:
/* assume that packet is IPv4, load one byte of IP->proto */
int index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
long *value;value = bpf_map_lookup_elem(&my_map, &index);
if (value)
__sync_fetch_and_add(value, 1);Corresponding user space reads map[tcp], map[udp], map[icmp]
and prints protocol stats every secondSigned-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller -
simple .o parser and loader using BPF syscall.
.o is a standard ELF generated by LLVM backendIt parses elf file compiled by llvm .c->.o
- parses 'maps' section and creates maps via BPF syscall
- parses 'license' section and passes it to syscall
- parses elf relocations for BPF maps and adjusts BPF_LD_IMM64 insns
by storing map_fd into insn->imm and marking such insns as BPF_PSEUDO_MAP_FD
- loads eBPF programs via BPF syscallOne ELF file can contain multiple BPF programs.
int load_bpf_file(char *path);
populates prog_fd[] and map_fd[] with FDs received from bpf syscallbpf_helpers.h - helper functions available to eBPF programs written in C
Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller -
this socket filter example does:
- creates arraymap in kernel with key 4 bytes and value 8 bytes- loads eBPF program which assumes that packet is IPv4 and loads one byte of
IP->proto from the packet and uses it as a key in a mapr0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
*(u32*)(fp - 4) = r0;
value = bpf_map_lookup_elem(map_fd, fp - 4);
if (value)
(*(u64*)value) += 1;- attaches this program to raw socket
- every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
to see how many packets of given protocol were seen on loopback interfaceUsage:
$sudo samples/bpf/sock_example
TCP 0 UDP 0 ICMP 0 packets
TCP 187600 UDP 0 ICMP 4 packets
TCP 376504 UDP 0 ICMP 8 packets
TCP 563116 UDP 0 ICMP 12 packets
TCP 753144 UDP 0 ICMP 16 packetsSigned-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller
19 Nov, 2014
2 commits
-
proper types and function helpers are ready. Use them in verifier testsuite.
Remove temporary stubsSigned-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller -
. check error conditions and sanity of hash and array map APIs
. check large maps (that kernel gracefully switches to vmalloc from kmalloc)
. check multi-process parallel access and stress testSigned-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller
31 Oct, 2014
1 commit
-
- add a test specifically targeting verifier state pruning.
It checks state propagation between registers, storing that
state into stack and state pruning algorithm recognizing
equivalent stack and register states.- add summary line to spot failures easier
Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller
22 Oct, 2014
1 commit
-
while comparing for verifier state equivalency the comparison
was missing a check for uninitialized register.
Make sure it does so and add a testcase.Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier")
Cc: Hannes Frederic Sowa
Signed-off-by: Alexei Starovoitov
Acked-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller
02 Oct, 2014
1 commit
-
add 4 extra tests to cover jump verification better
Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller
27 Sep, 2014
1 commit
-
1.
the library includes a trivial set of BPF syscall wrappers:
int bpf_create_map(int key_size, int value_size, int max_entries);
int bpf_update_elem(int fd, void *key, void *value);
int bpf_lookup_elem(int fd, void *key, void *value);
int bpf_delete_elem(int fd, void *key);
int bpf_get_next_key(int fd, void *key, void *next_key);
int bpf_prog_load(enum bpf_prog_type prog_type,
const struct sock_filter_int *insns, int insn_len,
const char *license);
bpf_prog_load() stores verifier log into global bpf_log_buf[] arrayand BPF_*() macros to build instructions
2.
test stubs configure eBPF infra with 'unspec' map and program types.
These are fake types used by user space testsuite only.3.
verifier tests valid and invalid programs and expects predefined
error log messages from kernel.
40 tests so far.$ sudo ./test_verifier
#0 add+sub+mul OK
#1 unreachable OK
#2 unreachable2 OK
#3 out of range jump OK
#4 out of range jump2 OK
#5 test1 ld_imm64 OK
...Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller