tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpftool: Extend net dump with tcx progs

Add support to dump fd-based attach types via bpftool. This includes both
the tc BPF link and attach ops programs. Dumped information contain the
attach location, function entry name, program ID and link ID when applicable.

Example with tc BPF link:

# ./bpftool net
xdp:

tc:
bond0(4) tcx/ingress cil_from_netdev prog_id 784 link_id 10
bond0(4) tcx/egress cil_to_netdev prog_id 804 link_id 11

flow_dissector:

netfilter:

Example with tc BPF attach ops:

# ./bpftool net
xdp:

tc:
bond0(4) tcx/ingress cil_from_netdev prog_id 654
bond0(4) tcx/egress cil_to_netdev prog_id 672

flow_dissector:

netfilter:

Currently, permanent flags are not yet supported, so 'unknown' ones are dumped
via NET_DUMP_UINT_ONLY() and once we do have permanent ones, we dump them as
human readable string.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Quentin Monnet <quentin@isovalent.com>
Link: https://lore.kernel.org/r/20230719140858.13224-7-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Daniel Borkmann and committed by
Alexei Starovoitov 57c61da8 4e9c2d9a

+116 -16
+15 -11
tools/bpf/bpftool/Documentation/bpftool-net.rst
··· 4 4 bpftool-net 5 5 ================ 6 6 ------------------------------------------------------------------------------- 7 - tool for inspection of netdev/tc related bpf prog attachments 7 + tool for inspection of networking related bpf prog attachments 8 8 ------------------------------------------------------------------------------- 9 9 10 10 :Manual section: 8 ··· 37 37 **bpftool net { show | list }** [ **dev** *NAME* ] 38 38 List bpf program attachments in the kernel networking subsystem. 39 39 40 - Currently, only device driver xdp attachments and tc filter 41 - classification/action attachments are implemented, i.e., for 42 - program types **BPF_PROG_TYPE_SCHED_CLS**, 43 - **BPF_PROG_TYPE_SCHED_ACT** and **BPF_PROG_TYPE_XDP**. 40 + Currently, device driver xdp attachments, tcx and old-style tc 41 + classifier/action attachments, flow_dissector as well as netfilter 42 + attachments are implemented, i.e., for 43 + program types **BPF_PROG_TYPE_XDP**, **BPF_PROG_TYPE_SCHED_CLS**, 44 + **BPF_PROG_TYPE_SCHED_ACT**, **BPF_PROG_TYPE_FLOW_DISSECTOR**, 45 + **BPF_PROG_TYPE_NETFILTER**. 46 + 44 47 For programs attached to a particular cgroup, e.g., 45 48 **BPF_PROG_TYPE_CGROUP_SKB**, **BPF_PROG_TYPE_CGROUP_SOCK**, 46 49 **BPF_PROG_TYPE_SOCK_OPS** and **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, ··· 52 49 bpf programs, users should consult other tools, e.g., iproute2. 53 50 54 51 The current output will start with all xdp program attachments, followed by 55 - all tc class/qdisc bpf program attachments. Both xdp programs and 56 - tc programs are ordered based on ifindex number. If multiple bpf 57 - programs attached to the same networking device through **tc filter**, 58 - the order will be first all bpf programs attached to tc classes, then 59 - all bpf programs attached to non clsact qdiscs, and finally all 60 - bpf programs attached to root and clsact qdisc. 52 + all tcx, then tc class/qdisc bpf program attachments, then flow_dissector 53 + and finally netfilter programs. Both xdp programs and tcx/tc programs are 54 + ordered based on ifindex number. If multiple bpf programs attached 55 + to the same networking device through **tc**, the order will be first 56 + all bpf programs attached to tcx, then tc classes, then all bpf programs 57 + attached to non clsact qdiscs, and finally all bpf programs attached 58 + to root and clsact qdisc. 61 59 62 60 **bpftool** **net attach** *ATTACH_TYPE* *PROG* **dev** *NAME* [ **overwrite** ] 63 61 Attach bpf program *PROG* to network interface *NAME* with
+93 -5
tools/bpf/bpftool/net.c
··· 76 76 [NET_ATTACH_TYPE_XDP_OFFLOAD] = "xdpoffload", 77 77 }; 78 78 79 + static const char * const attach_loc_strings[] = { 80 + [BPF_TCX_INGRESS] = "tcx/ingress", 81 + [BPF_TCX_EGRESS] = "tcx/egress", 82 + }; 83 + 79 84 const size_t net_attach_type_size = ARRAY_SIZE(attach_type_strings); 80 85 81 86 static enum net_attach_type parse_attach_type(const char *str) ··· 427 422 filter_info->devname, filter_info->ifindex); 428 423 } 429 424 430 - static int show_dev_tc_bpf(int sock, unsigned int nl_pid, 431 - struct ip_devname_ifindex *dev) 425 + static int __show_dev_tc_bpf_name(__u32 id, char *name, size_t len) 426 + { 427 + struct bpf_prog_info info = {}; 428 + __u32 ilen = sizeof(info); 429 + int fd, ret; 430 + 431 + fd = bpf_prog_get_fd_by_id(id); 432 + if (fd < 0) 433 + return fd; 434 + ret = bpf_obj_get_info_by_fd(fd, &info, &ilen); 435 + if (ret < 0) 436 + goto out; 437 + ret = -ENOENT; 438 + if (info.name[0]) { 439 + get_prog_full_name(&info, fd, name, len); 440 + ret = 0; 441 + } 442 + out: 443 + close(fd); 444 + return ret; 445 + } 446 + 447 + static void __show_dev_tc_bpf(const struct ip_devname_ifindex *dev, 448 + const enum bpf_attach_type loc) 449 + { 450 + __u32 prog_flags[64] = {}, link_flags[64] = {}, i, j; 451 + __u32 prog_ids[64] = {}, link_ids[64] = {}; 452 + LIBBPF_OPTS(bpf_prog_query_opts, optq); 453 + char prog_name[MAX_PROG_FULL_NAME]; 454 + int ret; 455 + 456 + optq.prog_ids = prog_ids; 457 + optq.prog_attach_flags = prog_flags; 458 + optq.link_ids = link_ids; 459 + optq.link_attach_flags = link_flags; 460 + optq.count = ARRAY_SIZE(prog_ids); 461 + 462 + ret = bpf_prog_query_opts(dev->ifindex, loc, &optq); 463 + if (ret) 464 + return; 465 + for (i = 0; i < optq.count; i++) { 466 + NET_START_OBJECT; 467 + NET_DUMP_STR("devname", "%s", dev->devname); 468 + NET_DUMP_UINT("ifindex", "(%u)", dev->ifindex); 469 + NET_DUMP_STR("kind", " %s", attach_loc_strings[loc]); 470 + ret = __show_dev_tc_bpf_name(prog_ids[i], prog_name, 471 + sizeof(prog_name)); 472 + if (!ret) 473 + NET_DUMP_STR("name", " %s", prog_name); 474 + NET_DUMP_UINT("prog_id", " prog_id %u ", prog_ids[i]); 475 + if (prog_flags[i] || json_output) { 476 + NET_START_ARRAY("prog_flags", "%s "); 477 + for (j = 0; prog_flags[i] && j < 32; j++) { 478 + if (!(prog_flags[i] & (1 << j))) 479 + continue; 480 + NET_DUMP_UINT_ONLY(1 << j); 481 + } 482 + NET_END_ARRAY(""); 483 + } 484 + if (link_ids[i] || json_output) { 485 + NET_DUMP_UINT("link_id", "link_id %u ", link_ids[i]); 486 + if (link_flags[i] || json_output) { 487 + NET_START_ARRAY("link_flags", "%s "); 488 + for (j = 0; link_flags[i] && j < 32; j++) { 489 + if (!(link_flags[i] & (1 << j))) 490 + continue; 491 + NET_DUMP_UINT_ONLY(1 << j); 492 + } 493 + NET_END_ARRAY(""); 494 + } 495 + } 496 + NET_END_OBJECT_FINAL; 497 + } 498 + } 499 + 500 + static void show_dev_tc_bpf(struct ip_devname_ifindex *dev) 501 + { 502 + __show_dev_tc_bpf(dev, BPF_TCX_INGRESS); 503 + __show_dev_tc_bpf(dev, BPF_TCX_EGRESS); 504 + } 505 + 506 + static int show_dev_tc_bpf_classic(int sock, unsigned int nl_pid, 507 + struct ip_devname_ifindex *dev) 432 508 { 433 509 struct bpf_filter_t filter_info; 434 510 struct bpf_tcinfo_t tcinfo; ··· 876 790 if (!ret) { 877 791 NET_START_ARRAY("tc", "%s:\n"); 878 792 for (i = 0; i < dev_array.used_len; i++) { 879 - ret = show_dev_tc_bpf(sock, nl_pid, 880 - &dev_array.devices[i]); 793 + show_dev_tc_bpf(&dev_array.devices[i]); 794 + ret = show_dev_tc_bpf_classic(sock, nl_pid, 795 + &dev_array.devices[i]); 881 796 if (ret) 882 797 break; 883 798 } ··· 926 839 " ATTACH_TYPE := { xdp | xdpgeneric | xdpdrv | xdpoffload }\n" 927 840 " " HELP_SPEC_OPTIONS " }\n" 928 841 "\n" 929 - "Note: Only xdp and tc attachments are supported now.\n" 842 + "Note: Only xdp, tcx, tc, flow_dissector and netfilter attachments\n" 843 + " are currently supported.\n" 930 844 " For progs attached to cgroups, use \"bpftool cgroup\"\n" 931 845 " to dump program attachments. For program types\n" 932 846 " sk_{filter,skb,msg,reuseport} and lwt/seg6, please\n"