Refactor sources to support C++ integration#325
Merged
qdeslandes merged 21 commits intofacebook:mainfrom Sep 14, 2025
Merged
Conversation
Build tests will ensure the public headers stick to standard C code, without any compiler extension or non-standard feature.
autosectionlabel is only used once and regularly triggers warnings with Breathe do to sections naming conflicts. Instead, create sections manually.
covreport should not depend on lcov.out: it should generate a coverage report if it exists, or skip the report generation if it doesn't.
Do not nest the flexible-array member into a union, use a single status code to carry the success or error type.
Core headers could be included in external project which might not support compiler extension. As part of the effort to allow public headers to be included in sources built with -pedantic, the kernel UAPI headers must be hidden (to prevent compilation errors).
This commit is part of a multi-commits change to refactor the
serialization logic. The current logic has a few caveats:
- It's slow for large ruleset, due to all the allocations required
- It doesn't support ABI update (if the serialized structures change)
- It uses a flexible array member, which break C++ builds
Instead, the MessagePack format will be used. Further explanation about
this choice are available in the documentation.
This commit introduce pack.{c,h} which defines the objects used to
serialize and deserialize data.
See previous commit for more context. This change update the serialization logic of core/bpfilter objects with the message pack format.
See previous commits for more context. Marsh has been replaced with pack, it can be removed from the sources.
This new API will be used for testing purposes: it allows end-to-end tests to request a program's file descriptor and run BPF_PROG_TEST_RUN to validate a chain. It should not be used by end users, as described in the comment.
Instead of using a custom structure (bf_test_prog), perform direct calls to bpfilter using the public API.
nft support has been disabled in bpfilter for some time, as major changes broke it. This change also remove part of nft support unit tests for now.
bf_request, bf_response, and bf_matcher definitions contain a variable-length array, which is not allowed in C++. In order to allow users to integrate with bpfilter in C++, those definition must be hidden.
qdeslandes
force-pushed
the
pedantic
branch
2 times, most recently
from
ee2e0b7 to
7eedf36
Compare
The structures defined in core module are part of the public interface, are they are needed to send and receive ruleset from the daemon. The change merges lib and core together as a single shared library used for both bfcli and bpfilter. libbpfilter will require some improvements before 1.0.0 stable is tagged, as some structures like bf_request should not need to be exposed, but this commit is a first step.
`make test` relies on a target depending on unit, e2e, and pedantic targets. This means CMake will run all 3 of these in parallel if -j is anything but 1, which will make the output of the tests unreadable. Modify the test target to use the cmake command and call unit, e2e, and pedantic sequentially.
qdeslandes
force-pushed
the
pedantic
branch
from
c0079cf to
8c00fad
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a massive change, which does not affect bpfilter's features. The
coreandlibmodules both use C-specific features and compiler extensions. To allow C++ client to use bpfilter, those constructs must be dealt with, this is the purpose of this PR.The biggest changes in this PR are:
struct bf_marsh, but the improvement is welcome.libbpfilterandcoretogether: core headers were needed externally to communicate with the daemon, merginglibandcoremodules makes it easier to manage the public interface. Further refinements will be required before 1.0.0 as additional structures should be hidden.pedantictest target to ensure bpfilter can be used in a client library without any compiler extension of C-only feature.