forked from jrfastab/linux-kernel-xdp
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This program binds a program to a cgroup and then matches hard coded IP addresses and adds these to a sockmap. This will receive messages from the backend and send them to the client. client:X <---> frontend:10000 client:X <---> backend:80 To keep things simple this is only designed for 1:1 connections using hard coded values. A more complete example would use allow many backends and clients. Signed-off-by: John Fastabend <john.fastabend@gmail.com>
- Loading branch information
Showing
7 changed files
with
331 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# kbuild trick to avoid linker error. Can be omitted if a module is built. | ||
obj- := dummy.o | ||
|
||
# List of programs to build | ||
hostprogs-y := sockmap | ||
|
||
# Libbpf dependencies | ||
LIBBPF := ../../tools/lib/bpf/bpf.o | ||
|
||
HOSTCFLAGS += -I$(objtree)/usr/include | ||
HOSTCFLAGS += -I$(srctree)/tools/lib/ | ||
HOSTCFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ | ||
HOSTCFLAGS += -I$(srctree)/tools/lib/ -I$(srctree)/tools/include | ||
HOSTCFLAGS += -I$(srctree)/tools/perf | ||
|
||
sockmap-objs := ../bpf/bpf_load.o $(LIBBPF) sockmap_user.o | ||
|
||
# Tell kbuild to always build the programs | ||
always := $(hostprogs-y) | ||
always += sockmap_kern.o | ||
|
||
HOSTLOADLIBES_sockmap += -lelf -lpthread | ||
|
||
# Allows pointing LLC/CLANG to a LLVM backend with bpf support, redefine on cmdline: | ||
# make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang | ||
LLC ?= llc | ||
CLANG ?= clang | ||
|
||
# Trick to allow make to be run from this directory | ||
all: | ||
$(MAKE) -C ../../ $(CURDIR)/ | ||
|
||
clean: | ||
$(MAKE) -C ../../ M=$(CURDIR) clean | ||
@rm -f *~ | ||
|
||
$(obj)/syscall_nrs.s: $(src)/syscall_nrs.c | ||
$(call if_changed_dep,cc_s_c) | ||
|
||
$(obj)/syscall_nrs.h: $(obj)/syscall_nrs.s FORCE | ||
$(call filechk,offsets,__SYSCALL_NRS_H__) | ||
|
||
clean-files += syscall_nrs.h | ||
|
||
FORCE: | ||
|
||
|
||
# Verify LLVM compiler tools are available and bpf target is supported by llc | ||
.PHONY: verify_cmds verify_target_bpf $(CLANG) $(LLC) | ||
|
||
verify_cmds: $(CLANG) $(LLC) | ||
@for TOOL in $^ ; do \ | ||
if ! (which -- "$${TOOL}" > /dev/null 2>&1); then \ | ||
echo "*** ERROR: Cannot find LLVM tool $${TOOL}" ;\ | ||
exit 1; \ | ||
else true; fi; \ | ||
done | ||
|
||
verify_target_bpf: verify_cmds | ||
@if ! (${LLC} -march=bpf -mattr=help > /dev/null 2>&1); then \ | ||
echo "*** ERROR: LLVM (${LLC}) does not support 'bpf' target" ;\ | ||
echo " NOTICE: LLVM version >= 3.7.1 required" ;\ | ||
exit 2; \ | ||
else true; fi | ||
|
||
$(src)/*.c: verify_target_bpf | ||
|
||
# asm/sysreg.h - inline assembly used by it is incompatible with llvm. | ||
# But, there is no easy way to fix it, so just exclude it since it is | ||
# useless for BPF samples. | ||
$(obj)/%.o: $(src)/%.c | ||
$(CLANG) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(EXTRA_CFLAGS) -I$(obj) \ | ||
-D__KERNEL__ -D__ASM_SYSREG_H -Wno-unused-value -Wno-pointer-sign \ | ||
-Wno-compare-distinct-pointer-types \ | ||
-Wno-gnu-variable-sized-type-not-at-end \ | ||
-Wno-address-of-packed-member -Wno-tautological-compare \ | ||
-Wno-unknown-warning-option \ | ||
-O2 -emit-llvm -c $< -o -| $(LLC) -march=bpf -filetype=obj -o $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
#include <uapi/linux/bpf.h> | ||
#include <uapi/linux/if_ether.h> | ||
#include <uapi/linux/if_packet.h> | ||
#include <uapi/linux/ip.h> | ||
#include "../../tools/testing/selftests/bpf/bpf_helpers.h" | ||
#include "../../tools/testing/selftests/bpf/bpf_endian.h" | ||
|
||
#define bpf_printk(fmt, ...) \ | ||
({ \ | ||
char ____fmt[] = fmt; \ | ||
bpf_trace_printk(____fmt, sizeof(____fmt), \ | ||
##__VA_ARGS__); \ | ||
}) | ||
|
||
struct bpf_map_def SEC("maps") sock_map = { | ||
.type = BPF_MAP_TYPE_SOCKMAP, | ||
.key_size = sizeof(int), | ||
.value_size = sizeof(int), | ||
.max_entries = 20, | ||
}; | ||
|
||
struct bpf_map_def SEC("maps") reply_port = { | ||
.type = BPF_MAP_TYPE_ARRAY, | ||
.key_size = sizeof(int), | ||
.value_size = sizeof(int), | ||
.max_entries = 1, | ||
}; | ||
|
||
SEC("socket1") | ||
int bpf_prog1(struct __sk_buff *skb) | ||
{ | ||
return skb->len; | ||
} | ||
|
||
SEC("socket2") | ||
int bpf_prog2(struct __sk_buff *skb) | ||
{ | ||
int ret = 0, loc = 0, *l, lp; | ||
__u32 local_port = bpf_skb_get_local_port(skb); | ||
__u32 remote_port = bpf_skb_get_remote_port(skb); | ||
/* client:X <---> frontend:80 client:X <---> backend:80 | ||
* A proxy has two components a frontend and backend here | ||
* we use sockmap to attach frontend:80 to client:X in real | ||
* use case we would have multiple clients and backends. For | ||
* simplicity we hard code values here and bind 1:1. | ||
*/ | ||
if (local_port == 10001) { | ||
ret = 10; | ||
} else { | ||
ret=1; | ||
l = bpf_map_lookup_elem(&reply_port, &loc); | ||
lp = l ? *l : 0; | ||
bpf_printk("local_port %d lp %d ret %d\n", local_port, lp, ret); | ||
} | ||
|
||
bpf_printk("kproxy: %d -> %d return %d\n", local_port, remote_port, ret); | ||
bpf_printk("kproxy: local port %d remote port ntohl %d\n", | ||
bpf_ntohl(local_port), bpf_ntohl(remote_port)); | ||
bpf_printk("kproxy: return %i\n", ret); | ||
|
||
return bpf_sk_redirect_map(&sock_map, ret, 0); | ||
} | ||
|
||
|
||
SEC("sockops") | ||
int bpf_kproxy(struct bpf_sock_ops *skops) | ||
{ | ||
__u32 lport, rport; | ||
__u32 daddr, saddr; | ||
int op, err = 0, index, key, ret; | ||
|
||
|
||
op = (int) skops->op; | ||
|
||
switch (op) { | ||
case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB: | ||
lport = skops->local_port; | ||
rport = skops->remote_port; | ||
saddr = skops->local_ip4; | ||
daddr = skops->remote_ip4; | ||
|
||
if ((((unsigned char *)&saddr)[3] == 238) && | ||
(((unsigned char *)&saddr)[2] == 28)) { | ||
|
||
bpf_printk("family: %i\n", skops->family); | ||
bpf_printk("passive_established: %u.%u.%u", | ||
((unsigned char *)&saddr)[0], | ||
((unsigned char *)&saddr)[1], | ||
((unsigned char *)&saddr)[2]); | ||
bpf_printk("%u:%d -> ", | ||
((unsigned char *)&saddr)[3], | ||
lport); | ||
bpf_printk("%u.%u.%u", | ||
((unsigned char *)&daddr)[0], | ||
((unsigned char *)&daddr)[1], | ||
((unsigned char *)&daddr)[2]); | ||
bpf_printk("%u:%d\n", | ||
((unsigned char *)&daddr)[3], bpf_ntohl(rport)); | ||
|
||
ret = 1; | ||
bpf_map_ctx_update_elem(skops, &sock_map, &ret, 1, 0x00); | ||
if (!err) | ||
bpf_printk("sk_redirect_map join success: 1: %d\n", err); | ||
} | ||
break; | ||
case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB: | ||
lport = skops->local_port; | ||
rport = skops->remote_port; | ||
saddr = skops->local_ip4; | ||
daddr = skops->remote_ip4; | ||
if (bpf_ntohl(rport) == 80 && ((unsigned char *)&saddr)[3] == 238) { | ||
|
||
bpf_printk("family: %i\n", skops->family); | ||
bpf_printk("active_established_cb: %u.%u.%u", | ||
((unsigned char *)&saddr)[0], | ||
((unsigned char *)&saddr)[1], | ||
((unsigned char *)&saddr)[2]); | ||
bpf_printk("%u:%d -> %d\n", | ||
((unsigned char *)&saddr)[3], | ||
lport); | ||
bpf_printk("%u.%u.%u", | ||
((unsigned char *)&daddr)[0], | ||
((unsigned char *)&daddr)[1], | ||
((unsigned char *)&daddr)[2]); | ||
bpf_printk("%u:%d\n", | ||
((unsigned char *)&daddr)[3], bpf_ntohl(rport)); | ||
|
||
ret = 10; | ||
err = bpf_map_ctx_update_elem(skops, &sock_map, &ret, 1, 0x01); | ||
key = 0; | ||
err = bpf_map_update_elem(&reply_port, &key, &lport, BPF_ANY); | ||
bpf_printk("sk_redirect_map join success: 10: %d\n", err); | ||
} | ||
break; | ||
default: | ||
break; | ||
} | ||
|
||
if (err) | ||
bpf_printk("sk_redirect_map err: %d\n", err); | ||
return 0; | ||
} | ||
char _license[] SEC("license") = "GPL"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <pthread.h> | ||
#include <sys/socket.h> | ||
#include <netinet/in.h> | ||
#include <arpa/inet.h> | ||
#include <unistd.h> | ||
#include <string.h> | ||
#include <errno.h> | ||
#include <sys/ioctl.h> | ||
#include <stdbool.h> | ||
#include <signal.h> | ||
#include <fcntl.h> | ||
|
||
#include <linux/netlink.h> | ||
#include <linux/socket.h> | ||
#include <linux/sock_diag.h> | ||
#include <linux/bpf.h> | ||
#include <linux/if_link.h> | ||
#include <assert.h> | ||
#include <libgen.h> | ||
|
||
#include "../bpf/bpf_load.h" | ||
#include "../bpf/bpf_util.h" | ||
#include "../bpf/libbpf.h" | ||
|
||
int running; | ||
void running_handler(int a); | ||
|
||
int main(int argc, char **argv) | ||
{ | ||
int err, cg_fd; | ||
char filename[256]; | ||
char *cg_path; | ||
|
||
cg_path = argv[argc - 1]; | ||
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); | ||
|
||
running = 1; | ||
|
||
/* catch SIGINT */ | ||
signal(SIGINT, running_handler); | ||
sleep(1); | ||
|
||
if (load_bpf_file(filename)) { | ||
printf("load_bpf_file: (%s) %s\n", filename, strerror(errno)); | ||
return 1; | ||
} | ||
|
||
/* Cgroup configuration */ | ||
cg_fd = open(cg_path, O_DIRECTORY, O_RDONLY); | ||
if (cg_fd < 0) { | ||
fprintf(stderr, "ERROR: (%i) open cg path failed: %s\n", cg_fd, cg_path); | ||
return cg_fd; | ||
} | ||
fprintf(stderr, "CG_FD open %i:%s\n", cg_fd, cg_path); | ||
|
||
/* Attach programs to sockmap */ | ||
err = _bpf_prog_attach(prog_fd[0], prog_fd[1], map_fd[0], BPF_SOCKMAP_INGRESS, 0); | ||
if (err) { | ||
printf("ERROR: bpf_prog_attach (sockmap): %d (%s)\n", err, strerror(errno)); | ||
return err; | ||
} | ||
|
||
/* Attach to cgroups */ | ||
err = bpf_prog_attach(prog_fd[2], cg_fd, BPF_CGROUP_SOCK_OPS, 0); | ||
if (err) { | ||
printf("ERROR: bpf_prog_attach (reply): %d (%s)\n", err, strerror(errno)); | ||
return err; | ||
} | ||
|
||
fprintf(stderr, "BPF_CGROUP_SOCKS_OPS attached: %d\n", err); | ||
|
||
while (running) { | ||
fprintf(stderr, "."); | ||
sleep(2); | ||
} | ||
return 0; | ||
} | ||
|
||
void running_handler(int a) | ||
{ | ||
running = 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters