libbpf: Add link-based API for tcx

Implement tcx BPF link support for libbpf.

The bpf_program__attach_fd() API has been refactored slightly in order to pass
bpf_link_create_opts pointer as input.

A new bpf_program__attach_tcx() has been added on top of this which allows for
passing all relevant data via extensible struct bpf_tcx_opts.

The program sections tcx/ingress and tcx/egress correspond to the hook locations
for tc ingress and egress, respectively.

For concrete usage examples, see the extensive selftests that have been
developed as part of this series.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230719140858.13224-5-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
index 4131d3a1484b6335c7e4edb65967b9ccc8cf8950..c9b6b311a441f754ef54d55ff4b475198c11f530 100644 (file)
--- a/tools/lib/bpf/bpf.c
+++ b/tools/lib/bpf/bpf.c
@@ -719,9 +719,9 @@ int bpf_link_create(int prog_fd, int target_fd,
                    const struct bpf_link_create_opts *opts)
 {
        const size_t attr_sz = offsetofend(union bpf_attr, link_create);
-       __u32 target_btf_id, iter_info_len;
+       __u32 target_btf_id, iter_info_len, relative_id;
+       int fd, err, relative_fd;
        union bpf_attr attr;
-       int fd, err;
 
        if (!OPTS_VALID(opts, bpf_link_create_opts))
                return libbpf_err(-EINVAL);
@@ -783,6 +783,22 @@ int bpf_link_create(int prog_fd, int target_fd,
                if (!OPTS_ZEROED(opts, netfilter))
                        return libbpf_err(-EINVAL);
                break;
+       case BPF_TCX_INGRESS:
+       case BPF_TCX_EGRESS:
+               relative_fd = OPTS_GET(opts, tcx.relative_fd, 0);
+               relative_id = OPTS_GET(opts, tcx.relative_id, 0);
+               if (relative_fd && relative_id)
+                       return libbpf_err(-EINVAL);
+               if (relative_id) {
+                       attr.link_create.tcx.relative_id = relative_id;
+                       attr.link_create.flags |= BPF_F_ID;
+               } else {
+                       attr.link_create.tcx.relative_fd = relative_fd;
+               }
+               attr.link_create.tcx.expected_revision = OPTS_GET(opts, tcx.expected_revision, 0);
+               if (!OPTS_ZEROED(opts, tcx))
+                       return libbpf_err(-EINVAL);
+               break;
        default:
                if (!OPTS_ZEROED(opts, flags))
                        return libbpf_err(-EINVAL);

diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
index 49e9d88fd9cf1c5fd0fcba58f30ef352487d5536..044a74ffc38aa168dda41f2b527f64ca44348558 100644 (file)
--- a/tools/lib/bpf/bpf.h
+++ b/tools/lib/bpf/bpf.h
@@ -401,6 +401,11 @@ struct bpf_link_create_opts {
                        __s32 priority;
                        __u32 flags;
                } netfilter;
+               struct {
+                       __u32 relative_fd;
+                       __u32 relative_id;
+                       __u64 expected_revision;
+               } tcx;
        };
        size_t :0;
 };

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 0f6913e1059bb04f30b70ff7abf2c6c333185b33..17883f5a44b972f872a25822e869dd08e96e2ae7 100644 (file)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -134,6 +134,7 @@ static const char * const link_type_name[] = {
        [BPF_LINK_TYPE_KPROBE_MULTI]            = "kprobe_multi",
        [BPF_LINK_TYPE_STRUCT_OPS]              = "struct_ops",
        [BPF_LINK_TYPE_NETFILTER]               = "netfilter",
+       [BPF_LINK_TYPE_TCX]                     = "tcx",
 };
 
 static const char * const map_type_name[] = {
@@ -11854,11 +11855,10 @@ static int attach_lsm(const struct bpf_program *prog, long cookie, struct bpf_li
 }
 
 static struct bpf_link *
-bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id,
-                      const char *target_name)
+bpf_program_attach_fd(const struct bpf_program *prog,
+                     int target_fd, const char *target_name,
+                     const struct bpf_link_create_opts *opts)
 {
-       DECLARE_LIBBPF_OPTS(bpf_link_create_opts, opts,
-                           .target_btf_id = btf_id);
        enum bpf_attach_type attach_type;
        char errmsg[STRERR_BUFSIZE];
        struct bpf_link *link;
@@ -11876,7 +11876,7 @@ bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id
        link->detach = &bpf_link__detach_fd;
 
        attach_type = bpf_program__expected_attach_type(prog);
-       link_fd = bpf_link_create(prog_fd, target_fd, attach_type, &opts);
+       link_fd = bpf_link_create(prog_fd, target_fd, attach_type, opts);
        if (link_fd < 0) {
                link_fd = -errno;
                free(link);
@@ -11892,19 +11892,54 @@ bpf_program__attach_fd(const struct bpf_program *prog, int target_fd, int btf_id
 struct bpf_link *
 bpf_program__attach_cgroup(const struct bpf_program *prog, int cgroup_fd)
 {
-       return bpf_program__attach_fd(prog, cgroup_fd, 0, "cgroup");
+       return bpf_program_attach_fd(prog, cgroup_fd, "cgroup", NULL);
 }
 
 struct bpf_link *
 bpf_program__attach_netns(const struct bpf_program *prog, int netns_fd)
 {
-       return bpf_program__attach_fd(prog, netns_fd, 0, "netns");
+       return bpf_program_attach_fd(prog, netns_fd, "netns", NULL);
 }
 
 struct bpf_link *bpf_program__attach_xdp(const struct bpf_program *prog, int ifindex)
 {
        /* target_fd/target_ifindex use the same field in LINK_CREATE */
-       return bpf_program__attach_fd(prog, ifindex, 0, "xdp");
+       return bpf_program_attach_fd(prog, ifindex, "xdp", NULL);
+}
+
+struct bpf_link *
+bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
+                       const struct bpf_tcx_opts *opts)
+{
+       LIBBPF_OPTS(bpf_link_create_opts, link_create_opts);
+       __u32 relative_id;
+       int relative_fd;
+
+       if (!OPTS_VALID(opts, bpf_tcx_opts))
+               return libbpf_err_ptr(-EINVAL);
+
+       relative_id = OPTS_GET(opts, relative_id, 0);
+       relative_fd = OPTS_GET(opts, relative_fd, 0);
+
+       /* validate we don't have unexpected combinations of non-zero fields */
+       if (!ifindex) {
+               pr_warn("prog '%s': target netdevice ifindex cannot be zero\n",
+                       prog->name);
+               return libbpf_err_ptr(-EINVAL);
+       }
+       if (relative_fd && relative_id) {
+               pr_warn("prog '%s': relative_fd and relative_id cannot be set at the same time\n",
+                       prog->name);
+               return libbpf_err_ptr(-EINVAL);
+       }
+
+       link_create_opts.tcx.expected_revision = OPTS_GET(opts, expected_revision, 0);
+       link_create_opts.tcx.relative_fd = relative_fd;
+       link_create_opts.tcx.relative_id = relative_id;
+       link_create_opts.flags = OPTS_GET(opts, flags, 0);
+
+       /* target_fd/target_ifindex use the same field in LINK_CREATE */
+       return bpf_program_attach_fd(prog, ifindex, "tcx", &link_create_opts);
 }
 
 struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
@@ -11926,11 +11961,16 @@ struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
        }
 
        if (target_fd) {
+               LIBBPF_OPTS(bpf_link_create_opts, target_opts);
+
                btf_id = libbpf_find_prog_btf_id(attach_func_name, target_fd);
                if (btf_id < 0)
                        return libbpf_err_ptr(btf_id);
 
-               return bpf_program__attach_fd(prog, target_fd, btf_id, "freplace");
+               target_opts.target_btf_id = btf_id;
+
+               return bpf_program_attach_fd(prog, target_fd, "freplace",
+                                            &target_opts);
        } else {
                /* no target, so use raw_tracepoint_open for compatibility
                 * with old kernels

diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
index 674e5788eb1080912523c3089d1c888fef6a7802..55b97b2087540478d7113b21dcc6f282119abeab 100644 (file)
--- a/tools/lib/bpf/libbpf.h
+++ b/tools/lib/bpf/libbpf.h
@@ -733,6 +733,21 @@ LIBBPF_API struct bpf_link *
 bpf_program__attach_netfilter(const struct bpf_program *prog,
                              const struct bpf_netfilter_opts *opts);
 
+struct bpf_tcx_opts {
+       /* size of this struct, for forward/backward compatibility */
+       size_t sz;
+       __u32 flags;
+       __u32 relative_fd;
+       __u32 relative_id;
+       __u64 expected_revision;
+       size_t :0;
+};
+#define bpf_tcx_opts__last_field expected_revision
+
+LIBBPF_API struct bpf_link *
+bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
+                       const struct bpf_tcx_opts *opts);
+
 struct bpf_map;
 
 LIBBPF_API struct bpf_link *bpf_map__attach_struct_ops(const struct bpf_map *map);

diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
index 8d1608643c33b503d8452ee3d6d4ab9708f93b2e..9c7538dd5835e9da31fd56f30e6edbe0bf5e9535 100644 (file)
--- a/tools/lib/bpf/libbpf.map
+++ b/tools/lib/bpf/libbpf.map
@@ -397,4 +397,5 @@ LIBBPF_1.3.0 {
                bpf_obj_pin_opts;
                bpf_prog_detach_opts;
                bpf_program__attach_netfilter;
+               bpf_program__attach_tcx;
 } LIBBPF_1.2.0;