From: Alan Maguire <alan.maguire@oracle.com>
To: ast@kernel.org, daniel@iogearbox.net, kafai@fb.com,
songliubraving@fb.com, yhs@fb.com, davem@davemloft.net,
jakub.kicinski@netronome.com, hawk@kernel.org,
john.fastabend@gmail.com, rostedt@goodmis.org, mingo@redhat.com,
quentin.monnet@netronome.com, rdna@fb.com, joe@wand.net.nz,
acme@redhat.com, jolsa@kernel.org,
alexey.budankov@linux.intel.com, gregkh@linuxfoundation.org,
namhyung@kernel.org, sdf@google.com, f.fainelli@gmail.com,
shuah@kernel.org, peter@lekensteyn.nl, ivan@cloudflare.com,
andriin@fb.com, bhole_prashant_q7@lab.ntt.co.jp,
david.calavera@gmail.com, danieltimlee@gmail.com,
ctakshak@fb.com, netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-kselftest@vger.kernel.org
Cc: Alan Maguire <alan.maguire@oracle.com>
Subject: [RFC bpf-next 3/7] bpf: sync tools/include/uapi/linux/bpf.h for pcap support
Date: Sat, 7 Sep 2019 22:40:40 +0100 [thread overview]
Message-ID: <1567892444-16344-4-git-send-email-alan.maguire@oracle.com> (raw)
In-Reply-To: <1567892444-16344-1-git-send-email-alan.maguire@oracle.com>
sync bpf.h updates for bpf_pcap helper and associated definitions
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
tools/include/uapi/linux/bpf.h | 92 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 91 insertions(+), 1 deletion(-)
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 77c6be9..13f86d3 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2750,6 +2750,54 @@ struct bpf_stack_build_id {
* **-EOPNOTSUPP** kernel configuration does not enable SYN cookies
*
* **-EPROTONOSUPPORT** IP packet version is not 4 or 6
+ *
+ * int bpf_pcap(void *data, u32 size, struct bpf_map *map, int protocol,
+ * u64 flags)
+ * Description
+ * Write packet data from *data* into a special BPF perf event
+ * held by *map* of type **BPF_MAP_TYPE_PERF_EVENT_ARRAY**. This
+ * perf event has the same attributes as perf events generated
+ * by bpf_perf_event_output. For skb and xdp programs, *data*
+ * is the relevant context, while for tracing programs,
+ * *data* must be a pointer to a **struct sk_buff** derived
+ * from kprobe or tracepoint arguments.
+ *
+ * Metadata for this event is a **struct bpf_pcap_hdr**; this
+ * contains the capture length, actual packet length and
+ * the starting protocol.
+ *
+ * The max number of bytes of context to store is specified via
+ * *size*.
+ *
+ * The flags value can be used to specify an id value of up
+ * to 48 bits; the id can be used to correlate captured packets
+ * with other trace data, since the passed-in flags value is stored
+ * stored in the **struct bpf_pcap_hdr** in the **flags** field.
+ * Specifying **BPF_F_PCAP_ID_IIFINDEX** and a non-zero value in
+ * the id portion of the flags limits capture events to skbs
+ * with the specified incoming ifindex, allowing limiting of
+ * tracing to the the associated interface. Specifying
+ * **BPF_F_PCAP_STRICT_TYPE** will cause *bpf_pcap* to return
+ * -EPROTO and skip capture if a specific protocol is specified
+ * and it does not match the current skb. These additional flags
+ * are only valid (and useful) for tracing programs.
+ *
+ * The *protocol* value specifies the protocol type of the start
+ * of the packet so that packet capture can carry out
+ * interpretation. See **pcap-linktype** (7) for details on
+ * the supported values.
+ *
+ * Return
+ * 0 on success, or a negative error in case of failure.
+ * -ENOENT will be returned if the associated perf event
+ * map entry is empty, the skb is zero-length, or the incoming
+ * ifindex was specified and we failed to match.
+ * -EPROTO will be returned if **BPF_PCAP_TYPE_UNSET** is specified
+ * and no protocol can be determined, or if we specify a protocol
+ * along with **BPF_F_PCAP_STRICT_TYPE** and the skb protocol does
+ * not match.
+ * -EINVAL will be returned if the flags value is invalid.
+ *
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -2862,7 +2910,8 @@ struct bpf_stack_build_id {
FN(sk_storage_get), \
FN(sk_storage_delete), \
FN(send_signal), \
- FN(tcp_gen_syncookie),
+ FN(tcp_gen_syncookie), \
+ FN(pcap),
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
@@ -2941,6 +2990,11 @@ enum bpf_func_id {
/* BPF_FUNC_sk_storage_get flags */
#define BPF_SK_STORAGE_GET_F_CREATE (1ULL << 0)
+/* BPF_FUNC_pcap flags */
+#define BPF_F_PCAP_ID_MASK 0xffffffffffff
+#define BPF_F_PCAP_ID_IIFINDEX (1ULL << 48)
+#define BPF_F_PCAP_STRICT_TYPE (1ULL << 56)
+
/* Mode for BPF_FUNC_skb_adjust_room helper. */
enum bpf_adj_room_mode {
BPF_ADJ_ROOM_NET,
@@ -3613,4 +3667,40 @@ struct bpf_sockopt {
__s32 retval;
};
+/* bpf_pcap_hdr contains information related to a particular packet capture
+ * flow. It specifies
+ *
+ * - a magic number BPF_PCAP_MAGIC which identifies the perf event as
+ * a pcap-related event.
+ * - a starting protocol is the protocol associated with the header
+ * - a flags value, copied from the flags value passed into bpf_pcap().
+ * IDs can be used to correlate packet capture data and other tracing data.
+ *
+ * bpf_pcap_hdr also contains the information relating to the to-be-captured
+ * packet, and closely corresponds to the struct pcap_pkthdr used by
+ * pcap_dump (3PCAP). The bpf_pcap helper sets ktime_ns (nanoseconds since
+ * boot) to the ktime_ns value; to get sensible pcap times this value should
+ * be converted to a struct timeval time since epoch in the struct pcap_pkthdr.
+ *
+ * When bpf_pcap() is used, a "struct bpf_pcap_hdr" is stored as we
+ * need both information about the particular packet and the protocol
+ * we are capturing.
+ */
+
+#define BPF_PCAP_MAGIC 0xb7fca7
+
+struct bpf_pcap_hdr {
+ __u32 magic;
+ int protocol;
+ __u64 flags;
+ __u64 ktime_ns;
+ __u32 tot_len;
+ __u32 cap_len;
+ __u8 data[0];
+};
+
+#define BPF_PCAP_TYPE_UNSET -1
+#define BPF_PCAP_TYPE_ETH 1
+#define BPF_PCAP_TYPE_IP 12
+
#endif /* _UAPI__LINUX_BPF_H__ */
--
1.8.3.1
next prev parent reply other threads:[~2019-09-07 21:43 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-07 21:40 [RFC bpf-next 0/7] bpf: packet capture helpers, bpftool support Alan Maguire
2019-09-07 21:40 ` [RFC bpf-next 1/7] bpf: add bpf_pcap() helper to simplify packet capture Alan Maguire
2019-09-08 22:02 ` Yonghong Song
2019-09-07 21:40 ` [RFC bpf-next 2/7] bpf: extend bpf_pcap support to tracing programs Alan Maguire
2019-09-08 22:18 ` Yonghong Song
2019-09-09 22:25 ` Alan Maguire
2019-09-10 7:43 ` Yonghong Song
2019-09-07 21:40 ` Alan Maguire [this message]
2019-09-07 21:40 ` [RFC bpf-next 4/7] bpf: add libpcap feature test Alan Maguire
2019-09-07 21:40 ` [RFC bpf-next 5/7] bpf: add pcap support to bpftool Alan Maguire
2019-09-07 21:40 ` [RFC bpf-next 6/7] bpf: add documentation for bpftool pcap subcommand Alan Maguire
2019-09-07 21:40 ` [RFC bpf-next 7/7] bpf: add tests for bpftool packet capture Alan Maguire
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1567892444-16344-4-git-send-email-alan.maguire@oracle.com \
--to=alan.maguire@oracle.com \
--cc=acme@redhat.com \
--cc=alexey.budankov@linux.intel.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bhole_prashant_q7@lab.ntt.co.jp \
--cc=bpf@vger.kernel.org \
--cc=ctakshak@fb.com \
--cc=daniel@iogearbox.net \
--cc=danieltimlee@gmail.com \
--cc=davem@davemloft.net \
--cc=david.calavera@gmail.com \
--cc=f.fainelli@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hawk@kernel.org \
--cc=ivan@cloudflare.com \
--cc=jakub.kicinski@netronome.com \
--cc=joe@wand.net.nz \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=peter@lekensteyn.nl \
--cc=quentin.monnet@netronome.com \
--cc=rdna@fb.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=shuah@kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).