1 // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
2 /* Copyright (c) 2018 Facebook */
3
4 #include <stdlib.h>
5 #include <memory.h>
6 #include <unistd.h>
7 #include <arpa/inet.h>
8 #include <linux/bpf.h>
9 #include <linux/if_ether.h>
10 #include <linux/pkt_cls.h>
11 #include <linux/rtnetlink.h>
12 #include <sys/socket.h>
13 #include <errno.h>
14 #include <time.h>
15
16 #include "bpf.h"
17 #include "libbpf.h"
18 #include "libbpf_internal.h"
19 #include "nlattr.h"
20
21 #ifndef SOL_NETLINK
22 #define SOL_NETLINK 270
23 #endif
24
25 typedef int (*libbpf_dump_nlmsg_t)(void *cookie, void *msg, struct nlattr **tb);
26
27 typedef int (*__dump_nlmsg_t)(struct nlmsghdr *nlmsg, libbpf_dump_nlmsg_t,
28 void *cookie);
29
30 struct xdp_id_md {
31 int ifindex;
32 __u32 flags;
33 struct xdp_link_info info;
34 };
35
libbpf_netlink_open(__u32 * nl_pid)36 static int libbpf_netlink_open(__u32 *nl_pid)
37 {
38 struct sockaddr_nl sa;
39 socklen_t addrlen;
40 int one = 1, ret;
41 int sock;
42
43 memset(&sa, 0, sizeof(sa));
44 sa.nl_family = AF_NETLINK;
45
46 sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
47 if (sock < 0)
48 return -errno;
49
50 if (setsockopt(sock, SOL_NETLINK, NETLINK_EXT_ACK,
51 &one, sizeof(one)) < 0) {
52 pr_warn("Netlink error reporting not supported\n");
53 }
54
55 if (bind(sock, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
56 ret = -errno;
57 goto cleanup;
58 }
59
60 addrlen = sizeof(sa);
61 if (getsockname(sock, (struct sockaddr *)&sa, &addrlen) < 0) {
62 ret = -errno;
63 goto cleanup;
64 }
65
66 if (addrlen != sizeof(sa)) {
67 ret = -LIBBPF_ERRNO__INTERNAL;
68 goto cleanup;
69 }
70
71 *nl_pid = sa.nl_pid;
72 return sock;
73
74 cleanup:
75 close(sock);
76 return ret;
77 }
78
libbpf_netlink_close(int sock)79 static void libbpf_netlink_close(int sock)
80 {
81 close(sock);
82 }
83
84 enum {
85 NL_CONT,
86 NL_NEXT,
87 NL_DONE,
88 };
89
netlink_recvmsg(int sock,struct msghdr * mhdr,int flags)90 static int netlink_recvmsg(int sock, struct msghdr *mhdr, int flags)
91 {
92 int len;
93
94 do {
95 len = recvmsg(sock, mhdr, flags);
96 } while (len < 0 && (errno == EINTR || errno == EAGAIN));
97
98 if (len < 0)
99 return -errno;
100 return len;
101 }
102
alloc_iov(struct iovec * iov,int len)103 static int alloc_iov(struct iovec *iov, int len)
104 {
105 void *nbuf;
106
107 nbuf = realloc(iov->iov_base, len);
108 if (!nbuf)
109 return -ENOMEM;
110
111 iov->iov_base = nbuf;
112 iov->iov_len = len;
113 return 0;
114 }
115
libbpf_netlink_recv(int sock,__u32 nl_pid,int seq,__dump_nlmsg_t _fn,libbpf_dump_nlmsg_t fn,void * cookie)116 static int libbpf_netlink_recv(int sock, __u32 nl_pid, int seq,
117 __dump_nlmsg_t _fn, libbpf_dump_nlmsg_t fn,
118 void *cookie)
119 {
120 struct iovec iov = {};
121 struct msghdr mhdr = {
122 .msg_iov = &iov,
123 .msg_iovlen = 1,
124 };
125 bool multipart = true;
126 struct nlmsgerr *err;
127 struct nlmsghdr *nh;
128 int len, ret;
129
130 ret = alloc_iov(&iov, 4096);
131 if (ret)
132 goto done;
133
134 while (multipart) {
135 start:
136 multipart = false;
137 len = netlink_recvmsg(sock, &mhdr, MSG_PEEK | MSG_TRUNC);
138 if (len < 0) {
139 ret = len;
140 goto done;
141 }
142
143 if (len > iov.iov_len) {
144 ret = alloc_iov(&iov, len);
145 if (ret)
146 goto done;
147 }
148
149 len = netlink_recvmsg(sock, &mhdr, 0);
150 if (len < 0) {
151 ret = len;
152 goto done;
153 }
154
155 if (len == 0)
156 break;
157
158 for (nh = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(nh, len);
159 nh = NLMSG_NEXT(nh, len)) {
160 if (nh->nlmsg_pid != nl_pid) {
161 ret = -LIBBPF_ERRNO__WRNGPID;
162 goto done;
163 }
164 if (nh->nlmsg_seq != seq) {
165 ret = -LIBBPF_ERRNO__INVSEQ;
166 goto done;
167 }
168 if (nh->nlmsg_flags & NLM_F_MULTI)
169 multipart = true;
170 switch (nh->nlmsg_type) {
171 case NLMSG_ERROR:
172 err = (struct nlmsgerr *)NLMSG_DATA(nh);
173 if (!err->error)
174 continue;
175 ret = err->error;
176 libbpf_nla_dump_errormsg(nh);
177 goto done;
178 case NLMSG_DONE:
179 ret = 0;
180 goto done;
181 default:
182 break;
183 }
184 if (_fn) {
185 ret = _fn(nh, fn, cookie);
186 switch (ret) {
187 case NL_CONT:
188 break;
189 case NL_NEXT:
190 goto start;
191 case NL_DONE:
192 ret = 0;
193 goto done;
194 default:
195 goto done;
196 }
197 }
198 }
199 }
200 ret = 0;
201 done:
202 free(iov.iov_base);
203 return ret;
204 }
205
libbpf_netlink_send_recv(struct libbpf_nla_req * req,__dump_nlmsg_t parse_msg,libbpf_dump_nlmsg_t parse_attr,void * cookie)206 static int libbpf_netlink_send_recv(struct libbpf_nla_req *req,
207 __dump_nlmsg_t parse_msg,
208 libbpf_dump_nlmsg_t parse_attr,
209 void *cookie)
210 {
211 __u32 nl_pid = 0;
212 int sock, ret;
213
214 sock = libbpf_netlink_open(&nl_pid);
215 if (sock < 0)
216 return sock;
217
218 req->nh.nlmsg_pid = 0;
219 req->nh.nlmsg_seq = time(NULL);
220
221 if (send(sock, req, req->nh.nlmsg_len, 0) < 0) {
222 ret = -errno;
223 goto out;
224 }
225
226 ret = libbpf_netlink_recv(sock, nl_pid, req->nh.nlmsg_seq,
227 parse_msg, parse_attr, cookie);
228 out:
229 libbpf_netlink_close(sock);
230 return ret;
231 }
232
__bpf_set_link_xdp_fd_replace(int ifindex,int fd,int old_fd,__u32 flags)233 static int __bpf_set_link_xdp_fd_replace(int ifindex, int fd, int old_fd,
234 __u32 flags)
235 {
236 struct nlattr *nla;
237 int ret;
238 struct libbpf_nla_req req;
239
240 memset(&req, 0, sizeof(req));
241 req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
242 req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
243 req.nh.nlmsg_type = RTM_SETLINK;
244 req.ifinfo.ifi_family = AF_UNSPEC;
245 req.ifinfo.ifi_index = ifindex;
246
247 nla = nlattr_begin_nested(&req, IFLA_XDP);
248 if (!nla)
249 return -EMSGSIZE;
250 ret = nlattr_add(&req, IFLA_XDP_FD, &fd, sizeof(fd));
251 if (ret < 0)
252 return ret;
253 if (flags) {
254 ret = nlattr_add(&req, IFLA_XDP_FLAGS, &flags, sizeof(flags));
255 if (ret < 0)
256 return ret;
257 }
258 if (flags & XDP_FLAGS_REPLACE) {
259 ret = nlattr_add(&req, IFLA_XDP_EXPECTED_FD, &old_fd,
260 sizeof(old_fd));
261 if (ret < 0)
262 return ret;
263 }
264 nlattr_end_nested(&req, nla);
265
266 return libbpf_netlink_send_recv(&req, NULL, NULL, NULL);
267 }
268
bpf_set_link_xdp_fd_opts(int ifindex,int fd,__u32 flags,const struct bpf_xdp_set_link_opts * opts)269 int bpf_set_link_xdp_fd_opts(int ifindex, int fd, __u32 flags,
270 const struct bpf_xdp_set_link_opts *opts)
271 {
272 int old_fd = -1, ret;
273
274 if (!OPTS_VALID(opts, bpf_xdp_set_link_opts))
275 return libbpf_err(-EINVAL);
276
277 if (OPTS_HAS(opts, old_fd)) {
278 old_fd = OPTS_GET(opts, old_fd, -1);
279 flags |= XDP_FLAGS_REPLACE;
280 }
281
282 ret = __bpf_set_link_xdp_fd_replace(ifindex, fd, old_fd, flags);
283 return libbpf_err(ret);
284 }
285
bpf_set_link_xdp_fd(int ifindex,int fd,__u32 flags)286 int bpf_set_link_xdp_fd(int ifindex, int fd, __u32 flags)
287 {
288 int ret;
289
290 ret = __bpf_set_link_xdp_fd_replace(ifindex, fd, 0, flags);
291 return libbpf_err(ret);
292 }
293
__dump_link_nlmsg(struct nlmsghdr * nlh,libbpf_dump_nlmsg_t dump_link_nlmsg,void * cookie)294 static int __dump_link_nlmsg(struct nlmsghdr *nlh,
295 libbpf_dump_nlmsg_t dump_link_nlmsg, void *cookie)
296 {
297 struct nlattr *tb[IFLA_MAX + 1], *attr;
298 struct ifinfomsg *ifi = NLMSG_DATA(nlh);
299 int len;
300
301 len = nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*ifi));
302 attr = (struct nlattr *) ((void *) ifi + NLMSG_ALIGN(sizeof(*ifi)));
303
304 if (libbpf_nla_parse(tb, IFLA_MAX, attr, len, NULL) != 0)
305 return -LIBBPF_ERRNO__NLPARSE;
306
307 return dump_link_nlmsg(cookie, ifi, tb);
308 }
309
get_xdp_info(void * cookie,void * msg,struct nlattr ** tb)310 static int get_xdp_info(void *cookie, void *msg, struct nlattr **tb)
311 {
312 struct nlattr *xdp_tb[IFLA_XDP_MAX + 1];
313 struct xdp_id_md *xdp_id = cookie;
314 struct ifinfomsg *ifinfo = msg;
315 int ret;
316
317 if (xdp_id->ifindex && xdp_id->ifindex != ifinfo->ifi_index)
318 return 0;
319
320 if (!tb[IFLA_XDP])
321 return 0;
322
323 ret = libbpf_nla_parse_nested(xdp_tb, IFLA_XDP_MAX, tb[IFLA_XDP], NULL);
324 if (ret)
325 return ret;
326
327 if (!xdp_tb[IFLA_XDP_ATTACHED])
328 return 0;
329
330 xdp_id->info.attach_mode = libbpf_nla_getattr_u8(
331 xdp_tb[IFLA_XDP_ATTACHED]);
332
333 if (xdp_id->info.attach_mode == XDP_ATTACHED_NONE)
334 return 0;
335
336 if (xdp_tb[IFLA_XDP_PROG_ID])
337 xdp_id->info.prog_id = libbpf_nla_getattr_u32(
338 xdp_tb[IFLA_XDP_PROG_ID]);
339
340 if (xdp_tb[IFLA_XDP_SKB_PROG_ID])
341 xdp_id->info.skb_prog_id = libbpf_nla_getattr_u32(
342 xdp_tb[IFLA_XDP_SKB_PROG_ID]);
343
344 if (xdp_tb[IFLA_XDP_DRV_PROG_ID])
345 xdp_id->info.drv_prog_id = libbpf_nla_getattr_u32(
346 xdp_tb[IFLA_XDP_DRV_PROG_ID]);
347
348 if (xdp_tb[IFLA_XDP_HW_PROG_ID])
349 xdp_id->info.hw_prog_id = libbpf_nla_getattr_u32(
350 xdp_tb[IFLA_XDP_HW_PROG_ID]);
351
352 return 0;
353 }
354
bpf_get_link_xdp_info(int ifindex,struct xdp_link_info * info,size_t info_size,__u32 flags)355 int bpf_get_link_xdp_info(int ifindex, struct xdp_link_info *info,
356 size_t info_size, __u32 flags)
357 {
358 struct xdp_id_md xdp_id = {};
359 __u32 mask;
360 int ret;
361 struct libbpf_nla_req req = {
362 .nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
363 .nh.nlmsg_type = RTM_GETLINK,
364 .nh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
365 .ifinfo.ifi_family = AF_PACKET,
366 };
367
368 if (flags & ~XDP_FLAGS_MASK || !info_size)
369 return libbpf_err(-EINVAL);
370
371 /* Check whether the single {HW,DRV,SKB} mode is set */
372 flags &= (XDP_FLAGS_SKB_MODE | XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE);
373 mask = flags - 1;
374 if (flags && flags & mask)
375 return libbpf_err(-EINVAL);
376
377 xdp_id.ifindex = ifindex;
378 xdp_id.flags = flags;
379
380 ret = libbpf_netlink_send_recv(&req, __dump_link_nlmsg,
381 get_xdp_info, &xdp_id);
382 if (!ret) {
383 size_t sz = min(info_size, sizeof(xdp_id.info));
384
385 memcpy(info, &xdp_id.info, sz);
386 memset((void *) info + sz, 0, info_size - sz);
387 }
388
389 return libbpf_err(ret);
390 }
391
get_xdp_id(struct xdp_link_info * info,__u32 flags)392 static __u32 get_xdp_id(struct xdp_link_info *info, __u32 flags)
393 {
394 flags &= XDP_FLAGS_MODES;
395
396 if (info->attach_mode != XDP_ATTACHED_MULTI && !flags)
397 return info->prog_id;
398 if (flags & XDP_FLAGS_DRV_MODE)
399 return info->drv_prog_id;
400 if (flags & XDP_FLAGS_HW_MODE)
401 return info->hw_prog_id;
402 if (flags & XDP_FLAGS_SKB_MODE)
403 return info->skb_prog_id;
404
405 return 0;
406 }
407
bpf_get_link_xdp_id(int ifindex,__u32 * prog_id,__u32 flags)408 int bpf_get_link_xdp_id(int ifindex, __u32 *prog_id, __u32 flags)
409 {
410 struct xdp_link_info info;
411 int ret;
412
413 ret = bpf_get_link_xdp_info(ifindex, &info, sizeof(info), flags);
414 if (!ret)
415 *prog_id = get_xdp_id(&info, flags);
416
417 return libbpf_err(ret);
418 }
419
420 typedef int (*qdisc_config_t)(struct libbpf_nla_req *req);
421
clsact_config(struct libbpf_nla_req * req)422 static int clsact_config(struct libbpf_nla_req *req)
423 {
424 req->tc.tcm_parent = TC_H_CLSACT;
425 req->tc.tcm_handle = TC_H_MAKE(TC_H_CLSACT, 0);
426
427 return nlattr_add(req, TCA_KIND, "clsact", sizeof("clsact"));
428 }
429
attach_point_to_config(struct bpf_tc_hook * hook,qdisc_config_t * config)430 static int attach_point_to_config(struct bpf_tc_hook *hook,
431 qdisc_config_t *config)
432 {
433 switch (OPTS_GET(hook, attach_point, 0)) {
434 case BPF_TC_INGRESS:
435 case BPF_TC_EGRESS:
436 case BPF_TC_INGRESS | BPF_TC_EGRESS:
437 if (OPTS_GET(hook, parent, 0))
438 return -EINVAL;
439 *config = &clsact_config;
440 return 0;
441 case BPF_TC_CUSTOM:
442 return -EOPNOTSUPP;
443 default:
444 return -EINVAL;
445 }
446 }
447
tc_get_tcm_parent(enum bpf_tc_attach_point attach_point,__u32 * parent)448 static int tc_get_tcm_parent(enum bpf_tc_attach_point attach_point,
449 __u32 *parent)
450 {
451 switch (attach_point) {
452 case BPF_TC_INGRESS:
453 case BPF_TC_EGRESS:
454 if (*parent)
455 return -EINVAL;
456 *parent = TC_H_MAKE(TC_H_CLSACT,
457 attach_point == BPF_TC_INGRESS ?
458 TC_H_MIN_INGRESS : TC_H_MIN_EGRESS);
459 break;
460 case BPF_TC_CUSTOM:
461 if (!*parent)
462 return -EINVAL;
463 break;
464 default:
465 return -EINVAL;
466 }
467 return 0;
468 }
469
tc_qdisc_modify(struct bpf_tc_hook * hook,int cmd,int flags)470 static int tc_qdisc_modify(struct bpf_tc_hook *hook, int cmd, int flags)
471 {
472 qdisc_config_t config;
473 int ret;
474 struct libbpf_nla_req req;
475
476 ret = attach_point_to_config(hook, &config);
477 if (ret < 0)
478 return ret;
479
480 memset(&req, 0, sizeof(req));
481 req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
482 req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | flags;
483 req.nh.nlmsg_type = cmd;
484 req.tc.tcm_family = AF_UNSPEC;
485 req.tc.tcm_ifindex = OPTS_GET(hook, ifindex, 0);
486
487 ret = config(&req);
488 if (ret < 0)
489 return ret;
490
491 return libbpf_netlink_send_recv(&req, NULL, NULL, NULL);
492 }
493
tc_qdisc_create_excl(struct bpf_tc_hook * hook)494 static int tc_qdisc_create_excl(struct bpf_tc_hook *hook)
495 {
496 return tc_qdisc_modify(hook, RTM_NEWQDISC, NLM_F_CREATE | NLM_F_EXCL);
497 }
498
tc_qdisc_delete(struct bpf_tc_hook * hook)499 static int tc_qdisc_delete(struct bpf_tc_hook *hook)
500 {
501 return tc_qdisc_modify(hook, RTM_DELQDISC, 0);
502 }
503
bpf_tc_hook_create(struct bpf_tc_hook * hook)504 int bpf_tc_hook_create(struct bpf_tc_hook *hook)
505 {
506 int ret;
507
508 if (!hook || !OPTS_VALID(hook, bpf_tc_hook) ||
509 OPTS_GET(hook, ifindex, 0) <= 0)
510 return libbpf_err(-EINVAL);
511
512 ret = tc_qdisc_create_excl(hook);
513 return libbpf_err(ret);
514 }
515
516 static int __bpf_tc_detach(const struct bpf_tc_hook *hook,
517 const struct bpf_tc_opts *opts,
518 const bool flush);
519
bpf_tc_hook_destroy(struct bpf_tc_hook * hook)520 int bpf_tc_hook_destroy(struct bpf_tc_hook *hook)
521 {
522 if (!hook || !OPTS_VALID(hook, bpf_tc_hook) ||
523 OPTS_GET(hook, ifindex, 0) <= 0)
524 return libbpf_err(-EINVAL);
525
526 switch (OPTS_GET(hook, attach_point, 0)) {
527 case BPF_TC_INGRESS:
528 case BPF_TC_EGRESS:
529 return libbpf_err(__bpf_tc_detach(hook, NULL, true));
530 case BPF_TC_INGRESS | BPF_TC_EGRESS:
531 return libbpf_err(tc_qdisc_delete(hook));
532 case BPF_TC_CUSTOM:
533 return libbpf_err(-EOPNOTSUPP);
534 default:
535 return libbpf_err(-EINVAL);
536 }
537 }
538
539 struct bpf_cb_ctx {
540 struct bpf_tc_opts *opts;
541 bool processed;
542 };
543
__get_tc_info(void * cookie,struct tcmsg * tc,struct nlattr ** tb,bool unicast)544 static int __get_tc_info(void *cookie, struct tcmsg *tc, struct nlattr **tb,
545 bool unicast)
546 {
547 struct nlattr *tbb[TCA_BPF_MAX + 1];
548 struct bpf_cb_ctx *info = cookie;
549
550 if (!info || !info->opts)
551 return -EINVAL;
552 if (unicast && info->processed)
553 return -EINVAL;
554 if (!tb[TCA_OPTIONS])
555 return NL_CONT;
556
557 libbpf_nla_parse_nested(tbb, TCA_BPF_MAX, tb[TCA_OPTIONS], NULL);
558 if (!tbb[TCA_BPF_ID])
559 return -EINVAL;
560
561 OPTS_SET(info->opts, prog_id, libbpf_nla_getattr_u32(tbb[TCA_BPF_ID]));
562 OPTS_SET(info->opts, handle, tc->tcm_handle);
563 OPTS_SET(info->opts, priority, TC_H_MAJ(tc->tcm_info) >> 16);
564
565 info->processed = true;
566 return unicast ? NL_NEXT : NL_DONE;
567 }
568
get_tc_info(struct nlmsghdr * nh,libbpf_dump_nlmsg_t fn,void * cookie)569 static int get_tc_info(struct nlmsghdr *nh, libbpf_dump_nlmsg_t fn,
570 void *cookie)
571 {
572 struct tcmsg *tc = NLMSG_DATA(nh);
573 struct nlattr *tb[TCA_MAX + 1];
574
575 libbpf_nla_parse(tb, TCA_MAX,
576 (struct nlattr *)((void *)tc + NLMSG_ALIGN(sizeof(*tc))),
577 NLMSG_PAYLOAD(nh, sizeof(*tc)), NULL);
578 if (!tb[TCA_KIND])
579 return NL_CONT;
580 return __get_tc_info(cookie, tc, tb, nh->nlmsg_flags & NLM_F_ECHO);
581 }
582
tc_add_fd_and_name(struct libbpf_nla_req * req,int fd)583 static int tc_add_fd_and_name(struct libbpf_nla_req *req, int fd)
584 {
585 struct bpf_prog_info info = {};
586 __u32 info_len = sizeof(info);
587 char name[256];
588 int len, ret;
589
590 ret = bpf_obj_get_info_by_fd(fd, &info, &info_len);
591 if (ret < 0)
592 return ret;
593
594 ret = nlattr_add(req, TCA_BPF_FD, &fd, sizeof(fd));
595 if (ret < 0)
596 return ret;
597 len = snprintf(name, sizeof(name), "%s:[%u]", info.name, info.id);
598 if (len < 0)
599 return -errno;
600 if (len >= sizeof(name))
601 return -ENAMETOOLONG;
602 return nlattr_add(req, TCA_BPF_NAME, name, len + 1);
603 }
604
bpf_tc_attach(const struct bpf_tc_hook * hook,struct bpf_tc_opts * opts)605 int bpf_tc_attach(const struct bpf_tc_hook *hook, struct bpf_tc_opts *opts)
606 {
607 __u32 protocol, bpf_flags, handle, priority, parent, prog_id, flags;
608 int ret, ifindex, attach_point, prog_fd;
609 struct bpf_cb_ctx info = {};
610 struct libbpf_nla_req req;
611 struct nlattr *nla;
612
613 if (!hook || !opts ||
614 !OPTS_VALID(hook, bpf_tc_hook) ||
615 !OPTS_VALID(opts, bpf_tc_opts))
616 return libbpf_err(-EINVAL);
617
618 ifindex = OPTS_GET(hook, ifindex, 0);
619 parent = OPTS_GET(hook, parent, 0);
620 attach_point = OPTS_GET(hook, attach_point, 0);
621
622 handle = OPTS_GET(opts, handle, 0);
623 priority = OPTS_GET(opts, priority, 0);
624 prog_fd = OPTS_GET(opts, prog_fd, 0);
625 prog_id = OPTS_GET(opts, prog_id, 0);
626 flags = OPTS_GET(opts, flags, 0);
627
628 if (ifindex <= 0 || !prog_fd || prog_id)
629 return libbpf_err(-EINVAL);
630 if (priority > UINT16_MAX)
631 return libbpf_err(-EINVAL);
632 if (flags & ~BPF_TC_F_REPLACE)
633 return libbpf_err(-EINVAL);
634
635 flags = (flags & BPF_TC_F_REPLACE) ? NLM_F_REPLACE : NLM_F_EXCL;
636 protocol = ETH_P_ALL;
637
638 memset(&req, 0, sizeof(req));
639 req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
640 req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE |
641 NLM_F_ECHO | flags;
642 req.nh.nlmsg_type = RTM_NEWTFILTER;
643 req.tc.tcm_family = AF_UNSPEC;
644 req.tc.tcm_ifindex = ifindex;
645 req.tc.tcm_handle = handle;
646 req.tc.tcm_info = TC_H_MAKE(priority << 16, htons(protocol));
647
648 ret = tc_get_tcm_parent(attach_point, &parent);
649 if (ret < 0)
650 return libbpf_err(ret);
651 req.tc.tcm_parent = parent;
652
653 ret = nlattr_add(&req, TCA_KIND, "bpf", sizeof("bpf"));
654 if (ret < 0)
655 return libbpf_err(ret);
656 nla = nlattr_begin_nested(&req, TCA_OPTIONS);
657 if (!nla)
658 return libbpf_err(-EMSGSIZE);
659 ret = tc_add_fd_and_name(&req, prog_fd);
660 if (ret < 0)
661 return libbpf_err(ret);
662 bpf_flags = TCA_BPF_FLAG_ACT_DIRECT;
663 ret = nlattr_add(&req, TCA_BPF_FLAGS, &bpf_flags, sizeof(bpf_flags));
664 if (ret < 0)
665 return libbpf_err(ret);
666 nlattr_end_nested(&req, nla);
667
668 info.opts = opts;
669
670 ret = libbpf_netlink_send_recv(&req, get_tc_info, NULL, &info);
671 if (ret < 0)
672 return libbpf_err(ret);
673 if (!info.processed)
674 return libbpf_err(-ENOENT);
675 return ret;
676 }
677
__bpf_tc_detach(const struct bpf_tc_hook * hook,const struct bpf_tc_opts * opts,const bool flush)678 static int __bpf_tc_detach(const struct bpf_tc_hook *hook,
679 const struct bpf_tc_opts *opts,
680 const bool flush)
681 {
682 __u32 protocol = 0, handle, priority, parent, prog_id, flags;
683 int ret, ifindex, attach_point, prog_fd;
684 struct libbpf_nla_req req;
685
686 if (!hook ||
687 !OPTS_VALID(hook, bpf_tc_hook) ||
688 !OPTS_VALID(opts, bpf_tc_opts))
689 return -EINVAL;
690
691 ifindex = OPTS_GET(hook, ifindex, 0);
692 parent = OPTS_GET(hook, parent, 0);
693 attach_point = OPTS_GET(hook, attach_point, 0);
694
695 handle = OPTS_GET(opts, handle, 0);
696 priority = OPTS_GET(opts, priority, 0);
697 prog_fd = OPTS_GET(opts, prog_fd, 0);
698 prog_id = OPTS_GET(opts, prog_id, 0);
699 flags = OPTS_GET(opts, flags, 0);
700
701 if (ifindex <= 0 || flags || prog_fd || prog_id)
702 return -EINVAL;
703 if (priority > UINT16_MAX)
704 return -EINVAL;
705 if (!flush) {
706 if (!handle || !priority)
707 return -EINVAL;
708 protocol = ETH_P_ALL;
709 } else {
710 if (handle || priority)
711 return -EINVAL;
712 }
713
714 memset(&req, 0, sizeof(req));
715 req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
716 req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
717 req.nh.nlmsg_type = RTM_DELTFILTER;
718 req.tc.tcm_family = AF_UNSPEC;
719 req.tc.tcm_ifindex = ifindex;
720 if (!flush) {
721 req.tc.tcm_handle = handle;
722 req.tc.tcm_info = TC_H_MAKE(priority << 16, htons(protocol));
723 }
724
725 ret = tc_get_tcm_parent(attach_point, &parent);
726 if (ret < 0)
727 return ret;
728 req.tc.tcm_parent = parent;
729
730 if (!flush) {
731 ret = nlattr_add(&req, TCA_KIND, "bpf", sizeof("bpf"));
732 if (ret < 0)
733 return ret;
734 }
735
736 return libbpf_netlink_send_recv(&req, NULL, NULL, NULL);
737 }
738
bpf_tc_detach(const struct bpf_tc_hook * hook,const struct bpf_tc_opts * opts)739 int bpf_tc_detach(const struct bpf_tc_hook *hook,
740 const struct bpf_tc_opts *opts)
741 {
742 int ret;
743
744 if (!opts)
745 return libbpf_err(-EINVAL);
746
747 ret = __bpf_tc_detach(hook, opts, false);
748 return libbpf_err(ret);
749 }
750
bpf_tc_query(const struct bpf_tc_hook * hook,struct bpf_tc_opts * opts)751 int bpf_tc_query(const struct bpf_tc_hook *hook, struct bpf_tc_opts *opts)
752 {
753 __u32 protocol, handle, priority, parent, prog_id, flags;
754 int ret, ifindex, attach_point, prog_fd;
755 struct bpf_cb_ctx info = {};
756 struct libbpf_nla_req req;
757
758 if (!hook || !opts ||
759 !OPTS_VALID(hook, bpf_tc_hook) ||
760 !OPTS_VALID(opts, bpf_tc_opts))
761 return libbpf_err(-EINVAL);
762
763 ifindex = OPTS_GET(hook, ifindex, 0);
764 parent = OPTS_GET(hook, parent, 0);
765 attach_point = OPTS_GET(hook, attach_point, 0);
766
767 handle = OPTS_GET(opts, handle, 0);
768 priority = OPTS_GET(opts, priority, 0);
769 prog_fd = OPTS_GET(opts, prog_fd, 0);
770 prog_id = OPTS_GET(opts, prog_id, 0);
771 flags = OPTS_GET(opts, flags, 0);
772
773 if (ifindex <= 0 || flags || prog_fd || prog_id ||
774 !handle || !priority)
775 return libbpf_err(-EINVAL);
776 if (priority > UINT16_MAX)
777 return libbpf_err(-EINVAL);
778
779 protocol = ETH_P_ALL;
780
781 memset(&req, 0, sizeof(req));
782 req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
783 req.nh.nlmsg_flags = NLM_F_REQUEST;
784 req.nh.nlmsg_type = RTM_GETTFILTER;
785 req.tc.tcm_family = AF_UNSPEC;
786 req.tc.tcm_ifindex = ifindex;
787 req.tc.tcm_handle = handle;
788 req.tc.tcm_info = TC_H_MAKE(priority << 16, htons(protocol));
789
790 ret = tc_get_tcm_parent(attach_point, &parent);
791 if (ret < 0)
792 return libbpf_err(ret);
793 req.tc.tcm_parent = parent;
794
795 ret = nlattr_add(&req, TCA_KIND, "bpf", sizeof("bpf"));
796 if (ret < 0)
797 return libbpf_err(ret);
798
799 info.opts = opts;
800
801 ret = libbpf_netlink_send_recv(&req, get_tc_info, NULL, &info);
802 if (ret < 0)
803 return libbpf_err(ret);
804 if (!info.processed)
805 return libbpf_err(-ENOENT);
806 return ret;
807 }
808