libbpf: Add link-based API for netkit

This adds bpf_program__attach_netkit() API to libbpf. Overall it is very
similar to tcx. The API looks as following:

  LIBBPF_API struct bpf_link *
  bpf_program__attach_netkit(const struct bpf_program *prog, int ifindex,
                             const struct bpf_netkit_opts *opts);

The struct bpf_netkit_opts is done in similar way as struct bpf_tcx_opts
for supporting bpf_mprog control parameters. The attach location for the
primary and peer device is derived from the program section "netkit/primary"
and "netkit/peer", respectively.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://lore.kernel.org/r/20231024214904.29825-4-daniel@iogearbox.net
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
index b0f1913763a33250987aaf4112682df4fdc6895e..9dc9625651dcff13699d1961b7a7c31fffd3bbd2 100644 (file)
--- a/tools/lib/bpf/bpf.c
+++ b/tools/lib/bpf/bpf.c
@@ -810,6 +810,22 @@ int bpf_link_create(int prog_fd, int target_fd,
                if (!OPTS_ZEROED(opts, tcx))
                        return libbpf_err(-EINVAL);
                break;
+       case BPF_NETKIT_PRIMARY:
+       case BPF_NETKIT_PEER:
+               relative_fd = OPTS_GET(opts, netkit.relative_fd, 0);
+               relative_id = OPTS_GET(opts, netkit.relative_id, 0);
+               if (relative_fd && relative_id)
+                       return libbpf_err(-EINVAL);
+               if (relative_id) {
+                       attr.link_create.netkit.relative_id = relative_id;
+                       attr.link_create.flags |= BPF_F_ID;
+               } else {
+                       attr.link_create.netkit.relative_fd = relative_fd;
+               }
+               attr.link_create.netkit.expected_revision = OPTS_GET(opts, netkit.expected_revision, 0);
+               if (!OPTS_ZEROED(opts, netkit))
+                       return libbpf_err(-EINVAL);
+               break;
        default:
                if (!OPTS_ZEROED(opts, flags))
                        return libbpf_err(-EINVAL);

diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
index 74c2887cfd24a56d3dd0892dd8dde7a3e37d2b59..d0f53772bdc02ace4e062aadb8907e73665f543d 100644 (file)
--- a/tools/lib/bpf/bpf.h
+++ b/tools/lib/bpf/bpf.h
@@ -415,6 +415,11 @@ struct bpf_link_create_opts {
                        __u32 relative_id;
                        __u64 expected_revision;
                } tcx;
+               struct {
+                       __u32 relative_fd;
+                       __u32 relative_id;
+                       __u64 expected_revision;
+               } netkit;
        };
        size_t :0;
 };

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index a295f6acf98fe7b8f31b70fda98cd9bc0a0101be..e067be95da3c01d55fea6cf1d41f79cccb8b21a2 100644 (file)
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -126,6 +126,8 @@ static const char * const attach_type_name[] = {
        [BPF_TCX_INGRESS]               = "tcx_ingress",
        [BPF_TCX_EGRESS]                = "tcx_egress",
        [BPF_TRACE_UPROBE_MULTI]        = "trace_uprobe_multi",
+       [BPF_NETKIT_PRIMARY]            = "netkit_primary",
+       [BPF_NETKIT_PEER]               = "netkit_peer",
 };
 
 static const char * const link_type_name[] = {
@@ -142,6 +144,7 @@ static const char * const link_type_name[] = {
        [BPF_LINK_TYPE_NETFILTER]               = "netfilter",
        [BPF_LINK_TYPE_TCX]                     = "tcx",
        [BPF_LINK_TYPE_UPROBE_MULTI]            = "uprobe_multi",
+       [BPF_LINK_TYPE_NETKIT]                  = "netkit",
 };
 
 static const char * const map_type_name[] = {
@@ -8915,6 +8918,8 @@ static const struct bpf_sec_def section_defs[] = {
        SEC_DEF("tc",                   SCHED_CLS, 0, SEC_NONE), /* deprecated / legacy, use tcx */
        SEC_DEF("classifier",           SCHED_CLS, 0, SEC_NONE), /* deprecated / legacy, use tcx */
        SEC_DEF("action",               SCHED_ACT, 0, SEC_NONE), /* deprecated / legacy, use tcx */
+       SEC_DEF("netkit/primary",       SCHED_CLS, BPF_NETKIT_PRIMARY, SEC_NONE),
+       SEC_DEF("netkit/peer",          SCHED_CLS, BPF_NETKIT_PEER, SEC_NONE),
        SEC_DEF("tracepoint+",          TRACEPOINT, 0, SEC_NONE, attach_tp),
        SEC_DEF("tp+",                  TRACEPOINT, 0, SEC_NONE, attach_tp),
        SEC_DEF("raw_tracepoint+",      RAW_TRACEPOINT, 0, SEC_NONE, attach_raw_tp),
@@ -12126,6 +12131,40 @@ bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
        return bpf_program_attach_fd(prog, ifindex, "tcx", &link_create_opts);
 }
 
+struct bpf_link *
+bpf_program__attach_netkit(const struct bpf_program *prog, int ifindex,
+                          const struct bpf_netkit_opts *opts)
+{
+       LIBBPF_OPTS(bpf_link_create_opts, link_create_opts);
+       __u32 relative_id;
+       int relative_fd;
+
+       if (!OPTS_VALID(opts, bpf_netkit_opts))
+               return libbpf_err_ptr(-EINVAL);
+
+       relative_id = OPTS_GET(opts, relative_id, 0);
+       relative_fd = OPTS_GET(opts, relative_fd, 0);
+
+       /* validate we don't have unexpected combinations of non-zero fields */
+       if (!ifindex) {
+               pr_warn("prog '%s': target netdevice ifindex cannot be zero\n",
+                       prog->name);
+               return libbpf_err_ptr(-EINVAL);
+       }
+       if (relative_fd && relative_id) {
+               pr_warn("prog '%s': relative_fd and relative_id cannot be set at the same time\n",
+                       prog->name);
+               return libbpf_err_ptr(-EINVAL);
+       }
+
+       link_create_opts.netkit.expected_revision = OPTS_GET(opts, expected_revision, 0);
+       link_create_opts.netkit.relative_fd = relative_fd;
+       link_create_opts.netkit.relative_id = relative_id;
+       link_create_opts.flags = OPTS_GET(opts, flags, 0);
+
+       return bpf_program_attach_fd(prog, ifindex, "netkit", &link_create_opts);
+}
+
 struct bpf_link *bpf_program__attach_freplace(const struct bpf_program *prog,
                                              int target_fd,
                                              const char *attach_func_name)

diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
index 475378438545338d6139b6f2ea2708c289aa74b4..6cd9c501624f50da4b462e777b98c81264348b3b 100644 (file)
--- a/tools/lib/bpf/libbpf.h
+++ b/tools/lib/bpf/libbpf.h
@@ -800,6 +800,21 @@ LIBBPF_API struct bpf_link *
 bpf_program__attach_tcx(const struct bpf_program *prog, int ifindex,
                        const struct bpf_tcx_opts *opts);
 
+struct bpf_netkit_opts {
+       /* size of this struct, for forward/backward compatibility */
+       size_t sz;
+       __u32 flags;
+       __u32 relative_fd;
+       __u32 relative_id;
+       __u64 expected_revision;
+       size_t :0;
+};
+#define bpf_netkit_opts__last_field expected_revision
+
+LIBBPF_API struct bpf_link *
+bpf_program__attach_netkit(const struct bpf_program *prog, int ifindex,
+                          const struct bpf_netkit_opts *opts);
+
 struct bpf_map;
 
 LIBBPF_API struct bpf_link *bpf_map__attach_struct_ops(const struct bpf_map *map);

diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
index cc973b678a39b26d571fc6db9b873587aaf6bc68..b52dc28dc8af5847e00c82effc8cd7cdab1226e9 100644 (file)
--- a/tools/lib/bpf/libbpf.map
+++ b/tools/lib/bpf/libbpf.map
@@ -398,6 +398,7 @@ LIBBPF_1.3.0 {
                bpf_object__unpin;
                bpf_prog_detach_opts;
                bpf_program__attach_netfilter;
+               bpf_program__attach_netkit;
                bpf_program__attach_tcx;
                bpf_program__attach_uprobe_multi;
                ring__avail_data_size;