堆栈内存溢出
  简体   繁体   English

如何列出所有已加载到内核的bpf程序? (例如tc-bpf)

[英]How to list all bpf program which is loaded into kernel ? (e.g. tc-bpf)

 原文  2018-08-01 07:29:28       linux/ networking/ bpf

问题描述

I know that bpf program can be load into kernel in different ways, tc/kprobe/socket ... 我知道bpf程序可以通过不同的方式(tc / kprobe / socket)加载到内核中。

And I want to know is there a interface or something, through which I can get all the bpf program I loaded? 我想知道是否有接口或某种东西可以通过它获取我加载的所有bpf程序? If no such thing, is it dangerous that if I left some bpf program alone which may change my network data? 如果没有,那么如果我留下一些可能会更改网络数据的bpf程序,是否有危险?

Anothing small question, How to unload tc-bpf program, do I really have to remove the qdisc everytime? 另一个小问题,如何卸载tc-bpf程序,我真的必须每次都删除qdisc吗?

1 个解决方案

解决方案1
 1 已采纳  2018-08-01 07:42:43

In order to list all BPF programs on your system, and since Linux kernel 4.13, you can use the bpf() system call, with its BPF_PROG_GET_NEXT_ID command, to get the id of a first program, and then repeateadly call it again to obtain the following ids, until you have the list of the ids of all BPF programs loaded on your system. 为了列出您系统上的所有BPF程序,并且从Linux内核4.13开始,您可以使用bpf()系统调用及其BPF_PROG_GET_NEXT_ID命令来获取第一个程序的ID,然后再次BPF_PROG_GET_NEXT_ID进行该调用以获取跟随ID,直到获得系统上已加载的所有BPF程序的ID列表。 Then you can use the same system call with its BPF_PROG_GET_FD_BY_ID command to retrieve a file descriptor to each program, and a third time with the BPF_OBJ_GET_INFO_BY_FD to get information (such as program type) for a given program. 然后,您可以使用同一系统调用及其BPF_PROG_GET_FD_BY_ID命令来检索每个程序的文件描述符,并第三次使用BPF_OBJ_GET_INFO_BY_FD来获取给定程序的信息(例如程序类型)。 I would usually redirect you to the bpf(2) manual page , but right now it is seriously out of date and does not describe those commands on my system. 我通常会将您重定向到bpf(2)手册页 ,但是现在它已经严重过时,并且没有在我的系统上描述这些命令。

In practise, all of this has already been implemented. 实际上,所有这些都已经实现。 You should search for the bpftool program: running sudo bpftool prog will list all programs on your system. 您应该搜索bpftool程序:运行sudo bpftool prog将列出系统上的所有程序。

bpftool sources are within the Linux kernel tree and can be easily compiled. bpftool源在Linux内核树中 ,可以轻松进行编译。 It is packaged for Fedora 28, but not for Debian/Ubuntu or other distributions as of this writing. 它是为Fedora 28打包的,但在撰写本文时,还没有为Debian / Ubuntu或其他发行版打包。 (You could also get a Debian .deb package with a statically linked binary from this page . It also has a guide with detailed instructions for building bpftool, among other things. Disclaimer: I work for that company.) (您也可以从此页面上获得带有静态链接的二进制文件的Debian .deb软件包。它还提供了一个指南,其中包含有关构建bpftool的详细说明。免责声明:我在该公司工作。)

As for removing a program attached as a tc filter, you can simply remove the filter, not necessarily the entire qdisc, like this: 至于删除附加为tc过滤器的程序,只需删除过滤器,不必删除整个qdisc,如下所示: 

tc filter del dev eth0 ingress

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在流量过滤器 (tc-bpf) 中保护 eBPF 防火墙 - How to protect an eBPF firewall in traffic filter (tc-bpf) 如何将 /kernel/sched/* 包含到 BPF 程序中? - How I can include the /kernel/sched/* into a BPF program? BPF:程序上下文的翻译 - BPF: translation of program contexts 如何编写seccomp BPF程序过滤系统调用指令指针 - How to write a seccomp BPF program to filter the system call instruction pointer 无法编译示例 bpf 程序,缺少 bpf/bpf.h - Can't compile sample bpf program, bpf/bpf.h is missing 调试 bpf 和 bpf jit - Debugging bpf and bpf jit 从 kernel 空间访问 BPF 映射 - Accessing BPF maps from kernel space 在ebpf中使用bpf_probe_read_kernel_str()时第二个参数如何使用变量? - How does the second argument use a variable when using bpf_probe_read_kernel_str() in ebpf? 如何构建 Linux 内核以支持 SO_ATTACH_BPF 套接字选项? - How to build Linux kernel to support SO_ATTACH_BPF socket option? 如何获取 Linux 内核的 bpf_helpers.h 头文件? - How can I get the bpf_helpers.h header file for my Linux kernel?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM