stackoom
  简体   繁体   中英

Why load_half is defined in bpf_helpers but it doesn't appear in filter.c?

 原文  2019-09-05 08:23:28       c/ header/ prototype/ ebpf

Question

If I understood "well" within tools/testing/selftests/bpf/bpf_helpers.h bpf heleprs prototypes are defined.

If I want to now which helpers are usable with a specific program type I need to search within the results of 'func_proto(enum bpf_func_id func_id' kernel/ net/ drivers/

For example to check the helpers which a socket filter program can call I can read the following definition 

static const struct bpf_func_proto *
sock_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
        switch (func_id) {
        /* inet and inet6 sockets are created in a process
         * context so there is always a valid uid/gid
         */
        case BPF_FUNC_get_current_uid_gid:
                return &bpf_get_current_uid_gid_proto;
        case BPF_FUNC_get_local_storage:
                return &bpf_get_local_storage_proto;
        default:
                return bpf_base_func_proto(func_id);
        }
}

QUESTIONS:

1)I can't see load_half , but still I can call it from my socket filter program. Why? 2) which is the difference between socket_filter and sk_filter ?

1 answers

solution1
 1 ACCPTED  2019-09-05 10:13:21

  1. load_half() is not a BPF helper. The file bpf_helpers.h that you mentioned does declare the prototypes for the BPF helper functions, but it also contains other useful definitions such as the SEC() or the bpf_printk() macros. In particular, it declares load_half() with the following comment: 

     /* llvm builtin functions that eBPF C program may use to * emit BPF_LD_ABS and BPF_LD_IND instructions */ [...] unsigned long long load_half(void *skb, unsigned long long off) asm("llvm.bpf.load.half");

    As you can read, load_half() is an LLVM builtin, an assembly primitive supported by clang/LLVM which is wrapped as load_half() for convenience. And because it is not a BPF helper, you will not see it when grepping for its prototype in the kernel.

  2. The prefix sk_filter is used for eBPF filters attached to sockets, in a similar fashion as what one can do with the legacy cBPF, to filter incoming packets. Although it may be confusing, you can see that sock_filter_is_valid_access in kernel file net/core/filter.c is used for cg_sock_verifier_ops , which is associated in include/uapi/linux/bpf.h to program type BPF_PROG_TYPE_CGROUP_SOCK_ADDR . So it refers to programs being used in cgroups to help (containerised) applications to bind and connect their sockets correctly.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question net/core/filter.c and linux/bpf/verifier.c why bpf program doesn't find info? choose wrong kfunc? Why ebpf program inside samples/bpf doesn't work? Interactive input that doesn't appear on the in the window in C Why does this C code treat a local struct as a pointer, when it doesn't appear to be a pointer? Why doesn't a warning appear when -0 is written in the code? C DLL doesn't load in C# Why preprocessor doesn't expand type defined later in the code Circle doesn't appear on the screen Python C API doesn't load module
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM