Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce compiler for pcap filters/cBPF programs to XDP programs #356

Draft
wants to merge 17 commits into
base: master
Choose a base branch
from
Draft

Introduce compiler for pcap filters/cBPF programs to XDP programs #356

wants to merge 17 commits into from

Commits on Oct 16, 2023

  1. filterc: Compile filter to cBPF 

    Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    a60d6dc View commit details
    Browse the repository at this point in the history

  2. filterc: Structure to compile cBPF to eBPF 

    Add a few helpful functions for error handling and to dump the program.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    63af7ce View commit details
    Browse the repository at this point in the history

  3. filterc: Start converting cBPF to eBPF 

    Start with the arithmetic instructions and a simple conversion of jumps.
The jumps will be optimized in the future (if one of the branches goes to
the next instruction).

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    631a614 View commit details
    Browse the repository at this point in the history

  4. filterc: Add small instruction conversions 

    Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    62b752b View commit details
    Browse the repository at this point in the history

  5. filterc: Convert missing store instructions 

    The store instructions need to be guarded, i.e., checked that they only
access data within the packet, because we need to pass the verifier.

Linux supports legacy packet access instructions that were carried over
from cBPF. However, they are only supported for programs where the context
is an skb, not for XDP programs.  Therefore, rewrite legacy packet access
instructions to a series of eBPF instructions.

Document register usage for the future. We prefer caller-saved registers at
the moment because they don't need to be saved, i.e., pushed to the stack,
in the JITed function, and we don't call into other functions anyways.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    604f070 View commit details
    Browse the repository at this point in the history

  6. filterc: Write structure for ELF file 

    We can now write something that is a valid ELF file, although not
containing anything useful yet. The code and BTF information will be added
in the next commits.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    af30fb3 View commit details
    Browse the repository at this point in the history

  7. filterc: Write bpf insns to ELF file 

    Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    fbe30ef View commit details
    Browse the repository at this point in the history

  8. filterc: Add BTF info to ELF file 

    Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    be1cf2e View commit details
    Browse the repository at this point in the history

  9. filterc: Respect log levels 

    Only print the debug output if it is actually requested with the respective
command line option.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    6334a2c View commit details
    Browse the repository at this point in the history

  10. filterc: Fix eBPF dumping 

    The opcode of eBPF instructions has different meaning depending on the
instruction class. Respect that when dumping the program.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    ac83510 View commit details
    Browse the repository at this point in the history

  11. filterc: Allow to write to file descriptors 

    Add write options in a struct that can be extended in the future. The
struct is ready to be used with the validation mechanisms of libbpf/libxdp
but they are not validated yet, because those mechanisms are internal to
the libraries at the moment.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    ba5cd0d View commit details
    Browse the repository at this point in the history

  12. filterc: Add standalone test 

    Add a basic test to check if a compiled filter can be loaded into the
kernel and does something similar to what we expect.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    a143052 View commit details
    Browse the repository at this point in the history

  13. filterc: Allow to set program name 

    Add an option to configure the program name in the BPF object file.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    db19ef0 View commit details
    Browse the repository at this point in the history

  14. filterc: Allow to create linkable BPF objects 

    If a BPF program should be linked into other programs, it requires some
differences in the ELF object file:
- The program needs to be in the text section

Add an option to set how the BPF object file should look like. Also add a
parameter to filterc to create linkable objects.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    ef7d95e View commit details
    Browse the repository at this point in the history

  15. filterc: Add test with bpf_linker 

    Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    15bf137 View commit details
    Browse the repository at this point in the history

  16. filterc: Test more programs 

    Compile a bunch of programs and check if they pass/fail as expected.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    0be7232 View commit details
    Browse the repository at this point in the history

  17. filterc: Optimize jumps 

    When one of the branches goes to the next insn, it is not necessary to emit
two eBPF insns. We can either leave out the second jump if the false case
is the next insn, or we can invert the condition and leave out the second
jump if the true case is the next insn.

Signed-off-by: Felix Maurer <[email protected]>
    @fmaurer-rh
    fmaurer-rh committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    3e8a3aa View commit details
    Browse the repository at this point in the history