Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp32885iob; Wed, 27 Apr 2022 18:14:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRDojiPKtxYHywTygcHVGkq5hP0f8/BJ9RQN1N7VMYNRZclgdtnRIEO/dRnCYStxo4GV6u X-Received: by 2002:a17:907:7f91:b0:6f3:d6bc:cd5b with SMTP id qk17-20020a1709077f9100b006f3d6bccd5bmr2039464ejc.460.1651108454681; Wed, 27 Apr 2022 18:14:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651108454; cv=none; d=google.com; s=arc-20160816; b=wkzGNrTocMYxexGPsA8rswC/IQbTUdLzAmA/C5STyd3Xxc/QRp7r+1A4KiCpp9uiBt 3JmCyIyZ5cmwtlZstW05a3VYsz7jo6L6yd8HQGvNAJc5RIYeVvnrENPQpUeq4FikQDp2 6hBy1i3M7KTmtIFgfEuvlDcLJ7FEbUhdPcUaxUXlBMIxngd96EZC0TacQTr9ZgDOB2c9 HIjPV7ySwfBRcyBSbysWGTglSM/HaxV6ZZMZasQSedzS3lBpaGXI5p9huUz2jeuD/0X1 wRL28bYzqjmQkOG/PIQL2V/hz3/XHPRFf6+xhhvkC5W/vHPEZhoBqrbGFtbA8quOc/zK 0CcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Cla1mRlZmz4uhMbCRbo+KpuTRkPBnIsQ9k/Thhz0OGo=; b=HUkLhWzVLVIZmcB0IjTxwjdBzfE55h1AY8TQ7Ozf9GMA3fuwDWGm6Y+A2y7hsE2ND4 tFvYhnG07J+iRgzzPjqGYPVIM+Nu7nhZacWPA6aVesK29ftJNNBKxWhxtg01vdxPelR+ vcImy3hG3d4B7/ML232yFNqW4oUxGJKg/VXERfQ4QjGZ5ekubEdamginSoXI4oEA+m5O zPLF99JCeQNmDgdtfIF/Xv7HT6BvcVFFKAp/BbG+HAv6lbbH+sCi2quDbiZGfQgATUTN bbUJzH3uYRopPc2iHJX+QY78Yzo5sOXiU5VaaQNZhDpguGqeEUivFr4862IaGuYSbEGX TSPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LkzYLHe6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id js8-20020a17090797c800b006efe4351406si3426573ejc.135.2022.04.27.18.13.51; Wed, 27 Apr 2022 18:14:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=LkzYLHe6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236778AbiD0UPA (ORCPT + 99 others); Wed, 27 Apr 2022 16:15:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236243AbiD0UOl (ORCPT ); Wed, 27 Apr 2022 16:14:41 -0400 Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7E93939CF; Wed, 27 Apr 2022 13:08:45 -0700 (PDT) Received: by mail-il1-x12b.google.com with SMTP id g10so686196ilf.6; Wed, 27 Apr 2022 13:08:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Cla1mRlZmz4uhMbCRbo+KpuTRkPBnIsQ9k/Thhz0OGo=; b=LkzYLHe6dAjRlXJcMe8Sfr4UR2W8rf+VrAkIXc7U9nyNahwgSriKY5afY1aq/huC0A X8TQ6p9+XYkycvafu84oWv2rO0GvgzZ1zVdnTbHUjc2aU3ohCrWpGUxuHTDyDqFsdlbH ycYnj9MyRzBEu8+rzisn8gfy70xlV0KyRfBC/nR8JM9o02IS8dcluzb/GClHGN8+UGs7 DUkSa23YiAGWCsE1Dm26QVLh9A/KL+ZS/UC1jzsosTDymVi2D4Gs1AeD9W/QdD5RnUii +1s8058IIsLHatFe8RTS8ylWhOUm5Zxp1aydpufrG6iLMW9582/jjblwlbWkS1CNbizq m2hA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Cla1mRlZmz4uhMbCRbo+KpuTRkPBnIsQ9k/Thhz0OGo=; b=PKio8gt8chbzRvFB5a04vDS3vFgoUhhGO3mX7b9vU83K5Ex8fU6p6Ops1NJkyrWb+4 kDNxzlmjK4jjRoA/9F+eSRSRy0quRsZVyJn7zBxQp+Z6chN0DxvQ8t7NZK/KaYLSamkg N3FkJUjFqpU3IZja/oUV6OMrsB/aSYmYcBKyEDMDGXX98+xjy5KKP4Ph9WFWL1hYNONs oukQc6DV2tThsfNHy8/hrpUnMRAfu5i3JyW4rSrxTmi+Jt98UeVZnbcEp2haMtrbX3OI Sjj1ATPfs+GQwGrZ4EP/XGV9kly3gtIWYDXSk2mtUKV1sD/Y3JJlTg5hwHM8BO2WM0Rn 1Pkw== X-Gm-Message-State: AOAM5309u4yqURRKSmD14pIgzWry92JqC03mN0XXxwSL/cR8EpAsUNuQ hpFBmBvkrOwSfRLkPUxH8rnlV4BlvVrhlli9oJN+g0kaRC4= X-Received: by 2002:a05:6e02:1ba3:b0:2cc:4158:d3ff with SMTP id n3-20020a056e021ba300b002cc4158d3ffmr11673755ili.98.1651090124991; Wed, 27 Apr 2022 13:08:44 -0700 (PDT) MIME-Version: 1.0 References: <20220427070644.319661-1-imagedong@tencent.com> In-Reply-To: <20220427070644.319661-1-imagedong@tencent.com> From: Andrii Nakryiko Date: Wed, 27 Apr 2022 13:08:34 -0700 Message-ID: Subject: Re: [PATCH bpf-next] net: bpf: support direct packet access in tracing program To: menglong8.dong@gmail.com Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin Lau , Song Liu , Yonghong Song , john fastabend , KP Singh , Steven Rostedt , Ingo Molnar , Networking , bpf , open list , Menglong Dong , Jiang Biao , Hao Peng Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 27, 2022 at 12:08 AM wrote: > > From: Menglong Dong > > For now, eBPF program of type TRACING is able to access the arguments > of the function or raw_tracepoint directly, which makes data access > easier and efficient. And we can also output the raw data in skb to > user space in tracing program by bpf_skb_output() helper. > > However, we still can't access the packet data in 'struct sk_buff' > directly and have to use the helper bpf_probe_read_kernel() to analyse > packet data. > > Network tools, which based on eBPF TRACING, often do packet analyse > works in tracing program for filtering, statistics, etc. For example, > we want to trace abnormal skb free through 'kfree_skb' tracepoint with > special ip address or tcp port. > > In this patch, 2 helpers are introduced: bpf_skb_get_header() and > bpf_skb_get_end(). The pointer returned by bpf_skb_get_header() has > the same effect with the 'data' in 'struct __sk_buff', and > bpf_skb_get_end() has the same effect with the 'data_end'. > > Therefore, we can now access packet data in tracing program in this > way: > > SEC("fentry/icmp_rcv") > int BPF_PROG(tracing_open, struct sk_buff* skb) > { > void *data, *data_end; > struct ethhdr *eth; > > data = bpf_skb_get_header(skb, BPF_SKB_HEADER_MAC); > data_end = bpf_skb_get_end(skb); > > if (!data || !data_end) > return 0; > > if (data + sizeof(*eth) > data_end) > return 0; > > eth = data; > bpf_printk("proto:%d\n", bpf_ntohs(eth->h_proto)); > > return 0; > } > > With any positive reply, I'll complete the selftests programs. See bpf_dynptr patches that Joanne is working on. That's an alternative mechanism for data/data_end and is going to be easier and more flexible to work with. It is the plan that once basic bpf_dynptr functionality lands, we'll have dynptr "constructors" for xdp_buff and sk_buff. I think it's a better path forward. > > Reviewed-by: Jiang Biao > Reviewed-by: Hao Peng > Signed-off-by: Menglong Dong > --- > include/linux/bpf.h | 4 +++ > include/uapi/linux/bpf.h | 29 ++++++++++++++++++++ > kernel/bpf/verifier.c | 6 +++++ > kernel/trace/bpf_trace.c | 58 ++++++++++++++++++++++++++++++++++++++++ > 4 files changed, 97 insertions(+) > [...]