bpf: add support for sockmap detach programs
The bpf map sockmap supports adding programs via attach commands. This patch adds the detach command to keep the API symmetric and allow users to remove previously added programs. Otherwise the user would have to delete the map and re-add it to get in this state. This also adds a series of additional tests to capture detach operation and also attaching/detaching invalid prog types. API note: socks will run (or not run) programs depending on the state of the map at the time the sock is added. We do not for example walk the map and remove programs from previously attached socks. Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
John Fastabend
committed by
David S. Miller
David S. Miller
parent
bbbe211c29
commit
5a67da2a71
@@ -558,7 +558,7 @@ static void test_sockmap(int tasks, void *data)
|
||||
}
|
||||
}
|
||||
|
||||
/* Test attaching bad fds */
|
||||
/* Test attaching/detaching bad fds */
|
||||
err = bpf_prog_attach(-1, fd, BPF_SK_SKB_STREAM_PARSER, 0);
|
||||
if (!err) {
|
||||
printf("Failed invalid parser prog attach\n");
|
||||
@@ -571,6 +571,30 @@ static void test_sockmap(int tasks, void *data)
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_attach(-1, fd, __MAX_BPF_ATTACH_TYPE, 0);
|
||||
if (!err) {
|
||||
printf("Failed unknown prog attach\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(fd, BPF_SK_SKB_STREAM_PARSER);
|
||||
if (err) {
|
||||
printf("Failed empty parser prog detach\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(fd, BPF_SK_SKB_STREAM_VERDICT);
|
||||
if (err) {
|
||||
printf("Failed empty verdict prog detach\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(fd, __MAX_BPF_ATTACH_TYPE);
|
||||
if (!err) {
|
||||
printf("Detach invalid prog successful\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
/* Load SK_SKB program and Attach */
|
||||
err = bpf_prog_load(SOCKMAP_PARSE_PROG,
|
||||
BPF_PROG_TYPE_SK_SKB, &obj, &parse_prog);
|
||||
@@ -643,6 +667,13 @@ static void test_sockmap(int tasks, void *data)
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_attach(verdict_prog, map_fd_rx,
|
||||
__MAX_BPF_ATTACH_TYPE, 0);
|
||||
if (!err) {
|
||||
printf("Attached unknown bpf prog\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
/* Test map update elem afterwards fd lives in fd and map_fd */
|
||||
for (i = 0; i < 6; i++) {
|
||||
err = bpf_map_update_elem(map_fd_rx, &i, &sfd[i], BPF_ANY);
|
||||
@@ -809,6 +840,24 @@ static void test_sockmap(int tasks, void *data)
|
||||
assert(status == 0);
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(map_fd_rx, __MAX_BPF_ATTACH_TYPE);
|
||||
if (!err) {
|
||||
printf("Detached an invalid prog type.\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(map_fd_rx, BPF_SK_SKB_STREAM_PARSER);
|
||||
if (err) {
|
||||
printf("Failed parser prog detach\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
err = bpf_prog_detach(map_fd_rx, BPF_SK_SKB_STREAM_VERDICT);
|
||||
if (err) {
|
||||
printf("Failed parser prog detach\n");
|
||||
goto out_sockmap;
|
||||
}
|
||||
|
||||
/* Test map close sockets */
|
||||
for (i = 0; i < 6; i++)
|
||||
close(sfd[i]);
|
||||
|
||||
Reference in New Issue
Block a user