morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
2d49429e58aba399ad0892e3cc38efbfbe38349f
systemd/src/shared/bpf-program.h
Dominique Martinet 25d9c6cdaf bpf-firewall: give a name to maps used 
Running systemd with IP accounting enabled generates many bpf maps (two
per unit for accounting, another two if IPAddressAllow/Deny are used).

Systemd itself knows which maps belong to what unit and commands like
`systemctl status <unit>` can be used to query what service has which
map, but monitoring these values all the time costs 4 dbus requests
(calling the .IP{E,I}gress{Bytes,Packets} method for each unit) and
makes services like the prometheus systemd_exporter[1] somewhat slow
when doing that for every units, while less precise information could
quickly be obtained by looking directly at the maps.

Unfortunately, bpf map names are rather limited:
- only 15 characters in length (16, but last byte must be 0)
- only allows isalnum(), _ and . characters

If it wasn't for the length limit we could use the normal unit escape
functions but I've opted to just make any forbidden character into
underscores for maximum brievty -- the map prefix is also rather short:
This isn't meant as a precise mapping, but as a hint for admins who want
to look at these.

(Note there is no problem if multiple maps have the same name)

Link: https://github.com/povilasv/systemd_exporter [1]
2023-04-18 08:23:55 +09:00

66 lines
2.6 KiB
C
Raw Blame History

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <linux/bpf.h>
#include <stdint.h>
#include <stdio.h>
#include <sys/syscall.h>
#include "fdset.h"
#include "list.h"
#include "macro.h"
typedef struct BPFProgram BPFProgram;
/* This encapsulates three different concepts: the loaded BPF program, the BPF code, and the attachment to a
* cgroup. Typically our BPF programs go through all three stages: we build the code, we load it, and finally
* we attach it, but it might happen that we operate with programs that aren't loaded or aren't attached, or
* where we don't have the code. */
struct BPFProgram {
/* The loaded BPF program, if loaded */
int kernel_fd;
uint32_t prog_type;
char *prog_name;
/* The code of it BPF program, if known */
size_t n_instructions;
struct bpf_insn *instructions;
/* The cgroup path the program is attached to, if it is attached. If non-NULL bpf_program_unref()
* will detach on destruction. */
char *attached_path;
int attached_type;
uint32_t attached_flags;
};
int bpf_program_new(uint32_t prog_type, const char *prog_name, BPFProgram **ret);
int bpf_program_new_from_bpffs_path(const char *path, BPFProgram **ret);
BPFProgram *bpf_program_free(BPFProgram *p);
int bpf_program_add_instructions(BPFProgram *p, const struct bpf_insn *insn, size_t count);
int bpf_program_load_kernel(BPFProgram *p, char *log_buf, size_t log_size);
int bpf_program_load_from_bpf_fs(BPFProgram *p, const char *path);
int bpf_program_cgroup_attach(BPFProgram *p, int type, const char *path, uint32_t flags);
int bpf_program_cgroup_detach(BPFProgram *p);
int bpf_program_pin(int prog_fd, const char *bpffs_path);
int bpf_program_get_id_by_fd(int prog_fd, uint32_t *ret_id);
int bpf_program_serialize_attachment(FILE *f, FDSet *fds, const char *key, BPFProgram *p);
int bpf_program_serialize_attachment_set(FILE *f, FDSet *fds, const char *key, Set *set);
int bpf_program_deserialize_attachment(const char *v, FDSet *fds, BPFProgram **bpfp);
int bpf_program_deserialize_attachment_set(const char *v, FDSet *fds, Set **bpfsetp);
extern const struct hash_ops bpf_program_hash_ops;
int bpf_map_new(const char *name, enum bpf_map_type type, size_t key_size, size_t value_size,
size_t max_entries, uint32_t flags);
int bpf_map_update_element(int fd, const void *key, void *value);
int bpf_map_lookup_element(int fd, const void *key, void *value);
int bpf_cgroup_attach_type_from_string(const char *str) _pure_;
const char *bpf_cgroup_attach_type_to_string(int attach_type) _const_;
DEFINE_TRIVIAL_CLEANUP_FUNC(BPFProgram*, bpf_program_free);
Reference in New Issue View Git Blame Copy Permalink