1*554ae6e7SDavid Ahern /* eBPF example program: 2*554ae6e7SDavid Ahern * 3*554ae6e7SDavid Ahern * - Loads eBPF program 4*554ae6e7SDavid Ahern * 5*554ae6e7SDavid Ahern * The eBPF program loads a filter from file and attaches the 6*554ae6e7SDavid Ahern * program to a cgroup using BPF_PROG_ATTACH 7*554ae6e7SDavid Ahern */ 8*554ae6e7SDavid Ahern 9*554ae6e7SDavid Ahern #define _GNU_SOURCE 10*554ae6e7SDavid Ahern 11*554ae6e7SDavid Ahern #include <stdio.h> 12*554ae6e7SDavid Ahern #include <stdlib.h> 13*554ae6e7SDavid Ahern #include <stddef.h> 14*554ae6e7SDavid Ahern #include <string.h> 15*554ae6e7SDavid Ahern #include <unistd.h> 16*554ae6e7SDavid Ahern #include <assert.h> 17*554ae6e7SDavid Ahern #include <errno.h> 18*554ae6e7SDavid Ahern #include <fcntl.h> 19*554ae6e7SDavid Ahern #include <net/if.h> 20*554ae6e7SDavid Ahern #include <linux/bpf.h> 21*554ae6e7SDavid Ahern 22*554ae6e7SDavid Ahern #include "libbpf.h" 23*554ae6e7SDavid Ahern #include "bpf_load.h" 24*554ae6e7SDavid Ahern 25*554ae6e7SDavid Ahern static int usage(const char *argv0) 26*554ae6e7SDavid Ahern { 27*554ae6e7SDavid Ahern printf("Usage: %s cg-path filter-path [filter-id]\n", argv0); 28*554ae6e7SDavid Ahern return EXIT_FAILURE; 29*554ae6e7SDavid Ahern } 30*554ae6e7SDavid Ahern 31*554ae6e7SDavid Ahern int main(int argc, char **argv) 32*554ae6e7SDavid Ahern { 33*554ae6e7SDavid Ahern int cg_fd, ret, filter_id = 0; 34*554ae6e7SDavid Ahern 35*554ae6e7SDavid Ahern if (argc < 3) 36*554ae6e7SDavid Ahern return usage(argv[0]); 37*554ae6e7SDavid Ahern 38*554ae6e7SDavid Ahern cg_fd = open(argv[1], O_DIRECTORY | O_RDONLY); 39*554ae6e7SDavid Ahern if (cg_fd < 0) { 40*554ae6e7SDavid Ahern printf("Failed to open cgroup path: '%s'\n", strerror(errno)); 41*554ae6e7SDavid Ahern return EXIT_FAILURE; 42*554ae6e7SDavid Ahern } 43*554ae6e7SDavid Ahern 44*554ae6e7SDavid Ahern if (load_bpf_file(argv[2])) 45*554ae6e7SDavid Ahern return EXIT_FAILURE; 46*554ae6e7SDavid Ahern 47*554ae6e7SDavid Ahern printf("Output from kernel verifier:\n%s\n-------\n", bpf_log_buf); 48*554ae6e7SDavid Ahern 49*554ae6e7SDavid Ahern if (argc > 3) 50*554ae6e7SDavid Ahern filter_id = atoi(argv[3]); 51*554ae6e7SDavid Ahern 52*554ae6e7SDavid Ahern if (filter_id > prog_cnt) { 53*554ae6e7SDavid Ahern printf("Invalid program id; program not found in file\n"); 54*554ae6e7SDavid Ahern return EXIT_FAILURE; 55*554ae6e7SDavid Ahern } 56*554ae6e7SDavid Ahern 57*554ae6e7SDavid Ahern ret = bpf_prog_attach(prog_fd[filter_id], cg_fd, 58*554ae6e7SDavid Ahern BPF_CGROUP_INET_SOCK_CREATE); 59*554ae6e7SDavid Ahern if (ret < 0) { 60*554ae6e7SDavid Ahern printf("Failed to attach prog to cgroup: '%s'\n", 61*554ae6e7SDavid Ahern strerror(errno)); 62*554ae6e7SDavid Ahern return EXIT_FAILURE; 63*554ae6e7SDavid Ahern } 64*554ae6e7SDavid Ahern 65*554ae6e7SDavid Ahern return EXIT_SUCCESS; 66*554ae6e7SDavid Ahern } 67