From: Eric Leblond <eric@regit.org>
Date: Sun, 9 Dec 2018 19:03:31 +0000 (+0100)
Subject: util-ebpf: conditional pinning of maps
X-Git-Tag: suricata-5.0.0-rc1~388
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f48c45727e681a135029014521032e1af3d2edd;p=thirdparty%2Fsuricata.git

util-ebpf: conditional pinning of maps

Only pin maps if `pinned-maps` is set in the configuration. This
ensure backward compatibility.
---

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 94bff13ea3..64ac73b956 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -381,15 +381,25 @@ static void *ParseAFPConfig(const char *iface)
 #ifdef HAVE_PACKET_EBPF
         SCLogConfig("af-packet will use '%s' as eBPF load balancing file",
                   ebpf_file);
-#endif
         aconf->ebpf_lb_file = ebpf_file;
+        aconf->ebpf_t_config.flags |= EBPF_SOCKET_FILTER;
+#endif
+    }
+
+    if (ConfGetChildValueBoolWithDefault(if_root, if_default, "pinned-maps", (int *)&boolval) != 1) {
+        if (boolval) {
+            SCLogConfig("Using pinned maps on iface %s",
+                        aconf->iface);
+            aconf->ebpf_t_config.flags |= EBPF_PINNED_MAPS;
+        }
     }
 
 #ifdef HAVE_PACKET_EBPF
     /* One shot loading of the eBPF file */
     if (aconf->ebpf_lb_file && cluster_type == PACKET_FANOUT_EBPF) {
         int ret = EBPFLoadFile(aconf->iface, aconf->ebpf_lb_file, "loadbalancer",
-                               &aconf->ebpf_lb_fd, EBPF_SOCKET_FILTER);
+                               &aconf->ebpf_lb_fd,
+                               aconf->ebpf_t_config.flags);
         if (ret != 0) {
             SCLogWarning(SC_ERR_INVALID_VALUE, "Error when loading eBPF lb file");
         }
@@ -428,7 +438,8 @@ static void *ParseAFPConfig(const char *iface)
     if (aconf->ebpf_filter_file) {
 #ifdef HAVE_PACKET_EBPF
         int ret = EBPFLoadFile(aconf->iface, aconf->ebpf_filter_file, "filter",
-                               &aconf->ebpf_filter_fd, EBPF_SOCKET_FILTER);
+                               &aconf->ebpf_filter_fd,
+                               aconf->ebpf_t_config.flags);
         if (ret != 0) {
             SCLogWarning(SC_ERR_INVALID_VALUE,
                          "Error when loading eBPF filter file");
@@ -444,6 +455,7 @@ static void *ParseAFPConfig(const char *iface)
         SCLogInfo("af-packet will use '%s' as XDP filter file",
                   ebpf_file);
         aconf->ebpf_t_config.mode = AFP_MODE_XDP_BYPASS;
+        aconf->ebpf_t_config.flags |= EBPF_XDP_CODE;
         aconf->xdp_filter_file = ebpf_file;
         ConfGetChildValueBoolWithDefault(if_root, if_default, "bypass", &conf_val);
         if (conf_val) {
@@ -490,7 +502,8 @@ static void *ParseAFPConfig(const char *iface)
     if (aconf->xdp_filter_file) {
 #ifdef HAVE_PACKET_XDP
         int ret = EBPFLoadFile(aconf->iface, aconf->xdp_filter_file, "xdp",
-                               &aconf->xdp_filter_fd, EBPF_XDP_CODE);
+                               &aconf->xdp_filter_fd,
+                               aconf->ebpf_t_config.flags);
         if (ret != 0) {
             SCLogWarning(SC_ERR_INVALID_VALUE,
                          "Error when loading XDP filter file");
diff --git a/src/source-af-packet.h b/src/source-af-packet.h
index c192dffc06..f9d135fdbe 100644
--- a/src/source-af-packet.h
+++ b/src/source-af-packet.h
@@ -49,6 +49,7 @@
 struct ebpf_timeout_config {
     uint16_t cpus_count;
     uint8_t mode;
+    uint8_t flags;
 };
 #endif
 
diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index 1aa19d96de..b5ebd4f546 100644
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -275,16 +275,16 @@ int EBPFLoadFile(const char *iface, const char *path, const char * section,
             BpfMapsInfoFree(bpf_map_data);
             return -1;
         }
-        /* TODO pin */
-        /* sudo mount bpf -t bpf /sys/fs/bpf/ */
-        SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
+        if (flags & EBPF_PINNED_MAPS) {
+            SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
                     bpf_map_data->array[bpf_map_data->last].name);
-        char buf[1024];
-        snprintf(buf, sizeof(buf), "/sys/fs/bpf/suricata-%s-%s", iface,
-                 bpf_map_data->array[bpf_map_data->last].name);
-        int ret = bpf_obj_pin(bpf_map_data->array[bpf_map_data->last].fd, buf);
-        if (ret != 0) {
-            SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
+            char buf[1024];
+            snprintf(buf, sizeof(buf), "/sys/fs/bpf/suricata-%s-%s", iface,
+                    bpf_map_data->array[bpf_map_data->last].name);
+            int ret = bpf_obj_pin(bpf_map_data->array[bpf_map_data->last].fd, buf);
+            if (ret != 0) {
+                SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
+            }
         }
         bpf_map_data->last++;
     }
diff --git a/src/util-ebpf.h b/src/util-ebpf.h
index c613f9bf3a..f9dbefe1e3 100644
--- a/src/util-ebpf.h
+++ b/src/util-ebpf.h
@@ -63,6 +63,7 @@ struct pair {
 
 #define EBPF_SOCKET_FILTER  (1<<0)
 #define EBPF_XDP_CODE       (1<<1)
+#define EBPF_PINNED_MAPS    (1<<2)
 
 int EBPFGetMapFDByName(const char *iface, const char *name);
 int EBPFLoadFile(const char *iface, const char *path, const char * section,