From: Eric Leblond <eric@regit.org>
Date: Wed, 14 Nov 2018 21:14:49 +0000 (+0100)
Subject: util-ebpf: pin the maps
X-Git-Tag: suricata-5.0.0-rc1~393
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d8ac36a49197bc071338bf4b5ca74f1f5590d9d;p=thirdparty%2Fsuricata.git

util-ebpf: pin the maps

By pinning the maps we are creating a file in /sys/fs/bpf that can
be used by external program to access the map. This has multiple
benefits such as handling list from an external program.

The pinned maps could be persistent accross Suricata reload but
this can be complicated in term of handling everything in the life
of Suricata.
---

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index cb9388a61c..ed574e8f12 100644
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -63,6 +63,7 @@ static int g_livedev_storage_id = -1;
 static int g_flow_storage_id = -1;
 
 struct bpf_map_item {
+    char iface[IFNAMSIZ];
     char * name;
     int fd;
 };
@@ -85,6 +86,13 @@ static void BpfMapsInfoFree(void *bpf)
     int i;
     for (i = 0; i < bpfinfo->last; i ++) {
         if (bpfinfo->array[i].name) {
+            char pinnedpath[1024];
+            snprintf(pinnedpath, sizeof(pinnedpath),
+                     "/sys/fs/bpf/suricata-%s-%s",
+                     bpfinfo->array[i].iface,
+                     bpfinfo->array[i].name);
+            /* Unlink the pinned entry */
+            unlink(pinnedpath);
             SCFree(bpfinfo->array[i].name);
         }
     }
@@ -260,11 +268,23 @@ int EBPFLoadFile(const char *iface, const char *path, const char * section,
         SCLogDebug("Got a map '%s' with fd '%d'", bpf_map__name(map), bpf_map__fd(map));
         bpf_map_data->array[bpf_map_data->last].fd = bpf_map__fd(map);
         bpf_map_data->array[bpf_map_data->last].name = SCStrdup(bpf_map__name(map));
+        snprintf(bpf_map_data->array[bpf_map_data->last].iface, IFNAMSIZ,
+                 "%s", iface);
         if (!bpf_map_data->array[bpf_map_data->last].name) {
             SCLogError(SC_ERR_MEM_ALLOC, "Unable to duplicate map name");
             BpfMapsInfoFree(bpf_map_data);
             return -1;
         }
+        /* TODO pin */
+        SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
+                    bpf_map_data->array[bpf_map_data->last].name);
+        char buf[1024];
+        snprintf(buf, sizeof(buf), "/sys/fs/bpf/suricata-%s-%s", iface,
+                 bpf_map_data->array[bpf_map_data->last].name);
+        int ret = bpf_obj_pin(bpf_map_data->array[bpf_map_data->last].fd, buf);
+        if (ret != 0) {
+            SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
+        }
         bpf_map_data->last++;
     }