1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2 // Copyright (C) 2017 Facebook
3 // Author: Roman Gushchin <guro@fb.com>
5 #define _XOPEN_SOURCE 500
14 #include <sys/types.h>
21 #define HELP_SPEC_ATTACH_FLAGS \
22 "ATTACH_FLAGS := { multi | override }"
24 #define HELP_SPEC_ATTACH_TYPES \
25 " ATTACH_TYPE := { ingress | egress | sock_create |\n" \
26 " sock_ops | device | bind4 | bind6 |\n" \
27 " post_bind4 | post_bind6 | connect4 |\n" \
28 " connect6 | sendmsg4 | sendmsg6 |\n" \
29 " recvmsg4 | recvmsg6 | sysctl |\n" \
30 " getsockopt | setsockopt }"
32 static const char * const attach_type_strings[] = {
33 [BPF_CGROUP_INET_INGRESS] = "ingress",
34 [BPF_CGROUP_INET_EGRESS] = "egress",
35 [BPF_CGROUP_INET_SOCK_CREATE] = "sock_create",
36 [BPF_CGROUP_SOCK_OPS] = "sock_ops",
37 [BPF_CGROUP_DEVICE] = "device",
38 [BPF_CGROUP_INET4_BIND] = "bind4",
39 [BPF_CGROUP_INET6_BIND] = "bind6",
40 [BPF_CGROUP_INET4_CONNECT] = "connect4",
41 [BPF_CGROUP_INET6_CONNECT] = "connect6",
42 [BPF_CGROUP_INET4_POST_BIND] = "post_bind4",
43 [BPF_CGROUP_INET6_POST_BIND] = "post_bind6",
44 [BPF_CGROUP_UDP4_SENDMSG] = "sendmsg4",
45 [BPF_CGROUP_UDP6_SENDMSG] = "sendmsg6",
46 [BPF_CGROUP_SYSCTL] = "sysctl",
47 [BPF_CGROUP_UDP4_RECVMSG] = "recvmsg4",
48 [BPF_CGROUP_UDP6_RECVMSG] = "recvmsg6",
49 [BPF_CGROUP_GETSOCKOPT] = "getsockopt",
50 [BPF_CGROUP_SETSOCKOPT] = "setsockopt",
51 [__MAX_BPF_ATTACH_TYPE] = NULL,
54 static enum bpf_attach_type parse_attach_type(const char *str)
56 enum bpf_attach_type type;
58 for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++) {
59 if (attach_type_strings[type] &&
60 is_prefix(str, attach_type_strings[type]))
64 return __MAX_BPF_ATTACH_TYPE;
67 static int show_bpf_prog(int id, const char *attach_type_str,
68 const char *attach_flags_str,
71 struct bpf_prog_info info = {};
72 __u32 info_len = sizeof(info);
75 prog_fd = bpf_prog_get_fd_by_id(id);
79 if (bpf_obj_get_info_by_fd(prog_fd, &info, &info_len)) {
85 jsonw_start_object(json_wtr);
86 jsonw_uint_field(json_wtr, "id", info.id);
87 jsonw_string_field(json_wtr, "attach_type",
89 jsonw_string_field(json_wtr, "attach_flags",
91 jsonw_string_field(json_wtr, "name", info.name);
92 jsonw_end_object(json_wtr);
94 printf("%s%-8u %-15s %-15s %-15s\n", level ? " " : "",
105 static int count_attached_bpf_progs(int cgroup_fd, enum bpf_attach_type type)
110 ret = bpf_prog_query(cgroup_fd, type, 0, NULL, NULL, &prog_cnt);
117 static int show_attached_bpf_progs(int cgroup_fd, enum bpf_attach_type type,
120 __u32 prog_ids[1024] = {0};
121 char *attach_flags_str;
122 __u32 prog_cnt, iter;
127 prog_cnt = ARRAY_SIZE(prog_ids);
128 ret = bpf_prog_query(cgroup_fd, type, 0, &attach_flags, prog_ids,
136 switch (attach_flags) {
137 case BPF_F_ALLOW_MULTI:
138 attach_flags_str = "multi";
140 case BPF_F_ALLOW_OVERRIDE:
141 attach_flags_str = "override";
144 attach_flags_str = "";
147 snprintf(buf, sizeof(buf), "unknown(%x)", attach_flags);
148 attach_flags_str = buf;
151 for (iter = 0; iter < prog_cnt; iter++)
152 show_bpf_prog(prog_ids[iter], attach_type_strings[type],
153 attach_flags_str, level);
158 static int do_show(int argc, char **argv)
160 enum bpf_attach_type type;
165 p_err("too few parameters for cgroup show");
167 } else if (argc > 1) {
168 p_err("too many parameters for cgroup show");
172 cgroup_fd = open(argv[0], O_RDONLY);
174 p_err("can't open cgroup %s", argv[0]);
179 jsonw_start_array(json_wtr);
181 printf("%-8s %-15s %-15s %-15s\n", "ID", "AttachType",
182 "AttachFlags", "Name");
184 for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++) {
186 * Not all attach types may be supported, so it's expected,
187 * that some requests will fail.
188 * If we were able to get the show for at least one
189 * attach type, let's return 0.
191 if (show_attached_bpf_progs(cgroup_fd, type, 0) == 0)
196 jsonw_end_array(json_wtr);
204 * To distinguish nftw() errors and do_show_tree_fn() errors
205 * and avoid duplicating error messages, let's return -2
206 * from do_show_tree_fn() in case of error.
209 #define SHOW_TREE_FN_ERR -2
210 static int do_show_tree_fn(const char *fpath, const struct stat *sb,
211 int typeflag, struct FTW *ftw)
213 enum bpf_attach_type type;
217 if (typeflag != FTW_D)
220 cgroup_fd = open(fpath, O_RDONLY);
222 p_err("can't open cgroup %s: %s", fpath, strerror(errno));
223 return SHOW_TREE_FN_ERR;
226 for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++) {
227 int count = count_attached_bpf_progs(cgroup_fd, type);
229 if (count < 0 && errno != EINVAL) {
230 p_err("can't query bpf programs attached to %s: %s",
231 fpath, strerror(errno));
233 return SHOW_TREE_FN_ERR;
247 jsonw_start_object(json_wtr);
248 jsonw_string_field(json_wtr, "cgroup", fpath);
249 jsonw_name(json_wtr, "programs");
250 jsonw_start_array(json_wtr);
252 printf("%s\n", fpath);
255 for (type = 0; type < __MAX_BPF_ATTACH_TYPE; type++)
256 show_attached_bpf_progs(cgroup_fd, type, ftw->level);
259 /* Last attach type does not support query.
260 * Do not report an error for this, especially because batch
261 * mode would stop processing commands.
266 jsonw_end_array(json_wtr);
267 jsonw_end_object(json_wtr);
275 static char *find_cgroup_root(void)
280 f = fopen("/proc/mounts", "r");
284 while ((mnt = getmntent(f))) {
285 if (strcmp(mnt->mnt_type, "cgroup2") == 0) {
287 return strdup(mnt->mnt_dir);
295 static int do_show_tree(int argc, char **argv)
302 cgroup_root = find_cgroup_root();
304 p_err("cgroup v2 isn't mounted");
309 cgroup_root = argv[0];
312 p_err("too many parameters for cgroup tree");
318 jsonw_start_array(json_wtr);
321 "%-8s %-15s %-15s %-15s\n",
323 "ID", "AttachType", "AttachFlags", "Name");
325 switch (nftw(cgroup_root, do_show_tree_fn, 1024, FTW_MOUNT)) {
327 p_err("can't iterate over %s: %s", cgroup_root,
331 case SHOW_TREE_FN_ERR:
339 jsonw_end_array(json_wtr);
347 static int do_attach(int argc, char **argv)
349 enum bpf_attach_type attach_type;
350 int cgroup_fd, prog_fd;
351 int attach_flags = 0;
356 p_err("too few parameters for cgroup attach");
360 cgroup_fd = open(argv[0], O_RDONLY);
362 p_err("can't open cgroup %s", argv[0]);
366 attach_type = parse_attach_type(argv[1]);
367 if (attach_type == __MAX_BPF_ATTACH_TYPE) {
368 p_err("invalid attach type");
374 prog_fd = prog_parse_fd(&argc, &argv);
378 for (i = 0; i < argc; i++) {
379 if (is_prefix(argv[i], "multi")) {
380 attach_flags |= BPF_F_ALLOW_MULTI;
381 } else if (is_prefix(argv[i], "override")) {
382 attach_flags |= BPF_F_ALLOW_OVERRIDE;
384 p_err("unknown option: %s", argv[i]);
389 if (bpf_prog_attach(prog_fd, cgroup_fd, attach_type, attach_flags)) {
390 p_err("failed to attach program");
395 jsonw_null(json_wtr);
407 static int do_detach(int argc, char **argv)
409 enum bpf_attach_type attach_type;
410 int prog_fd, cgroup_fd;
414 p_err("too few parameters for cgroup detach");
418 cgroup_fd = open(argv[0], O_RDONLY);
420 p_err("can't open cgroup %s", argv[0]);
424 attach_type = parse_attach_type(argv[1]);
425 if (attach_type == __MAX_BPF_ATTACH_TYPE) {
426 p_err("invalid attach type");
432 prog_fd = prog_parse_fd(&argc, &argv);
436 if (bpf_prog_detach2(prog_fd, cgroup_fd, attach_type)) {
437 p_err("failed to detach program");
442 jsonw_null(json_wtr);
454 static int do_help(int argc, char **argv)
457 jsonw_null(json_wtr);
462 "Usage: %s %s { show | list } CGROUP\n"
463 " %s %s tree [CGROUP_ROOT]\n"
464 " %s %s attach CGROUP ATTACH_TYPE PROG [ATTACH_FLAGS]\n"
465 " %s %s detach CGROUP ATTACH_TYPE PROG\n"
468 HELP_SPEC_ATTACH_TYPES "\n"
469 " " HELP_SPEC_ATTACH_FLAGS "\n"
470 " " HELP_SPEC_PROGRAM "\n"
471 " " HELP_SPEC_OPTIONS "\n"
474 bin_name, argv[-2], bin_name, argv[-2],
475 bin_name, argv[-2], bin_name, argv[-2]);
480 static const struct cmd cmds[] = {
483 { "tree", do_show_tree },
484 { "attach", do_attach },
485 { "detach", do_detach },
490 int do_cgroup(int argc, char **argv)
492 return cmd_select(cmds, argc, argv, do_help);