On Sat, May 01, 2021 at 01:05:40AM IST, Andrii Nakryiko wrote: > On Wed, Apr 28, 2021 at 9:26 AM Kumar Kartikeya Dwivedi > <memxor@xxxxxxxxx> wrote: > > > > This adds functions that wrap the netlink API used for adding, > > manipulating, and removing traffic control filters. > > > > An API summary: > > > > A bpf_tc_hook represents a location where a TC-BPF filter can be > > attached. This means that creating a hook leads to creation of the > > backing qdisc, while destruction either removes all filters attached to > > a hook, or destroys qdisc if requested explicitly (as discussed below). > > > > The TC-BPF API functions operate on this bpf_tc_hook to attach, replace, > > query, and detach tc filters. > > > > All functions return 0 on success, and a negative error code on failure. > > > > bpf_tc_hook_create - Create a hook > > Parameters: > > @hook - Cannot be NULL, ifindex > 0, attach_point must be set to > > proper enum constant. Note that parent must be unset when > > attach_point is one of BPF_TC_INGRESS or BPF_TC_EGRESS. Note > > that as an exception BPF_TC_INGRESS|BPF_TC_EGRESS is also a > > valid value for attach_point. > > > > Returns -EOPNOTSUPP when hook has attach_point as BPF_TC_CUSTOM. > > > > @flags - Currently only BPF_TC_F_REPLACE, which creates qdisc in > > non-exclusive mode (i.e. an existing qdisc will be replaced > > instead of this function failing with -EEXIST). > > > > bpf_tc_hook_destroy - Destroy the hook > > Parameters: > > @hook - Cannot be NULL. The behaviour depends on value of > > attach_point. > > > > If BPF_TC_INGRESS, all filters attached to the ingress > > hook will be detached. > > If BPF_TC_EGRESS, all filters attached to the egress hook > > will be detached. > > If BPF_TC_INGRESS|BPF_TC_EGRESS, the clsact qdisc will be > > deleted, also detaching all filters. > > > > It is advised that if the qdisc is operated on by many programs, > > then the program atleast check that there are no other existing > > typo: at least > Will fix. > > filters before deleting the clsact qdisc. An example is shown > > below: > > > > /* set opts as NULL, as we're not really interested in > > * getting any info for a particular filter, but just > > * detecting its presence. > > */ > > this comment probably is better moved to right before bpf_tc_query, > otherwise it reads as if it's related to bpf_tc_hook > Ok. > > DECLARE_LIBBPF_OPTS(bpf_tc_hook, .ifindex = if_nametoindex("lo"), > > .attach_point = BPF_TC_INGRESS); > > r = bpf_tc_query(&hook, NULL); > > if (r < 0 && r == -ENOENT) { > > well, r == -ENOENT should be enough then, no? > Yes, I'll change it. > > /* no filters */ > > hook.attach_point = BPF_TC_INGRESS|BPF_TC_EGREESS; > > return bpf_tc_hook_destroy(&hook); > > } else /* failed or r == 0, the latter means filters do exist */ > > return r; > > > > Note that there is a small race between checking for no > > filters and deleting the qdisc. This is currently unavoidable. > > > > Returns -EOPNOTSUPP when hook has attach_point as BPF_TC_CUSTOM. > > > > bpf_tc_attach - Attach a filter to a hook > > Parameters: > > @hook - Cannot be NULL. Represents the hook the filter will be > > attached to. Requirements for ifindex and attach_point are > > same as described in bpf_tc_hook_create, but BPF_TC_CUSTOM > > is also supported. In that case, parent must be set to the > > handle where the filter will be attached (using TC_H_MAKE). > > > > E.g. To set parent to 1:16 like in tc command line, > > the equivalent would be TC_H_MAKE(1 << 16, 16) > > > > @opts - Cannot be NULL. > > > > The following opts are optional: > > handle - The handle of the filter > > priority - The priority of the filter > > Must be >= 0 and <= UINT16_MAX > > The following opts must be set: > > prog_fd - The fd of the loaded SCHED_CLS prog > > The following opts must be unset: > > prog_id - The ID of the BPF prog > > > > The following opts will be filled by bpf_tc_attach on a > > successful attach operation if they are unset: > > handle - The handle of the attached filter > > priority - The priority of the attached filter > > prog_id - The ID of the attached SCHED_CLS prog > > > > This way, the user can know what the auto allocated > > values for optional opts like handle and priority are > > for the newly attached filter, if they were unset. > > > > Note that some other attributes are set to some default > > values listed below (this holds for all bpf_tc_* APIs): > > protocol - ETH_P_ALL > > mode - direct action > > chain index - 0 > > class ID - 0 (this can be set by writing to the > > skb->tc_classid field from the BPF program) > > > > @flags - Currently only BPF_TC_F_REPLACE, which creates filter > > in non-exclusive mode (i.e. an existing filter with the > > same attributes will be replaced instead of this > > function failing with -EEXIST). > > > > bpf_tc_detach > > Parameters: > > @hook: Cannot be NULL. Represents the hook the filter will be > > detached from. Requirements are same as described above > > in bpf_tc_attach. > > > > @opts: Cannot be NULL. > > > > The following opts must be set: > > handle > > priority > > The following opts must be unset: > > prog_fd > > prog_id > > > > bpf_tc_query > > Parameters: > > @hook: Cannot be NULL. Represents the hook where the filter > > lookup will be performed. Requires are same as described > > above in bpf_tc_attach. > > > > @opts: Can be NULL. > > > > The following opts are optional: > > handle > > priority > > prog_fd > > prog_id > > > > However, only one of prog_fd and prog_id must be > > set. Setting both leads to an error. Setting none is > > allowed. > > > > The following fields will be filled by bpf_tc_query on a > > successful lookup if they are unset: > > handle > > priority > > prog_id > > > > Based on the specified optional parameters, the matching > > data for the first matching filter is filled in and 0 is > > returned. When setting prog_fd, the prog_id will be > > matched against prog_id of the loaded SCHED_CLS prog > > represented by prog_fd. > > > > To uniquely identify a filter, e.g. to detect its presence, > > it is recommended to set both handle and priority fields. > > > > Some usage examples (using bpf skeleton infrastructure): > > > > BPF program (test_tc_bpf.c): > > > > #include <linux/bpf.h> > > #include <bpf/bpf_helpers.h> > > > > SEC("classifier") > > int cls(struct __sk_buff *skb) > > { > > return 0; > > } > > > > Userspace loader: > > > > DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts, 0); > > struct test_tc_bpf *skel = NULL; > > int fd, r; > > > > skel = test_tc_bpf__open_and_load(); > > if (!skel) > > return -ENOMEM; > > > > fd = bpf_program__fd(skel->progs.cls); > > > > DECLARE_LIBBPF_OPTS(bpf_tc_hook, hook, .ifindex = > > if_nametoindex("lo"), .attach_point = > > BPF_TC_INGRESS); > > /* Create clsact qdisc */ > > r = bpf_tc_hook_create(&hook, 0); > > if (r < 0) > > goto end; > > > > DECLARE_LIBBPF_OPTS(bpf_tc_opts, opts, .prog_fd = fd); > > I don't feel too strongly about this w.r.t. example, but > DECLARE_LIBBPF_OPTS() does declare a variable, so according to C89 all > such declarations should be gathered at the top. It would be nice to > stick to this in the example, but I can see how such locality is a bit > better for educational purposes, so I'm ok with that as well. > > > r = bpf_tc_attach(&hook, &opts, 0); > > if (r < 0) > > goto end; > > /* Print the auto allocated handle and priority */ > > printf("Handle=%"PRIu32", opts.handle); > > let's drop PRIu32, libbpf doesn't use it so let's not use it as an > example, %u would work fine here > Ok, will drop. > > printf("Priority=%"PRIu32", opts.priority); > > > > opts.prog_fd = opts.prog_id = 0; > > bpf_tc_detach(&hook, &opts); > > end: > > test_tc_bpf__destroy(skel); > > > > This is equivalent to doing the following using tc command line: > > # tc qdisc add dev lo clsact > > # tc filter add dev lo ingress bpf obj foo.o sec classifier da > > > > Another example replacing a filter (extending prior example): > > > > /* We can also choose both (or one), let's try replacing an > > * existing filter. > > */ > > DECLARE_LIBBPF_OPTS(bpf_tc_opts, replace_opts, .handle = > > opts.handle, .priority = opts.priority, > > .prog_fd = fd); > > r = bpf_tc_attach(&hook, &replace_opts, 0); > > if (r < 0 && r == -EEXIST) { > > again, == -EEXISTS implies r < 0, this just looks sloppy > > > /* Expected, now use BPF_TC_F_REPLACE to replace it */ > > return bpf_tc_attach(&hook, &replace_opts, BPF_TC_F_REPLACE); > > } else if (r == 0) { > > I'd go with > > else if (r < 0) { > return r; > } > > /* handle happy case without unnecessary nesting */ > Ok. > > /* There must be no existing filter with these > > * attributes, so cleanup and return an error. > > */ > > replace_opts.prog_fd = replace_opts.prog_id = 0; > > r = bpf_tc_detach(&hook, &replace_opts); > > if (r == 0) > > r = -1; > > just return -1; > Ok. > > } > > return r; > > > > To obtain info of a particular filter: > > > > /* Find info for filter with handle 1 and priority 50 */ > > DECLARE_LIBBPF_OPTS(bpf_tc_opts, info_opts, .handle = 1, > > .priority = 50); > > r = bpf_tc_query(&hook, &info_opts); > > if (r < 0 && r == -ENOENT) > > printf("Filter not found"); > > else if (r == 0) > > printf("Prog ID: %"PRIu32", info_opts.prog_id); > > same about PRI and r < 0 > > > return r; > > > > We can also match using prog_id to find the same filter: > > > > DECLARE_LIBBPF_OPTS(bpf_tc_opts, info_opts2, .prog_id = > > info_opts.prog_id); > > r = bpf_tc_query(&hook, &info_opts2); > > if (r < 0 && r == -ENOENT) > > printf("Filter not found"); > > else if (r == 0) { > > /* If we know there's only one filter for this loaded prog, > > * it is safe to assert that the handle and priority are > > * as expected. > > */ > > assert(info_opts2.handle == 1); > > assert(info_opts2.priority == 50); > > } > > return r; > > > > Reviewed-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx> > > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> > > --- > > API looks good to me (except the flags field that just stands out). > But I'll defer to Daniel to make the final call. > > > tools/lib/bpf/libbpf.h | 41 ++++ > > tools/lib/bpf/libbpf.map | 5 + > > tools/lib/bpf/netlink.c | 463 ++++++++++++++++++++++++++++++++++++++- > > 3 files changed, 508 insertions(+), 1 deletion(-) > > > > diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h > > index bec4e6a6e31d..3de701f46a33 100644 > > --- a/tools/lib/bpf/libbpf.h > > +++ b/tools/lib/bpf/libbpf.h > > @@ -775,6 +775,47 @@ LIBBPF_API int bpf_linker__add_file(struct bpf_linker *linker, const char *filen > > LIBBPF_API int bpf_linker__finalize(struct bpf_linker *linker); > > LIBBPF_API void bpf_linker__free(struct bpf_linker *linker); > > > > +enum bpf_tc_attach_point { > > + BPF_TC_INGRESS = 1 << 0, > > + BPF_TC_EGRESS = 1 << 1, > > + BPF_TC_CUSTOM = 1 << 2, > > +}; > > + > > +enum bpf_tc_attach_flags { > > + BPF_TC_F_REPLACE = 1 << 0, > > +}; > > + > > +struct bpf_tc_hook { > > + size_t sz; > > + int ifindex; > > + enum bpf_tc_attach_point attach_point; > > + __u32 parent; > > + size_t :0; > > +}; > > + > > +#define bpf_tc_hook__last_field parent > > + > > +struct bpf_tc_opts { > > + size_t sz; > > + int prog_fd; > > + __u32 prog_id; > > + __u32 handle; > > + __u32 priority; > > + size_t :0; > > +}; > > + > > +#define bpf_tc_opts__last_field priority > > + > > +LIBBPF_API int bpf_tc_hook_create(struct bpf_tc_hook *hook, int flags); > > +LIBBPF_API int bpf_tc_hook_destroy(struct bpf_tc_hook *hook); > > +LIBBPF_API int bpf_tc_attach(const struct bpf_tc_hook *hook, > > + struct bpf_tc_opts *opts, > > + int flags); > > why didn't you put flags into bpf_tc_opts? they are clearly optional > and fit into "opts" paradigm... > I can move this into opts, but during previous discussion it was kept outside opts by Daniel, so I kept that unchanged. > > +LIBBPF_API int bpf_tc_detach(const struct bpf_tc_hook *hook, > > + const struct bpf_tc_opts *opts); > > +LIBBPF_API int bpf_tc_query(const struct bpf_tc_hook *hook, > > + struct bpf_tc_opts *opts); > > + > > #ifdef __cplusplus > > } /* extern "C" */ > > #endif > > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map > > index b9b29baf1df8..04509c7c144b 100644 > > --- a/tools/lib/bpf/libbpf.map > > +++ b/tools/lib/bpf/libbpf.map > > @@ -361,4 +361,9 @@ LIBBPF_0.4.0 { > > bpf_linker__new; > > bpf_map__inner_map; > > bpf_object__set_kversion; > > + bpf_tc_hook_create; > > + bpf_tc_hook_destroy; > > please keep this alphabetically sorted > Ok. > > + bpf_tc_attach; > > + bpf_tc_detach; > > + bpf_tc_query; > > } LIBBPF_0.3.0; > > diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c > > index 6daee6640725..88f7b6144c78 100644 > > --- a/tools/lib/bpf/netlink.c > > +++ b/tools/lib/bpf/netlink.c > > @@ -4,7 +4,11 @@ > > #include <stdlib.h> > > #include <memory.h> > > #include <unistd.h> > > +#include <inttypes.h> > > +#include <arpa/inet.h> > > #include <linux/bpf.h> > > +#include <linux/if_ether.h> > > +#include <linux/pkt_cls.h> > > #include <linux/rtnetlink.h> > > #include <sys/socket.h> > > #include <errno.h> > > @@ -73,6 +77,12 @@ static int libbpf_netlink_open(__u32 *nl_pid) > > return ret; > > } > > > > +enum { > > + BPF_NL_CONT, > > + BPF_NL_NEXT, > > + BPF_NL_DONE, > > +}; > > + > > static int bpf_netlink_recv(int sock, __u32 nl_pid, int seq, > > __dump_nlmsg_t _fn, libbpf_dump_nlmsg_t fn, > > void *cookie) > > @@ -84,6 +94,7 @@ static int bpf_netlink_recv(int sock, __u32 nl_pid, int seq, > > int len, ret; > > > > while (multipart) { > > +start: > > multipart = false; > > len = recv(sock, buf, sizeof(buf), 0); > > if (len < 0) { > > @@ -121,8 +132,18 @@ static int bpf_netlink_recv(int sock, __u32 nl_pid, int seq, > > } > > if (_fn) { > > ret = _fn(nh, fn, cookie); > > - if (ret) > > + if (ret < 0) > > + return ret; > > + switch (ret) { > > + case BPF_NL_CONT: > > + break; > > + case BPF_NL_NEXT: > > + goto start; > > + case BPF_NL_DONE: > > + return 0; > > + default: > > return ret; > > + } > > } > > } > > } > > @@ -357,3 +378,443 @@ static int libbpf_nl_send_recv(struct nlmsghdr *nh, __dump_nlmsg_t fn, > > close(sock); > > return ret; > > } > > + > > +/* TC-HOOK */ > > + > > +typedef int (*qdisc_config_t)(struct nlmsghdr *nh, struct tcmsg *t, > > + size_t maxsz); > > + > > +static int clsact_config(struct nlmsghdr *nh, struct tcmsg *t, size_t maxsz) > > +{ > > + int ret; > > + > > + t->tcm_parent = TC_H_CLSACT; > > + t->tcm_handle = TC_H_MAKE(TC_H_CLSACT, 0); > > + > > + ret = nlattr_add(nh, maxsz, TCA_KIND, "clsact", sizeof("clsact")); > > + if (ret < 0) > > + return ret; > > + > > + return 0; > > nit: return nlattr_add(...) > Will fix. > > +} > > + > > +static int attach_point_to_config(struct bpf_tc_hook *hook, qdisc_config_t *configp) > > +{ > > + if (!hook) > > + return -EINVAL; > > !hook should be already ensured by calling functions, no need to > re-check this everywhere, do this only in API methods. All internal > functions should already ensure non-NULL, otherwise it's a bug. > Right, will fix. > > + > > + switch ((int)OPTS_GET(hook, attach_point, 0)) { > > is int casting necessary here? > > > + case BPF_TC_INGRESS: > > + case BPF_TC_EGRESS: > > + case BPF_TC_INGRESS|BPF_TC_EGRESS: > > + if (OPTS_GET(hook, parent, 0)) > > + return -EINVAL; > > + *configp = &clsact_config; > > + break; > > + case BPF_TC_CUSTOM: > > + return -EOPNOTSUPP; > > + default: > > + return -EINVAL; > > + } > > + > > + return 0; > > +} > > + > > +static long long int tc_get_tcm_parent(enum bpf_tc_attach_point attach_point, > > + __u32 parent) > > +{ > > + long long int ret; > > + > > + switch (attach_point) { > > + case BPF_TC_INGRESS: > > + if (parent) > > + return -EINVAL; > > + ret = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS); > > direct return > > > + break; > > + case BPF_TC_EGRESS: > > + if (parent) > > + return -EINVAL; > > + ret = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS); > > same, make it explicit that we are done and it's the final value returned > > > + break; > > + case BPF_TC_CUSTOM: > > + if (!parent) > > + return -EINVAL; > > + ret = parent; > > + break; > > + default: > > + return -EINVAL; > > + } > > + > > + return ret; > > +} > > + > > +static int tc_qdisc_modify(struct bpf_tc_hook *hook, int cmd, int flags) > > +{ > > + qdisc_config_t config; > > + int ret = 0; > > unnecessary initialization, some tooling definitely will complain, > please drop = 0 part > > > + struct { > > + struct nlmsghdr nh; > > + struct tcmsg t; > > + char buf[256]; > > + } req; > > + > > + ret = attach_point_to_config(hook, &config); > > + if (ret < 0) > > + return ret; > > + > > + memset(&req, 0, sizeof(req)); > > + req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)); > > + req.nh.nlmsg_flags = > > + NLM_F_REQUEST | NLM_F_ACK | flags; > > we can go up to 100 character lines, keep it on single line > > > + req.nh.nlmsg_type = cmd; > > + req.t.tcm_family = AF_UNSPEC; > > + req.t.tcm_ifindex = OPTS_GET(hook, ifindex, 0); > > + > > + ret = config(&req.nh, &req.t, sizeof(req)); > > + if (ret < 0) > > + return ret; > > + > > + ret = libbpf_nl_send_recv(&req.nh, NULL, NULL, NULL); > > + if (ret < 0) > > + return ret; > > + > > + return 0; > > +} > > + > > +static int tc_qdisc_create_excl(struct bpf_tc_hook *hook, int flags) > > +{ > > + flags = flags & BPF_TC_F_REPLACE ? NLM_F_REPLACE : NLM_F_EXCL; > > see below as well, please use () around bit operators > Right. > > + return tc_qdisc_modify(hook, RTM_NEWQDISC, NLM_F_CREATE | flags); > > +} > > + > > +static int tc_qdisc_delete(struct bpf_tc_hook *hook) > > +{ > > + return tc_qdisc_modify(hook, RTM_DELQDISC, 0); > > +} > > + > > +int bpf_tc_hook_create(struct bpf_tc_hook *hook, int flags) > > +{ > > + if (!hook || !OPTS_VALID(hook, bpf_tc_hook)) > > + return -EINVAL; > > + if (OPTS_GET(hook, ifindex, 0) <= 0 || flags & ~BPF_TC_F_REPLACE) > > please use () around bit operators > Ok. > > + return -EINVAL; > > + > > + return tc_qdisc_create_excl(hook, flags); > > +} > > + > > +static int tc_cls_detach(const struct bpf_tc_hook *hook, > > + const struct bpf_tc_opts *opts, bool flush); > > + > > +int bpf_tc_hook_destroy(struct bpf_tc_hook *hook) > > +{ > > + if (!hook || !OPTS_VALID(hook, bpf_tc_hook) || > > + OPTS_GET(hook, ifindex, 0) <= 0) > > + return -EINVAL; > > + > > + switch ((int)OPTS_GET(hook, attach_point, 0)) { > > int casting. Did the compiler complain about that or what? > It complains on -Wswitch, as we switch on values apart from the enum values, but I'll see if I can remove it. > > + case BPF_TC_INGRESS: > > + case BPF_TC_EGRESS: > > + return tc_cls_detach(hook, NULL, true); > > + case BPF_TC_INGRESS|BPF_TC_EGRESS: > > + return tc_qdisc_delete(hook); > > + case BPF_TC_CUSTOM: > > + return -EOPNOTSUPP; > > + default: > > + return -EINVAL; > > + } > > +} > > + > > +struct pass_info { > > + struct bpf_tc_opts *opts; > > + __u32 match_prog_id; > > + bool processed; > > +}; > > + > > +/* TC-BPF */ > > + > > +static int tc_cls_add_fd_and_name(struct nlmsghdr *nh, size_t maxsz, int fd) > > +{ > > + struct bpf_prog_info info = {}; > > + char name[256] = {}; > > you are unconditionally snprintf()'ing into name, don't unnecessarily > initialize it > Ok. > > + int len, ret; > > + > > + ret = bpf_obj_get_info_by_fd(fd, &info, &(__u32){sizeof(info)}); > > that sizeof part... even if that works reliably, stick to normal use > pattern, have a local variable for that. It can be overwritten by the > kernel. > > you can re-use len for this, btw > Ok, will fix everywhere. > > + if (ret < 0) > > + return ret; > > + > > + ret = nlattr_add(nh, maxsz, TCA_BPF_FD, &fd, sizeof(fd)); > > + if (ret < 0) > > + return ret; > > + > > + len = snprintf(name, sizeof(name), "%s:[%" PRIu32 "]", info.name, > > libbpf doesn't use PRI modifiers, use %u > Ok. > > + info.id); > > + if (len < 0 || len >= sizeof(name)) > > + return len < 0 ? -EINVAL : -ENAMETOOLONG; > > if (len < 0) > return -errno; > if (len >= sizeof(name)) > return -ENAMETOOLONG; > Ok. > > + > > + return nlattr_add(nh, maxsz, TCA_BPF_NAME, name, len + 1); > > +} > > + > > + > > +static int cls_get_info(struct nlmsghdr *nh, libbpf_dump_nlmsg_t fn, > > + void *cookie); > > + > > +int bpf_tc_attach(const struct bpf_tc_hook *hook, > > + struct bpf_tc_opts *opts, int flags) > > +{ > > + __u32 protocol = 0, bpf_flags; > > + struct pass_info info = {}; > > + long long int tcm_parent; > > + struct nlattr *nla; > > + int ret; > > + struct { > > + struct nlmsghdr nh; > > + struct tcmsg t; > > + char buf[256]; > > + } req; > > + > > + if (!hook || !opts || !OPTS_VALID(hook, bpf_tc_opts) || > > + !OPTS_VALID(opts, bpf_tc_opts)) > > + return -EINVAL; > > + if (OPTS_GET(hook, ifindex, 0) <= 0 || !OPTS_GET(opts, prog_fd, 0) || > > + OPTS_GET(opts, prog_id, 0)) > > + return -EINVAL; > > + if (OPTS_GET(opts, priority, 0) > UINT16_MAX) > > + return -EINVAL; > > + if (flags & ~BPF_TC_F_REPLACE) > > + return -EINVAL; > > + > > + protocol = ETH_P_ALL; > > + flags = flags & BPF_TC_F_REPLACE ? NLM_F_REPLACE : NLM_F_EXCL; > > () > > > + > > + memset(&req, 0, sizeof(req)); > > + req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)); > > + req.nh.nlmsg_flags = > > + NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE | NLM_F_ECHO | flags; > > + req.nh.nlmsg_type = RTM_NEWTFILTER; > > + req.t.tcm_family = AF_UNSPEC; > > + req.t.tcm_handle = OPTS_GET(opts, handle, 0); > > + req.t.tcm_ifindex = OPTS_GET(hook, ifindex, 0); > > you are OPTS_GET()ing same stuff multiple times, it might look cleaner > to use local variables for that. It will be faster also, but that's > not important here. > > > + req.t.tcm_info = TC_H_MAKE(OPTS_GET(opts, priority, 0) << 16, htons(protocol)); > > + > > + tcm_parent = tc_get_tcm_parent(OPTS_GET(hook, attach_point, 0), OPTS_GET(hook, parent, 0)); > > and this will be much shorter, positively, please use local variables > for all those input fields you care about > Ok, will fix. > > + if (tcm_parent < 0) > > + return tcm_parent; > > + req.t.tcm_parent = tcm_parent; > > + > > + ret = nlattr_add(&req.nh, sizeof(req), TCA_KIND, "bpf", sizeof("bpf")); > > + if (ret < 0) > > + return ret; > > + > > + nla = nlattr_begin_nested(&req.nh, sizeof(req), TCA_OPTIONS); > > + if (!nla) > > + return -EMSGSIZE; > > + > > + ret = tc_cls_add_fd_and_name(&req.nh, sizeof(req), OPTS_GET(opts, prog_fd, 0)); > > + if (ret < 0) > > + return ret; > > + > > + /* direct action mode is always enabled */ > > + bpf_flags = TCA_BPF_FLAG_ACT_DIRECT; > > + ret = nlattr_add(&req.nh, sizeof(req), TCA_BPF_FLAGS, > > + &bpf_flags, sizeof(bpf_flags)); > > + if (ret < 0) > > + return ret; > > + > > + nlattr_end_nested(&req.nh, nla); > > + > > + info.opts = opts; > > + > > + ret = libbpf_nl_send_recv(&req.nh, &cls_get_info, NULL, &info); > > + if (ret < 0) > > + return ret; > > + > > + /* Failed to process unicast response */ > > + if (!info.processed) > > + ret = -ENOENT; > > just return directly, you just did that multiple times above, why this > one is special? > Yes, this can be a direct return. A lot of this is just oversight from the constant rewriting etc. > > + > > + return ret; > > +} > > + > > +static int tc_cls_detach(const struct bpf_tc_hook *hook, > > + const struct bpf_tc_opts *opts, bool flush) > > +{ > > + long long int tcm_parent; > > + __u32 protocol = 0; > > + int ret, c; > > + struct { > > + struct nlmsghdr nh; > > + struct tcmsg t; > > + char buf[256]; > > + } req; > > + > > + if (!hook || !OPTS_VALID(hook, bpf_tc_opts) || > > + !OPTS_VALID(opts, bpf_tc_opts)) > > + return -EINVAL; > > + if (OPTS_GET(hook, ifindex, 0) <= 0 || OPTS_GET(opts, prog_fd, 0) || > > + OPTS_GET(opts, prog_id, 0)) > > + return -EINVAL; > > + c = !!OPTS_GET(opts, handle, 0) + !!OPTS_GET(opts, priority, 0); > > + if ((flush && c != 0) || (!flush && c != 2)) > > + return -EINVAL; > > arithmetics here looks pretty ugly, would it be too bad with logical checks? > I'll do it with logical checks, this was just shorter. > > + if (OPTS_GET(opts, priority, 0) > UINT16_MAX) > > + return -EINVAL; > > + > > + if (!flush) > > + protocol = ETH_P_ALL; > > + > > + memset(&req, 0, sizeof(req)); > > + req.nh.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)); > > + req.nh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; > > + req.nh.nlmsg_type = RTM_DELTFILTER; > > + req.t.tcm_family = AF_UNSPEC; > > + if (!flush) > > + req.t.tcm_handle = OPTS_GET(opts, handle, 0); > > + req.t.tcm_ifindex = OPTS_GET(hook, ifindex, 0); > > + if (!flush) > > + req.t.tcm_info = TC_H_MAKE(OPTS_GET(opts, priority, 0) << 16, > > OPTS_GET()s just make everything uglier and unnecessarily verbose > > > + htons(protocol)); > > + > > + tcm_parent = tc_get_tcm_parent(OPTS_GET(hook, attach_point, 0), OPTS_GET(hook, parent, 0)); > > + if (tcm_parent < 0) > > + return tcm_parent; > > + req.t.tcm_parent = tcm_parent; > > + > > + if (!flush) { > > + ret = nlattr_add(&req.nh, sizeof(req), TCA_KIND, "bpf", sizeof("bpf")); > > + if (ret < 0) > > + return ret; > > + } > > + > > + return libbpf_nl_send_recv(&req.nh, NULL, NULL, NULL); > > +} > > + > > [...] > > > + tcm_parent = tc_get_tcm_parent(OPTS_GET(hook, attach_point, 0), OPTS_GET(hook, parent, 0)); > > + if (tcm_parent < 0) > > + return tcm_parent; > > + req.t.tcm_parent = tcm_parent; > > + > > + ret = nlattr_add(&req.nh, sizeof(req), TCA_KIND, "bpf", sizeof("bpf")); > > + if (ret < 0) > > + return ret; > > + > > + if (OPTS_GET(opts, prog_fd, 0)) { > > + struct bpf_prog_info info = {}; > > + ret = bpf_obj_get_info_by_fd(OPTS_GET(opts, prog_fd, 0), &info, &(__u32){sizeof(info)}); > > same as before, use dedicated variable > > > + if (ret < 0) > > + return ret; > > + > > + pinfo.match_prog_id = info.id; > > + } else > > + pinfo.match_prog_id = OPTS_GET(opts, prog_id, 0); > > when one branch of if has {}, the other one has to have it as well, please fix > Ok. > > + > > + pinfo.opts = opts; > > + > > + ret = libbpf_nl_send_recv(&req.nh, cls_get_info, NULL, &pinfo); > > + if (ret < 0) > > + return ret; > > + > > + if (!pinfo.processed) > > + ret = -ENOENT; > > direct return > Ok. > > + > > + return ret; > > +} > > -- > > 2.30.2 > > -- Kartikeya