Re: [PATCH bpf-next v2 5/6] tools: bpftool: print netfilter link info

Florian Westphal <fw@xxxxxxxxx> · Fri, 14 Apr 2023 12:41:21 +0200

Quentin Monnet <quentin@xxxxxxxxxxxxx> wrote:
> On Thu, 13 Apr 2023 at 14:36, Florian Westphal <fw@xxxxxxxxx> wrote:
> >
> > Dump protocol family, hook and priority value:
> > $ bpftool link
> > 2: type 10  prog 20
> 
> Could you please update link_type_name in libbpf (libbpf.c) so that we
> display "netfilter" here instead of "type 10"?

Done.

> > diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> > index 3823100b7934..c93febc4c75f 100644
> > --- a/tools/include/uapi/linux/bpf.h
> > +++ b/tools/include/uapi/linux/bpf.h
> > @@ -986,6 +986,7 @@ enum bpf_prog_type {
> >         BPF_PROG_TYPE_LSM,
> >         BPF_PROG_TYPE_SK_LOOKUP,
> >         BPF_PROG_TYPE_SYSCALL, /* a program that can execute syscalls */
> > +       BPF_PROG_TYPE_NETFILTER,
> 
> If netfilter programs could be loaded with bpftool, we'd need to
> update bpftool's docs. But I don't think this is the case, right?

bpftool prog load nftest.o /sys/fs/bpf/nftest

will work, but the program isn't attached anywhere.

> don't currently have a way to pass the pf, hooknum, priority and flags
> necessary to load the program with "bpftool prog load" so it would
> fail?

I don't know how to make it work to actually attach it, because
the hook is unregistered when the link fd is closed.

So either bpftool would have to fork and auto-daemon (maybe
unexpected...) or wait/block until CTRL-C.

This also needs new libbpf api AFAICS because existing bpf_link
are specific to the program type, so I'd have to add something like:

struct bpf_link *
bpf_program__attach_netfilter(const struct bpf_program *prog,
			      const struct bpf_netfilter_opts *opts)

Advice welcome.

> Have you considered listing netfilter programs in the output of
> "bpftool net" as well? Given that they're related to networking, it
> would maybe make sense to have them listed alongside XDP, TC, and flow
> dissector programs?

I could print the same output that 'bpf link' already shows.

Not sure on the real distinction between those two here.

When should I use 'bpftool link' and when 'bpftool net', and what info
and features should either of these provide for netfilter programs?