xdp2skb_meta.sh - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
xdp2skb_meta.sh (4610B)
      1#!/bin/bash
      2#
      3# SPDX-License-Identifier: GPL-2.0
      4# Copyright (c) 2018 Jesper Dangaard Brouer, Red Hat Inc.
      5#
      6# Bash-shell example on using iproute2 tools 'tc' and 'ip' to load
      7# eBPF programs, both for XDP and clsbpf.  Shell script function
      8# wrappers and even long options parsing is illustrated, for ease of
      9# use.
     10#
     11# Related to sample/bpf/xdp2skb_meta_kern.c, which contains BPF-progs
     12# that need to collaborate between XDP and TC hooks.  Thus, it is
     13# convenient that the same tool load both programs that need to work
     14# together.
     15#
     16BPF_FILE=xdp2skb_meta_kern.o
     17DIR=$(dirname $0)
     18
     19[ -z "$TC" ] && TC=tc
     20[ -z "$IP" ] && IP=ip
     21
     22function usage() {
     23    echo ""
     24    echo "Usage: $0 [-vfh] --dev ethX"
     25    echo "  -d | --dev     :             Network device (required)"
     26    echo "  --flush        :             Cleanup flush TC and XDP progs"
     27    echo "  --list         : (\$LIST)     List TC and XDP progs"
     28    echo "  -v | --verbose : (\$VERBOSE)  Verbose"
     29    echo "  --dry-run      : (\$DRYRUN)   Dry-run only (echo commands)"
     30    echo ""
     31}
     32
     33## -- General shell logging cmds --
     34function err() {
     35    local exitcode=$1
     36    shift
     37    echo "ERROR: $@" >&2
     38    exit $exitcode
     39}
     40
     41function info() {
     42    if [[ -n "$VERBOSE" ]]; then
     43	echo "# $@"
     44    fi
     45}
     46
     47## -- Helper function calls --
     48
     49# Wrapper call for TC and IP
     50# - Will display the offending command on failure
     51function _call_cmd() {
     52    local cmd="$1"
     53    local allow_fail="$2"
     54    shift 2
     55    if [[ -n "$VERBOSE" ]]; then
     56	echo "$cmd $@"
     57    fi
     58    if [[ -n "$DRYRUN" ]]; then
     59	return
     60    fi
     61    $cmd "$@"
     62    local status=$?
     63    if (( $status != 0 )); then
     64	if [[ "$allow_fail" == "" ]]; then
     65	    err 2 "Exec error($status) occurred cmd: \"$cmd $@\""
     66	fi
     67    fi
     68}
     69function call_tc() {
     70    _call_cmd "$TC" "" "$@"
     71}
     72function call_tc_allow_fail() {
     73    _call_cmd "$TC" "allow_fail" "$@"
     74}
     75function call_ip() {
     76    _call_cmd "$IP" "" "$@"
     77}
     78
     79##  --- Parse command line arguments / parameters ---
     80# Using external program "getopt" to get --long-options
     81OPTIONS=$(getopt -o vfhd: \
     82    --long verbose,flush,help,list,dev:,dry-run -- "$@")
     83if (( $? != 0 )); then
     84    err 4 "Error calling getopt"
     85fi
     86eval set -- "$OPTIONS"
     87
     88unset DEV
     89unset FLUSH
     90while true; do
     91    case "$1" in
     92	-d | --dev ) # device
     93	    DEV=$2
     94	    info "Device set to: DEV=$DEV" >&2
     95	    shift 2
     96	    ;;
     97	-v | --verbose)
     98	    VERBOSE=yes
     99	    # info "Verbose mode: VERBOSE=$VERBOSE" >&2
    100	    shift
    101	    ;;
    102	--dry-run )
    103	    DRYRUN=yes
    104	    VERBOSE=yes
    105	    info "Dry-run mode: enable VERBOSE and don't call TC+IP" >&2
    106	    shift
    107            ;;
    108	-f | --flush )
    109	    FLUSH=yes
    110	    shift
    111	    ;;
    112	--list )
    113	    LIST=yes
    114	    shift
    115	    ;;
    116	-- )
    117	    shift
    118	    break
    119	    ;;
    120	-h | --help )
    121	    usage;
    122	    exit 0
    123	    ;;
    124	* )
    125	    shift
    126	    break
    127	    ;;
    128    esac
    129done
    130
    131FILE="$DIR/$BPF_FILE"
    132if [[ ! -e $FILE ]]; then
    133    err 3 "Missing BPF object file ($FILE)"
    134fi
    135
    136if [[ -z $DEV ]]; then
    137    usage
    138    err 2 "Please specify network device -- required option --dev"
    139fi
    140
    141## -- Function calls --
    142
    143function list_tc()
    144{
    145    local device="$1"
    146    shift
    147    info "Listing current TC ingress rules"
    148    call_tc filter show dev $device ingress
    149}
    150
    151function list_xdp()
    152{
    153    local device="$1"
    154    shift
    155    info "Listing current XDP device($device) setting"
    156    call_ip link show dev $device | grep --color=auto xdp
    157}
    158
    159function flush_tc()
    160{
    161    local device="$1"
    162    shift
    163    info "Flush TC on device: $device"
    164    call_tc_allow_fail filter del dev $device ingress
    165    call_tc_allow_fail qdisc del dev $device clsact
    166}
    167
    168function flush_xdp()
    169{
    170    local device="$1"
    171    shift
    172    info "Flush XDP on device: $device"
    173    call_ip link set dev $device xdp off
    174}
    175
    176function attach_tc_mark()
    177{
    178    local device="$1"
    179    local file="$2"
    180    local prog="tc_mark"
    181    shift 2
    182
    183    # Re-attach clsact to clear/flush existing role
    184    call_tc_allow_fail qdisc del dev $device clsact 2> /dev/null
    185    call_tc            qdisc add dev $device clsact
    186
    187    # Attach BPF prog
    188    call_tc filter add dev $device ingress \
    189	    prio 1 handle 1 bpf da obj $file sec $prog
    190}
    191
    192function attach_xdp_mark()
    193{
    194    local device="$1"
    195    local file="$2"
    196    local prog="xdp_mark"
    197    shift 2
    198
    199    # Remove XDP prog in-case it's already loaded
    200    # TODO: Need ip-link option to override/replace existing XDP prog
    201    flush_xdp $device
    202
    203    # Attach XDP/BPF prog
    204    call_ip link set dev $device xdp obj $file sec $prog
    205}
    206
    207if [[ -n $FLUSH ]]; then
    208    flush_tc  $DEV
    209    flush_xdp $DEV
    210    exit 0
    211fi
    212
    213if [[ -n $LIST ]]; then
    214    list_tc  $DEV
    215    list_xdp $DEV
    216    exit 0
    217fi
    218
    219attach_tc_mark  $DEV $FILE
    220attach_xdp_mark $DEV $FILE