Struct libbpf_rs::TcHook

source · [−]

pub struct TcHook { /* private fields */ }

Expand description

The BPF TC subsystem has different control paths from other BPF programs As such a BPF program using a TC Hook (SEC(“classifier”) | SEC(“tc”)) must be operated more independently from other [libbpf-rs::Program]s.

Documentation about the libbpf TC interface can be found here https://lwn.net/ml/bpf/20210512103451.989420-3-memxor@gmail.com/

An example of using a BPF TC program can be seen in [examples/tc_whitelist_ports/src/main.rs]

Represents a Hook Point for a Traffic Control (TC) bpf program

The TcHook struct exposes operations to create, attach, query and destroy a bpf_tc_hook using the TC subsystem

Implementations

source

impl TcHook

source

pub fn new(fd: i32) -> Self

Create a New TcHook given the file descriptor of the loaded SEC(“tc”) Program See: [libbpf-rs::Program]

source

pub fn create(&mut self) -> Result<Self>

create a new TcHook

if a TcHook already exists with the same parameters as the hook calling create(), this function will still succeed.

Will always fail on a TC_CUSTOM hook

source

pub fn ifindex(&mut self, idx: i32) -> &mut Self

Set the interface to be used

Interfaces can be listed by using ip link command from the iproute2 software package

source

pub fn attach_point(&mut self, ap: TcAttachPoint) -> &mut Self

Set what type of TC point to attach onto

TC_EGRESS, TC_INGRESS, or TC_CUSTOM

An TC_EGRESS|TC_INGRESS hook can be used as an attach_point for calling the destroy() method to remove the clsact bpf tc qdisc, but cannot be used to attach()

source

pub fn parent(&mut self, maj: u32, min: u32) -> &mut Self

Set the parent of a hook Will cause an EINVAL upon attach() if set upon an TC_EGRESS/TC_INGRESS/TC_EGRESS|TC_INGRESS hook

Must be set on a TC_CUSTOM hook Current acceptable values are TC_H_CLSACT for maj, and TC_H_MIN_EGRESS or TC_H_MIN_INGRESS for min

source

pub fn replace(&mut self, replace: bool) -> &mut Self

Set whether this hook should replace an existing hook

If replace is not true upon attach, and a hook already exists an EEXIST error will be returned from attach()

source

pub fn handle(&mut self, handle: u32) -> &mut Self

Set the handle of a hook. If unset upon attach, the kernel will assign a handle for the hook

source

pub fn priority(&mut self, priority: u32) -> &mut Self

Set the priority of a hook if unset upon attach, the kernel will assign a priority for the hook

source

pub fn query(&mut self) -> Result<u32>

Query a hook to inspect the program identifier (prog_id)

source

pub fn attach(&mut self) -> Result<Self>

Attach a filter to the TcHook so that the program starts processing

Once the hook is processing, changing the values will have no effect unless the hook is attach()’d again (replace(true) being required)

Users can create a second hook by changing the handle, the priority or the attach_point and calling the attach() method again. Beware doing this. It might be better to Copy the TcHook and change the values on the copied hook for easier detach()

NOTE: Once a TcHook is attached, it, and the maps it uses, will outlive the userspace application that spawned them Make sure to detach if this is not desired

source

pub fn detach(&mut self) -> Result<()>

Detach a filter from a TcHook

source

pub fn destroy(&mut self) -> Result<()>

Destroy attached filters

If called on a hook with an attach_point of EGRESS, will detach all EGRESS hooks If called on a hook with an attach_point of INGRESS, will detach all INGRESS hooks

If called on a hook with an attach_point of EGRESS|INGRESS, will destroy the clsact tc qdisc and detach all hooks

Will error with EOPNOTSUPP if attach_point is BPF_TC_CUSTOM

It is good practice to query before destroying as the tc qdisc may be used by multiple programs