linux/samples/bpf
Sargun Dhillon cf9b1199de samples/bpf: Add test/example of using bpf_probe_write_user bpf helper
This example shows using a kprobe to act as a dnat mechanism to divert
traffic for arbitrary endpoints. It rewrite the arguments to a syscall
while they're still in userspace, and before the syscall has a chance
to copy the argument into kernel space.

Although this is an example, it also acts as a test because the mapped
address is 255.255.255.255:555 -> real address, and that's not a legal
address to connect to. If the helper is broken, the example will fail
on the intermediate steps, as well as the final step to verify the
rewrite of userspace memory succeeded.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-25 18:07:48 -07:00
..
bpf_helpers.h bpf: Add bpf_probe_write_user BPF helper to be called in tracers 2016-07-25 18:07:48 -07:00
bpf_load.c Add sample for adding simple drop program to link 2016-07-19 21:46:32 -07:00
bpf_load.h
fds_example.c
lathist_kern.c
lathist_user.c
libbpf.c
libbpf.h
Makefile samples/bpf: Add test/example of using bpf_probe_write_user bpf helper 2016-07-25 18:07:48 -07:00
map_perf_test_kern.c
map_perf_test_user.c
offwaketime_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
offwaketime_user.c
parse_ldabs.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
parse_simple.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
parse_varlen.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
README.rst samples/bpf: like LLC also verify and allow redefining CLANG command 2016-04-29 14:26:08 -04:00
sock_example.c
sockex1_kern.c
sockex1_user.c
sockex2_kern.c
sockex2_user.c samples/bpf: set max locked memory to ulimited 2016-06-25 12:03:46 -04:00
sockex3_kern.c
sockex3_user.c samples/bpf: set max locked memory to ulimited 2016-06-25 12:03:46 -04:00
spintest_kern.c
spintest_user.c
tcbpf1_kern.c
test_cgrp2_array_pin.c cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cgrp2_tc_kern.c cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cgrp2_tc.sh cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cls_bpf.sh samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
test_maps.c
test_overhead_kprobe_kern.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_overhead_tp_kern.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_overhead_user.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_probe_write_user_kern.c samples/bpf: Add test/example of using bpf_probe_write_user bpf helper 2016-07-25 18:07:48 -07:00
test_probe_write_user_user.c samples/bpf: Add test/example of using bpf_probe_write_user bpf helper 2016-07-25 18:07:48 -07:00
test_verifier.c samples/bpf: add verifier tests 2016-05-06 16:01:54 -04:00
trace_output_kern.c samples/bpf: fix trace_output example 2016-04-28 17:29:45 -04:00
trace_output_user.c
tracex1_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex1_user.c
tracex2_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex2_user.c
tracex3_kern.c
tracex3_user.c
tracex4_kern.c
tracex4_user.c
tracex5_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex5_user.c
tracex6_kern.c
tracex6_user.c
xdp1_kern.c bpf: make xdp sample variable names more meaningful 2016-07-20 22:07:24 -07:00
xdp1_user.c Add sample for adding simple drop program to link 2016-07-19 21:46:32 -07:00
xdp2_kern.c bpf: make xdp sample variable names more meaningful 2016-07-20 22:07:24 -07:00

eBPF sample programs
====================

This directory contains a mini eBPF library, test stubs, verifier
test-suite and examples for using eBPF.

Build dependencies
==================

Compiling requires having installed:
 * clang >= version 3.4.0
 * llvm >= version 3.7.1

Note that LLVM's tool 'llc' must support target 'bpf', list version
and supported targets with command: ``llc --version``

Kernel headers
--------------

There are usually dependencies to header files of the current kernel.
To avoid installing devel kernel headers system wide, as a normal
user, simply call::

 make headers_install

This will creates a local "usr/include" directory in the git/build top
level directory, that the make system automatically pickup first.

Compiling
=========

For building the BPF samples, issue the below command from the kernel
top level directory::

 make samples/bpf/

Do notice the "/" slash after the directory name.

It is also possible to call make from this directory.  This will just
hide the the invocation of make as above with the appended "/".

Manually compiling LLVM with 'bpf' support
------------------------------------------

Since version 3.7.0, LLVM adds a proper LLVM backend target for the
BPF bytecode architecture.

By default llvm will build all non-experimental backends including bpf.
To generate a smaller llc binary one can use::

 -DLLVM_TARGETS_TO_BUILD="BPF"

Quick sniplet for manually compiling LLVM and clang
(build dependencies are cmake and gcc-c++)::

 $ git clone http://llvm.org/git/llvm.git
 $ cd llvm/tools
 $ git clone --depth 1 http://llvm.org/git/clang.git
 $ cd ..; mkdir build; cd build
 $ cmake .. -DLLVM_TARGETS_TO_BUILD="BPF;X86"
 $ make -j $(getconf _NPROCESSORS_ONLN)

It is also possible to point make to the newly compiled 'llc' or
'clang' command via redefining LLC or CLANG on the make command line::

 make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang