Merge pull request #42 from olsajiri/tracing

Add tracing examples from @olsajiri

Author: netoptimizer

common/common.mk

@@ -38,11 +38,13 @@ EXTRA_DEPS +=
 # BPF-prog kern and userspace shares struct via header file:
 KERN_USER_H ?= $(wildcard common_kern_user.h)
 
-CFLAGS ?= -I$(LIBBPF_DIR)/root/usr/include/ -I/usr/include/x86_64-linux-gnu
+CFLAGS ?= -I$(LIBBPF_DIR)/root/usr/include/ -g
+# Extra include for Ubuntu issue #44
+CFLAGS += -I/usr/include/x86_64-linux-gnu
 CFLAGS += -I../headers/
 LDFLAGS ?= -L$(LIBBPF_DIR)
 
-LIBS = -l:libbpf.a -lelf
+LIBS = -l:libbpf.a -lelf $(USER_LIBS)
 
 all: llvm-check $(USER_TARGETS) $(XDP_OBJ) $(COPY_LOADER) $(COPY_STATS)
 

common/common_defines.h

@@ -1,6 +1,10 @@
 #ifndef __COMMON_DEFINES_H
 #define __COMMON_DEFINES_H
 
+#include <net/if.h>
+#include <linux/types.h>
+#include <stdbool.h>
+
 struct config {
 	__u32 xdp_flags;
 	int ifindex;

common/common_user_bpf_xdp.c

@@ -179,8 +179,9 @@ struct bpf_object *load_bpf_and_xdp_attach(struct config *cfg)
 	return bpf_obj;
 }
 
+#define XDP_UNKNOWN	XDP_REDIRECT + 1
 #ifndef XDP_ACTION_MAX
-#define XDP_ACTION_MAX (XDP_REDIRECT + 1)
+#define XDP_ACTION_MAX (XDP_UNKNOWN + 1)
 #endif
 
 static const char *xdp_action_names[XDP_ACTION_MAX] = {
@@ -189,6 +190,7 @@ static const char *xdp_action_names[XDP_ACTION_MAX] = {
 	[XDP_PASS]      = "XDP_PASS",
 	[XDP_TX]        = "XDP_TX",
 	[XDP_REDIRECT]  = "XDP_REDIRECT",
+	[XDP_UNKNOWN]	= "XDP_UNKNOWN",
 };
 
 const char *action2str(__u32 action)

headers/linux/err.h

@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+
+#ifndef __LINUX_ERR_H
+#define __LINUX_ERR_H
+
+#include <linux/types.h>
+#include <asm/errno.h>
+
+#define MAX_ERRNO       4095
+
+#define IS_ERR_VALUE(x) ((x) >= (unsigned long)-MAX_ERRNO)
+
+static inline void * ERR_PTR(long error_)
+{
+	return (void *) error_;
+}
+
+static inline long PTR_ERR(const void *ptr)
+{
+	return (long) ptr;
+}
+
+static inline bool IS_ERR(const void *ptr)
+{
+	return IS_ERR_VALUE((unsigned long)ptr);
+}
+
+static inline bool IS_ERR_OR_NULL(const void *ptr)
+{
+	return (!ptr) || IS_ERR_VALUE((unsigned long)ptr);
+}
+
+#endif

libbpf

@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
+
+# Departing from the implicit _user.c scheme
+XDP_TARGETS  := trace_prog_kern xdp_prog_kern
+USER_TARGETS := trace_load_and_stats
+
+LIBBPF_DIR = ../libbpf/src/
+COMMON_DIR = ../common/
+
+include $(COMMON_DIR)/common.mk
+

tracing01-xdp-simple/Makefile

@@ -0,0 +1,205 @@
+# -*- fill-column: 76; -*-
+#+TITLE: Tutorial: Tracing01 - monitor xdp tracepoint
+#+OPTIONS: ^:nil
+
+In this lesson we will show how to create and load eBPF program that
+hooks on xdp:exception tracepoint and get its values to user space
+stats application.
+
+* Table of Contents                                                     :TOC:
+- [[#using-libbpf][XDP tracepoints]]
+  - [[#xdp-tracepoints][XDP tracepoints]]
+  - [[#tracepoint-program-section][Tracepoint program section]]
+  - [[#tracepoint-arguments][Tracepoint arguments]]
+  - [[#tracepoint-attaching][Tracepoint attaching]]
+  - [[#hash-map][HASH map]]
+- [[#assignments][Assignments]]
+  - [[#assignment-1][Assignment 1: Setting up your test lab]]
+  - [[#assignment-2][Assignment 2: Load tracepoint monitor program]]
+
+
+* XDP tracepoints
+
+The eBPF programs can be attached also to tracepoints. There are
+several tracepoints related to xdp:
+
+#+begin_example sh
+ls /sys/kernel/debug/tracing/events/xdp/
+xdp_cpumap_enqueue
+xdp_cpumap_kthread
+xdp_devmap_xmit
+xdp_exception
+xdp_redirect
+xdp_redirect_err
+xdp_redirect_map
+xdp_redirect_map_err
+#+end_example
+
+** Tracepoint program section
+
+The bpf library expects the tracepoint eBPF program to be stored
+in a section with following name:
+
+#+begin_example sh
+tracepoint/sys/tracepoint
+#+end_example
+
+where 'sys' is the tracepoint subsystem and 'tracepoint' is
+the tracepoint name.
+
+which can be done with following construct:
+
+#+begin_example sh
+SEC("tracepoint/xdp/xdp_exception")
+int trace_xdp_exception(struct xdp_exception_ctx *ctx)
+#+end_example
+
+** Tracepoint arguments
+
+There's single program pointer argument which points
+to the structure, that defines the tracepoint fields.
+
+Like for xdp:xdp_exception tracepoint:
+
+#+begin_example sh
+struct xdp_exception_ctx {
+        __u64 __pad;      // First 8 bytes are not accessible by bpf code
+        __s32 prog_id;    //      offset:8;  size:4; signed:1;
+        __u32 act;        //      offset:12; size:4; signed:0;
+        __s32 ifindex;    //      offset:16; size:4; signed:1;
+};
+
+int trace_xdp_exception(struct xdp_exception_ctx *ctx)
+#+end_example
+
+This struct is exported in tracepoint format file:
+
+#+begin_example sh
+# cat /sys/kernel/debug/tracing/events/xdp/xdp_exception/format
+...
+        field:unsigned short common_type;       offset:0;       size:2; signed:0;
+        field:unsigned char common_flags;       offset:2;       size:1; signed:0;
+        field:unsigned char common_preempt_count;       offset:3;       size:1; signed:0;
+        field:int common_pid;   offset:4;       size:4; signed:1;
+
+        field:int prog_id;      offset:8;       size:4; signed:1;
+        field:u32 act;  offset:12;      size:4; signed:0;
+        field:int ifindex;      offset:16;      size:4; signed:1;
+...
+#+end_example
+
+** Tracepoint attaching
+
+To load a tracepoint program for this example we use following bpf
+library helper function:
+
+#+begin_example sh
+bpf_prog_load(cfg->filename, BPF_PROG_TYPE_TRACEPOINT, &obj, &bpf_fd))
+#+end_example
+
+It loads all the programs from the object together with maps and
+returns file descriptor of the first one.
+
+To attach the program to the tracepoint we need to create a tracepoint
+perf event and attach the eBPF program to it, using its file descriptor
+via PERF_EVENT_IOC_SET_BPF ioctl call:
+
+#+begin_example sh
+err = ioctl(fd, PERF_EVENT_IOC_SET_BPF, bpf_fd);
+#+end_example
+
+Please check trace_load_and_stats.c load_bpf_and_trace_attach function
+for all the details.
+
+* HASH map
+
+This example is using PERCPU HASH map, that stores number of aborted
+packets for interface
+#+begin_example sh
+struct bpf_map_def SEC("maps") xdp_stats_map = {
+        .type        = BPF_MAP_TYPE_PERCPU_HASH,
+        .key_size    = sizeof(__s32),
+        .value_size  = sizeof(__u64),
+        .max_entries = 10,
+};
+#+end_example
+
+The interface is similar to the ARRAY map except that we need to specifically
+create new element in the hash if it does not exist:
+
+#+begin_example sh
+/* Lookup in kernel BPF-side returns pointer to actual data. */
+valp = bpf_map_lookup_elem(&xdp_stats_map, &key);
+
+/* If there's no record for interface, we need to create one,
+ * with number of packets == 1
+ */
+if (!valp) {
+	__u64 one = 1;
+	return bpf_map_update_elem(&xdp_stats_map, &key, &one, 0) ? 1 : 0;
+}
+
+(*valp)++;
+#+end_example
+
+Please check trace_prog_kern.c for the full code.
+
+* Assignments
+
+** Assignment 1: Setting up your test lab
+
+In this lesson we will use the setup of the previous lesson:
+Basic02 - loading a program by name [[https://github.com/xdp-project/xdp-tutorial/tree/master/basic02-prog-by-name#assignment-2-add-xdp_abort-program]]
+
+and load XDP program from xdp_prog_kern.o that will abort every
+incoming packet:
+
+#+begin_example sh
+SEC("xdp_abort")
+int xdp_drop_func(struct xdp_md *ctx)
+{
+        return XDP_ABORTED;
+}
+#+end_example
+
+with xdp_loader from previous lessson:
+Assignment 2: Add xdp_abort program [[https://github.com/xdp-project/xdp-tutorial/tree/master/basic02-prog-by-name#assignment-2-add-xdp_abort-program]]
+
+Setup the environment:
+
+#+begin_example sh
+$ sudo ../testenv/testenv.sh setup --name veth-basic02
+#+end_example
+
+Load the XDP program, tak produces aborted packets:
+
+#+begin_example sh
+$ sudo ../basic02-prog-by-name/xdp_loader --dev veth-basic02 --force --progsec xdp_abort
+#+end_example
+
+and make some packets:
+
+#+begin_example sh
+$ sudo ../testenv/testenv.sh enter --name veth-basic02
+# ping  fc00:dead:cafe:1::1
+PING fc00:dead:cafe:1::1(fc00:dead:cafe:1::1) 56 data bytes
+#+end_example
+
+** Assignment 2: Load tracepoint monitor program
+
+Now when you run the trace_load_and_stats application it will
+load and attach the tracepoint eBPF program and display number
+of aborted packets per interface:
+
+#+begin_example
+# ./trace_load_and_stats
+Success: Loaded BPF-object(trace_prog_kern.o)
+
+Collecting stats from BPF map
+ - BPF map (bpf_map_type:1) id:46 name:xdp_stats_map key_size:4 value_size:4 max_entries:10
+
+veth-basic02 (2)
+veth-basic02 (4)
+veth-basic02 (6)
+...
+#+end_example