bpfilter¶
bpfilter runtime context. This file contains the definition of the bf_context structure, which is the main structure used to store the daemon’s runtime context.
bf_context can be serialized and deserialized, including all of its fields. This way, bpfilter can be restarted without unloading the BPF programs and maps.
Like every other bf_* structure, most bf_* functions should expect a valid pointer to a bf_context structure. This is not exactly how it works for bf_context : public functions defined in this header do not require any bf_context , but those are only wrappers around private functions defined in context.c, which do expect a valid pointer to a bf_context. This is done to prevent the user from creating and manipulating multiple contexts, while keeping the API consistent with the other bf_* structures.
Functions
-
int bf_context_setup(void)¶
Initialise the global bpfilter context.
- Returns:
0 on success, negative error code on failure.
-
void bf_context_teardown(bool clear)¶
Teardown the global bpfilter context.
- Parameters:
clear – If true, all the BPF programs will be unloaded before clearing the context.
-
void bf_context_dump(prefix_t *prefix)¶
Dump content of the context.
- Parameters:
prefix – Prefix to use for the dump.
-
int bf_context_save(struct bf_marsh **marsh)¶
Marshel the global bpfilter context.
- Parameters:
marsh – bf_marsh structure to fill with the marshalled context.
- Returns:
0 on success, negative error code on failure.
-
int bf_context_load(const struct bf_marsh *marsh)¶
Unmarshal the global bpfilter context.
Once this function completes, the global context has been restored from the marshalled context. On failure, the global context is left uninitialized.
- Parameters:
marsh – bf_marsh structure containing the marshalled context.
- Returns:
0 on success, negative error code on failure.
-
struct bf_cgen *bf_context_get_cgen(enum bf_hook hook, enum bf_front front)¶
Get codegen for a given (hook, front) set.
- Parameters:
hook – Hook to get the codegen from. Must be a valid hook.
front – Front-end to get the codegen from. Must be a valid front-end.
- Returns:
The codegen for the given hook and front-end, or NULL if there is no such codegen.
-
struct bf_cgen *bf_context_take_cgen(enum bf_hook hook, enum bf_front front)¶
Take a codegen out of the context for a given (hook, front) set.
The codegen returned must then be freed by the caller. It’s not part of the context anymore.
- Parameters:
hook – Hook to get the codegen from. Must be a valid hook.
front – Front-end to get the codegen from. Must be a valid front-end.
- Returns:
The codegen for the given hook and front-end, or NULL if there is no such codegen.
-
void bf_context_delete_cgen(enum bf_hook hook, enum bf_front front)¶
Delete a codegen from the context for a given (hook, front) set.
If a corresponding codegen has been found, then it is removed from the context and deleted. Otherwise the context remain unchanged.
- Parameters:
hook – Hook to get the codegen from. Must be a valid hook.
front – Front-end to get the codegen from. Must be a valid front-end.
-
int bf_context_set_cgen(enum bf_hook hook, enum bf_front front, struct bf_cgen *cgen)¶
Add a codegen to the context.
- Parameters:
hook – Hook to add the codegen to. Must be a valid hook.
front – Front-end to add the codegen to. Must be a valid front-end.
cgen – Codegen to add to the context. Can’t be NULL.
- Returns:
0 on success, negative error code on failure. If a codegen already exists for the given (hook, front) set, then -EEXIST is returned.
-
void bf_context_replace_cgen(enum bf_hook hook, enum bf_front front, struct bf_cgen *cgen)¶
Replace the codegen for a given (hook, front) set, if any.
If a codegen already exists for the given (hook, front) set, then it is deleted and replaced by
cgen. Otherwise,cgenis added to the context.- Parameters:
hook – Hook to update the codegen for. Must be a valid hook.
front – Front-end to update the codegen for. Must be a valid
cgen – Codegen to update the context with. Can’t be NULL.