bpfilter

Global runtime context for bpfilter daemon.

This file contains the definition of the bf_ctx structure, which is the main structure used to store the daemon’s runtime context.

All the public bf_ctx_* functions manipulate a private global context. This context can be serialized and deserialized to restore the daemon’s runtime context if bpfilter is restarted.

The bf_ctx structure contains an array of lists containing the codegens. There is a list of codegen for each hook. Some hooks allow for multiple codegens to be defined (e.g. XDP, TC), but others do not (e.g. BF_HOOK_NF_LOCAL_IN) in which case the list contains a single codegen.

Functions

int bf_ctx_setup(void)

Initialise the global context.

Returns:

0 on success, or a negative errno value on failure.

void bf_ctx_teardown(bool clear)

Teardown the global context.

If bf_ctx_save has not been called prior to this function, the runtime context will be lost: if bpfilter is stopped and clear is false, bpfilter will lost track of its BPF objects.

Parameters:

  • clear – If true, all the BPF programs will be unloaded before clearing the context.

void bf_ctx_dump(prefix_t *prefix)

Dump the global context.

Parameters:

  • prefix – Prefix to use for the dump.

int bf_ctx_save(struct bf_marsh **marsh)

Serialize the global context.

Parameters:

  • marsh – On succes, contains the serialized global context. Unchanged on failure. Can’t be NULL. The owner owns the allocated memory.

Returns:

0 on success, or a negative errno value on failure.

int bf_ctx_load(const struct bf_marsh *marsh)

Deserialize the global context.

Parameters:

  • marsh – Serialized global context to restore. Can’t be NULL.

Returns:

0 on success, or a negative errno value on failure.

struct bf_cgen *bf_ctx_get_cgen(enum bf_hook hook, const struct bf_hook_opts *opts)

Get a codegen from the global context.

Parameters:

  • hook – Hook to get the codegen from.

  • opts – Hook options. For hooks allowing multiple codegens, the hook options are used to find the right codegen.

Returns:

The requested codegen, or NULL if not found.

int bf_ctx_set_cgen(struct bf_cgen *cgen)

Add a codegen to the global context.

Parameters:

  • cgen – Codegen to add to the context. Can’t be NULL.

Returns:

0 on success, or a negative errno value on failure. If a similar codegen already exists (criteria defining what “similar” means depend on the hook), -EEXIT is returned.