bpfilter

Global runtime context for bpfilter daemon.

This file contains the definition of the bf_ctx structure, which is the main structure used to store the daemon’s runtime context.

All the public bf_ctx_* functions manipulate a private global context. Chain state is persisted in per-chain bpffs context maps and restored via bf_ctx_setup on restart.

Enums

enum bf_verbose

Values:

enumerator BF_VERBOSE_DEBUG
enumerator BF_VERBOSE_BPF
enumerator BF_VERBOSE_BYTECODE
enumerator _BF_VERBOSE_MAX

Functions

int bf_ctx_setup(bool transient, bool with_bpf_token, const char *bpffs_path, uint16_t verbose)

Initialise the global context.

Parameters:

  • transient – If true, don’t persist state and unload programs on exit.

  • with_bpf_token – If true, create a BPF token from bpffs.

  • bpffs_path – Path to the bpffs mountpoint. Can’t be NULL.

  • verbose – Bitmask of verbose flags.

Returns:

0 on success, or a negative errno value on failure.

void bf_ctx_teardown(void)

Teardown the global context.

void bf_ctx_dump(prefix_t *prefix)

Dump the global context.

Parameters:

  • prefix – Prefix to use for the dump.

void bf_ctx_flush(void)

Unload and delete all the codegens.

struct bf_cgen *bf_ctx_get_cgen(const char *name)

Get a codegen from the global context.

Parameters:

  • name – Name of the codegen to get. Can’t be NULL.

Returns:

The requested codegen, or NULL if not found.

int bf_ctx_get_cgens(bf_list *cgens)

Get the list of all bf_cgen in the context.

The cgens list returned to the caller does not own the codegens, it can safely be cleaned up using bf_list_clean or bf_list_free .

Parameters:

  • cgens – List of bf_cgen to fill. The list will be initialised by this function. Can’t be NULL. On failure, cgens is left unchanged.

Returns:

0 on success, or negative errno value on failure.

int bf_ctx_set_cgen(struct bf_cgen *cgen)

Add a codegen to the global context.

Parameters:

  • cgen – Codegen to add to the context. Can’t be NULL.

Returns:

0 on success, or a negative errno value on failure. If a chain already exist in the context with the same name, the codegen is not added to the context and -EEXIST is returned.

int bf_ctx_delete_cgen(struct bf_cgen *cgen, bool unload)

Delete a codegen from the context.

Parameters:

  • cgen – Codegen to delete from the context. The codegen will be freed. Can’t be NULL.

  • unload – Unload the codegen from the system before deleting it.

Returns:

0 on success, or negative errno value on failure.

struct bf_ns *bf_ctx_get_ns(void)

Get the daemon’s original namespaces.

During the creation of the global context, the daemon will open a reference to its namespaces. This is required to jump a a client’s namespace on request and come back to the original namespace afterward. This function returns a pointer to the bf_ns object referencing the original namespaces.

Returns:

A bf_ns object pointer.

int bf_ctx_token(void)

Get the BPF token file descriptor.

Returns:

The BPF token file descriptor, or -1 if no token is used.

int bf_ctx_get_pindir_fd(void)

Return a file descriptor to bpfilter’s pin directory.

Returns:

File descriptor to bpfilter’s pin directory, or a negative errno value on failure.

int bf_ctx_rm_pindir(void)

Remove the pin directory.

If the pin directory can’t be removed, an error is printed. However, if it’s due to the directory not being empty, or not existing, no error is printed, but the errno value is returned anyway. The called will know how to deal with this situation.

Returns:

0 on success, or a negative errno value on failure.

const struct bf_elfstub *bf_ctx_get_elfstub(enum bf_elfstub_id id)

Get a ELF stub from its ID.

Parameters:

  • id – ID of the ELF stub to retrieve.

Returns:

The requested ELF stub.

bool bf_ctx_is_transient(void)
Returns:

true if transient mode is enabled.

bool bf_ctx_is_verbose(enum bf_verbose opt)
Returns:

true if the given verbose flag is set.