• Martin KaFai Lau's avatar
    cgroup: bpf: Add an example to do cgroup checking in BPF · a3f74617
    Martin KaFai Lau authored
    test_cgrp2_array_pin.c:
    A userland program that creates a bpf_map (BPF_MAP_TYPE_GROUP_ARRAY),
    pouplates/updates it with a cgroup2's backed fd and pins it to a
    bpf-fs's file.  The pinned file can be loaded by tc and then used
    by the bpf prog later.  This program can also update an existing pinned
    array and it could be useful for debugging/testing purpose.
    
    test_cgrp2_tc_kern.c:
    A bpf prog which should be loaded by tc.  It is to demonstrate
    the usage of bpf_skb_in_cgroup.
    
    test_cgrp2_tc.sh:
    A script that glues the test_cgrp2_array_pin.c and
    test_cgrp2_tc_kern.c together.  The idea is like:
    1. Load the test_cgrp2_tc_kern.o by tc
    2. Use test_cgrp2_array_pin.c to populate a BPF_MAP_TYPE_CGROUP_ARRAY
       with a cgroup fd
    3. Do a 'ping -6 ff02::1%ve' to ensure the packet has been
       dropped because of a match on the cgroup
    
    Most of the lines in test_cgrp2_tc.sh is the boilerplate
    to setup the cgroup/bpf-fs/net-devices/netns...etc.  It is
    not bulletproof on errors but should work well enough and
    give enough debug info if things did not go well.
    Signed-off-by: 's avatarMartin KaFai Lau <kafai@fb.com>
    Cc: Alexei Starovoitov <ast@fb.com>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: Tejun Heo <tj@kernel.org>
    Acked-by: 's avatarAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
    a3f74617