daemon: fold command-line options into the runtime context

Remove the standalone opts module (opts.h, opts.c) in the daemon, which
maintained a separate static global options object. Options are moved to
bf_ctx, and so are accessors.

Author: qdeslandes

src/bpfilter/CMakeLists.txt

@@ -11,7 +11,6 @@ configure_file(
 
 add_executable(bpfilter
     ${CMAKE_CURRENT_SOURCE_DIR}/main.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/opts.h                   ${CMAKE_CURRENT_SOURCE_DIR}/opts.c
     ${CMAKE_CURRENT_SOURCE_DIR}/cgen/cgen.h              ${CMAKE_CURRENT_SOURCE_DIR}/cgen/cgen.c
     ${CMAKE_CURRENT_SOURCE_DIR}/cgen/cgroup_skb.h        ${CMAKE_CURRENT_SOURCE_DIR}/cgen/cgroup_skb.c
     ${CMAKE_CURRENT_SOURCE_DIR}/cgen/dump.h              ${CMAKE_CURRENT_SOURCE_DIR}/cgen/dump.c

src/bpfilter/cgen/cgen.c

@@ -32,7 +32,6 @@
 #include "cgen/prog/map.h"
 #include "cgen/program.h"
 #include "ctx.h"
-#include "opts.h"
 
 #define _BF_PROG_NAME "bf_prog"
 #define _BF_CTX_PIN_NAME "bf_ctx"
@@ -236,7 +235,7 @@ void bf_cgen_free(struct bf_cgen **cgen)
      * the chain hasn't been pinned (e.g. due to a failure), the pin directory
      * will be empty and will be removed. If the chain is valid and pinned, then
      * the removal of the pin directory will fail, but that's alright. */
-    if (bf_opts_persist() && (pin_fd = bf_ctx_get_pindir_fd()) >= 0)
+    if (!bf_ctx_is_transient() && (pin_fd = bf_ctx_get_pindir_fd()) >= 0)
         bf_rmdir_at(pin_fd, (*cgen)->chain->name, false);
 
     bf_handle_free(&(*cgen)->handle);
@@ -311,7 +310,7 @@ int bf_cgen_set(struct bf_cgen *cgen, const struct bf_ns *ns,
 {
     _free_bf_program_ struct bf_program *prog = NULL;
     _cleanup_close_ int pindir_fd = -1;
-    bool persist = bf_opts_persist();
+    bool persist = !bf_ctx_is_transient();
     int r;
 
     assert(cgen);
@@ -367,7 +366,7 @@ int bf_cgen_load(struct bf_cgen *cgen)
 {
     _free_bf_program_ struct bf_program *prog = NULL;
     _cleanup_close_ int pindir_fd = -1;
-    bool persist = bf_opts_persist();
+    bool persist = !bf_ctx_is_transient();
     int r;
 
     assert(cgen);
@@ -413,7 +412,7 @@ int bf_cgen_attach(struct bf_cgen *cgen, const struct bf_ns *ns,
                    struct bf_hookopts **hookopts)
 {
     _cleanup_close_ int pindir_fd = -1;
-    bool persist = bf_opts_persist();
+    bool persist = !bf_ctx_is_transient();
     int r;
 
     assert(cgen);
@@ -509,7 +508,7 @@ int bf_cgen_update(struct bf_cgen *cgen, struct bf_chain **new_chain,
     _free_bf_program_ struct bf_program *new_prog = NULL;
     _free_bf_handle_ struct bf_handle *new_handle = NULL;
     _cleanup_close_ int pindir_fd = -1;
-    bool persist = bf_opts_persist();
+    bool persist = !bf_ctx_is_transient();
     struct bf_handle *old_handle;
     int r;
 

src/bpfilter/cgen/program.c

@@ -57,7 +57,6 @@
 #include "cgen/xdp.h"
 #include "ctx.h"
 #include "filter.h"
-#include "opts.h"
 
 #define _BF_LOG_BUF_SIZE                                                       \
     (UINT32_MAX >> 8) /* verifier maximum in kernels <= 5.1 */
@@ -834,15 +833,15 @@ int bf_program_load(struct bf_program *prog)
     if (r)
         return bf_err_r(r, "failed to load the log map");
 
-    if (bf_opts_is_verbose(BF_VERBOSE_DEBUG)) {
+    if (bf_ctx_is_verbose(BF_VERBOSE_DEBUG)) {
         log_buf = malloc(_BF_LOG_BUF_SIZE);
         if (!log_buf) {
             return bf_err_r(-ENOMEM,
                             "failed to allocate BPF_PROG_LOAD logs buffer");
         }
     }
 
-    if (bf_opts_is_verbose(BF_VERBOSE_BYTECODE))
+    if (bf_ctx_is_verbose(BF_VERBOSE_BYTECODE))
         bf_program_dump_bytecode(prog);
 
     r = bf_bpf_prog_load(prog->handle->prog_name,

src/bpfilter/cgen/stub.c

@@ -30,8 +30,8 @@
 #include "cgen/printer.h"
 #include "cgen/program.h"
 #include "cgen/swich.h"
+#include "ctx.h"
 #include "filter.h"
-#include "opts.h"
 
 #define _BF_LOW_EH_BITMASK 0x1801800000000801ULL
 
@@ -73,7 +73,7 @@ static int _bf_stub_make_ctx_dynptr(struct bf_program *program, int arg_reg,
              BPF_MOV32_IMM(BPF_REG_3, bf_program_error_counter_idx(program)));
         EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_UPDATE_COUNTERS);
 
-        if (bf_opts_is_verbose(BF_VERBOSE_BPF))
+        if (bf_ctx_is_verbose(BF_VERBOSE_BPF))
             EMIT_PRINT(program, "failed to create a new dynamic pointer");
 
         r = program->runtime.ops->get_verdict(BF_VERDICT_ACCEPT);
@@ -132,7 +132,7 @@ int bf_stub_parse_l2_ethhdr(struct bf_program *program)
              BPF_MOV32_IMM(BPF_REG_3, bf_program_error_counter_idx(program)));
         EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_UPDATE_COUNTERS);
 
-        if (bf_opts_is_verbose(BF_VERBOSE_BPF))
+        if (bf_ctx_is_verbose(BF_VERBOSE_BPF))
             EMIT_PRINT(program, "failed to create L2 dynamic pointer slice");
 
         r = program->runtime.ops->get_verdict(BF_VERDICT_ACCEPT);
@@ -207,7 +207,7 @@ int bf_stub_parse_l3_hdr(struct bf_program *program)
              BPF_MOV32_IMM(BPF_REG_3, bf_program_error_counter_idx(program)));
         EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_UPDATE_COUNTERS);
 
-        if (bf_opts_is_verbose(BF_VERBOSE_BPF))
+        if (bf_ctx_is_verbose(BF_VERBOSE_BPF))
             EMIT_PRINT(program, "failed to create L3 dynamic pointer slice");
 
         r = program->runtime.ops->get_verdict(BF_VERDICT_ACCEPT);
@@ -366,7 +366,7 @@ int bf_stub_parse_l4_hdr(struct bf_program *program)
              BPF_MOV32_IMM(BPF_REG_3, bf_program_error_counter_idx(program)));
         EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_UPDATE_COUNTERS);
 
-        if (bf_opts_is_verbose(BF_VERBOSE_BPF))
+        if (bf_ctx_is_verbose(BF_VERBOSE_BPF))
             EMIT_PRINT(program, "failed to create L4 dynamic pointer slice");
 
         r = program->runtime.ops->get_verdict(BF_VERDICT_ACCEPT);

src/bpfilter/ctx.c

@@ -26,7 +26,6 @@
 
 #include "cgen/cgen.h"
 #include "cgen/elfstub.h"
-#include "opts.h"
 
 #define _free_bf_ctx_ __attribute__((cleanup(_bf_ctx_free)))
 
@@ -47,32 +46,43 @@ struct bf_ctx
     bf_list cgens;
 
     struct bf_elfstub *stubs[_BF_ELFSTUB_MAX];
+
+    /// If true, don't persist state and unload programs on exit.
+    bool transient;
+
+    /// Pass a token to BPF system calls, obtained from bpffs.
+    bool with_bpf_token;
+
+    /// Path to the bpffs to pin the BPF objects into.
+    const char *bpffs_path;
+
+    /// Verbose flags.
+    uint16_t verbose;
 };
 
 static void _bf_ctx_free(struct bf_ctx **ctx);
 
 /// Global daemon context. Hidden in this translation unit.
 static struct bf_ctx *_bf_global_ctx = NULL;
 
-static int _bf_ctx_gen_token(void)
+static int _bf_ctx_gen_token(const char *bpffs_path)
 {
     _cleanup_close_ int mnt_fd = -1;
     _cleanup_close_ int bpffs_fd = -1;
     _cleanup_close_ int token_fd = -1;
 
-    mnt_fd = open(bf_opts_bpffs_path(), O_DIRECTORY);
+    mnt_fd = open(bpffs_path, O_DIRECTORY);
     if (mnt_fd < 0)
-        return bf_err_r(errno, "failed to open '%s'", bf_opts_bpffs_path());
+        return bf_err_r(errno, "failed to open '%s'", bpffs_path);
 
     bpffs_fd = openat(mnt_fd, ".", 0, O_RDWR);
     if (bpffs_fd < 0)
-        return bf_err_r(errno, "failed to get bpffs FD from '%s'",
-                        bf_opts_bpffs_path());
+        return bf_err_r(errno, "failed to get bpffs FD from '%s'", bpffs_path);
 
     token_fd = bf_bpf_token_create(bpffs_fd);
     if (token_fd < 0) {
         return bf_err_r(token_fd, "failed to create BPF token for '%s'",
-                        bf_opts_bpffs_path());
+                        bpffs_path);
     }
 
     return TAKE_FD(token_fd);
@@ -84,25 +94,36 @@ static int _bf_ctx_gen_token(void)
  * On failure, @p ctx is left unchanged.
  *
  * @param ctx New context to create. Can't be NULL.
+ * @param transient If true, don't persist state and unload programs on exit.
+ * @param with_bpf_token If true, create a BPF token from bpffs.
+ * @param bpffs_path Path to the bpffs mountpoint. Can't be NULL.
+ * @param verbose Bitmask of verbose flags.
  * @return 0 on success, negative errno value on failure.
  */
-static int _bf_ctx_new(struct bf_ctx **ctx)
+static int _bf_ctx_new(struct bf_ctx **ctx, bool transient, bool with_bpf_token,
+                       const char *bpffs_path, uint16_t verbose)
 {
     _free_bf_ctx_ struct bf_ctx *_ctx = NULL;
     int r;
 
     assert(ctx);
+    assert(bpffs_path);
 
     _ctx = calloc(1, sizeof(*_ctx));
     if (!_ctx)
         return -ENOMEM;
 
+    _ctx->transient = transient;
+    _ctx->with_bpf_token = with_bpf_token;
+    _ctx->bpffs_path = bpffs_path;
+    _ctx->verbose = verbose;
+
     r = bf_ns_init(&_ctx->ns, getpid());
     if (r)
         return bf_err_r(r, "failed to initialise current bf_ns");
 
     _ctx->token_fd = -1;
-    if (bf_opts_with_bpf_token()) {
+    if (_ctx->with_bpf_token) {
         _cleanup_close_ int token_fd = -1;
 
         r = bf_btf_kernel_has_token();
@@ -114,7 +135,7 @@ static int _bf_ctx_new(struct bf_ctx **ctx)
         if (r)
             return bf_err_r(r, "failed to check for BPF token support");
 
-        token_fd = _bf_ctx_gen_token();
+        token_fd = _bf_ctx_gen_token(_ctx->bpffs_path);
         if (token_fd < 0)
             return bf_err_r(token_fd, "failed to generate a BPF token");
 
@@ -310,10 +331,10 @@ static int _bf_ctx_discover(void)
     int iter_fd;
     int r;
 
-    bpffs_fd = bf_opendir(bf_opts_bpffs_path());
+    bpffs_fd = bf_opendir(_bf_global_ctx->bpffs_path);
     if (bpffs_fd < 0) {
         return bf_err_r(bpffs_fd, "failed to open bpffs at %s",
-                        bf_opts_bpffs_path());
+                        _bf_global_ctx->bpffs_path);
     }
 
     pindir_fd = bf_opendir_at(bpffs_fd, "bpfilter", false);
@@ -381,18 +402,19 @@ static int _bf_ctx_discover(void)
     return 0;
 }
 
-int bf_ctx_setup(void)
+int bf_ctx_setup(bool transient, bool with_bpf_token, const char *bpffs_path,
+                 uint16_t verbose)
 {
     _free_bf_ctx_ struct bf_ctx *_ctx = NULL;
     int r;
 
-    r = _bf_ctx_new(&_ctx);
+    r = _bf_ctx_new(&_ctx, transient, with_bpf_token, bpffs_path, verbose);
     if (r)
         return bf_err_r(r, "failed to create new context");
 
     _bf_global_ctx = TAKE_PTR(_ctx);
 
-    if (!bf_opts_transient()) {
+    if (!bf_ctx_is_transient()) {
         r = _bf_ctx_discover();
         if (r) {
             _bf_ctx_free(&_bf_global_ctx);
@@ -403,13 +425,8 @@ int bf_ctx_setup(void)
     return 0;
 }
 
-void bf_ctx_teardown(bool clear)
+void bf_ctx_teardown(void)
 {
-    if (clear) {
-        bf_list_foreach (&_bf_global_ctx->cgens, cgen_node)
-            bf_cgen_unload(bf_list_node_get_data(cgen_node));
-    }
-
     _bf_ctx_free(&_bf_global_ctx);
 }
 
@@ -470,16 +487,16 @@ int bf_ctx_get_pindir_fd(void)
     _cleanup_close_ int bpffs_fd = -1;
     _cleanup_close_ int pindir_fd = -1;
 
-    bpffs_fd = bf_opendir(bf_opts_bpffs_path());
+    bpffs_fd = bf_opendir(_bf_global_ctx->bpffs_path);
     if (bpffs_fd < 0) {
         return bf_err_r(bpffs_fd, "failed to open bpffs at %s",
-                        bf_opts_bpffs_path());
+                        _bf_global_ctx->bpffs_path);
     }
 
     pindir_fd = bf_opendir_at(bpffs_fd, "bpfilter", true);
     if (pindir_fd < 0) {
         return bf_err_r(pindir_fd, "failed to open pin directory %s/bpfilter",
-                        bf_opts_bpffs_path());
+                        _bf_global_ctx->bpffs_path);
     }
 
     return TAKE_FD(pindir_fd);
@@ -490,10 +507,10 @@ int bf_ctx_rm_pindir(void)
     _cleanup_close_ int bpffs_fd = -1;
     int r;
 
-    bpffs_fd = bf_opendir(bf_opts_bpffs_path());
+    bpffs_fd = bf_opendir(_bf_global_ctx->bpffs_path);
     if (bpffs_fd < 0) {
         return bf_err_r(bpffs_fd, "failed to open bpffs at %s",
-                        bf_opts_bpffs_path());
+                        _bf_global_ctx->bpffs_path);
     }
 
     r = bf_rmdir_at(bpffs_fd, "bpfilter", false);
@@ -507,3 +524,13 @@ const struct bf_elfstub *bf_ctx_get_elfstub(enum bf_elfstub_id id)
 {
     return _bf_global_ctx->stubs[id];
 }
+
+bool bf_ctx_is_transient(void)
+{
+    return _bf_global_ctx->transient;
+}
+
+bool bf_ctx_is_verbose(enum bf_verbose opt)
+{
+    return _bf_global_ctx->verbose & BF_FLAG(opt);
+}

src/bpfilter/ctx.h

@@ -6,6 +6,7 @@
 #pragma once
 
 #include <stdbool.h>
+#include <stdint.h>
 
 #include <bpfilter/dump.h>
 #include <bpfilter/list.h>
@@ -28,20 +29,30 @@
 struct bf_cgen;
 struct bf_ns;
 
+enum bf_verbose
+{
+    BF_VERBOSE_DEBUG,
+    BF_VERBOSE_BPF,
+    BF_VERBOSE_BYTECODE,
+    _BF_VERBOSE_MAX,
+};
+
 /**
  * Initialise the global context.
  *
+ * @param transient If true, don't persist state and unload programs on exit.
+ * @param with_bpf_token If true, create a BPF token from bpffs.
+ * @param bpffs_path Path to the bpffs mountpoint. Can't be NULL.
+ * @param verbose Bitmask of verbose flags.
  * @return 0 on success, or a negative errno value on failure.
  */
-int bf_ctx_setup(void);
+int bf_ctx_setup(bool transient, bool with_bpf_token, const char *bpffs_path,
+                 uint16_t verbose);
 
 /**
  * Teardown the global context.
- *
- * @param clear If true, all the BPF programs will be unloaded before clearing
- *        the context.
  */
-void bf_ctx_teardown(bool clear);
+void bf_ctx_teardown(void);
 
 /**
  * Dump the global context.
@@ -141,3 +152,13 @@ int bf_ctx_rm_pindir(void);
  * @return The requested ELF stub.
  */
 const struct bf_elfstub *bf_ctx_get_elfstub(enum bf_elfstub_id id);
+
+/**
+ * @return true if transient mode is enabled.
+ */
+bool bf_ctx_is_transient(void);
+
+/**
+ * @return true if the given verbose flag is set.
+ */
+bool bf_ctx_is_verbose(enum bf_verbose opt);