eBPF library support for SONiC applications

It provides a generic library support for filtering the netlink message
using eBPF based packet filtering.
Linux netlink messaging system is a broadcast domain, every netlink
message is broadcasted to all the subscribed appplications regardless
whether the application is interested in it or not.
In a scaled scenario, more than 1 million message is being broadcasted
across applications.
This framework helps to filter the unwanted netlink message at the
kernel space itself and eliminates the unnecessary passing of message to the user space
application and then it get dropped. This improves the system
performance and scale the system to higher level.

Author: Kalimuthu-Velappan

dockers/docker-base-stretch/Dockerfile.j2

@@ -111,6 +111,9 @@ RUN apt-get -y purge   \
 {{ install_debian_packages(docker_base_stretch_debs.split(' ')) }}
 {%- endif %}
 
+# Base packages for bpf
+RUN apt-get install -f -y libbpf-dev libelf-dev
+
 # Clean up apt
 # Remove /var/lib/apt/lists/*, could be obsoleted for derived images
 RUN apt-get clean -y                     && \

files/build_templates/docker_image_ctl.j2

@@ -390,6 +390,8 @@ start() {
 {%- if sonic_asic_platform != "mellanox" %}
         --tmpfs /tmp \
 {%- endif %}
+        -v /sys/kernel/debug:/sys/kernel/debug \
+        --ulimit memlock=67108864:67108864 \
         --tmpfs /var/tmp \
         --env "NAMESPACE_ID"="$DEV" \
         --env "NAMESPACE_PREFIX"="$NAMESPACE_PREFIX" \

rules/libebpf.dep

@@ -0,0 +1,10 @@
+
+SPATH       := $($(LIBEBPF)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/libebpf.mk rules/libebpf.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(LIBEBPF)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(LIBEBPF)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(LIBEBPF)_DEP_FILES   := $(DEP_FILES)
+

rules/libebpf.mk

@@ -0,0 +1,13 @@
+# BPF package
+BPF_VERSION := 1.0.0
+LIBEBPF = libebpf_$(BPF_VERSION)_$(CONFIGURED_ARCH).deb
+$(LIBEBPF)_SRC_PATH = $(SRC_PATH)/libebpf
+$(LIBEBPF)_DEPENDS += $(LINUX_HEADERS) $(LINUX_COMMON_HEADERS)
+SONIC_MAKE_DEBS += $(LIBEBPF)
+
+LIBEBPF_DBG = libebpf-dbgsym_$(BPF_VERSION)_$(CONFIGURED_ARCH).deb
+$(LIBEBPF_DBG)_DEPENDS += $(LIBEBPF)
+$(eval $(call add_derived_package,$(LIBEBPF),$(LIBEBPF_DBG)))
+
+export LIBEBPF LIBEBPF_DBG BPF_VERSION
+

sonic-slave-stretch/Dockerfile.j2

@@ -291,6 +291,11 @@ RUN apt-get update && apt-get install -y \
 # For iptables
         libnetfilter-conntrack-dev \
         libnftnl-dev \
+# eBPF tools		
+        clang-6.0 \
+        llvm-6.0 \
+        libbpf-dev \
+        libelf-dev \
 # For SAI3.7
         protobuf-compiler \
         libprotobuf-dev \

src/libebpf/Makefile

@@ -0,0 +1,14 @@
+SHELL = /bin/bash
+.ONESHELL:
+.SHELLFLAGS += -e
+
+MAIN_TARGET := libebpf_$(EBPF_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+
+	pushd src
+	[ ! -f ./autogen.sh ] || ./autogen.sh 
+	dpkg-buildpackage -us -uc -b -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $(LIBEBPF_DBG) $* $(DEST)/

src/libebpf/src/Makefile.am

@@ -0,0 +1,3 @@
+ACLOCAL_AMFLAGS = -I m4
+
+SUBDIRS = libutil samples/ebpf-kern-mod  samples/ebpf-user-mod

src/libebpf/src/autogen.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+libtoolize --force --copy &&
+autoreconf --force --install -I m4
+rm -Rf autom4te.cache
+