3 # SPDX-License-Identifier: GPL-2.0
4 # Copyright (c) 2018 Jesper Dangaard Brouer, Red Hat Inc.
6 # Bash-shell example on using iproute2 tools 'tc' and 'ip' to load
7 # eBPF programs, both for XDP and clsbpf. Shell script function
8 # wrappers and even long options parsing is illustrated, for ease of
11 # Related to sample/bpf/xdp2skb_meta_kern.c, which contains BPF-progs
12 # that need to collaborate between XDP and TC hooks. Thus, it is
13 # convenient that the same tool load both programs that need to work
16 BPF_FILE
=xdp2skb_meta_kern.o
19 export TC
=/usr
/sbin
/tc
20 export IP
=/usr
/sbin
/ip
24 echo "Usage: $0 [-vfh] --dev ethX"
25 echo " -d | --dev : Network device (required)"
26 echo " --flush : Cleanup flush TC and XDP progs"
27 echo " --list : (\$LIST) List TC and XDP progs"
28 echo " -v | --verbose : (\$VERBOSE) Verbose"
29 echo " --dry-run : (\$DRYRUN) Dry-run only (echo commands)"
33 ## -- General shell logging cmds --
42 if [[ -n "$VERBOSE" ]]; then
47 ## -- Helper function calls --
49 # Wrapper call for TC and IP
50 # - Will display the offending command on failure
51 function _call_cmd
() {
55 if [[ -n "$VERBOSE" ]]; then
56 echo "$(basename $cmd) $@"
58 if [[ -n "$DRYRUN" ]]; then
63 if (( $status != 0 )); then
64 if [[ "$allow_fail" == "" ]]; then
65 err
2 "Exec error($status) occurred cmd: \"$cmd $@\""
70 _call_cmd
"$TC" "" "$@"
72 function call_tc_allow_fail
() {
73 _call_cmd
"$TC" "allow_fail" "$@"
76 _call_cmd
"$IP" "" "$@"
79 ## --- Parse command line arguments / parameters ---
80 # Using external program "getopt" to get --long-options
81 OPTIONS
=$
(getopt
-o vfhd
: \
82 --long verbose
,flush
,help,list
,dev
:,dry-run
-- "$@")
83 if (( $?
!= 0 )); then
84 err
4 "Error calling getopt"
86 eval set -- "$OPTIONS"
94 info
"Device set to: DEV=$DEV" >&2
99 # info "Verbose mode: VERBOSE=$VERBOSE" >&2
105 info
"Dry-run mode: enable VERBOSE and don't call TC+IP" >&2
131 FILE
="$DIR/$BPF_FILE"
132 if [[ ! -e $FILE ]]; then
133 err
3 "Missing BPF object file ($FILE)"
136 if [[ -z $DEV ]]; then
138 err
2 "Please specify network device -- required option --dev"
141 ## -- Function calls --
147 info
"Listing current TC ingress rules"
148 call_tc filter show dev
$device ingress
155 info
"Listing current XDP device($device) setting"
156 call_ip link show dev
$device |
grep --color=auto xdp
163 info
"Flush TC on device: $device"
164 call_tc_allow_fail filter del dev
$device ingress
165 call_tc_allow_fail qdisc del dev
$device clsact
172 info
"Flush XDP on device: $device"
173 call_ip link
set dev
$device xdp off
176 function attach_tc_mark
()
183 # Re-attach clsact to clear/flush existing role
184 call_tc_allow_fail qdisc del dev
$device clsact
2> /dev
/null
185 call_tc qdisc add dev
$device clsact
188 call_tc filter add dev
$device ingress \
189 prio
1 handle
1 bpf da obj
$file sec
$prog
192 function attach_xdp_mark
()
196 local prog
="xdp_mark"
199 # Remove XDP prog in-case it's already loaded
200 # TODO: Need ip-link option to override/replace existing XDP prog
203 # Attach XDP/BPF prog
204 call_ip link
set dev
$device xdp obj
$file sec
$prog
207 if [[ -n $FLUSH ]]; then
213 if [[ -n $LIST ]]; then
219 attach_tc_mark
$DEV $FILE
220 attach_xdp_mark
$DEV $FILE