From 5d8ac36a49197bc071338bf4b5ca74f1f5590d9d Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Wed, 14 Nov 2018 22:14:49 +0100
Subject: [PATCH] util-ebpf: pin the maps

By pinning the maps we are creating a file in /sys/fs/bpf that can
be used by external program to access the map. This has multiple
benefits such as handling list from an external program.

The pinned maps could be persistent accross Suricata reload but
this can be complicated in term of handling everything in the life
of Suricata.
---
 src/util-ebpf.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index cb9388a61c..ed574e8f12 100644
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -63,6 +63,7 @@ static int g_livedev_storage_id = -1;
 static int g_flow_storage_id = -1;
 
 struct bpf_map_item {
+    char iface[IFNAMSIZ];
     char * name;
     int fd;
 };
@@ -85,6 +86,13 @@ static void BpfMapsInfoFree(void *bpf)
     int i;
     for (i = 0; i < bpfinfo->last; i ++) {
         if (bpfinfo->array[i].name) {
+            char pinnedpath[1024];
+            snprintf(pinnedpath, sizeof(pinnedpath),
+                     "/sys/fs/bpf/suricata-%s-%s",
+                     bpfinfo->array[i].iface,
+                     bpfinfo->array[i].name);
+            /* Unlink the pinned entry */
+            unlink(pinnedpath);
             SCFree(bpfinfo->array[i].name);
         }
     }
@@ -260,11 +268,23 @@ int EBPFLoadFile(const char *iface, const char *path, const char * section,
         SCLogDebug("Got a map '%s' with fd '%d'", bpf_map__name(map), bpf_map__fd(map));
         bpf_map_data->array[bpf_map_data->last].fd = bpf_map__fd(map);
         bpf_map_data->array[bpf_map_data->last].name = SCStrdup(bpf_map__name(map));
+        snprintf(bpf_map_data->array[bpf_map_data->last].iface, IFNAMSIZ,
+                 "%s", iface);
         if (!bpf_map_data->array[bpf_map_data->last].name) {
             SCLogError(SC_ERR_MEM_ALLOC, "Unable to duplicate map name");
             BpfMapsInfoFree(bpf_map_data);
             return -1;
         }
+        /* TODO pin */
+        SCLogNotice("Pinning: %d to %s", bpf_map_data->array[bpf_map_data->last].fd,
+                    bpf_map_data->array[bpf_map_data->last].name);
+        char buf[1024];
+        snprintf(buf, sizeof(buf), "/sys/fs/bpf/suricata-%s-%s", iface,
+                 bpf_map_data->array[bpf_map_data->last].name);
+        int ret = bpf_obj_pin(bpf_map_data->array[bpf_map_data->last].fd, buf);
+        if (ret != 0) {
+            SCLogError(SC_ERR_AFP_CREATE, "Can not pin: %s", strerror(errno));
+        }
         bpf_map_data->last++;
     }