xref: /linux/tools/bpf/bpftool/Documentation/bpftool-net.rst (revision 6f7e6393d1ce636bb7ec77a7fe7b77458fddf701) 
1.. SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2
3================
4bpftool-net
5================
6-------------------------------------------------------------------------------
7tool for inspection of networking related bpf prog attachments
8-------------------------------------------------------------------------------
9
10:Manual section: 8
11
12.. include:: substitutions.rst
13
14SYNOPSIS
15========
16
17**bpftool** [*OPTIONS*] **net** *COMMAND*
18
19*OPTIONS* := { |COMMON_OPTIONS| }
20
21*COMMANDS* := { **show** | **list** | **attach** | **detach** | **help** }
22
23NET COMMANDS
24============
25
26| **bpftool** **net** { **show** | **list** } [ **dev** *NAME* ]
27| **bpftool** **net attach** *ATTACH_TYPE* *PROG* **dev** *NAME* [ **overwrite** | **prepend** ]
28| **bpftool** **net detach** *ATTACH_TYPE* **dev** *NAME*
29| **bpftool** **net help**
30|
31| *PROG* := { **id** *PROG_ID* | **pinned** *FILE* | **tag** *PROG_TAG* | **name** *PROG_NAME* }
32| *ATTACH_TYPE* := { **xdp** | **xdpgeneric** | **xdpdrv** | **xdpoffload** | **tcx_ingress** | **tcx_egress** }
33
34DESCRIPTION
35===========
36bpftool net { show | list } [ dev *NAME* ]
37    List bpf program attachments in the kernel networking subsystem.
38
39    Currently, device driver xdp attachments, tcx, netkit and old-style tc
40    classifier/action attachments, flow_dissector as well as netfilter
41    attachments are implemented, i.e., for program types **BPF_PROG_TYPE_XDP**,
42    **BPF_PROG_TYPE_SCHED_CLS**, **BPF_PROG_TYPE_SCHED_ACT**,
43    **BPF_PROG_TYPE_FLOW_DISSECTOR**, **BPF_PROG_TYPE_NETFILTER**.
44
45    For programs attached to a particular cgroup, e.g.,
46    **BPF_PROG_TYPE_CGROUP_SKB**, **BPF_PROG_TYPE_CGROUP_SOCK**,
47    **BPF_PROG_TYPE_SOCK_OPS** and **BPF_PROG_TYPE_CGROUP_SOCK_ADDR**, users
48    can use **bpftool cgroup** to dump cgroup attachments. For sk_{filter, skb,
49    msg, reuseport} and lwt/seg6 bpf programs, users should consult other
50    tools, e.g., iproute2.
51
52    The current output will start with all xdp program attachments, followed by
53    all tcx, netkit, then tc class/qdisc bpf program attachments, then
54    flow_dissector and finally netfilter programs. Both xdp programs and
55    tcx/netkit/tc programs are ordered based on ifindex number. If multiple bpf
56    programs attached to the same networking device through **tc**, the order
57    will be first all bpf programs attached to tcx, netkit, then tc classes,
58    then all bpf programs attached to non clsact qdiscs, and finally all bpf
59    programs attached to root and clsact qdisc.
60
61bpftool net attach *ATTACH_TYPE* *PROG* dev *NAME* [ overwrite | prepend ]
62    Attach bpf program *PROG* to network interface *NAME* with type specified
63    by *ATTACH_TYPE*.
64
65    *ATTACH_TYPE* can be of:
66    **xdp** - try native XDP and fallback to generic XDP if NIC driver does not support it;
67    **xdpgeneric** - Generic XDP. runs at generic XDP hook when packet already enters receive path as skb;
68    **xdpdrv** - Native XDP. runs earliest point in driver's receive path;
69    **xdpoffload** - Offload XDP. runs directly on NIC on each packet reception;
70    **tcx_ingress** - Ingress TCX. runs on ingress net traffic;
71    **tcx_egress** - Egress TCX. runs on egress net traffic;
72
73    For XDP-related attach types (**xdp**, **xdpgeneric**, **xdpdrv**,
74    **xdpoffload**), the **overwrite** option can be used to replace a
75    previously attached bpf program.
76
77    For **tcx_ingress** and **tcx_egress** attach types, the **prepend** option
78    can be used to attach the program at the beginning of the chain instead of
79    at the end.
80
81bpftool net detach *ATTACH_TYPE* dev *NAME*
82    Detach bpf program attached to network interface *NAME* with type specified
83    by *ATTACH_TYPE*. To detach bpf program, same *ATTACH_TYPE* previously used
84    for attach must be specified.
85
86bpftool net help
87    Print short help message.
88
89OPTIONS
90=======
91.. include:: common_options.rst
92
93EXAMPLES
94========
95
96| **# bpftool net**
97
98::
99
100      xdp:
101      eth0(2) driver id 198
102
103      tc:
104      eth0(2) htb name prefix_matcher.o:[cls_prefix_matcher_htb] id 111727 act []
105      eth0(2) clsact/ingress fbflow_icmp id 130246 act []
106      eth0(2) clsact/egress prefix_matcher.o:[cls_prefix_matcher_clsact] id 111726
107      eth0(2) clsact/egress cls_fg_dscp id 108619 act []
108      eth0(2) clsact/egress fbflow_egress id 130245
109
110|
111| **# bpftool -jp net**
112
113::
114
115    [{
116            "xdp": [{
117                    "devname": "eth0",
118                    "ifindex": 2,
119                    "mode": "driver",
120                    "id": 198
121                }
122            ],
123            "tc": [{
124                    "devname": "eth0",
125                    "ifindex": 2,
126                    "kind": "htb",
127                    "name": "prefix_matcher.o:[cls_prefix_matcher_htb]",
128                    "id": 111727,
129                    "act": []
130                },{
131                    "devname": "eth0",
132                    "ifindex": 2,
133                    "kind": "clsact/ingress",
134                    "name": "fbflow_icmp",
135                    "id": 130246,
136                    "act": []
137                },{
138                    "devname": "eth0",
139                    "ifindex": 2,
140                    "kind": "clsact/egress",
141                    "name": "prefix_matcher.o:[cls_prefix_matcher_clsact]",
142                    "id": 111726,
143                },{
144                    "devname": "eth0",
145                    "ifindex": 2,
146                    "kind": "clsact/egress",
147                    "name": "cls_fg_dscp",
148                    "id": 108619,
149                    "act": []
150                },{
151                    "devname": "eth0",
152                    "ifindex": 2,
153                    "kind": "clsact/egress",
154                    "name": "fbflow_egress",
155                    "id": 130245,
156                }
157            ]
158        }
159    ]
160
161|
162| **# bpftool net attach xdpdrv id 16 dev enp6s0np0**
163| **# bpftool net**
164
165::
166
167      xdp:
168      enp6s0np0(4) driver id 16
169
170|
171| **# bpftool net attach xdpdrv id 16 dev enp6s0np0**
172| **# bpftool net attach xdpdrv id 20 dev enp6s0np0 overwrite**
173| **# bpftool net**
174
175::
176
177      xdp:
178      enp6s0np0(4) driver id 20
179
180|
181| **# bpftool net attach xdpdrv id 16 dev enp6s0np0**
182| **# bpftool net detach xdpdrv dev enp6s0np0**
183| **# bpftool net**
184
185::
186
187      xdp:
188
189|
190| **# bpftool net attach tcx_ingress name tc_prog dev lo**
191| **# bpftool net**
192|
193
194::
195
196      tc:
197      lo(1) tcx/ingress tc_prog prog_id 29
198
199|
200| **# bpftool net attach tcx_ingress name tc_prog2 dev lo prepend**
201| **# bpftool net**
202|
203
204::
205
206      tc:
207      lo(1) tcx/ingress tc_prog2 prog_id 30
208      lo(1) tcx/ingress tc_prog prog_id 29
209
210|
211| **# bpftool net attach tcx_ingress name tc_prog dev lo**
212| **# bpftool net detach tcx_ingress dev lo**
213| **# bpftool net**
214|
215
216::
217
218      tc:
219