WIP2

grafana · Jan 6, 2025 · f8e285a · f8e285a
1 parent 35033a4
commit f8e285a
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 35 deletions.
diff --git a/pkg/internal/ebpf/tcmanager/netlinkmanager.go b/pkg/internal/ebpf/tcmanager/netlinkmanager.go
@@ -27,7 +27,7 @@ func nextHandle() uint32 {
 }
 
 type netlinkProg struct {
-	prog       *ebpf.Program
+	*ebpf.Program
 	name       string
 	attachType AttachmentType
 }
@@ -136,7 +136,7 @@ func (tc *netlinkManager) AddProgram(name string, prog *ebpf.Program, attachment
 	defer tc.mutex.Unlock()
 
 	p := &netlinkProg{
-		prog:       prog,
+		Program:    prog,
 		name:       name,
 		attachType: attachment,
 	}
@@ -145,12 +145,12 @@ func (tc *netlinkManager) AddProgram(name string, prog *ebpf.Program, attachment
 	tc.attachProgramLocked(p)
 }
 
-func (tc *netlinkManager) RemoveProgram(_ string) {
+func (tc *netlinkManager) RemoveProgram(name string) {
 	tc.mutex.Lock()
 	defer tc.mutex.Unlock()
 
-	// FIXME
-	// delete(tc.programs, name)
+	tc.detachProgramLocked(name)
+	tc.removeProgramLocked(name)
 }
 
 func (tc *netlinkManager) attachProgramLocked(prog *netlinkProg) {
@@ -181,7 +181,7 @@ func (tc *netlinkManager) attachProgramToIfaceLocked(prog *netlinkProg, iface *n
 
 	filter := &netlink.BpfFilter{
 		FilterAttrs:  attrs,
-		Fd:           prog.prog.FD(),
+		Fd:           prog.FD(),
 		Name:         prog.name,
 		DirectAction: true,
 	}
@@ -203,6 +203,42 @@ func (tc *netlinkManager) attachProgramToIfaceLocked(prog *netlinkProg, iface *n
 	iface.filters = append(iface.filters, filter)
 }
 
+func (tc *netlinkManager) detachProgramLocked(prog string) {
+	for _, iface := range tc.interfaces {
+		tc.detachProgramFromIfaceLocked(prog, iface)
+	}
+}
+
+func (tc *netlinkManager) detachProgramFromIfaceLocked(prog string, iface *netlinkIface) {
+	detach := func(filter *netlink.BpfFilter) {
+		if filter.Name != prog {
+			return
+		}
+
+		if err := netlink.FilterDel(filter); err != nil {
+			tc.log.Error("Failed to delete filter", "filter", prog, "error", err)
+		}
+	}
+
+	apply(iface.filters, detach)
+	iface.filters = removeIf(iface.filters, func(filter *netlink.BpfFilter) bool { return filter.Name == prog })
+}
+
+func (tc *netlinkManager) removeProgramLocked(name string) {
+	closeProgs := func(prog *netlinkProg) {
+		if prog.name != name {
+			return
+		}
+
+		if err := prog.Close(); err != nil {
+			tc.log.Error("Failed to close program", "program", prog, "error", err)
+		}
+	}
+
+	apply(tc.programs, closeProgs)
+	tc.programs = removeIf(tc.programs, func(prog *netlinkProg) bool { return prog.name == name })
+}
+
 func (tc *netlinkManager) onInterfaceAdded(i ifaces.Interface) {
 	tc.mutex.Lock()
 	defer tc.mutex.Unlock()
@@ -349,7 +385,7 @@ func ifaceHasFilters(iface *netlinkIface, parent uint32) bool {
 func (tc *netlinkManager) cleanupProgsLocked() {
 	for _, prog := range tc.programs {
 		tc.log.Debug("closing tc program", "name", prog.name)
-		prog.prog.Close()
+		prog.Close()
 	}
 
 	tc.programs = []*netlinkProg{}

diff --git a/pkg/internal/ebpf/tcmanager/tcxmanager.go b/pkg/internal/ebpf/tcmanager/tcxmanager.go
@@ -14,27 +14,32 @@ import (
 )
 
 type attachedProg struct {
-	prog       *ebpf.Program
+	*ebpf.Program
 	attachType AttachmentType
+	name       string
+}
+
+type ifaceLink struct {
+	link.Link
+	progName string
+	iface    int
 }
 
 type tcxInterfaceMap map[int]ifaces.Interface
-type tcxProgramsMap map[string]*attachedProg
-type tcxLinksMap map[int][]link.Link
 
 type tcxManager struct {
 	tcManagerBase
 	interfaces tcxInterfaceMap
-	programs   tcxProgramsMap
-	links      tcxLinksMap
+	programs   []*attachedProg
+	links      []*ifaceLink
 }
 
 func NewTCXManager() TCManager {
 	return &tcxManager{
 		tcManagerBase: newTCManagerBase("tcx_manager"),
 		interfaces:    tcxInterfaceMap{},
-		programs:      tcxProgramsMap{},
-		links:         tcxLinksMap{},
+		programs:      []*attachedProg{},
+		links:         []*ifaceLink{},
 	}
 }
 
@@ -106,8 +111,8 @@ func (tcx *tcxManager) shutdown() {
 
 	tcx.registerer = nil
 	tcx.interfaces = tcxInterfaceMap{}
-	tcx.programs = tcxProgramsMap{}
-	tcx.links = tcxLinksMap{}
+	tcx.programs = []*attachedProg{}
+	tcx.links = []*ifaceLink{}
 
 	tcx.log.Debug("TCX completed shutdown")
 }
@@ -117,22 +122,57 @@ func (tcx *tcxManager) AddProgram(name string, prog *ebpf.Program, attachment At
 	defer tcx.mutex.Unlock()
 
 	p := &attachedProg{
-		prog:       prog,
+		Program:    prog,
 		attachType: attachment,
+		name:       name,
 	}
 
-	tcx.programs[name] = p
-	tcx.attachProgramLocked(name, p)
+	tcx.programs = append(tcx.programs, p)
+	tcx.attachProgramLocked(p)
+}
+
+func (tcx *tcxManager) attachProgramLocked(prog *attachedProg) {
+	for iface := range tcx.interfaces {
+		tcx.attachProgramToIfaceLocked(prog, iface)
+	}
 }
 
 func (tcx *tcxManager) RemoveProgram(name string) {
-	delete(tcx.programs, name)
+	tcx.mutex.Lock()
+	defer tcx.mutex.Unlock()
+
+	tcx.unlinkProgramLocked(name)
+	tcx.removeProgramLocked(name)
 }
 
-func (tcx *tcxManager) attachProgramLocked(_ string, prog *attachedProg) {
-	for iface := range tcx.interfaces {
-		tcx.attachProgramToIfaceLocked(prog, iface)
+func (tcx *tcxManager) removeProgramLocked(name string) {
+	closeProgs := func(prog *attachedProg) {
+		if prog.name != name {
+			return
+		}
+
+		if err := prog.Close(); err != nil {
+			tcx.log.Error("Failed to close program", "program", prog, "error", err)
+		}
+	}
+
+	apply(tcx.programs, closeProgs)
+	tcx.programs = removeIf(tcx.programs, func(prog *attachedProg) bool { return prog.name == name })
+}
+
+func (tcx *tcxManager) unlinkProgramLocked(name string) {
+	closeLinks := func(link *ifaceLink) {
+		if link.progName != name {
+			return
+		}
+
+		if err := link.Close(); err != nil {
+			tcx.log.Error("Failed to unlink program", "program", name, "error", err)
+		}
 	}
+
+	apply(tcx.links, closeLinks)
+	tcx.links = removeIf(tcx.links, func(link *ifaceLink) bool { return link.progName == name })
 }
 
 func (tcx *tcxManager) attachProgramToIfaceLocked(prog *attachedProg, iface int) {
@@ -143,12 +183,12 @@ func (tcx *tcxManager) attachProgramToIfaceLocked(prog *attachedProg, iface int)
 	attachType, err := tcxAttachType(prog.attachType)
 
 	if err != nil {
-		tcx.log.Error("Error attaching program", "error", err)
+		tcx.log.Error("Error attaching program", "program", prog.name, "error", err)
 		return
 	}
 
 	link, err := link.AttachTCX(link.TCXOptions{
-		Program:   prog.prog,
+		Program:   prog.Program,
 		Attach:    attachType,
 		Interface: iface,
 		Anchor:    link.Head(),
@@ -159,7 +199,7 @@ func (tcx *tcxManager) attachProgramToIfaceLocked(prog *attachedProg, iface int)
 		return
 	}
 
-	tcx.links[iface] = append(tcx.links[iface], link)
+	tcx.links = append(tcx.links, &ifaceLink{Link: link, progName: prog.name, iface: iface})
 }
 
 func (tcx *tcxManager) onInterfaceAdded(iface ifaces.Interface) {
@@ -192,17 +232,14 @@ func (tcx *tcxManager) removeInterfaceLocked(iface ifaces.Interface) {
 }
 
 func (tcx *tcxManager) closeLinksLocked(iface ifaces.Interface) {
-	links, ok := tcx.links[iface.Index]
-
-	if !ok {
-		return
-	}
-
-	for _, link := range links {
-		link.Close()
+	closeLinks := func(link *ifaceLink) {
+		if link.iface == iface.Index {
+			link.Close()
+		}
 	}
 
-	delete(tcx.links, iface.Index)
+	apply(tcx.links, closeLinks)
+	tcx.links = removeIf(tcx.links, func(l *ifaceLink) bool { return l.iface == iface.Index })
 }
 
 func (tcx *tcxManager) InterfaceName(ifaceIndex int) (string, bool) {

diff --git a/pkg/internal/ebpf/tcmanager/util.go b/pkg/internal/ebpf/tcmanager/util.go
@@ -0,0 +1,20 @@
+package tcmanager
+
+func removeIf[T any](s []T, pred func(T) bool) []T {
+	i := 0
+
+	for _, v := range s {
+		if !pred(v) {
+			s[i] = v
+			i++
+		}
+	}
+
+	return s[:i]
+}
+
+func apply[T any](s []T, applyFunc func(T)) {
+	for _, v := range s {
+		applyFunc(v)
+	}
+}