Install Now
bpftool-net - tool for inspection of networking related bpf prog attachments
Contents
Description
bpftoolnet{show|list}[devNAME]
List bpf program attachments in the kernel networking subsystem.
Currently, device driver xdp attachments, tcx, netkit and old-style tc classifier/action
attachments, flow_dissector as well as netfilter attachments are implemented, i.e., for program
types BPF_PROG_TYPE_XDP, BPF_PROG_TYPE_SCHED_CLS, BPF_PROG_TYPE_SCHED_ACT,
BPF_PROG_TYPE_FLOW_DISSECTOR, BPF_PROG_TYPE_NETFILTER.
For programs attached to a particular cgroup, e.g., BPF_PROG_TYPE_CGROUP_SKB,
BPF_PROG_TYPE_CGROUP_SOCK, BPF_PROG_TYPE_SOCK_OPS and BPF_PROG_TYPE_CGROUP_SOCK_ADDR, users can
use bpftoolcgroup to dump cgroup attachments. For sk_{filter, skb, msg, reuseport} and lwt/seg6
bpf programs, users should consult other tools, e.g., iproute2.
The current output will start with all xdp program attachments, followed by all tcx, netkit, then
tc class/qdisc bpf program attachments, then flow_dissector and finally netfilter programs. Both
xdp programs and tcx/netkit/tc programs are ordered based on ifindex number. If multiple bpf
programs attached to the same networking device through tc, the order will be first all bpf
programs attached to tcx, netkit, then tc classes, then all bpf programs attached to non clsact
qdiscs, and finally all bpf programs attached to root and clsact qdisc.
bpftoolnetattachATTACH_TYPEPROGdevNAME[overwrite]
Attach bpf program PROG to network interface NAME with type specified by ATTACH_TYPE. Previously
attached bpf program can be replaced by the command used with overwrite option. Currently, only
XDP-related modes are supported for ATTACH_TYPE.
ATTACH_TYPE can be of: xdp - try native XDP and fallback to generic XDP if NIC driver does not
support it; xdpgeneric - Generic XDP. runs at generic XDP hook when packet already enters receive
path as skb; xdpdrv - Native XDP. runs earliest point in driver's receive path; xdpoffload -
Offload XDP. runs directly on NIC on each packet reception; tcx_ingress - Ingress TCX. runs on
ingress net traffic; tcx_egress - Egress TCX. runs on egress net traffic;
bpftoolnetdetachATTACH_TYPEdevNAME
Detach bpf program attached to network interface NAME with type specified by ATTACH_TYPE. To
detach bpf program, same ATTACH_TYPE previously used for attach must be specified. Currently, only
XDP-related modes are supported for ATTACH_TYPE.
bpftoolnethelp
Print short help message.
Examples
#bpftoolnet
xdp:
eth0(2) driver id 198
tc:
eth0(2) htb name prefix_matcher.o:[cls_prefix_matcher_htb] id 111727 act []
eth0(2) clsact/ingress fbflow_icmp id 130246 act []
eth0(2) clsact/egress prefix_matcher.o:[cls_prefix_matcher_clsact] id 111726
eth0(2) clsact/egress cls_fg_dscp id 108619 act []
eth0(2) clsact/egress fbflow_egress id 130245
#bpftool-jpnet
[{
"xdp": [{
"devname": "eth0",
"ifindex": 2,
"mode": "driver",
"id": 198
}
],
"tc": [{
"devname": "eth0",
"ifindex": 2,
"kind": "htb",
"name": "prefix_matcher.o:[cls_prefix_matcher_htb]",
"id": 111727,
"act": []
},{
"devname": "eth0",
"ifindex": 2,
"kind": "clsact/ingress",
"name": "fbflow_icmp",
"id": 130246,
"act": []
},{
"devname": "eth0",
"ifindex": 2,
"kind": "clsact/egress",
"name": "prefix_matcher.o:[cls_prefix_matcher_clsact]",
"id": 111726,
},{
"devname": "eth0",
"ifindex": 2,
"kind": "clsact/egress",
"name": "cls_fg_dscp",
"id": 108619,
"act": []
},{
"devname": "eth0",
"ifindex": 2,
"kind": "clsact/egress",
"name": "fbflow_egress",
"id": 130245,
}
]
}
]
#bpftoolnetattachxdpdrvid16devenp6s0np0#bpftoolnet
xdp:
enp6s0np0(4) driver id 16
#bpftoolnetattachxdpdrvid16devenp6s0np0#bpftoolnetattachxdpdrvid20devenp6s0np0overwrite#bpftoolnet
xdp:
enp6s0np0(4) driver id 20
#bpftoolnetattachxdpdrvid16devenp6s0np0#bpftoolnetdetachxdpdrvdevenp6s0np0#bpftoolnet
xdp:
#bpftoolnetattachtcx_ingressnametc_progdevlo#bpftoolnet
tc:
lo(1) tcx/ingress tc_prog prog_id 29
#bpftoolnetattachtcx_ingressnametc_progdevlo#bpftoolnetdetachtcx_ingressdevlo#bpftoolnet
tc:
Name
bpftool-net - tool for inspection of networking related bpf prog attachments
Net Commands
bpftoolnet { show | list } [ devNAME ]
bpftoolnetattachATTACH_TYPEPROGdevNAME [ overwrite ]
bpftoolnetdetachATTACH_TYPEdevNAMEbpftoolnethelpPROG := { idPROG_ID | pinnedFILE | tagPROG_TAG | namePROG_NAME }
ATTACH_TYPE := { xdp | xdpgeneric | xdpdrv | xdpoffload | tcx_ingress | tcx_egress }
Options
-h, --help
Print short help message (similar to bpftoolhelp).
-V, --version
Print bpftool's version number (similar to bpftoolversion), the number of the libbpf version in
use, and optional features that were included when bpftool was compiled. Optional features include
linking against LLVM or libbfd to provide the disassembler for JIT-ted programs (bpftoolprogdumpjited) and usage of BPF skeletons (some features like bpftoolprogprofile or showing pids
associated to BPF objects may rely on it).
-j, --json
Generate JSON output. For commands that cannot produce JSON, this option has no effect.
-p, --pretty
Generate human-readable JSON output. Implies -j.
-d, --debug
Print all logs available, even debug-level information. This includes logs from libbpf as well as
from the verifier, when attempting to load programs.
See Also
bpf(2), bpf-helpers(7), bpftool(8), bpftool-btf(8), bpftool-cgroup(8), bpftool-feature(8), bpftool-gen(8), bpftool-iter(8), bpftool-link(8), bpftool-map(8), bpftool-perf(8), bpftool-prog(8), bpftool-struct_ops(8) BPFTOOL-NET(8)
Synopsis
bpftool [OPTIONS] netCOMMANDOPTIONS := { { -j | --json } [{ -p | --pretty }] | { -d | --debug } }
COMMANDS := { show | list | attach | detach | help }
PNG Icons
