lib: cgen: add gen_inline_log flavor callback

yaakov-stein · yaakov-stein · commit e014ec7d7171 · 2026-03-27T13:57:46.000-07:00
diff --git a/src/libbpfilter/cgen/cgroup_skb.c b/src/libbpfilter/cgen/cgroup_skb.c
@@ -161,4 +161,5 @@ const struct bf_flavor_ops bf_flavor_ops_cgroup_skb = {
     .gen_inline_set_mark = _bf_cgroup_skb_gen_inline_set_mark,
     .get_verdict = _bf_cgroup_skb_get_verdict,
     .gen_inline_matcher = _bf_cgroup_skb_gen_inline_matcher,
+    .gen_inline_log = bf_packet_gen_inline_log,
 };
diff --git a/src/libbpfilter/cgen/cgroup_sock_addr.c b/src/libbpfilter/cgen/cgroup_sock_addr.c
@@ -273,9 +273,23 @@ static int _bf_cgroup_sock_addr_get_verdict(enum bf_verdict verdict)
     }
 }
 
+static int _bf_cgroup_sock_addr_gen_inline_log(struct bf_program *program,
+                                               const struct bf_rule *rule)
+{
+    assert(program);
+    assert(rule);
+
+    (void)program;
+    (void)rule;
+
+    return bf_err_r(-ENOTSUP,
+                    "logging is not yet supported for cgroup_sock_addr");
+}
+
 const struct bf_flavor_ops bf_flavor_ops_cgroup_sock_addr = {
     .gen_inline_prologue = _bf_cgroup_sock_addr_gen_inline_prologue,
     .gen_inline_epilogue = _bf_cgroup_sock_addr_gen_inline_epilogue,
     .get_verdict = _bf_cgroup_sock_addr_get_verdict,
     .gen_inline_matcher = _bf_cgroup_sock_addr_gen_inline_matcher,
+    .gen_inline_log = _bf_cgroup_sock_addr_gen_inline_log,
 };
diff --git a/src/libbpfilter/cgen/nf.c b/src/libbpfilter/cgen/nf.c
@@ -176,4 +176,5 @@ const struct bf_flavor_ops bf_flavor_ops_nf = {
     .gen_inline_epilogue = _bf_nf_gen_inline_epilogue,
     .get_verdict = _bf_nf_get_verdict,
     .gen_inline_matcher = _bf_nf_gen_inline_matcher,
+    .gen_inline_log = bf_packet_gen_inline_log,
 };
diff --git a/src/libbpfilter/cgen/packet.c b/src/libbpfilter/cgen/packet.c
@@ -14,14 +14,17 @@
 #include <errno.h>
 #include <stdint.h>
 
+#include <bpfilter/elfstub.h>
 #include <bpfilter/helper.h>
 #include <bpfilter/logger.h>
 #include <bpfilter/matcher.h>
+#include <bpfilter/rule.h>
 
 #include "cgen/matcher/cmp.h"
 #include "cgen/matcher/meta.h"
 #include "cgen/matcher/set.h"
 #include "cgen/program.h"
+#include "cgen/runtime.h"
 #include "cgen/stub.h"
 #include "filter.h"
 
@@ -355,3 +358,25 @@ int bf_packet_gen_inline_matcher(struct bf_program *program,
                         bf_matcher_get_type(matcher));
     }
 }
+
+int bf_packet_gen_inline_log(struct bf_program *program,
+                             const struct bf_rule *rule)
+{
+    assert(program);
+    assert(rule);
+
+    EMIT(program, BPF_MOV64_REG(BPF_REG_1, BPF_REG_10));
+    EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, BF_PROG_CTX_OFF(arg)));
+    EMIT(program, BPF_MOV64_IMM(BPF_REG_2, rule->index));
+    EMIT(program, BPF_MOV64_IMM(BPF_REG_3, rule->log));
+    EMIT(program, BPF_MOV64_IMM(BPF_REG_4, rule->verdict));
+
+    // Pack l3_proto and l4_proto
+    EMIT(program, BPF_MOV64_REG(BPF_REG_5, BPF_REG_7));
+    EMIT(program, BPF_ALU64_IMM(BPF_LSH, BPF_REG_5, 16));
+    EMIT(program, BPF_ALU64_REG(BPF_OR, BPF_REG_5, BPF_REG_8));
+
+    EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_PKT_LOG);
+
+    return 0;
+}
diff --git a/src/libbpfilter/cgen/packet.h b/src/libbpfilter/cgen/packet.h
@@ -7,6 +7,7 @@
 
 struct bf_matcher;
 struct bf_program;
+struct bf_rule;
 
 /**
  * @brief Generate bytecode for a packet-based matcher.
@@ -25,3 +26,16 @@ struct bf_program;
  */
 int bf_packet_gen_inline_matcher(struct bf_program *program,
                                  const struct bf_matcher *matcher);
+
+/**
+ * @brief Generate bytecode for packet-based rule logging.
+ *
+ * Sets up registers and calls the packet log ELF stub. Shared by all
+ * packet-based flavors (TC, NF, XDP, cgroup_skb).
+ *
+ * @param program Program being generated. Can't be NULL.
+ * @param rule Rule whose log action to generate. Can't be NULL.
+ * @return 0 on success, negative errno on error.
+ */
+int bf_packet_gen_inline_log(struct bf_program *program,
+                             const struct bf_rule *rule);
diff --git a/src/libbpfilter/cgen/program.c b/src/libbpfilter/cgen/program.c
@@ -292,6 +292,7 @@ static int _bf_program_generate_rule(struct bf_program *program,
     assert(program);
     assert(rule);
     assert(program->runtime.ops->gen_inline_matcher);
+    assert(program->runtime.ops->gen_inline_log);
 
     if (rule->disabled)
         return 0;
@@ -346,18 +347,9 @@ static int _bf_program_generate_rule(struct bf_program *program,
     }
 
     if (rule->log) {
-        EMIT(program, BPF_MOV64_REG(BPF_REG_1, BPF_REG_10));
-        EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, BF_PROG_CTX_OFF(arg)));
-        EMIT(program, BPF_MOV64_IMM(BPF_REG_2, rule->index));
-        EMIT(program, BPF_MOV64_IMM(BPF_REG_3, rule->log));
-        EMIT(program, BPF_MOV64_IMM(BPF_REG_4, rule->verdict));
-
-        // Pack l3_proto and l4_proto
-        EMIT(program, BPF_MOV64_REG(BPF_REG_5, BPF_REG_7));
-        EMIT(program, BPF_ALU64_IMM(BPF_LSH, BPF_REG_5, 16));
-        EMIT(program, BPF_ALU64_REG(BPF_OR, BPF_REG_5, BPF_REG_8));
-
-        EMIT_FIXUP_ELFSTUB(program, BF_ELFSTUB_PKT_LOG);
+        r = program->runtime.ops->gen_inline_log(program, rule);
+        if (r)
+            return r;
     }
 
     if (rule->counters) {
diff --git a/src/libbpfilter/cgen/tc.c b/src/libbpfilter/cgen/tc.c
@@ -175,4 +175,5 @@ const struct bf_flavor_ops bf_flavor_ops_tc = {
     .gen_inline_redirect = _bf_tc_gen_inline_redirect,
     .get_verdict = _bf_tc_get_verdict,
     .gen_inline_matcher = _bf_tc_gen_inline_matcher,
+    .gen_inline_log = bf_packet_gen_inline_log,
 };
diff --git a/src/libbpfilter/cgen/xdp.c b/src/libbpfilter/cgen/xdp.c
@@ -125,4 +125,5 @@ const struct bf_flavor_ops bf_flavor_ops_xdp = {
     .gen_inline_redirect = _bf_xdp_gen_inline_redirect,
     .get_verdict = _bf_xdp_get_verdict,
     .gen_inline_matcher = bf_packet_gen_inline_matcher,
+    .gen_inline_log = bf_packet_gen_inline_log,
 };
diff --git a/src/libbpfilter/include/bpfilter/flavor.h b/src/libbpfilter/include/bpfilter/flavor.h
@@ -11,6 +11,7 @@
 
 struct bf_matcher;
 struct bf_program;
+struct bf_rule;
 
 /**
  * @file flavor.h
@@ -135,6 +136,19 @@ struct bf_flavor_ops
      */
     int (*gen_inline_matcher)(struct bf_program *program,
                               const struct bf_matcher *matcher);
+
+    /**
+     * @brief Generate bytecode for rule logging.
+     *
+     * Each flavor controls its own register setup and ELF stub selection.
+     * Required for all flavors.
+     *
+     * @param program Program being generated. Can't be NULL.
+     * @param rule Rule whose log action to generate. Can't be NULL.
+     * @return 0 on success, or negative errno on error.
+     */
+    int (*gen_inline_log)(struct bf_program *program,
+                          const struct bf_rule *rule);
 };
 
 /**
