From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Alexei Starovoitov <ast@plumgrid.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Daniel Borkmann <dborkman@redhat.com>,
Ingo Molnar <mingo@kernel.org>, Will Drewry <wad@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
"H. Peter Anvin" <hpa@zytor.com>,
Hagen Paul Pfeifer <hagen@jauu.net>,
Jesse Gross <jesse@nicira.com>,
Thomas Gleixner <tglx@linutronix.de>,
Eric Dumazet <edumazet@google.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Arnaldo Carvalho de Melo <acme@infradead.org>,
Pekka Enberg <penberg@iki.fi>,
Arjan van de Ven <arjan@infradead.org>,
Christoph Hellwig <hch@infradead.org>,
Pavel Emelyanov <xemul@parallels.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH v10 net-next 1/3] filter: add Extended BPF interpreter and converter
Date: Fri, 14 Mar 2014 13:58:22 +0100 [thread overview]
Message-ID: <20140314125822.GA16457@localhost> (raw)
In-Reply-To: <1394660614-4436-2-git-send-email-ast@plumgrid.com>
On Wed, Mar 12, 2014 at 02:43:32PM -0700, Alexei Starovoitov wrote:
> diff --git a/include/linux/filter.h b/include/linux/filter.h
> index e568c8ef896b..6e6aab5e062b 100644
> --- a/include/linux/filter.h
> +++ b/include/linux/filter.h
> @@ -25,20 +25,45 @@ struct sock;
> struct sk_filter
> {
> atomic_t refcnt;
> - unsigned int len; /* Number of filter blocks */
> + /* len - number of insns in sock_filter program
> + * len_ext - number of insns in socket_filter_ext program
> + * jited - true if either original or extended program was JITed
> + * orig_prog - original sock_filter program if not NULL
> + */
> + unsigned int len;
> + unsigned int len_ext;
> + unsigned int jited:1;
This is consuming 4 bytes just to store the jited bit. I think you can
scratch that bit from len, given the maximum filter length for bpf. I
think the the jited bit change that David suggested have to come in
first place as a separated patch in the series.
> + struct sock_filter *orig_prog;
If your new extended filtering is not used, this consumes 8 extra
bytes + len_ext (bytes) in x86_64. I think a more generic way to make
this is that you can move the original bpf filter and its length at
the bottom of this structure after insns to store something like:
struct sk_bpf_compat {
struct sock_filter *prog;
unsigned int len;
};
This would be only allocated when you filtering approach is used. For
that you'll need some enum in sk_filter to indicate the filtering
approach, but we'll save 8 bytes per filter in the end with regards to
this current patch.
> struct rcu_head rcu;
> - unsigned int (*bpf_func)(const struct sk_buff *skb,
> - const struct sock_filter *filter);
> + union {
> + unsigned int (*bpf_func)(const struct sk_buff *skb,
> + const struct sock_filter *fp);
> + unsigned int (*bpf_func_ext)(const struct sk_buff *skb,
> + const struct sock_filter_ext *fp);
> + };
> union {
> struct sock_filter insns[0];
> + struct sock_filter_ext insns_ext[0];
> struct work_struct work;
> };
> };
>
next prev parent reply other threads:[~2014-03-14 12:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-12 21:43 [PATCH v10 net-next 0/3] filter: add Extended BPF interpreter and converter, seccomp Alexei Starovoitov
2014-03-12 21:43 ` [PATCH v10 net-next 1/3] filter: add Extended BPF interpreter and converter Alexei Starovoitov
2014-03-14 12:58 ` Pablo Neira Ayuso [this message]
2014-03-14 15:37 ` Alexei Starovoitov
2014-03-14 19:51 ` Alexei Starovoitov
2014-03-14 20:08 ` David Miller
2014-03-15 19:53 ` Daniel Borkmann
2014-03-17 9:16 ` Pablo Neira Ayuso
2014-03-12 21:43 ` [PATCH v10 net-next 2/3] seccomp: convert seccomp to use extended BPF Alexei Starovoitov
2014-03-12 21:43 ` [PATCH v10 net-next 3/3] doc: filter: add Extended BPF documentation Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140314125822.GA16457@localhost \
--to=pablo@netfilter.org \
--cc=a.p.zijlstra@chello.nl \
--cc=acme@infradead.org \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=dborkman@redhat.com \
--cc=edumazet@google.com \
--cc=fweisbec@gmail.com \
--cc=hagen@jauu.net \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jesse@nicira.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=penberg@iki.fi \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.