From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: David Miller <davem@davemloft.net>,
john.fastabend@gmail.com, daniel@iogearbox.net, mst@redhat.com,
shm@cumulusnetworks.com, tgraf@suug.ch,
john.r.fastabend@intel.com, netdev@vger.kernel.org,
brouer@redhat.com
Subject: XDP_DROP and XDP_TX (Was: Re: [net-next PATCH v5 0/6] XDP for virtio_net)
Date: Tue, 13 Dec 2016 09:46:01 +0100 [thread overview]
Message-ID: <20161213094601.7098090e@redhat.com> (raw)
In-Reply-To: <20161208193814.GA1954@ast-mbp.thefacebook.com>
On Thu, 8 Dec 2016 11:38:16 -0800
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> On Thu, Dec 08, 2016 at 02:17:02PM -0500, David Miller wrote:
> > From: John Fastabend <john.fastabend@gmail.com>
> > Date: Wed, 07 Dec 2016 12:10:47 -0800
> >
[...]
> > > Can't we disable XDP_TX somehow? Many people might only want RX drop,
> > > and extra queues are not always there.
> > >
> >
> > Alexei, Daniel, any thoughts on this?
>
> I don't like it.
I don't know that the use-case virtio XDP_TX is, but I still think we
should implement it for this virtio_net driver, as it allow easier
testing of XDP programs without physical HW.
BUT I do believe XDP_DROP and XDP_TX should be two different capabilities.
I can easily imagine that an older driver only wants to implement the
XDP_DROP facility. The reason is that XDP_TX would require changing too
much driver code, which is a concern for an old, stable and time-proven
driver.
I can also imagine wanting to implement XDP_DROP on my OpenWRT home
router, which I don't think can get an extra HW TX queue for XDP_TX.
I even have a practical use-case for my OpenWRT home router. I
experience a Windows machine being connected to my home network, it
caused some (WiFi) traffic storm that overloaded the small OpenWRT box,
so much that it couldn't even route packets for other machines
connected (on Ethernet). This could also be an IoT device or an
infected machine participating in a DDoS attack. I fairly quickly
identified the bad machine and disconnected it from the network, but
for e.g. conference or hotel networks is can be harder to identify and
disconnect offenders. An XDP eBPF (ddos) filter could allow the sysadm
to "virtually" disconnect a certain MAC address, and restore operation.
> > I know we were trying to claim some base level of feature support for
> > all XDP drivers. I am sympathetic to this argument though for DDOS we
> > do not need XDP_TX support. And virtio can become queue constrained
> > in some cases.
>
> Without XDP_TX it's too crippled. adjust_head() won't be possible,
> packet mangling would have to be disabled and so on.
Even without XDP_TX support, adjust_head() must be supported. The
XDP_PASS action still requires ability to modify the packet.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
next prev parent reply other threads:[~2016-12-13 8:46 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-07 20:10 [net-next PATCH v5 0/6] XDP for virtio_net John Fastabend
2016-12-07 20:11 ` [net-next PATCH v5 1/6] net: virtio dynamically disable/enable LRO John Fastabend
2016-12-08 21:36 ` Michael S. Tsirkin
2016-12-09 0:04 ` John Fastabend
2016-12-09 3:05 ` Michael S. Tsirkin
2016-12-14 13:31 ` Michael S. Tsirkin
2016-12-14 17:01 ` John Fastabend
2016-12-15 16:35 ` Michael S. Tsirkin
2016-12-07 20:11 ` [net-next PATCH v5 2/6] net: xdp: add invalid buffer warning John Fastabend
2016-12-07 20:11 ` [net-next PATCH v5 3/6] virtio_net: Add XDP support John Fastabend
2016-12-08 4:48 ` Michael S. Tsirkin
2016-12-08 5:14 ` John Fastabend
2016-12-08 5:54 ` Michael S. Tsirkin
2016-12-07 20:12 ` [net-next PATCH v5 4/6] virtio_net: add dedicated XDP transmit queues John Fastabend
2016-12-08 5:59 ` Michael S. Tsirkin
2016-12-08 17:10 ` John Fastabend
2016-12-07 20:12 ` [net-next PATCH v5 5/6] virtio_net: add XDP_TX support John Fastabend
2016-12-08 6:11 ` Michael S. Tsirkin
2016-12-08 18:18 ` John Fastabend
2016-12-08 21:08 ` Michael S. Tsirkin
2016-12-08 21:18 ` Michael S. Tsirkin
2016-12-08 21:25 ` John Fastabend
2016-12-08 21:45 ` Michael S. Tsirkin
2016-12-08 21:51 ` John Fastabend
2016-12-07 20:13 ` [net-next PATCH v5 6/6] virtio_net: xdp, add slowpath case for non contiguous buffers John Fastabend
2016-12-08 19:17 ` [net-next PATCH v5 0/6] XDP for virtio_net David Miller
2016-12-08 19:38 ` Alexei Starovoitov
2016-12-08 20:46 ` John Fastabend
2016-12-08 20:58 ` Michael S. Tsirkin
2016-12-08 21:10 ` Michael S. Tsirkin
2016-12-08 21:08 ` Alexei Starovoitov
2016-12-08 22:16 ` David Miller
2016-12-09 3:01 ` Michael S. Tsirkin
2016-12-13 8:46 ` Jesper Dangaard Brouer [this message]
2016-12-08 21:16 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161213094601.7098090e@redhat.com \
--to=brouer@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=john.r.fastabend@intel.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=shm@cumulusnetworks.com \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.