* CPU redirect and skb mode
@ 2018-01-04 0:18 Eric Leblond
2018-01-04 7:15 ` Jesper Dangaard Brouer
0 siblings, 1 reply; 4+ messages in thread
From: Eric Leblond @ 2018-01-04 0:18 UTC (permalink / raw)
To: xdp-newbies
Hello,
I'm currently working on implementing XDP CPU redirect map inside
Suricata.
I've used CPU redirect map on my test laptop that has only skb mode
available and my implementation was failing with result being almost
all packets if not all were dropped.
So I decided to build the XPD sample and test them:
sudo ./xdp_redirect_cpu --debug -d wlan0 --cpu 4 -S
The result was the same with packet blocked.
Am I missing something in the setup ?
For those interested, I've pushed my POC implementation here:
https://github.com/regit/suricata/commit/b1369fd0dc3a22a932190846a8bcbec4bfbd34b2
BR,
--
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CPU redirect and skb mode
2018-01-04 0:18 CPU redirect and skb mode Eric Leblond
@ 2018-01-04 7:15 ` Jesper Dangaard Brouer
2018-01-04 7:59 ` Eric Leblond
0 siblings, 1 reply; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2018-01-04 7:15 UTC (permalink / raw)
To: Eric Leblond; +Cc: xdp-newbies, brouer
On Thu, 04 Jan 2018 01:18:29 +0100 Eric Leblond <eric@regit.org> wrote:
> Hello,
>
> I'm currently working on implementing XDP CPU redirect map inside
> Suricata.
>
> I've used CPU redirect map on my test laptop that has only skb mode
> available and my implementation was failing with result being almost
> all packets if not all were dropped.
Remember that the tool xdp_monitor helps identify if XDP drops packets.
(It's on my TODO list to expose the return values, until now I've just
used the existing perf record/script to inspect the individual return
ERRNO's when I needed more details).
Maybe suricata should attach itself to the XDP error tracepoints, to
help the user experience?
> So I decided to build the XPD sample and test them:
>
> sudo ./xdp_redirect_cpu --debug -d wlan0 --cpu 4 -S
I notice the -S option, which long option is --skb-mode.
> The result was the same with packet blocked.
>
> Am I missing something in the setup ?
The cpumap redirect feature does not for for skb-mode.
It's on my TODO-list to make it work for skb-mode, but I got
side-tracked after netconf (implementing xdp_rxq_info). From a
performance PoV it goes against the basic idea of CPUMAP, which is to
move the SKB allocation to another CPU. But for completeness sake I
will implement this, it just requires the cpumap-code handle both
xdp_buff's and SKB's in its queue.
> For those interested, I've pushed my POC implementation here:
> https://github.com/regit/suricata/commit/b1369fd0dc3a22a932190846a8bcbec4bfbd34b2
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CPU redirect and skb mode
2018-01-04 7:15 ` Jesper Dangaard Brouer
@ 2018-01-04 7:59 ` Eric Leblond
2018-01-04 9:58 ` Jesper Dangaard Brouer
0 siblings, 1 reply; 4+ messages in thread
From: Eric Leblond @ 2018-01-04 7:59 UTC (permalink / raw)
To: Jesper Dangaard Brouer; +Cc: xdp-newbies
Hello Jesper,
On Thu, 2018-01-04 at 08:15 +0100, Jesper Dangaard Brouer wrote:
> On Thu, 04 Jan 2018 01:18:29 +0100 Eric Leblond <eric@regit.org>
> wrote:
>
> > Hello,
> >
> > I'm currently working on implementing XDP CPU redirect map inside
> > Suricata.
> >
> > I've used CPU redirect map on my test laptop that has only skb mode
> > available and my implementation was failing with result being
> > almost
> > all packets if not all were dropped.
>
> Remember that the tool xdp_monitor helps identify if XDP drops
> packets.
> (It's on my TODO list to expose the return values, until now I've
> just
> used the existing perf record/script to inspect the individual return
> ERRNO's when I needed more details).
>
> Maybe suricata should attach itself to the XDP error tracepoints, to
> help the user experience?
Gonna look at it and see if it is doable.
>
> > So I decided to build the XPD sample and test them:
> >
> > sudo ./xdp_redirect_cpu --debug -d wlan0 --cpu 4 -S
>
> I notice the -S option, which long option is --skb-mode.
Yes, I don't have a network card with XDP enable driver available on my
laptop.
> > The result was the same with packet blocked.
> >
> > Am I missing something in the setup ?
>
> The cpumap redirect feature does not for for skb-mode.
>
> It's on my TODO-list to make it work for skb-mode, but I got
> side-tracked after netconf (implementing xdp_rxq_info). From a
> performance PoV it goes against the basic idea of CPUMAP, which is to
> move the SKB allocation to another CPU.
I second that, this is just pointless.
> But for completeness sake I
> will implement this, it just requires the cpumap-code handle both
> xdp_buff's and SKB's in its queue.
Or you could just error if ever a BOF with CPU redirect is used in a
skb-mode ?
++
--
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: CPU redirect and skb mode
2018-01-04 7:59 ` Eric Leblond
@ 2018-01-04 9:58 ` Jesper Dangaard Brouer
0 siblings, 0 replies; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2018-01-04 9:58 UTC (permalink / raw)
To: Eric Leblond; +Cc: xdp-newbies, brouer
On Thu, 04 Jan 2018 08:59:53 +0100
Eric Leblond <eric@regit.org> wrote:
> Hello Jesper,
>
> On Thu, 2018-01-04 at 08:15 +0100, Jesper Dangaard Brouer wrote:
> > On Thu, 04 Jan 2018 01:18:29 +0100 Eric Leblond <eric@regit.org>
> > wrote:
> >
> > > Hello,
> > >
> > > I'm currently working on implementing XDP CPU redirect map inside
> > > Suricata.
> > >
> > > I've used CPU redirect map on my test laptop that has only skb mode
> > > available and my implementation was failing with result being
> > > almost
> > > all packets if not all were dropped.
> >
> > Remember that the tool xdp_monitor helps identify if XDP drops
> > packets.
> > (It's on my TODO list to expose the return values, until now I've
> > just
> > used the existing perf record/script to inspect the individual return
> > ERRNO's when I needed more details).
> >
> > Maybe suricata should attach itself to the XDP error tracepoints, to
> > help the user experience?
>
> Gonna look at it and see if it is doable.
Notice that the xdp redirect tracepoints have an "_err" variant. For
performance reasons, thus only attach to the xdp_redirect_{map_,}err
variants.
The current XDP tracepoints available are:
$ perf list | grep xdp
xdp:xdp_cpumap_enqueue [Tracepoint event]
xdp:xdp_cpumap_kthread [Tracepoint event]
xdp:xdp_exception [Tracepoint event]
xdp:xdp_redirect [Tracepoint event]
xdp:xdp_redirect_err [Tracepoint event]
xdp:xdp_redirect_map [Tracepoint event]
xdp:xdp_redirect_map_err [Tracepoint event]
It will be useful to attach to 'xdp:xdp_exception', as returning
XDP_ABORTED will activate this tracepoint, giving developers of XDP
programs an easy way to signal error cases in execution.
> >
> > > So I decided to build the XPD sample and test them:
> > >
> > > sudo ./xdp_redirect_cpu --debug -d wlan0 --cpu 4 -S
> >
> > I notice the -S option, which long option is --skb-mode.
>
> Yes, I don't have a network card with XDP enable driver available on my
> laptop.
>
> > > The result was the same with packet blocked.
> > >
> > > Am I missing something in the setup ?
> >
> > The cpumap redirect feature does not for for skb-mode.
Typo (s/for/work) let me update the sentence:
"The cpumap redirect feature does not work for skb-mode."
> > It's on my TODO-list to make it work for skb-mode, but I got
> > side-tracked after netconf (implementing xdp_rxq_info). From a
> > performance PoV it goes against the basic idea of CPUMAP, which is to
> > move the SKB allocation to another CPU.
>
> I second that, this is just pointless.
I actually predict that it will still be faster than RPS, thus there is
still a performance argument for doing this. (I'm tempted to code it
up, just to see how much faster...)
> > But for completeness sake I
> > will implement this, it just requires the cpumap-code handle both
> > xdp_buff's and SKB's in its queue.
>
> Or you could just error if ever a BOF with CPU redirect is used in a
> skb-mode ?
(Assuming typo: s/BOF/BPF)
Due to how eBPF+tailcalls and XDP-attach interact, we cannot detect and
reject the eBPF program at XDP-attach time. Normally the eBPF program
gets loaded into the kernel _before_ attaching it to the driver
XDP-hook. Which means we (at XDP-driver attach time) could simply walk
the eBPF program and maps to detect any use of cpumap. *BUT* due to
BPF-tailcalls new BPF-progs can be attached _after_ the XDP-attach step.
(I actually coded up a solution, that added XDP feature bits to
bpf-progs and bpf-maps, thus allowing to revalidate when attaching new
tailcalls... but it was too complex code)
For now, skb-mode using cpumap will result in a runtime tracepoint
(xdp:xdp_redirect_map_err) error event with errno-code: EBADRQC.
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-01-04 9:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-04 0:18 CPU redirect and skb mode Eric Leblond
2018-01-04 7:15 ` Jesper Dangaard Brouer
2018-01-04 7:59 ` Eric Leblond
2018-01-04 9:58 ` Jesper Dangaard Brouer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.