From: Florian Westphal <fw@strlen.de>
To: Edward Cree <ecree@solarflare.com>
Cc: Florian Westphal <fw@strlen.de>,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org, ast@kernel.org, pablo@netfilter.org
Subject: Re: [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer
Date: Tue, 6 Mar 2018 19:03:09 +0100 [thread overview]
Message-ID: <20180306180309.GB20009@breakpoint.cc> (raw)
In-Reply-To: <4bf36b07-6c7f-bada-54d4-88a17f32355b@solarflare.com>
Edward Cree <ecree@solarflare.com> wrote:
> On 06/03/18 16:42, Florian Westphal wrote:
> > I would also add 'highlevel' objects that are themselves translated into
> > basic operations. Most obvious example
> > are 'fetch 4 bytes x bytes into transport header'.
> >
> > Frontend should not need to bother with ipv4 details, such as ip
> > options. Instead IMR should take care of this and generate the needed
> > instructions to fetch iph->ihl and figure out the correct transport
> > header offset.
> Presumably then for this the IMR regs will cease to have any connection to
> ï¿œBPF regs and will simply be (SSA?) r0, r1, ... as far as needed (not
> ᅵlimited to 10 regs like BPF)?ᅵ Then register allocation all happens in
> ï¿œthe IMR->BPF conversion (even for things 64 bits or smaller).
>
> I wonder how sophisticated we should be about register allocation; whether
> ï¿œwe should go the whole hog with graph-colouring algorithms or linear
> ï¿œscan, or just do something naï¿œve like an LRU.
>
> Relatedly, should we spill values to the stack when we run out of
> ï¿œregisters, or should we just rely on being able to rematerialise them
> ï¿œfrom parsing the packet again?
I don't know. I suspect we should go for naive algorithm only,
but I would defer such decision to Alexei/Daniel.
f.e. i don't know if using llvm is a good idea or not, I did not
intend to turn proposed imr into full blown compiler in any case,
I only want to avoid code duplication for iptables/nftables -> ebpf
translator.
next prev parent reply other threads:[~2018-03-06 18:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-04 19:40 [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer Florian Westphal
2018-03-04 19:40 ` [RFC,POC 1/3] bpfilter: add experimental IMR bpf translator Florian Westphal
2018-03-04 19:40 ` [RFC,POC 2/3] bpfilter: add nftables jit proof-of-concept Florian Westphal
2018-03-04 19:40 ` [RFC,POC 3/3] bpfilter: switch bpfilter to iptables->IMR translation Florian Westphal
2018-03-06 14:22 ` [RFC,POC] iptables/nftables to epbf/xdp via common intermediate layer Daniel Borkmann
2018-03-06 16:42 ` Florian Westphal
2018-03-06 17:24 ` Edward Cree
2018-03-06 18:03 ` Florian Westphal [this message]
2018-03-06 18:18 ` Edward Cree
2018-03-15 16:13 ` Alexei Starovoitov
2018-03-15 17:00 ` Florian Westphal
2018-03-15 20:26 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180306180309.GB20009@breakpoint.cc \
--to=fw@strlen.de \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=ecree@solarflare.com \
--cc=netdev@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.