From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
simon.horman@netronome.com, willemb@google.com,
peterpenkov96@gmail.com, Stanislav Fomichev <sdf@google.com>
Subject: [RFC bpf-next v2 0/9] net: flow_dissector: trigger BPF hook when called from eth_get_headlen
Date: Tue, 19 Mar 2019 15:19:39 -0700 [thread overview]
Message-ID: <20190319221948.170441-1-sdf@google.com> (raw)
Currently, when eth_get_headlen calls flow dissector, it doesn't pass any
skb. Because we use passed skb to lookup associated networking namespace
to find whether we have a BPF program attached or not, we always use
C-based flow dissector in this case.
The goal of this patch series is to add new networking namespace argument
to the eth_get_headlen and make BPF flow dissector programs be able to
work in the skb-less case.
The series goes like this:
1. introduce a bunch of skb initialization helpers; those will be used to
initialize temporary skb
2. introduce skb_net which can be used to get networking namespace
associated with an skb
3. add new optional network namespace argument to __skb_flow_dissect and
plumb through the callers
4. prepare for new bpf flow dissector flavor, create some common routines
and do some renames
5. restrict access to a limited set of __sk_buff fields from flow
dissector programs
6. add new bpf_flow_dissect which uses temporary per-cpu skb and calls
BPF flow dissector program
7. convert flow dissector BPF_PROG_TEST_RUN to skb-less mode to show that
it works
8. add selftest that makes sure going over the packet bounds in
bpf_skb_load_bytes with shinfo-less skb doesn't cause any problems
9. add new net namespace argument to eth_get_headlen and convert the
callers
v2:
* moved temporary skb from stack into percpu (avoids memset of ~200 bytes
per packet)
* tightened down access to __sk_buff fields from flow dissector programs to
avoid touching shinfo (whitelist only relevant fields)
* addressed suggestions from Willem
Stanislav Fomichev (9):
net: introduce __init_skb{,_data,_shinfo} helpers
net: introduce skb_net helper
net: plumb network namespace into __skb_flow_dissect
net: flow_dissector: prepare for no-skb use case
flow_dissector: allow access only to a subset of __sk_buff fields
net: flow_dissector: handle no-skb use case
bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode
selftests/bpf: add flow dissector bpf_skb_load_bytes helper test
net: flow_dissector: pass net argument to the eth_get_headlen
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 3 +-
.../net/ethernet/hisilicon/hns3/hns3_enet.c | 3 +-
drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 +-
drivers/net/ethernet/intel/iavf/iavf_txrx.c | 2 +-
drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +-
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
drivers/net/ethernet/intel/igc/igc_main.c | 2 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +-
.../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 +-
.../net/ethernet/mellanox/mlx5/core/en_tx.c | 3 +-
drivers/net/tun.c | 3 +-
include/linux/etherdevice.h | 2 +-
include/linux/skbuff.h | 48 +++++--
net/bpf/test_run.c | 48 ++-----
net/core/filter.c | 13 +-
net/core/flow_dissector.c | 135 +++++++++++++-----
net/core/skbuff.c | 76 +++++-----
net/ethernet/eth.c | 8 +-
.../prog_tests/flow_dissector_load_bytes.c | 50 +++++++
21 files changed, 269 insertions(+), 143 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c
--
2.21.0.225.g810b269d1ac-goog
next reply other threads:[~2019-03-19 22:19 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 22:19 Stanislav Fomichev [this message]
2019-03-19 22:19 ` [RFC bpf-next v2 1/9] net: introduce __init_skb{,_data,_shinfo} helpers Stanislav Fomichev
2019-03-21 3:39 ` Alexei Starovoitov
2019-03-21 4:44 ` Eric Dumazet
2019-03-21 13:58 ` Willem de Bruijn
2019-03-21 15:44 ` Stanislav Fomichev
2019-03-21 16:00 ` Alexei Starovoitov
2019-03-21 16:13 ` Willem de Bruijn
2019-03-21 20:56 ` Alexei Starovoitov
2019-03-21 21:13 ` Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 2/9] net: introduce skb_net helper Stanislav Fomichev
2019-03-20 2:14 ` Willem de Bruijn
2019-03-20 16:49 ` Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 3/9] net: plumb network namespace into __skb_flow_dissect Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 4/9] net: flow_dissector: prepare for no-skb use case Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 5/9] flow_dissector: allow access only to a subset of __sk_buff fields Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 6/9] net: flow_dissector: handle no-skb use case Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 7/9] bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode Stanislav Fomichev
2019-03-20 2:14 ` Willem de Bruijn
2019-03-20 16:57 ` Stanislav Fomichev
2019-03-20 18:29 ` Willem de Bruijn
2019-03-20 19:02 ` Stanislav Fomichev
2019-03-20 19:08 ` Willem de Bruijn
2019-03-20 19:19 ` Stanislav Fomichev
2019-03-20 19:23 ` Willem de Bruijn
2019-03-20 19:48 ` Stanislav Fomichev
2019-03-20 20:03 ` Willem de Bruijn
2019-03-19 22:19 ` [RFC bpf-next v2 8/9] selftests/bpf: add flow dissector bpf_skb_load_bytes helper test Stanislav Fomichev
2019-03-19 22:19 ` [RFC bpf-next v2 9/9] net: flow_dissector: pass net argument to the eth_get_headlen Stanislav Fomichev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190319221948.170441-1-sdf@google.com \
--to=sdf@google.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=peterpenkov96@gmail.com \
--cc=simon.horman@netronome.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.