From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
simon.horman@netronome.com, willemb@google.com,
peterpenkov96@gmail.com, Stanislav Fomichev <sdf@google.com>
Subject: [PATCH bpf-next v5 0/6] net: flow_dissector: trigger BPF hook when called from eth_get_headlen
Date: Mon, 15 Apr 2019 10:37:55 -0700 [thread overview]
Message-ID: <20190415173801.257254-1-sdf@google.com> (raw)
Currently, when eth_get_headlen calls flow dissector, it doesn't pass any
skb. Because we use passed skb to lookup associated networking namespace
to find whether we have a BPF program attached or not, we always use
C-based flow dissector in this case.
The goal of this patch series is to add new networking namespace argument
to the eth_get_headlen and make BPF flow dissector programs be able to
work in the skb-less case.
The series goes like this:
* use new kernel context (struct bpf_flow_dissector) for flow dissector
programs; this makes it easy to distinguish between skb and no-skb
case and supports calling BPF flow dissector on a chunk of raw data
* convert BPF_PROG_TEST_RUN to use raw data
* plumb network namespace into __skb_flow_dissect from all callers
* handle no-skb case in __skb_flow_dissect
* update eth_get_headlen to include net namespace argument and
convert all existing users
* add selftest to make sure bpf_skb_load_bytes is not allowed in
the no-skb mode
v5:
* API changes have been submitted via bpf/stable tree
v4:
* prohibit access to vlan fields as well (otherwise, inconsistent
between skb/skb-less cases)
* drop extra unneeded check for skb->vlan_present in bpf_flow.c
v3:
* new kernel xdp_buff-like context per Alexei suggestion
* drop skb_net helper
* properly clamp flow_keys->nhoff
v2:
* moved temporary skb from stack into percpu (avoids memset of ~200 bytes
per packet)
* tightened down access to __sk_buff fields from flow dissector programs to
avoid touching shinfo (whitelist only relevant fields)
* addressed suggestions from Willem
Stanislav Fomichev (6):
flow_dissector: switch kernel context to struct bpf_flow_dissector
bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode
net: plumb network namespace into __skb_flow_dissect
flow_dissector: handle no-skb use case
net: pass net argument to the eth_get_headlen
selftests/bpf: add flow dissector bpf_skb_load_bytes helper test
.../net/ethernet/aquantia/atlantic/aq_ring.c | 3 +-
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_enet.c | 3 +-
.../net/ethernet/hisilicon/hns3/hns3_enet.c | 3 +-
drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 3 +-
drivers/net/ethernet/intel/iavf/iavf_txrx.c | 3 +-
drivers/net/ethernet/intel/ice/ice_txrx.c | 3 +-
drivers/net/ethernet/intel/igb/igb_main.c | 3 +-
drivers/net/ethernet/intel/igc/igc_main.c | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +-
.../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 +-
.../net/ethernet/mellanox/mlx5/core/en_tx.c | 3 +-
drivers/net/tun.c | 3 +-
include/linux/etherdevice.h | 2 +-
include/linux/skbuff.h | 28 ++---
include/net/flow_dissector.h | 7 ++
include/net/sch_generic.h | 11 +-
net/bpf/test_run.c | 51 +++------
net/core/filter.c | 105 ++++++++++++++----
net/core/flow_dissector.c | 90 +++++++--------
net/ethernet/eth.c | 8 +-
.../prog_tests/flow_dissector_load_bytes.c | 48 ++++++++
23 files changed, 249 insertions(+), 140 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c
--
2.21.0.392.gf8f6787159e-goog
next reply other threads:[~2019-04-15 17:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-15 17:37 Stanislav Fomichev [this message]
2019-04-15 17:37 ` [PATCH bpf-next v5 1/6] flow_dissector: switch kernel context to struct bpf_flow_dissector Stanislav Fomichev
2019-04-15 17:37 ` [PATCH bpf-next v5 2/6] bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode Stanislav Fomichev
2019-04-15 17:37 ` [PATCH bpf-next v5 3/6] net: plumb network namespace into __skb_flow_dissect Stanislav Fomichev
2019-04-15 17:37 ` [PATCH bpf-next v5 4/6] flow_dissector: handle no-skb use case Stanislav Fomichev
2019-04-15 17:38 ` [PATCH bpf-next v5 5/6] net: pass net argument to the eth_get_headlen Stanislav Fomichev
2019-04-15 17:38 ` [Intel-wired-lan] " Stanislav Fomichev
2019-04-19 0:28 ` Alexei Starovoitov
2019-04-19 0:28 ` [Intel-wired-lan] " Alexei Starovoitov
2019-04-19 0:43 ` Stanislav Fomichev
2019-04-19 0:43 ` [Intel-wired-lan] " Stanislav Fomichev
2019-04-19 4:50 ` Alexei Starovoitov
2019-04-19 4:50 ` [Intel-wired-lan] " Alexei Starovoitov
2019-04-19 23:29 ` Stanislav Fomichev
2019-04-19 23:29 ` [Intel-wired-lan] " Stanislav Fomichev
2019-04-19 23:37 ` Alexei Starovoitov
2019-04-19 23:37 ` [Intel-wired-lan] " Alexei Starovoitov
2019-04-19 23:47 ` Stanislav Fomichev
2019-04-19 23:47 ` [Intel-wired-lan] " Stanislav Fomichev
2019-04-19 23:50 ` Alexei Starovoitov
2019-04-19 23:50 ` [Intel-wired-lan] " Alexei Starovoitov
2019-04-15 17:38 ` [PATCH bpf-next v5 6/6] selftests/bpf: add flow dissector bpf_skb_load_bytes helper test Stanislav Fomichev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190415173801.257254-1-sdf@google.com \
--to=sdf@google.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=peterpenkov96@gmail.com \
--cc=simon.horman@netronome.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.