[PATCH bpf-next v6 0/9] net: flow_dissector: trigger BPF hook when called from eth_get_headlen

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stanislav Fomichev <sdf@google.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org
Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net,
	simon.horman@netronome.com, willemb@google.com,
	peterpenkov96@gmail.com, Stanislav Fomichev <sdf@google.com>
Subject: [PATCH bpf-next v6 0/9] net: flow_dissector: trigger BPF hook when called from eth_get_headlen
Date: Mon, 22 Apr 2019 08:55:43 -0700	[thread overview]
Message-ID: <20190422155552.222910-1-sdf@google.com> (raw)

Currently, when eth_get_headlen calls flow dissector, it doesn't pass any
skb. Because we use passed skb to lookup associated networking namespace
to find whether we have a BPF program attached or not, we always use
C-based flow dissector in this case.

The goal of this patch series is to add new networking namespace argument
to the eth_get_headlen and make BPF flow dissector programs be able to
work in the skb-less case.

The series goes like this:
* use new kernel context (struct bpf_flow_dissector) for flow dissector
  programs; this makes it easy to distinguish between skb and no-skb
  case and supports calling BPF flow dissector on a chunk of raw data
* convert BPF_PROG_TEST_RUN to use raw data
* plumb network namespace into __skb_flow_dissect from all callers
* handle no-skb case in __skb_flow_dissect
* update eth_get_headlen to include net namespace argument and
  convert all existing users
* add selftest to make sure bpf_skb_load_bytes is not allowed in
  the no-skb mode
* extend test_progs to exercise skb-less flow dissection as well
* stop adjusting nhoff/thoff by ETH_HLEN in BPF_PROG_TEST_RUN

v6:
* more suggestions by Alexei:
  * eth_get_headlen now takes net dev, not net namespace
  * test skb-less case via tun eth_get_headlen
* fix return errors in bpf_flow_load
* don't adjust nhoff/thoff by ETH_HLEN

v5:
* API changes have been submitted via bpf/stable tree

v4:
* prohibit access to vlan fields as well (otherwise, inconsistent
  between skb/skb-less cases)
* drop extra unneeded check for skb->vlan_present in bpf_flow.c

v3:
* new kernel xdp_buff-like context per Alexei suggestion
* drop skb_net helper
* properly clamp flow_keys->nhoff

v2:
* moved temporary skb from stack into percpu (avoids memset of ~200 bytes
  per packet)
* tightened down access to __sk_buff fields from flow dissector programs to
  avoid touching shinfo (whitelist only relevant fields)
* addressed suggestions from Willem

Stanislav Fomichev (9):
  flow_dissector: switch kernel context to struct bpf_flow_dissector
  bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode
  net: plumb network namespace into __skb_flow_dissect
  flow_dissector: handle no-skb use case
  net: pass net_device argument to the eth_get_headlen
  selftests/bpf: add flow dissector bpf_skb_load_bytes helper test
  selftests/bpf: run flow dissector tests in skb-less mode
  selftests/bpf: properly return error from bpf_flow_load
  bpf/flow_dissector: don't adjust nhoff by ETH_HLEN in
    BPF_PROG_TEST_RUN

 .../net/ethernet/aquantia/atlantic/aq_ring.c  |   3 +-
 drivers/net/ethernet/broadcom/bnxt/bnxt.c     |   2 +-
 drivers/net/ethernet/hisilicon/hns/hns_enet.c |   2 +-
 .../net/ethernet/hisilicon/hns3/hns3_enet.c   |   2 +-
 drivers/net/ethernet/intel/fm10k/fm10k_main.c |   2 +-
 drivers/net/ethernet/intel/i40e/i40e_txrx.c   |   3 +-
 drivers/net/ethernet/intel/iavf/iavf_txrx.c   |   2 +-
 drivers/net/ethernet/intel/ice/ice_txrx.c     |   2 +-
 drivers/net/ethernet/intel/igb/igb_main.c     |   2 +-
 drivers/net/ethernet/intel/igc/igc_main.c     |   2 +-
 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c |   2 +-
 .../net/ethernet/intel/ixgbevf/ixgbevf_main.c |   3 +-
 .../net/ethernet/mellanox/mlx5/core/en_tx.c   |   2 +-
 drivers/net/tun.c                             |   3 +-
 include/linux/etherdevice.h                   |   2 +-
 include/linux/skbuff.h                        |  28 +++--
 include/net/flow_dissector.h                  |   7 ++
 include/net/sch_generic.h                     |  11 +-
 net/bpf/test_run.c                            |  48 +++-----
 net/core/filter.c                             | 105 ++++++++++++----
 net/core/flow_dissector.c                     |  90 +++++++-------
 net/ethernet/eth.c                            |   8 +-
 .../selftests/bpf/flow_dissector_load.c       |   2 +-
 .../selftests/bpf/flow_dissector_load.h       |  24 +++-
 .../selftests/bpf/prog_tests/flow_dissector.c | 113 ++++++++++++++++--
 .../prog_tests/flow_dissector_load_bytes.c    |  48 ++++++++
 tools/testing/selftests/bpf/progs/bpf_flow.c  |  79 +++++++-----
 27 files changed, 411 insertions(+), 186 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/flow_dissector_load_bytes.c

-- 
2.21.0.593.g511ec345e18-goog

next             reply	other threads:[~2019-04-22 15:55 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-22 15:55 Stanislav Fomichev [this message]
2019-04-22 15:55 ` [PATCH bpf-next v6 1/9] flow_dissector: switch kernel context to struct bpf_flow_dissector Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 2/9] bpf: when doing BPF_PROG_TEST_RUN for flow dissector use no-skb mode Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 3/9] net: plumb network namespace into __skb_flow_dissect Stanislav Fomichev
2019-04-22 18:08   ` Saeed Mahameed
2019-04-22 18:53     ` Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 4/9] flow_dissector: handle no-skb use case Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 5/9] net: pass net_device argument to the eth_get_headlen Stanislav Fomichev
2019-04-22 15:55   ` [Intel-wired-lan] " Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 6/9] selftests/bpf: add flow dissector bpf_skb_load_bytes helper test Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 7/9] selftests/bpf: run flow dissector tests in skb-less mode Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 8/9] selftests/bpf: properly return error from bpf_flow_load Stanislav Fomichev
2019-04-22 15:55 ` [PATCH bpf-next v6 9/9] bpf/flow_dissector: don't adjust nhoff by ETH_HLEN in BPF_PROG_TEST_RUN Stanislav Fomichev
2019-04-23  4:15 ` [PATCH bpf-next v6 0/9] net: flow_dissector: trigger BPF hook when called from eth_get_headlen Alexei Starovoitov
2019-04-23 16:00   ` Eric Dumazet
2019-04-23 16:19     ` Eric Dumazet
2019-04-23 16:24       ` Willem de Bruijn
2019-04-23 16:38         ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190422155552.222910-1-sdf@google.com \
    --to=sdf@google.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=peterpenkov96@gmail.com \
    --cc=simon.horman@netronome.com \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.