From: Daniel Borkmann <daniel@iogearbox.net>
To: John Fastabend <john.fastabend@gmail.com>,
davem@davemloft.net, ast@fb.com
Cc: tgraf@suug.ch, netdev@vger.kernel.org, tom@herbertland.com
Subject: Re: [net-next PATCH 00/10] BPF: sockmap and sk redirect support
Date: Wed, 16 Aug 2017 17:25:14 +0200 [thread overview]
Message-ID: <599463DA.9050302@iogearbox.net> (raw)
In-Reply-To: <20170816052338.15445.83732.stgit@john-Precision-Tower-5810>
On 08/16/2017 07:30 AM, John Fastabend wrote:
> This series implements a sockmap and socket redirect helper for BPF
> using a model similar to XDP netdev redirect. A sockmap is a BPF map
> type that holds references to sock structs. Then with a new sk
> redirect bpf helper BPF programs can use the map to redirect skbs
> between sockets,
>
> bpf_sk_redirect_map(map, key, flags)
>
> Finally, we need a call site to attach our BPF logic to do socket
> redirects. We added hooks to recv_sock using the existing strparser
> infrastructure to do this. The call site is added via the BPF attach
> map call. To enable users to use this infrastructure a new BPF program
> BPF_PROG_TYPE_SK_SKB is created that allows users to reference sock
> details, such as port and ip address fields, to build useful socket
> layer program. The sockmap datapath is as follows,
>
> recv -> strparser -> verdict/action
>
> where this series implements the drop and redirect actions.
> Additional, actions can be added as needed.
>
> A sample program is provided to illustrate how a sockmap can
> be integrated with cgroups and used to add/delete sockets in
> a sockmap. The program is simple but should show many of the
> key ideas.
>
> To test this work test_maps in selftests/bpf was leveraged.
> We added a set of tests to add sockets and do send/recv ops
> on the sockets to ensure correct behavior. Additionally, the
> selftests tests a series of negative test cases. We can expand
> on this in the future.
>
> I also have a basic test program I use with iperf/netperf
> clients that could be sent as an additional sample if folks
> want this. It needs a bit of cleanup to send to the list and
> wasn't included in this series.
>
> For people who prefer git over pulling patches out of their mail
> editor I've posted the code here,
>
> https://github.com/jrfastab/linux-kernel-xdp/tree/sockmap
>
> For some background information on the genesis of this work
> it might be helpful to review these slides from netconf 2017
> by Thomas Graf,
>
> http://vger.kernel.org/netconf2017.html
> https://docs.google.com/a/covalent.io/presentation/d/1dwSKSBGpUHD3WO5xxzZWj8awV_-xL-oYhvqQMOBhhtk/edit?usp=sharing
>
> Thanks to Daniel Borkmann for reviewing and providing initial
> feedback.
LGTM, for the set:
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
next prev parent reply other threads:[~2017-08-16 15:25 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-16 5:30 [net-next PATCH 00/10] BPF: sockmap and sk redirect support John Fastabend
2017-08-16 5:30 ` [net-next PATCH 01/10] net: early init support for strparser John Fastabend
2017-08-16 5:31 ` [net-next PATCH 02/10] net: add sendmsg_locked and sendpage_locked to af_inet6 John Fastabend
2017-08-16 5:31 ` [net-next PATCH 03/10] net: fixes for skb_send_sock John Fastabend
2017-08-16 5:31 ` [net-next PATCH 04/10] bpf: introduce new program type for skbs on sockets John Fastabend
2017-08-16 5:32 ` [net-next PATCH 05/10] bpf: export bpf_prog_inc_not_zero John Fastabend
2017-08-16 5:32 ` [net-next PATCH 06/10] bpf: sockmap with sk redirect support John Fastabend
2017-08-17 5:40 ` Alexei Starovoitov
2017-08-17 18:58 ` John Fastabend
2017-08-17 22:28 ` Alexei Starovoitov
2017-08-18 7:35 ` John Fastabend
2017-08-18 18:32 ` Alexei Starovoitov
2017-08-19 3:30 ` John Fastabend
2017-08-19 4:50 ` Alexei Starovoitov
2017-08-19 20:52 ` John Fastabend
2017-08-16 5:33 ` [net-next PATCH 07/10] bpf: add access to sock fields and pkt data from sk_skb programs John Fastabend
2017-08-17 5:42 ` Alexei Starovoitov
2017-08-17 12:40 ` Daniel Borkmann
2017-08-16 5:33 ` [net-next PATCH 08/10] bpf: sockmap sample program John Fastabend
2017-08-16 5:33 ` [net-next PATCH 09/10] bpf: selftests: add tests for new __sk_buff members John Fastabend
2017-08-16 5:34 ` [net-next PATCH 10/10] bpf: selftests add sockmap tests John Fastabend
2017-08-16 15:25 ` Daniel Borkmann [this message]
2017-08-16 18:28 ` [net-next PATCH 00/10] BPF: sockmap and sk redirect support David Miller
2017-08-16 18:35 ` David Miller
2017-08-16 19:06 ` John Fastabend
2017-08-16 19:13 ` David Miller
2017-08-16 19:17 ` Eric Dumazet
2017-08-16 19:34 ` John Fastabend
2017-08-16 21:22 ` David Miller
2017-08-16 21:35 ` David Ahern
2017-08-16 21:37 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=599463DA.9050302@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@fb.com \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.