From: Anton Protopopov <aspsk@isovalent.com>
To: David Ahern <dsahern@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Jiri Olsa <jolsa@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Stanislav Fomichev <sdf@google.com>,
bpf@vger.kernel.org,
Rumen Telbizov <rumen.telbizov@menlosecurity.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH v1 bpf-next 1/2] bpf: add support for passing mark with bpf_fib_lookup
Date: Mon, 25 Mar 2024 12:19:15 +0000 [thread overview]
Message-ID: <ZgFrwxs4mUipq83e@zh-lab-node-5> (raw)
In-Reply-To: <6879f076-ff73-496c-84be-a18b639f94f0@kernel.org>
On Sun, Mar 24, 2024 at 11:38:44AM -0600, David Ahern wrote:
> On 3/22/24 8:02 AM, Anton Protopopov wrote:
> > Extend the bpf_fib_lookup() helper by making it to utilize mark if
> > the BPF_FIB_LOOKUP_MARK flag is set. In order to pass the mark the
> > four bytes of struct bpf_fib_lookup are used, shared with the
> > output-only smac/dmac fields.
> >
> > Signed-off-by: Anton Protopopov <aspsk@isovalent.com>
> > Acked-by: Daniel Borkmann <daniel@iogearbox.net>
> > ---
> > include/uapi/linux/bpf.h | 20 ++++++++++++++++++--
> > net/core/filter.c | 12 +++++++++---
> > tools/include/uapi/linux/bpf.h | 20 ++++++++++++++++++--
> > 3 files changed, 45 insertions(+), 7 deletions(-)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index 9585f5345353..96d57e483133 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -3394,6 +3394,10 @@ union bpf_attr {
> > * for the nexthop. If the src addr cannot be derived,
> > * **BPF_FIB_LKUP_RET_NO_SRC_ADDR** is returned. In this
> > * case, *params*->dmac and *params*->smac are not set either.
> > + * **BPF_FIB_LOOKUP_MARK**
> > + * Use the mark present in *params*->mark for the fib lookup.
> > + * This option should not be used with BPF_FIB_LOOKUP_DIRECT,
> > + * as it only has meaning for full lookups.
> > *
> > * *ctx* is either **struct xdp_md** for XDP programs or
> > * **struct sk_buff** tc cls_act programs.
> > @@ -7120,6 +7124,7 @@ enum {
> > BPF_FIB_LOOKUP_SKIP_NEIGH = (1U << 2),
> > BPF_FIB_LOOKUP_TBID = (1U << 3),
> > BPF_FIB_LOOKUP_SRC = (1U << 4),
> > + BPF_FIB_LOOKUP_MARK = (1U << 5),
> > };
> >
> > enum {
> > @@ -7197,8 +7202,19 @@ struct bpf_fib_lookup {
> > __u32 tbid;
> > };
> >
> > - __u8 smac[6]; /* ETH_ALEN */
> > - __u8 dmac[6]; /* ETH_ALEN */
> > + union {
> > + /* input */
> > + struct {
> > + __u32 mark; /* policy routing */
> > + /* 2 4-byte holes for input */
> > + };
> > +
> > + /* output: source and dest mac */
> > + struct {
> > + __u8 smac[6]; /* ETH_ALEN */
> > + __u8 dmac[6]; /* ETH_ALEN */
> > + };
> > + };
> > };
> >
> > struct bpf_redir_neigh {
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 0c66e4a3fc5b..1205dd777dc2 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -5884,7 +5884,10 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> >
> > err = fib_table_lookup(tb, &fl4, &res, FIB_LOOKUP_NOREF);
> > } else {
> > - fl4.flowi4_mark = 0;
> > + if (flags & BPF_FIB_LOOKUP_MARK)
> > + fl4.flowi4_mark = params->mark;
> > + else
> > + fl4.flowi4_mark = 0;
> > fl4.flowi4_secid = 0;
> > fl4.flowi4_tun_key.tun_id = 0;
> > fl4.flowi4_uid = sock_net_uid(net, NULL);
> > @@ -6027,7 +6030,10 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> > err = ipv6_stub->fib6_table_lookup(net, tb, oif, &fl6, &res,
> > strict);
> > } else {
> > - fl6.flowi6_mark = 0;
> > + if (flags & BPF_FIB_LOOKUP_MARK)
> > + fl6.flowi6_mark = params->mark;
> > + else
> > + fl6.flowi6_mark = 0;
> > fl6.flowi6_secid = 0;
> > fl6.flowi6_tun_key.tun_id = 0;
> > fl6.flowi6_uid = sock_net_uid(net, NULL);
> > @@ -6105,7 +6111,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
> >
> > #define BPF_FIB_LOOKUP_MASK (BPF_FIB_LOOKUP_DIRECT | BPF_FIB_LOOKUP_OUTPUT | \
> > BPF_FIB_LOOKUP_SKIP_NEIGH | BPF_FIB_LOOKUP_TBID | \
> > - BPF_FIB_LOOKUP_SRC)
> > + BPF_FIB_LOOKUP_SRC | BPF_FIB_LOOKUP_MARK)
> >
> > BPF_CALL_4(bpf_xdp_fib_lookup, struct xdp_buff *, ctx,
> > struct bpf_fib_lookup *, params, int, plen, u32, flags)
> > diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> > index bf80b614c4db..4c9b5bfbd9c6 100644
> > --- a/tools/include/uapi/linux/bpf.h
> > +++ b/tools/include/uapi/linux/bpf.h
> > @@ -3393,6 +3393,10 @@ union bpf_attr {
> > * for the nexthop. If the src addr cannot be derived,
> > * **BPF_FIB_LKUP_RET_NO_SRC_ADDR** is returned. In this
> > * case, *params*->dmac and *params*->smac are not set either.
> > + * **BPF_FIB_LOOKUP_MARK**
> > + * Use the mark present in *params*->mark for the fib lookup.
> > + * This option should not be used with BPF_FIB_LOOKUP_DIRECT,
> > + * as it only has meaning for full lookups.
> > *
> > * *ctx* is either **struct xdp_md** for XDP programs or
> > * **struct sk_buff** tc cls_act programs.
> > @@ -7119,6 +7123,7 @@ enum {
> > BPF_FIB_LOOKUP_SKIP_NEIGH = (1U << 2),
> > BPF_FIB_LOOKUP_TBID = (1U << 3),
> > BPF_FIB_LOOKUP_SRC = (1U << 4),
> > + BPF_FIB_LOOKUP_MARK = (1U << 5),
> > };
> >
> > enum {
> > @@ -7196,8 +7201,19 @@ struct bpf_fib_lookup {
> > __u32 tbid;
> > };
> >
> > - __u8 smac[6]; /* ETH_ALEN */
> > - __u8 dmac[6]; /* ETH_ALEN */
> > + union {
> > + /* input */
> > + struct {
> > + __u32 mark; /* policy routing */
> > + /* 2 4-byte holes for input */
> > + };
> > +
> > + /* output: source and dest mac */
> > + struct {
> > + __u8 smac[6]; /* ETH_ALEN */
> > + __u8 dmac[6]; /* ETH_ALEN */
> > + };
> > + };
> > };
> >
> > struct bpf_redir_neigh {
>
> It would be good to add
>
> static_assert(sizeof(struct bpf_fib_lookup) == 64, "bpf_fib_lookup size
> check");
>
> to ensure this struct never exceeds a cacheline.
Thanks, added: https://github.com/aspsk/bpf-next/commit/7cd3685e52d5
>
> The patch itself looks good to me:
>
> Reviewed-by: David Ahern <dsahern@kernel.org>
Thanks!
next prev parent reply other threads:[~2024-03-25 12:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-22 14:02 [PATCH v1 bpf-next 0/2] BPF: support mark in bpf_fib_lookup Anton Protopopov
2024-03-22 14:02 ` [PATCH v1 bpf-next 1/2] bpf: add support for passing mark with bpf_fib_lookup Anton Protopopov
2024-03-24 17:38 ` David Ahern
2024-03-25 12:19 ` Anton Protopopov [this message]
2024-03-22 14:02 ` [PATCH v1 bpf-next 2/2] selftests/bpf: Add BPF_FIB_LOOKUP_MARK tests Anton Protopopov
2024-03-23 22:34 ` Martin KaFai Lau
2024-03-24 15:04 ` Anton Protopopov
2024-03-25 18:12 ` Martin KaFai Lau
2024-03-25 20:03 ` Anton Protopopov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgFrwxs4mUipq83e@zh-lab-node-5 \
--to=aspsk@isovalent.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dsahern@kernel.org \
--cc=jolsa@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=rumen.telbizov@menlosecurity.com \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.