From: Lorenzo Bianconi <lorenzo@kernel.org>
To: bpf@vger.kernel.org
Cc: pablo@netfilter.org, kadlec@netfilter.org, davem@davemloft.net,
edumazet@google.com, kuba@kernel.org, pabeni@redhat.com,
netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
lorenzo.bianconi@redhat.com, toke@redhat.com, fw@strlen.de,
hawk@kernel.org, horms@kernel.org, donhunte@redhat.com,
memxor@gmail.com
Subject: [PATCH bpf-next v2 0/4] netfilter: Add the capability to offload flowtable in XDP layer
Date: Sat, 18 May 2024 12:12:34 +0200 [thread overview]
Message-ID: <cover.1716026761.git.lorenzo@kernel.org> (raw)
Introduce bpf_xdp_flow_offload_lookup kfunc in order to perform the
lookup of a given flowtable entry based on the fib tuple of incoming
traffic.
bpf_xdp_flow_offload_lookup can be used as building block to offload
in XDP the sw flowtable processing when the hw support is not available.
This series has been tested running the xdp_flowtable_offload eBPF program
on an ixgbe 10Gbps NIC (eno2) in order to XDP_REDIRECT the TCP traffic to
a veth pair (veth0-veth1) based on the content of the nf_flowtable as soon
as the TCP connection is in the established state:
[tcp client] (eno1) == LAN == (eno2) xdp_flowtable_offload [XDP_REDIRECT] --> veth0 == veth1 [tcp server]
table inet filter {
flowtable ft {
hook ingress priority filter
devices = { eno2, veth0 }
}
chain forward {
type filter hook forward priority filter
meta l4proto { tcp, udp } flow add @ft
}
}
- sw flowtable [1 TCP stream, T = 300s]: ~ 6.2 Gbps
- xdp flowtable [1 TCP stream, T = 300s]: ~ 7.6 Gbps
- sw flowtable [3 TCP stream, T = 300s]: ~ 7.7 Gbps
- xdp flowtable [3 TCP stream, T = 300s]: ~ 8.8 Gbps
Changes since v1:
- return NULL in bpf_xdp_flow_offload_lookup kfunc in case of error
- take into account kfunc registration possible failures
Changes since RFC:
- fix compilation error if BTF is not enabled
Florian Westphal (1):
netfilter: nf_tables: add flowtable map for xdp offload
Lorenzo Bianconi (3):
netfilter: add bpf_xdp_flow_offload_lookup kfunc
samples/bpf: Add bpf sample to offload flowtable traffic to xdp
selftests/bpf: Add selftest for bpf_xdp_flow_offload_lookup kfunc
include/net/netfilter/nf_flow_table.h | 12 +
net/netfilter/Makefile | 5 +
net/netfilter/nf_flow_table_bpf.c | 94 +++
net/netfilter/nf_flow_table_inet.c | 2 +-
net/netfilter/nf_flow_table_offload.c | 161 ++++-
samples/bpf/Makefile | 7 +-
samples/bpf/xdp_flowtable_offload.bpf.c | 591 ++++++++++++++++++
samples/bpf/xdp_flowtable_offload_user.c | 128 ++++
tools/testing/selftests/bpf/Makefile | 10 +-
tools/testing/selftests/bpf/config | 4 +
.../selftests/bpf/progs/xdp_flowtable.c | 141 +++++
.../selftests/bpf/test_xdp_flowtable.sh | 112 ++++
tools/testing/selftests/bpf/xdp_flowtable.c | 142 +++++
13 files changed, 1403 insertions(+), 6 deletions(-)
create mode 100644 net/netfilter/nf_flow_table_bpf.c
create mode 100644 samples/bpf/xdp_flowtable_offload.bpf.c
create mode 100644 samples/bpf/xdp_flowtable_offload_user.c
create mode 100644 tools/testing/selftests/bpf/progs/xdp_flowtable.c
create mode 100755 tools/testing/selftests/bpf/test_xdp_flowtable.sh
create mode 100644 tools/testing/selftests/bpf/xdp_flowtable.c
--
2.45.1
next reply other threads:[~2024-05-18 10:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-18 10:12 Lorenzo Bianconi [this message]
2024-05-18 10:12 ` [PATCH bpf-next v2 1/4] netfilter: nf_tables: add flowtable map for xdp offload Lorenzo Bianconi
2024-05-18 10:12 ` [PATCH bpf-next v2 2/4] netfilter: add bpf_xdp_flow_offload_lookup kfunc Lorenzo Bianconi
2024-05-18 21:50 ` Kumar Kartikeya Dwivedi
2024-05-21 1:41 ` Alexei Starovoitov
2024-05-21 13:21 ` Lorenzo Bianconi
2024-05-18 10:12 ` [PATCH bpf-next v2 3/4] samples/bpf: Add bpf sample to offload flowtable traffic to xdp Lorenzo Bianconi
2024-05-21 1:45 ` Alexei Starovoitov
2024-05-21 10:19 ` Toke Høiland-Jørgensen
2024-05-21 13:19 ` Lorenzo Bianconi
2024-05-18 10:12 ` [PATCH bpf-next v2 4/4] selftests/bpf: Add selftest for bpf_xdp_flow_offload_lookup kfunc Lorenzo Bianconi
2024-05-21 1:43 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1716026761.git.lorenzo@kernel.org \
--to=lorenzo@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=donhunte@redhat.com \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=hawk@kernel.org \
--cc=horms@kernel.org \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=lorenzo.bianconi@redhat.com \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.