[PATCH net-next] bpf, net: Support redirecting to ifb with bpf

BPF List
 help / color / mirror / Atom feed

From: Yafang Shao <laoar.shao@gmail.com>
To: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
	pabeni@redhat.com, ast@kernel.org, daniel@iogearbox.net,
	hawk@kernel.org, john.fastabend@gmail.com
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org,
	Yafang Shao <laoar.shao@gmail.com>,
	Jesper Dangaard Brouer <brouer@redhat.com>,
	Tonghao Zhang <xiangxia.m.yue@gmail.com>
Subject: [PATCH net-next] bpf, net: Support redirecting to ifb with bpf
Date: Thu, 13 Apr 2023 02:53:50 +0000	[thread overview]
Message-ID: <20230413025350.79809-1-laoar.shao@gmail.com> (raw)

In our container environment, we are using EDT-bpf to limit the egress
bandwidth. EDT-bpf can be used to limit egress only, but can't be used
to limit ingress. Some of our users also want to limit the ingress
bandwidth. But after applying EDT-bpf, which is based on clsact qdisc,
it is impossible to limit the ingress bandwidth currently, due to some
reasons,
1). We can't add ingress qdisc
The ingress qdisc can't coexist with clsact qdisc as clsact has both
ingress and egress handler. So our traditional method to limit ingress
bandwidth can't work any more.
2). We can't redirect ingress packet to ifb with bpf
By trying to analyze if it is possible to redirect the ingress packet to
ifb with a bpf program, we find that the ifb device is not supported by
bpf redirect yet.

This patch tries to resolve it by supporting redirecting to ifb with bpf
program.

Ingress bandwidth limit is useful in some scenarios, for example, for the
TCP-based service, there may be lots of clients connecting it, so it is
not wise to limit the clients' egress. After limiting the server-side's
ingress, it will lower the send rate of the client by lowering the TCP
cwnd if the ingress bandwidth limit is reached. If we don't limit it,
the clients will continue sending requests at a high rate.

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Tonghao Zhang <xiangxia.m.yue@gmail.com>
---
 net/core/dev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/core/dev.c b/net/core/dev.c
index c785319..da6b196 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3956,6 +3956,7 @@ int dev_loopback_xmit(struct net *net, struct sock *sk, struct sk_buff *skb)
 		return NULL;
 	case TC_ACT_REDIRECT:
 		/* No need to push/pop skb's mac_header here on egress! */
+		skb_set_redirected(skb, skb->tc_at_ingress);
 		skb_do_redirect(skb);
 		*ret = NET_XMIT_SUCCESS;
 		return NULL;
@@ -5138,6 +5139,7 @@ static __latent_entropy void net_tx_action(struct softirq_action *h)
 		 * redirecting to another netdev
 		 */
 		__skb_push(skb, skb->mac_len);
+		skb_set_redirected(skb, skb->tc_at_ingress);
 		if (skb_do_redirect(skb) == -EAGAIN) {
 			__skb_pull(skb, skb->mac_len);
 			*another = true;
-- 
1.8.3.1

next             reply	other threads:[~2023-04-13  2:54 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-13  2:53 Yafang Shao [this message]
2023-04-13 11:47 ` [PATCH net-next] bpf, net: Support redirecting to ifb with bpf Daniel Borkmann
2023-04-13 14:20   ` Yafang Shao
2023-04-13 14:43   ` Toke Høiland-Jørgensen
2023-04-14  9:34     ` Daniel Borkmann
2023-04-14 16:07       ` Toke Høiland-Jørgensen
2023-04-14 22:57         ` Daniel Borkmann
2023-04-15  0:43           ` [PATCH bpf-next] bpf: Set skb redirect and from_ingress info in __bpf_tx_skb kernel test robot
2023-04-15  1:04           ` kernel test robot
2023-04-15 13:38           ` [PATCH net-next] bpf, net: Support redirecting to ifb with bpf Yafang Shao
2023-04-15 14:00           ` Toke Høiland-Jørgensen
2023-04-17 13:50             ` Daniel Borkmann

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c785319 dfblob:da6b196 )
 OR (
bs:"[PATCH net-next] bpf, net: Support redirecting to ifb with bpf" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230413025350.79809-1-laoar.shao@gmail.com \
    --to=laoar.shao@gmail.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=brouer@redhat.com \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=hawk@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=xiangxia.m.yue@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox