From: Alexei Starovoitov <ast@plumgrid.com>
To: Daniel Borkmann <daniel@iogearbox.net>,
"David S. Miller" <davem@davemloft.net>
Cc: Thomas Graf <tgraf@suug.ch>,
linux-api@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net-next] bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields
Date: Tue, 17 Mar 2015 10:56:03 -0700 [thread overview]
Message-ID: <55086AB3.9030405@plumgrid.com> (raw)
In-Reply-To: <5507F253.9000806@iogearbox.net>
On 3/17/15 2:22 AM, Daniel Borkmann wrote:
> On 03/17/2015 02:06 AM, Alexei Starovoitov wrote:
>> as a follow on to patch 70006af95515 ("bpf: allow eBPF access skb
>> fields")
>> this patch allows 'protocol' and 'vlan_tci' fields to be accessible
>> from extended BPF programs.
>>
>> The usage of 'protocol', 'vlan_present' and 'vlan_tci' fields is the
>> same as
>> corresponding SKF_AD_PROTOCOL, SKF_AD_VLAN_TAG_PRESENT and
>> SKF_AD_VLAN_TAG
>> accesses in classic BPF.
>>
>> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
>
> Ok, code looks good to me.
>
>> 1.
>> I was thinking to drop ntohs() from 'protocol' field for extended BPF,
>> since
>> the programs could do:
>> if (skb->protocol == htons(ETH_P_IP))
>> which would have saved one or two cpu cycles.
>> But having similar behavior between classic and extended seems to be
>> better.
>
> I'm thinking that skb->protocol == htons(ETH_P_IP) might actually
> be more obvious, and, as you mentioned, the compiler can already
> resolve the htons() during compile time instead of runtime, which
> would be another plus.
>
> Either behavior we should document later anyway.
>
> The question to me here is, do we need to keep similar behavior?
>
> After all, the way of programming both from a user perspective is
> quite different (i.e. bpf_asm versus C/LLVM).
yeah. we don't have to. Somehow I felt that keeping ntohs will make
it easier for folks moving from classic to extended, but I guess
they're different enough, so no point wasting run time cycles.
> Similarly, I was wondering, if just exporting raw skb->vlan_tci is
> already sufficient, and the user can e.g. write helpers to extract
> bits himself from that protocol field?
yes. I thought about the same. Currently VLAN_TAG_PRESENT bit is not
officially exposed to user space, but implicitly, since that bit
is always cleared when we return tci to user space and it's always
set when drivers indicate that vlan header was present in the packet.
So I think we can return skb->vlan_tci as-is, since it will save
one load in bpf program which will be able to do
if (skb->vlan_tci != 0) /* vlan header is present */
vid = skb->vlan_tci & 0x0fff;
compiler will optimize above two accesses into single load and will
reuse the register in 2nd line.
next prev parent reply other threads:[~2015-03-17 17:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-17 1:06 [PATCH net-next] bpf: allow BPF programs access 'protocol' and 'vlan_tci' fields Alexei Starovoitov
[not found] ` <1426554362-29991-1-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-03-17 9:22 ` Daniel Borkmann
2015-03-17 17:56 ` Alexei Starovoitov [this message]
[not found] ` <55086AB3.9030405-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-03-17 18:14 ` Daniel Borkmann
2015-03-17 19:06 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55086AB3.9030405@plumgrid.com \
--to=ast@plumgrid.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=linux-api@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).