From: David Ahern <dsahern@gmail.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: netdev@vger.kernel.org, borkmann@iogearbox.net, ast@kernel.org,
davem@davemloft.net, shm@cumulusnetworks.com,
roopa@cumulusnetworks.com, brouer@redhat.com, toke@toke.dk,
john.fastabend@gmail.com
Subject: Re: [RFC v2 bpf-next 8/9] bpf: Provide helper to do lookups in kernel FIB table
Date: Mon, 14 May 2018 21:46:11 -0600 [thread overview]
Message-ID: <1e211d16-81b6-1eb9-32cc-a9137b6ced4d@gmail.com> (raw)
In-Reply-To: <4729b693-20d7-dd9e-c48b-be8386ce9bed@gmail.com>
On 4/29/18 7:13 PM, David Ahern wrote:
>
> The idea here is to fast pass packets that fit a supported profile and
> are to be forwarded. Everything else should continue up the stack as it
> has wider capabilities. The helper and XDP programs should make no
> assumptions on what the broader kernel and userspace might be monitoring
> or want to do with packets that can not be forwarded in the fast path.
> This is very similar to hardware forwarding when it punts packets to the
> CPU for control plane assistance.
>
Thinking about this some more and how to return more information to the
bpf program about the FIB lookup.
bpf_fib_lookup struct is 64-bytes. It can not be expanded without
hurting performance. I could do another union on an input parameter and
return flags indicating why the returned index is 0. Something like this:
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 360a1168c353..75591522444c 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2314,6 +2314,12 @@ struct bpf_raw_tracepoint_args {
#define BPF_FIB_LOOKUP_DIRECT BIT(0)
#define BPF_FIB_LOOKUP_OUTPUT BIT(1)
+#define BPF_FIB_LKUP_RET_NO_FWD BIT(0) /* pkt is not fwded */
+#define BPF_FIB_LKUP_RET_UNSUPP_LWT BIT(1) /* fwd requires unsupp
encap */
+#define BPF_FIB_LKUP_RET_NO_NHDEV BIT(2) /* nh device does not exist */
+#define BPF_FIB_LKUP_RET_NO_NEIGH BIT(3) /* no neigh entry for nh */
+#define BPF_FIB_LKUP_RET_FRAG_NEEDED BIT(4) /* pkt too big to fwd */
+
struct bpf_fib_lookup {
/* input */
__u8 family; /* network family, AF_INET, AF_INET6, AF_MPLS */
@@ -2325,7 +2331,11 @@ struct bpf_fib_lookup {
/* total length of packet from network header - used for MTU
check */
__u16 tot_len;
- __u32 ifindex; /* L3 device index for lookup */
+
+ union {
+ __u32 ifindex; /* in: L3 device index for lookup */
+ __u32 ret_flags; /* out: BPF_FIB_LOOKUP_RET flags */
+ }
union {
/* inputs to lookup */
Similarly for the fib result, it could be returned with a union on say
family:
union {
__u8 family; /* in: network family, AF_INET, AF_INET6, AF_MPLS */
__u8 rt_type; /* out: FIB lookup route type */
};
Then if the fib result is -EINVAL/-EHOSTUNREACH/-EACCES, rt_type is set
to RTN_BLACKHOLE/RTN_UNREACHABLE/RTN_PROHIBIT allowing the XDP program
to make an informed decision on dropping the packet.
To avoid performance hits on the forwarding path, these return values
would *only* set if the ifindex returned is 0.
next prev parent reply other threads:[~2018-05-15 3:46 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-29 18:07 [RFC v2 bpf-next 0/9] bpf: Add helper to do FIB lookups David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 1/9] net/ipv6: Rename fib6_lookup to fib6_node_lookup David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 2/9] net/ipv6: Rename rt6_multipath_select David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 3/9] net/ipv6: Extract table lookup from ip6_pol_route David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 4/9] net/ipv6: Refactor fib6_rule_action David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 5/9] net/ipv6: Add fib6_lookup David Ahern
2018-05-01 18:15 ` Vincent Bernat
2018-05-01 18:25 ` David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 6/9] net/ipv6: Update fib6 tracepoint to take fib6_info David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 7/9] net/ipv6: Add fib lookup stubs for use in bpf helper David Ahern
2018-04-29 18:07 ` [RFC v2 bpf-next 8/9] bpf: Provide helper to do lookups in kernel FIB table David Ahern
2018-04-29 23:36 ` Alexei Starovoitov
2018-04-30 1:13 ` David Ahern
2018-05-15 3:46 ` David Ahern [this message]
2018-05-02 11:27 ` Jesper Dangaard Brouer
2018-05-02 15:37 ` David Ahern
2018-05-02 17:00 ` David Miller
2018-04-29 18:07 ` [RFC v2 bpf-next 9/9] samples/bpf: Add examples of ipv4 and ipv6 forwarding in XDP David Ahern
2018-05-02 11:13 ` Jesper Dangaard Brouer
2018-05-02 15:40 ` David Ahern
2018-05-01 14:20 ` [RFC v2 bpf-next 0/9] bpf: Add helper to do FIB lookups David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e211d16-81b6-1eb9-32cc-a9137b6ced4d@gmail.com \
--to=dsahern@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@kernel.org \
--cc=borkmann@iogearbox.net \
--cc=brouer@redhat.com \
--cc=davem@davemloft.net \
--cc=john.fastabend@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=roopa@cumulusnetworks.com \
--cc=shm@cumulusnetworks.com \
--cc=toke@toke.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).