From: John Fastabend <john.fastabend@gmail.com>
To: davem@davemloft.net, daniel@iogearbox.net, ast@fb.com
Cc: tgraf@suug.ch, netdev@vger.kernel.org, john.fastabend@gmail.com,
tom@herbertland.com
Subject: [net-next PATCH 00/10] BPF: sockmap and sk redirect support
Date: Tue, 15 Aug 2017 22:30:15 -0700 [thread overview]
Message-ID: <20170816052338.15445.83732.stgit@john-Precision-Tower-5810> (raw)
This series implements a sockmap and socket redirect helper for BPF
using a model similar to XDP netdev redirect. A sockmap is a BPF map
type that holds references to sock structs. Then with a new sk
redirect bpf helper BPF programs can use the map to redirect skbs
between sockets,
bpf_sk_redirect_map(map, key, flags)
Finally, we need a call site to attach our BPF logic to do socket
redirects. We added hooks to recv_sock using the existing strparser
infrastructure to do this. The call site is added via the BPF attach
map call. To enable users to use this infrastructure a new BPF program
BPF_PROG_TYPE_SK_SKB is created that allows users to reference sock
details, such as port and ip address fields, to build useful socket
layer program. The sockmap datapath is as follows,
recv -> strparser -> verdict/action
where this series implements the drop and redirect actions.
Additional, actions can be added as needed.
A sample program is provided to illustrate how a sockmap can
be integrated with cgroups and used to add/delete sockets in
a sockmap. The program is simple but should show many of the
key ideas.
To test this work test_maps in selftests/bpf was leveraged.
We added a set of tests to add sockets and do send/recv ops
on the sockets to ensure correct behavior. Additionally, the
selftests tests a series of negative test cases. We can expand
on this in the future.
I also have a basic test program I use with iperf/netperf
clients that could be sent as an additional sample if folks
want this. It needs a bit of cleanup to send to the list and
wasn't included in this series.
For people who prefer git over pulling patches out of their mail
editor I've posted the code here,
https://github.com/jrfastab/linux-kernel-xdp/tree/sockmap
For some background information on the genesis of this work
it might be helpful to review these slides from netconf 2017
by Thomas Graf,
http://vger.kernel.org/netconf2017.html
https://docs.google.com/a/covalent.io/presentation/d/1dwSKSBGpUHD3WO5xxzZWj8awV_-xL-oYhvqQMOBhhtk/edit?usp=sharing
Thanks to Daniel Borkmann for reviewing and providing initial
feedback.
---
John Fastabend (10):
net: early init support for strparser
net: add sendmsg_locked and sendpage_locked to af_inet6
net: fixes for skb_send_sock
bpf: introduce new program type for skbs on sockets
bpf: export bpf_prog_inc_not_zero
bpf: sockmap with sk redirect support
bpf: add access to sock fields and pkt data from sk_skb programs
bpf: sockmap sample program
bpf: selftests: add tests for new __sk_buff members
bpf: selftests add sockmap tests
include/linux/bpf.h | 14
include/linux/bpf_types.h | 2
include/linux/filter.h | 2
include/uapi/linux/bpf.h | 43 +
kernel/bpf/Makefile | 2
kernel/bpf/sockmap.c | 792 ++++++++++++++++++++
kernel/bpf/syscall.c | 54 +
kernel/bpf/verifier.c | 15
net/core/filter.c | 248 ++++++
net/core/skbuff.c | 2
net/ipv6/af_inet6.c | 2
net/socket.c | 2
net/strparser/strparser.c | 10
samples/bpf/bpf_load.c | 8
samples/sockmap/Makefile | 78 ++
samples/sockmap/sockmap_kern.c | 110 +++
samples/sockmap/sockmap_user.c | 286 +++++++
tools/include/uapi/linux/bpf.h | 46 +
tools/lib/bpf/bpf.c | 14
tools/lib/bpf/bpf.h | 4
tools/lib/bpf/libbpf.c | 29 +
tools/lib/bpf/libbpf.h | 2
tools/testing/selftests/bpf/Makefile | 2
tools/testing/selftests/bpf/bpf_helpers.h | 7
tools/testing/selftests/bpf/sockmap_parse_prog.c | 38 +
tools/testing/selftests/bpf/sockmap_verdict_prog.c | 48 +
tools/testing/selftests/bpf/test_maps.c | 308 ++++++++
tools/testing/selftests/bpf/test_progs.c | 55 -
tools/testing/selftests/bpf/test_verifier.c | 152 ++++
29 files changed, 2316 insertions(+), 59 deletions(-)
create mode 100644 kernel/bpf/sockmap.c
create mode 100644 samples/sockmap/Makefile
create mode 100644 samples/sockmap/sockmap_kern.c
create mode 100644 samples/sockmap/sockmap_user.c
create mode 100644 tools/testing/selftests/bpf/sockmap_parse_prog.c
create mode 100644 tools/testing/selftests/bpf/sockmap_verdict_prog.c
next reply other threads:[~2017-08-16 5:30 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-16 5:30 John Fastabend [this message]
2017-08-16 5:30 ` [net-next PATCH 01/10] net: early init support for strparser John Fastabend
2017-08-16 5:31 ` [net-next PATCH 02/10] net: add sendmsg_locked and sendpage_locked to af_inet6 John Fastabend
2017-08-16 5:31 ` [net-next PATCH 03/10] net: fixes for skb_send_sock John Fastabend
2017-08-16 5:31 ` [net-next PATCH 04/10] bpf: introduce new program type for skbs on sockets John Fastabend
2017-08-16 5:32 ` [net-next PATCH 05/10] bpf: export bpf_prog_inc_not_zero John Fastabend
2017-08-16 5:32 ` [net-next PATCH 06/10] bpf: sockmap with sk redirect support John Fastabend
2017-08-17 5:40 ` Alexei Starovoitov
2017-08-17 18:58 ` John Fastabend
2017-08-17 22:28 ` Alexei Starovoitov
2017-08-18 7:35 ` John Fastabend
2017-08-18 18:32 ` Alexei Starovoitov
2017-08-19 3:30 ` John Fastabend
2017-08-19 4:50 ` Alexei Starovoitov
2017-08-19 20:52 ` John Fastabend
2017-08-16 5:33 ` [net-next PATCH 07/10] bpf: add access to sock fields and pkt data from sk_skb programs John Fastabend
2017-08-17 5:42 ` Alexei Starovoitov
2017-08-17 12:40 ` Daniel Borkmann
2017-08-16 5:33 ` [net-next PATCH 08/10] bpf: sockmap sample program John Fastabend
2017-08-16 5:33 ` [net-next PATCH 09/10] bpf: selftests: add tests for new __sk_buff members John Fastabend
2017-08-16 5:34 ` [net-next PATCH 10/10] bpf: selftests add sockmap tests John Fastabend
2017-08-16 15:25 ` [net-next PATCH 00/10] BPF: sockmap and sk redirect support Daniel Borkmann
2017-08-16 18:28 ` David Miller
2017-08-16 18:35 ` David Miller
2017-08-16 19:06 ` John Fastabend
2017-08-16 19:13 ` David Miller
2017-08-16 19:17 ` Eric Dumazet
2017-08-16 19:34 ` John Fastabend
2017-08-16 21:22 ` David Miller
2017-08-16 21:35 ` David Ahern
2017-08-16 21:37 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170816052338.15445.83732.stgit@john-Precision-Tower-5810 \
--to=john.fastabend@gmail.com \
--cc=ast@fb.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox