From: Daniel Borkmann <dborkman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
Cc: Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Steven Rostedt <rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org>,
Chema Gonzalez <chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Peter Zijlstra
<a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org>,
Arnaldo Carvalho de Melo
<acme-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Jiri Olsa <jolsa-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Thomas Gleixner <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Network Development
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples
Date: Tue, 01 Jul 2014 09:18:11 +0200 [thread overview]
Message-ID: <53B260B3.4040108@redhat.com> (raw)
In-Reply-To: <CAGXu5jK9Bwocjz8y26=GEk0qg5ru1Mu7j9FVuu20KfTDUrSkuQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On 07/01/2014 01:09 AM, Kees Cook wrote:
> On Fri, Jun 27, 2014 at 5:05 PM, Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org> wrote:
>> Hi All,
>>
>> this patch set demonstrates the potential of eBPF.
>>
>> First patch "net: filter: split filter.c into two files" splits eBPF interpreter
>> out of networking into kernel/bpf/. The goal for BPF subsystem is to be usable
>> in NET-less configuration. Though the whole set is marked is RFC, the 1st patch
>> is good to go. Similar version of the patch that was posted few weeks ago, but
>> was deferred. I'm assuming due to lack of forward visibility. I hope that this
>> patch set shows what eBPF is capable of and where it's heading.
>>
>> Other patches expose eBPF instruction set to user space and introduce concepts
>> of maps and programs accessible via syscall.
>>
>> 'maps' is a generic storage of different types for sharing data between kernel
>> and userspace. Maps are referrenced by global id. Root can create multiple
>> maps of different types where key/value are opaque bytes of data. It's up to
>> user space and eBPF program to decide what they store in the maps.
>>
>> eBPF programs are similar to kernel modules. They live in global space and
>> have unique prog_id. Each program is a safe run-to-completion set of
>> instructions. eBPF verifier statically determines that the program terminates
>> and safe to execute. During verification the program takes a hold of maps
>> that it intends to use, so selected maps cannot be removed until program is
>> unloaded. The program can be attached to different events. These events can
>> be packets, tracepoint events and other types in the future. New event triggers
>> execution of the program which may store information about the event in the maps.
>> Beyond storing data the programs may call into in-kernel helper functions
>> which may, for example, dump stack, do trace_printk or other forms of live
>> kernel debugging. Same program can be attached to multiple events. Different
>> programs can access the same map:
>>
>> tracepoint tracepoint tracepoint sk_buff sk_buff
>> event A event B event C on eth0 on eth1
>> | | | | |
>> | | | | |
>> --> tracing <-- tracing socket socket
>> prog_1 prog_2 prog_3 prog_4
>> | | | |
>> |--- -----| |-------| map_3
>> map_1 map_2
>>
>> User space (via syscall) and eBPF programs access maps concurrently.
>>
>> Last two patches are sample code. 1st demonstrates stateful packet inspection.
>> It counts tcp and udp packets on eth0. Should be easy to see how this eBPF
>> framework can be used for network analytics.
>> 2nd sample does simple 'drop monitor'. It attaches to kfree_skb tracepoint
>> event and counts number of packet drops at particular $pc location.
>> User space periodically summarizes what eBPF programs recorded.
>> In these two samples the eBPF programs are tiny and written in 'assembler'
>> with macroses. More complex programs can be written C (llvm backend is not
>> part of this diff to reduce 'huge' perception).
>> Since eBPF is fully JITed on x64, the cost of running eBPF program is very
>> small even for high frequency events. Here are the numbers comparing
>> flow_dissector in C vs eBPF:
>> x86_64 skb_flow_dissect() same skb (all cached) - 42 nsec per call
>> x86_64 skb_flow_dissect() different skbs (cache misses) - 141 nsec per call
>> eBPF+jit skb_flow_dissect() same skb (all cached) - 51 nsec per call
>> eBPF+jit skb_flow_dissect() different skbs (cache misses) - 135 nsec per call
>>
>> Detailed explanation on eBPF verifier and safety is in patch 08/14
>
> This is very exciting! Thanks for working on it. :)
>
> Between the new eBPF syscall and the new seccomp syscall, I'm really
> looking forward to using lookup tables for seccomp filters. Under
> certain types of filters, we'll likely see some non-trivial
> performance improvements.
Well, if I read this correctly, the eBPF syscall lets you set up maps, etc,
but the only way to attach eBPF is via setsockopt for network filters right
now (and via tracing). Seccomp will still make use of classic BPF, so you
won't be able to use it there.
next prev parent reply other threads:[~2014-07-01 7:18 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-28 0:05 [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 01/14] net: filter: split filter.c into two files Alexei Starovoitov
[not found] ` <1403913966-4927-2-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-07-02 4:23 ` Namhyung Kim
[not found] ` <8738ek5qyh.fsf-vfBCOVm4yAnB69T4xOojN9BPR1lH4CV8@public.gmane.org>
2014-07-02 5:35 ` Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 02/14] net: filter: split filter.h and expose eBPF to user space Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 03/14] bpf: introduce syscall(BPF, ...) and BPF maps Alexei Starovoitov
2014-06-28 0:16 ` Andy Lutomirski
2014-06-28 5:55 ` Alexei Starovoitov
[not found] ` <CAMEtUuzWs+MbSOGGD-Rc01DHKASa4GxbHdtCrSCLit4cUM35mA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 6:25 ` Andy Lutomirski
[not found] ` <CALCETrWy6=dzTycy-ckiMR92+nQeqAWp_Hw=hi__VSzVWZ43Ag-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 6:43 ` Alexei Starovoitov
[not found] ` <CAMEtUuwRf--qyPu3rKB7-57KAu2NdsQdEpVRckqabmf61g+h-g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 15:34 ` Andy Lutomirski
[not found] ` <CALCETrUoOTtQ1R1A8Ak35fxHxaFTPHWP6oZWnXDVLKa_ESziWw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 20:49 ` Alexei Starovoitov
[not found] ` <CAMEtUuzS=9Y_ZjigofvQ5d3=89RS=+d8-WGPk9VVSMc3qawWsw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-29 1:52 ` Andy Lutomirski
[not found] ` <CALCETrWq+=Q3G2Smjd2RYES42UagpmD0EKxFM+jNufi6_qitWg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-29 6:36 ` Alexei Starovoitov
[not found] ` <CAMEtUuyKY=haqP11VgXHdfHBkqfB-KxuswygUd7hDPLkOFz9HQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-30 22:09 ` Andy Lutomirski
2014-07-01 5:47 ` Alexei Starovoitov
[not found] ` <CAMEtUuyX-tybpMEW=f-00qgq9h3AcHovLNW0_bak3oT4Oj3FuA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-01 15:11 ` Andy Lutomirski
[not found] ` <CALCETrWpA5M74pKJLFJ0t-2hi2TXMi_BV6DbJMmdDOJyOoHOyg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-02 5:33 ` Alexei Starovoitov
[not found] ` <CAMEtUuzHrzyUG1nie5cWzGZYTDTnqL7vPvAmPZdie_uSM_wqRA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-03 1:43 ` Andy Lutomirski
2014-07-03 2:29 ` Alexei Starovoitov
[not found] ` <CAMEtUuzkVANM341xPTKH1bNVNuK6TQcyqsdZdkGWausLT5Qj6A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-04 15:17 ` Andy Lutomirski
2014-07-05 21:59 ` Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 04/14] bpf: update MAINTAINERS entry Alexei Starovoitov
2014-06-28 0:18 ` Joe Perches
2014-06-28 5:59 ` Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 05/14] bpf: add lookup/update/delete/iterate methods to BPF maps Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 06/14] bpf: add hashtable type of " Alexei Starovoitov
2014-06-28 0:05 ` [PATCH RFC net-next 07/14] bpf: expand BPF syscall with program load/unload Alexei Starovoitov
[not found] ` <1403913966-4927-8-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-06-28 0:19 ` Andy Lutomirski
2014-06-28 6:12 ` Alexei Starovoitov
2014-06-28 6:28 ` Andy Lutomirski
[not found] ` <CALCETrXQ60J+UqafHRKPbgQ37zhstW+E8xAponWs7AQ-DCgaWA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 7:26 ` Alexei Starovoitov
[not found] ` <CAMEtUuwmxgrGMigmh1vZ7qCh9qB9ph9uFbPmVmmbqZvC5N9WyA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 15:21 ` Greg KH
2014-06-28 15:35 ` Andy Lutomirski
2014-06-30 20:39 ` Alexei Starovoitov
2014-06-30 10:06 ` David Laight
2014-06-28 0:06 ` [PATCH RFC net-next 08/14] bpf: add eBPF verifier Alexei Starovoitov
[not found] ` <1403913966-4927-9-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-06-28 16:01 ` Andy Lutomirski
[not found] ` <CALCETrV+uTamX2BShHsHnwTr4R7+MSQXX8bXe=2Xo1hbiSAipQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 20:25 ` Alexei Starovoitov
2014-06-29 1:58 ` Andy Lutomirski
[not found] ` <CALCETrV-uUL=NJ5_XP90cMmxvVJ0PHxCb7f4L=TqGX9tB5Vi2Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-29 6:20 ` Alexei Starovoitov
2014-07-01 8:05 ` Daniel Borkmann
[not found] ` <53B26BB0.90209-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-01 20:04 ` Alexei Starovoitov
2014-07-02 8:11 ` David Laight
[not found] ` <063D6719AE5E284EB5DD2968C1650D6D1726B207-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2014-07-02 22:43 ` Alexei Starovoitov
2014-07-02 5:05 ` Namhyung Kim
2014-07-02 5:57 ` Alexei Starovoitov
2014-07-02 22:22 ` Chema Gonzalez
[not found] ` <CA+ZOOTODDPN=6SECq1uPPD7AGP1zgBJ+bfYaX9o3YhnaCTiHYQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-02 23:04 ` Alexei Starovoitov
2014-07-02 23:35 ` Chema Gonzalez
[not found] ` <CA+ZOOTM9KkOYJ5Nf25_x1fT+f76xMsdJRkqjYaABiNK9y3FNXA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-03 0:01 ` Alexei Starovoitov
2014-07-03 9:13 ` David Laight
2014-07-03 17:41 ` Alexei Starovoitov
[not found] ` <1403913966-4927-1-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-06-28 0:06 ` [PATCH RFC net-next 09/14] bpf: allow eBPF programs to use maps Alexei Starovoitov
2014-06-30 23:09 ` [PATCH RFC net-next 00/14] BPF syscall, maps, verifier, samples Kees Cook
[not found] ` <CAGXu5jK9Bwocjz8y26=GEk0qg5ru1Mu7j9FVuu20KfTDUrSkuQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-07-01 7:18 ` Daniel Borkmann [this message]
[not found] ` <53B260B3.4040108-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-02 16:39 ` Kees Cook
2014-06-28 0:06 ` [PATCH RFC net-next 10/14] net: sock: allow eBPF programs to be attached to sockets Alexei Starovoitov
2014-06-28 0:06 ` [PATCH RFC net-next 11/14] tracing: allow eBPF programs to be attached to events Alexei Starovoitov
[not found] ` <1403913966-4927-12-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-07-01 8:30 ` Daniel Borkmann
[not found] ` <53B271C0.5090008-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-07-01 20:06 ` Alexei Starovoitov
2014-07-02 5:32 ` Namhyung Kim
[not found] ` <87tx70496q.fsf-vfBCOVm4yAnB69T4xOojN9BPR1lH4CV8@public.gmane.org>
2014-07-02 6:14 ` Alexei Starovoitov
2014-07-02 6:39 ` Namhyung Kim
2014-07-02 7:29 ` Alexei Starovoitov
2014-06-28 0:06 ` [PATCH RFC net-next 12/14] samples: bpf: add mini eBPF library to manipulate maps and programs Alexei Starovoitov
2014-06-28 0:06 ` [PATCH RFC net-next 13/14] samples: bpf: example of stateful socket filtering Alexei Starovoitov
2014-06-28 0:21 ` Andy Lutomirski
[not found] ` <CALCETrWGUui53hpRYtA9zmLKLf-r-nC8urq_JgJoRnzRb1d_1w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-06-28 6:21 ` Alexei Starovoitov
2014-06-28 0:06 ` [PATCH RFC net-next 14/14] samples: bpf: example of tracing filters with eBPF Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53B260B3.4040108@redhat.com \
--to=dborkman-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org \
--cc=acme-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org \
--cc=chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=jolsa-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org \
--cc=tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).