From: Daniel Borkmann <dborkman@redhat.com>
To: Jiri Pirko <jiri@resnulli.us>
Cc: netdev@vger.kernel.org, davem@davemloft.net, jhs@mojatatu.com,
ast@plumgrid.com, hannes@redhat.com
Subject: Re: [patch net-next 1/2 v3] tc: add BPF based action
Date: Wed, 14 Jan 2015 14:28:40 +0100 [thread overview]
Message-ID: <54B66F08.2010305@redhat.com> (raw)
In-Reply-To: <1421229297-14473-1-git-send-email-jiri@resnulli.us>
On 01/14/2015 10:54 AM, Jiri Pirko wrote:
> This action provides a possibility to exec custom BPF code.
>
> Signed-off-by: Jiri Pirko <jiri@resnulli.us>
...
> diff --git a/net/sched/Kconfig b/net/sched/Kconfig
> index c54c9d9..cc311e9 100644
> --- a/net/sched/Kconfig
> +++ b/net/sched/Kconfig
> @@ -698,6 +698,17 @@ config NET_ACT_VLAN
> To compile this code as a module, choose M here: the
> module will be called act_vlan.
>
> +config NET_ACT_BPF
> + tristate "BPF based action"
> + depends on NET_CLS_ACT
> + ---help---
> + Say Y here to execute BFP code on packets.
^^^
(typo)
Technically correct, but I'd be a bit more precise. When we add eBPF
support one day, this description should be extended to better explain
what it can do, for now it would be good to mention that it can
filter + drop packets.
> + If unsure, say N.
> +
> + To compile this code as a module, choose M here: the
> + module will be called act_bpf.
> +
...
> diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c
> new file mode 100644
> index 0000000..0e2a912
> --- /dev/null
> +++ b/net/sched/act_bpf.c
> @@ -0,0 +1,206 @@
...
> +static int tcf_bpf(struct sk_buff *skb, const struct tc_action *a,
> + struct tcf_result *res)
> +{
> + struct tcf_bpf *b = a->priv;
> + int action;
> + int filter_res;
> +
> + spin_lock(&b->tcf_lock);
> + b->tcf_tm.lastuse = jiffies;
> + bstats_update(&b->tcf_bstats, skb);
> + action = b->tcf_action;
> +
> + filter_res = BPF_PROG_RUN(b->filter, skb);
> + if (filter_res == -1)
> + goto drop;
> +
> + goto unlock;
> +
Why this double goto stuff? Wouldn't it be easier to just write it as:
filter_res = BPF_PROG_RUN(b->filter, skb);
if (filter_res == -1) {
/* #-1 return code from the BPF program in act_bpf
* is being interpreted as a drop.
*/
action = TC_ACT_SHOT;
b->tcf_qstats.drops++;
}
spin_unlock(&b->tcf_lock);
return action;
I'm still wondering about the drop semantics ... wouldn't it be more
intuitive to use 0 for drops in this context?
> +drop:
> + action = TC_ACT_SHOT;
> + b->tcf_qstats.drops++;
> +unlock:
> + spin_unlock(&b->tcf_lock);
> + return action;
> +}
...
Thanks,
Daniel
next prev parent reply other threads:[~2015-01-14 13:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-14 9:54 [patch net-next 1/2 v3] tc: add BPF based action Jiri Pirko
2015-01-14 9:54 ` [patch net-next 2/2] tc: cls_bpf: rename bpf_len to bpf_num_ops Jiri Pirko
2015-01-14 12:12 ` Daniel Borkmann
2015-01-14 13:28 ` Daniel Borkmann [this message]
2015-01-14 15:39 ` [patch net-next 1/2 v3] tc: add BPF based action Alexei Starovoitov
2015-01-14 15:55 ` Jiri Pirko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B66F08.2010305@redhat.com \
--to=dborkman@redhat.com \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=hannes@redhat.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).