From: Daniel Borkmann <dborkman@redhat.com>
To: Cong Wang <cwang@twopensource.com>
Cc: Jiri Pirko <jiri@resnulli.us>, netdev <netdev@vger.kernel.org>,
David Miller <davem@davemloft.net>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Alexei Starovoitov <ast@plumgrid.com>,
Hannes Frederic Sowa <hannes@redhat.com>,
willemb@google.com
Subject: Re: [patch net-next v4 1/2] tc: add BPF based action
Date: Wed, 14 Jan 2015 22:55:25 +0100 [thread overview]
Message-ID: <54B6E5CD.2070504@redhat.com> (raw)
In-Reply-To: <CAHA+R7NWShJo_0apkOa5pudpE69EdWkzAQpW00zfO7ePhxt2XA@mail.gmail.com>
On 01/14/2015 08:27 PM, Cong Wang wrote:
> On Wed, Jan 14, 2015 at 9:43 AM, Jiri Pirko <jiri@resnulli.us> wrote:
>> This action provides a possibility to exec custom BPF code.
>
> I still don't like it, sorry, not just for your patch, I never like
> cls_bpf either, in terms of the user interface and the duplicated
> functionalities: cls_bpf vs u32, act_bpf vs gact.
...
> Ideally we should be able to implement them with the same
> interface, transparent to users, I think probably because
> the nature of bpf implementation somewhat enforces such
> interface everywhere, it is clearly overrated.
Hmm, I guess you're talking about the interface from tc side, other
than that cls_bpf is also faster when JITed. I can only speak for
cls_bpf here, which is modelled the same way after xt_bpf and takes
low-level BPF opcodes directly or stored somewhere as a file. Not
overly pretty, that's true.
For somewhat higher but still low-level enough description, I've
added bpf_asm for that purpose so you can still have full control
and if that's still too much and you don't care about unsupported
BPF extensions, then the libpcap compiler is your friend. For example,
Willem has added [1] longer time ago which takes tcpdump-like
filters and spills out related opcodes for you, if you don't want
to use tcpdump -ddd directly.
The other possibility would be to have an own internal BPF filter
compiler inside of tc (w/o any external lib dependencies), a thought
lingering in my head for quite some time now. I guess I could scratch
some cycles off from my spare time and start hacking on it.
Other than that, for the eBPF part, there are efforts to upstream
backends to llvm and gcc, afaik, so their produced output could be
passed onwards to tc, similarly as in samples/bpf/ as one possibility
I could imagine.
[1] http://git.netfilter.org/iptables/tree/utils/nfbpf_compile.c
next prev parent reply other threads:[~2015-01-14 21:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-14 17:43 [patch net-next v4 1/2] tc: add BPF based action Jiri Pirko
2015-01-14 17:43 ` [patch net-next v4 2/2] tc: cls_bpf: rename bpf_len to bpf_num_ops Jiri Pirko
2015-01-14 19:27 ` [patch net-next v4 1/2] tc: add BPF based action Cong Wang
2015-01-14 21:55 ` Daniel Borkmann [this message]
2015-01-15 2:42 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54B6E5CD.2070504@redhat.com \
--to=dborkman@redhat.com \
--cc=ast@plumgrid.com \
--cc=cwang@twopensource.com \
--cc=davem@davemloft.net \
--cc=hannes@redhat.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=netdev@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).