From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Ahern <dsahern@gmail.com>
Subject: Re: [PATCH net-next 0/9] net: Kernel side filtering for route dumps
Date: Thu, 11 Oct 2018 10:16:49 -0600
Message-ID: <82e4fb1f-10b8-eda7-9643-36950e900103@gmail.com>
References: <20181011150627.4010-1-dsahern@kernel.org>
 <20181011082637.3e7833c9@xeon-e3> <20181011154624.GD28581@oracle.com>
 <2de259e0-6910-bb42-82d0-2ab7f27e9838@mojatatu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Cc: David Ahern <dsahern@kernel.org>, netdev@vger.kernel.org,
        davem@davemloft.net
To: Jamal Hadi Salim <jhs@mojatatu.com>,
        Sowmini Varadhan <sowmini.varadhan@oracle.com>,
        Stephen Hemminger <stephen@networkplumber.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pg1-f193.google.com ([209.85.215.193]:40087 "EHLO
        mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728601AbeJKXoq (ORCPT
        <rfc822;netdev@vger.kernel.org>); Thu, 11 Oct 2018 19:44:46 -0400
Received: by mail-pg1-f193.google.com with SMTP id n31-v6so4408235pgm.7
        for <netdev@vger.kernel.org>; Thu, 11 Oct 2018 09:16:51 -0700 (PDT)
In-Reply-To: <2de259e0-6910-bb42-82d0-2ab7f27e9838@mojatatu.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On 10/11/18 10:07 AM, Jamal Hadi Salim wrote:
> On 2018-10-11 11:46 a.m., Sowmini Varadhan wrote:
>> On (10/11/18 08:26), Stephen Hemminger wrote:
>>> You can do the something like this already with BPF socket filters.
>>> But writing BPF for multi-part messages is hard.
>>
>> Indeed. And I was just experimenting with this for ARP just last week.
>> So to handle the caes of "ip neigh show a.b.c.d" without walking through
>> the entire arp table and filtering in userspace, you could add a
>> sk_filter()
>> hook like this:
>>
> 
> If this could be done a lot earlier aka at xxx_fill_info() bpf would
> be a very good answer.

IMO, bpf at the fill_info stage is not appropriate.


> skb->sk (hence attached filter) should be available at that point.
> Classical bpf per Sowmini's example maybe trickier.
> Better - why dont we have an ebpf hook at this stage and then
> we dont have to make changes to the kernel when someone adds
> one more field to the filter?
> 
> BTW: useful for events as well - not just dumps (as the name
> fib_dump_filter suggests)

you mean kernel notifications on internal events?
1. there is no user socket when notifications are created and the
*_fill_info is invoked

2. notifications are global going to potentially many sockets. For these
cases the existing sk_filter is appropriate.