From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Ryan Wilson <ryantimwilson@gmail.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Network Development <netdev@vger.kernel.org>,
Jakub Kicinski <kuba@kernel.org>,
Jesper Dangaard Brouer <hawk@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>, bpf <bpf@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
ryantimwilson@meta.com,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
Jason Wang <jasowang@redhat.com>,
Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH bpf-next] bpf: Add multi-prog support for XDP BPF programs
Date: Mon, 18 Nov 2024 13:30:08 +0100 [thread overview]
Message-ID: <87ed38ragf.fsf@toke.dk> (raw)
In-Reply-To: <CA+Fy8UaKWJ+8SoF_purtcOju-Xdt-m5qeUvg5keK3KGW9=ApQw@mail.gmail.com>
Ryan Wilson <ryantimwilson@gmail.com> writes:
> On Fri, Nov 15, 2024 at 3:07 AM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>>
>> Hi Ryan
>>
>> I'll take a more detailed look at your patch later, but wanted to add
>> a few smallish comment now, see below:
>>
>>
>> Ryan Wilson <ryantimwilson@gmail.com> writes:
>> > On Thu, Nov 14, 2024 at 4:52 PM Alexei Starovoitov
>> > <alexei.starovoitov@gmail.com> wrote:
>> >>
>> >> On Thu, Nov 14, 2024 at 9:07 AM Ryan Wilson <ryantimwilson@gmail.com> wrote:
>> >> >
>> >> > Currently, network devices only support a single XDP program. However,
>> >> > there are use cases for multiple XDP programs per device. For example,
>> >> > at Meta, we have XDP programs for firewalls, DDOS and logging that must
>> >> > all run in a specific order. To work around the lack of multi-program
>> >> > support, a single daemon loads all programs and uses bpf_tail_call()
>> >> > in a loop to jump to each program contained in a BPF map.
>> >>
>> >> The support for multiple XDP progs per netdev is long overdue.
>> >> Thank you for working on this!
>>
>> +1 on this!
>>
>>
>> [...]
>>
>> > Note for real drivers, we do not hit this code. This is how it works
>> > for real drivers:
>> > - When installing a BPF program on a driver, we call the driver's
>> > ndo_bpf() callback function with command = XDP_QUERY_MPROG_SUPPORT. If
>> > this returns 0, then mprog is supported. Otherwise, mprog is not
>> > supported.
>>
>> We already have feature flags for XDP, so why not just make mprog
>> support a feature flag instead of the query thing? It probably should be
>> anyway, so it can also be reported to userspace.
>
> Oh wow can't believe I missed the feature flag API. Yes, I'll use this
> in v2 instead. Thanks for the suggestion!
Cool! You're welcome.
> And if it's exposed to userspace, users no longer need to guess if
> their driver supports mprog or not - although hopefully this is an
> intermediary state and the mprog migration for all drivers will be
> relatively quick and painless.
Famous last words? ;)
-Toke
prev parent reply other threads:[~2024-11-18 12:30 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241114170721.3939099-1-ryantimwilson@gmail.com>
2024-11-15 0:52 ` [PATCH bpf-next] bpf: Add multi-prog support for XDP BPF programs Alexei Starovoitov
2024-11-15 2:41 ` Ryan Wilson
2024-11-15 11:07 ` Toke Høiland-Jørgensen
2024-11-15 16:06 ` Ryan Wilson
2024-11-18 12:30 ` Toke Høiland-Jørgensen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ed38ragf.fsf@toke.dk \
--to=toke@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=edumazet@google.com \
--cc=hawk@kernel.org \
--cc=jasowang@redhat.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ryantimwilson@gmail.com \
--cc=ryantimwilson@meta.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).