From: Tom Herbert <tom@herbertland.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Andi Kleen <andi@firstfloor.org>,
John Fastabend <john.fastabend@gmail.com>,
"Liang, Kan" <kan.liang@intel.com>,
"David S. Miller" <davem@davemloft.net>,
LKML <linux-kernel@vger.kernel.org>,
Linux Kernel Network Developers <netdev@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>,
peterz@infradead.org, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>,
akpm@linux-foundation.org, Kees Cook <keescook@chromium.org>,
viro@zeniv.linux.org.uk, gorcunov@openvz.org,
John Stultz <john.stultz@linaro.org>,
Alex Duyck <aduyck@mirantis.com>,
Ben Hutchings <ben@decadent.org.uk>,
David Decotigny <decot@googlers.com>,
Florian Westphal <fw@strlen.de>,
Alexander Duyck <alexander.duyck@gmail.com>,
rdunlap@infradead.org, Cong Wang <xiyou.wangcong@gmail.com>,
Hannes Frederic Sowa <han
Subject: Re: [RFC V2 PATCH 17/25] net/netpolicy: introduce netpolicy_pick_queue
Date: Fri, 5 Aug 2016 07:41:40 -0700 [thread overview]
Message-ID: <CALx6S374fUxDd1_=db8hg4YsMoMZ_UwM3_uNW4JsXbVkHUEmHQ@mail.gmail.com> (raw)
In-Reply-To: <57A3DB2F.1010909@iogearbox.net>
On Thu, Aug 4, 2016 at 5:17 PM, Daniel Borkmann <daniel@iogearbox.net> wrote:
> On 08/05/2016 12:54 AM, Andi Kleen wrote:
>>>
>>> +1, I tried to bring this up here [1] in the last spin. I think only very
>>> few changes would be needed, f.e. on eBPF side to add a queue setting
>>> helper function which is probably straight forward ~10loc patch; and with
>>> regards to actually picking it up after clsact egress, we'd need to adapt
>>> __netdev_pick_tx() slightly when CONFIG_XPS so it doesn't override it.
>>
>>
>> You're proposing to rewrite the whole net policy manager as EBPF and run
>> it in a crappy JITer? Is that a serious proposal? It just sounds crazy
>> to me.
>>
>> Especially since we already have a perfectly good compiler and
>> programming language to write system code in.
>>
>> EBPF is ok for temporal instrumentation (if you somehow can accept
>> its security challenges), but using it to replace core
>> kernel functionality (which network policy IMHO is) with some bizarre
>> JITed setup and multiple languages doesn't really make any sense.
>>
>> Especially it doesn't make sense for anything with shared state,
>> which is the core part of network policy: it negotiates with multiple
>> users.
>>
>> After all we're writing Linux here and not some research toy.
>
>
> From what I read I guess you didn't really bother to look any deeper into
> this bizarre "research toy" to double check some of your claims. One of the
> things it's often deployed for by the way is defining policy. And the
> suggestion here was merely to explore existing infrastructure around things
> like tc and whether it already resolves at least a part of your net policy
> manager's requirements (like queue selection) or whether existing
> infrastructure
> can be extended with fewer complexity this way (as was mentioned with a new
> cls module as one option).
+1. The SO_REUSEPORT + BPF patches have already demonstrated the value
of making policy in the kernel programmable. There's no reason to
believe that model can't be extended to cover packet steering in the
data path for TX or RX as well as other cases.
Tom
next prev parent reply other threads:[~2016-08-05 14:41 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-04 19:36 [RFC V2 PATCH 00/25] Kernel NET policy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 01/25] net: introduce " kan.liang
2016-08-04 20:09 ` Randy Dunlap
2016-08-04 19:36 ` [RFC V2 PATCH 02/25] net/netpolicy: init " kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 03/25] net/netpolicy: get device queue irq information kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 04/25] net/netpolicy: get CPU information kan.liang
2016-08-05 11:00 ` Sergei Shtylyov
2016-08-04 19:36 ` [RFC V2 PATCH 05/25] net/netpolicy: create CPU and queue mapping kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 06/25] net/netpolicy: set and remove IRQ affinity kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 07/25] net/netpolicy: enable and disable NET policy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 08/25] net/netpolicy: introduce NET policy object kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 09/25] net/netpolicy: set NET policy by policy name kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 10/25] net/netpolicy: add three new NET policies kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 11/25] net/netpolicy: add MIX policy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 12/25] net/netpolicy: NET device hotplug kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 13/25] net/netpolicy: support CPU hotplug kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 14/25] net/netpolicy: handle channel changes kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 15/25] net/netpolicy: implement netpolicy register kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 16/25] net/netpolicy: introduce per socket netpolicy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 17/25] net/netpolicy: introduce netpolicy_pick_queue kan.liang
2016-08-04 20:21 ` John Fastabend
2016-08-04 22:39 ` Daniel Borkmann
2016-08-04 22:54 ` Andi Kleen
2016-08-05 0:17 ` Daniel Borkmann
2016-08-05 14:41 ` Tom Herbert [this message]
2016-08-05 3:51 ` Tom Herbert
2016-08-05 13:55 ` Liang, Kan
2016-08-05 14:38 ` Tom Herbert
2016-08-04 19:36 ` [RFC V2 PATCH 18/25] net/netpolicy: set Tx queues according to policy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 19/25] net/netpolicy: set Rx " kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 20/25] net/netpolicy: introduce per task net policy kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 21/25] net/netpolicy: set per task policy by proc kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 22/25] net/netpolicy: fast path for finding the queues kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 23/25] net/netpolicy: optimize for queue pair kan.liang
2016-08-04 19:36 ` [RFC V2 PATCH 24/25] net/netpolicy: limit the total record number kan.liang
2016-08-17 1:43 ` [lkp] [net/netpolicy] 19e7d15d66: EIP: [<c735077b>] netpolicy_unregister+0x23a/0x28a SS:ESP 0068:ceb19d94 kernel test robot
2016-08-04 19:36 ` [RFC V2 PATCH 25/25] Documentation/networking: Document NET policy kan.liang
-- strict thread matches above, loose matches on Subject: below --
2015-01-01 1:38 [RFC V2 PATCH 00/25] Kernel " kan.liang
2015-01-01 1:39 ` [RFC V2 PATCH 17/25] net/netpolicy: introduce netpolicy_pick_queue kan.liang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALx6S374fUxDd1_=db8hg4YsMoMZ_UwM3_uNW4JsXbVkHUEmHQ@mail.gmail.com' \
--to=tom@herbertland.com \
--cc=aduyck@mirantis.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.duyck@gmail.com \
--cc=andi@firstfloor.org \
--cc=ben@decadent.org.uk \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=decot@googlers.com \
--cc=fw@strlen.de \
--cc=gorcunov@openvz.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=john.stultz@linaro.org \
--cc=kaber@trash.net \
--cc=kan.liang@intel.com \
--cc=keescook@chromium.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=viro@zeniv.linux.org.uk \
--cc=xiyou.wangcong@gmail.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).