* [net-next regression] kselftest failure in fib_nl_newrule()
From: Anders Roxell @ 2018-04-24 9:46 UTC (permalink / raw)
To: roopa, davem, dsa; +Cc: netdev, Linux Kernel Mailing List
Hi,
fib-onlink-tests.sh (from kselftest) found a regression between
next-20180424 [1] (worked with tag next-20180423 [2])
here is tree commits that look suspicious specially this patch (sha:
f9d4b0c1e969)
rewrites fib_nl_newrule().his patch (sha: f9d4b0c1e969) rewrites
fib_nl_newrule().
b16fb418b1bf ("net: fib_rules: add extack support")
f9d4b0c1e969 ("fib_rules: move common handling of newrule delrule msgs
into fib_nl2rule")
8a14e46f1402 ("net/ipv6: Fix missing rcu dereferences on from")
Cheers,
Anders
[1] https://lkft.validation.linaro.org/scheduler/job/195181#L3447
[2] https://lkft.validation.linaro.org/scheduler/job/193410#L3438
^ permalink raw reply
* Re: [RFC] ethtool: Support for driver private ioctl's
From: Jose Abreu @ 2018-04-24 9:37 UTC (permalink / raw)
To: Florian Fainelli, Jose Abreu, David Miller, Jakub Jelinek,
Jeff Garzik, Tim Hockin, Eli Kupermann, Chris Leech,
Scott Feldman, Ben Hutchings
Cc: netdev, Joao Pinto
In-Reply-To: <80a8c4b7-2f2b-4b64-3065-4384b1b1e6e2@gmail.com>
Hi Florian,
On 07-04-2018 20:58, Florian Fainelli wrote:
>
> On 04/06/2018 06:51 AM, Jose Abreu wrote:
>> Hi Florian,
>>
>> On 05-04-2018 16:50, Florian Fainelli wrote:
>>> On 04/05/2018 03:47 AM, Jose Abreu wrote:
>>>> Hi All,
>>>>
>>>> I would like to know your opinion regarding adding support for
>>>> driver private ioctl's in ethtool.
>>>>
>>>> Background: Synopsys Ethernet IP's have a certain number of
>>>> features which can be reconfigured at runtime. Giving you two
>>>> examples: One of the most recent one is the safety features,
>>>> which can be enabled/disabled and forced at runtime. Another one
>>>> is a Flexible RX Parser which can route specific packets to
>>>> specific RX DMA channels. Given that these are features specific
>>>> to our IP's it would not be useful to add an uniform API for this
>>>> because the users would only be one or two drivers ...
>>> Parsing of packets and directing the matched packets to specific
>>> queues/channels can be done through ethtool rxnfc API, tc/cls_flower as
>>> well, so you should really check whether those APIs don't already allow
>>> you to do what you want.
>> Hmm, but in our case this is directly done by HW, we just have to
>> program a kind of a table which will route automatically the
>> packets. Does this API support this?
> I was sort of expecting you to look at the ethtool rxnfc API to see if
> it is suitable given your hardware, but if this is indeed a table
> programming, then yes, this is what it is designed for. You might want
> to consider using the newer, albeit more complex tc/cls_flower if that
> works for your use case.
>
I took a quick look at rxrnfc API and it doesn't seem to match
entirely my requirements.
The feature I want to introduce is called Flexible RX Parser and
will let me route specific packets to specific DMA channels
number. This is different from rxrnfc API because, and I far as I
understand, the API was designed to add rules to packet types
whilst in my case I can add a rule to *any* of the packet content
(within the first 256 bytes of packet, at max). So technically I
can route packets based on destination/ source mac address,
packet type, lenght, protocol, source/destination IP , ....
So, I guess cls_flower it will be ... I'm slowing looking at some
code and docs but it would be great if you could pin point me to
some HW that has similar behavior ?
Thanks and Best Regards,
Jose Miguel Abreu
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Magnus Karlsson @ 2018-04-24 9:14 UTC (permalink / raw)
To: Jason Wang
Cc: Björn Töpel, Karlsson, Magnus, Alexander Duyck,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Jesper Dangaard Brouer, Willem de Bruijn, Daniel Borkmann,
Michael S. Tsirkin, Network Development, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <60f41443-3c8f-4570-6ebc-176444b7b9e9@redhat.com>
On Tue, Apr 24, 2018 at 11:10 AM, Jason Wang <jasowang@redhat.com> wrote:
>
>
> On 2018年04月24日 16:44, Magnus Karlsson wrote:
>>>>
>>>> We have run some benchmarks on a dual socket system with two Broadwell
>>>> E5 2660 @ 2.0 GHz with hyperthreading turned off. Each socket has 14
>>>> cores which gives a total of 28, but only two cores are used in these
>>>> experiments. One for TR/RX and one for the user space application. The
>>>> memory is DDR4 @ 2133 MT/s (1067 MHz) and the size of each DIMM is
>>>> 8192MB and with 8 of those DIMMs in the system we have 64 GB of total
>>>> memory. The compiler used is gcc version 5.4.0 20160609. The NIC is an
>>>> Intel I40E 40Gbit/s using the i40e driver.
>>>>
>>>> Below are the results in Mpps of the I40E NIC benchmark runs for 64
>>>> and 1500 byte packets, generated by commercial packet generator HW that
>>>> is
>>>> generating packets at full 40 Gbit/s line rate.
>>>>
>>>> AF_XDP performance 64 byte packets. Results from RFC V2 in parenthesis.
>>>> Benchmark XDP_SKB XDP_DRV
>>>> rxdrop 2.9(3.0) 9.4(9.3)
>>>> txpush 2.5(2.2) NA*
>>>> l2fwd 1.9(1.7) 2.4(2.4) (TX using XDP_SKB in both cases)
>>>
>>> This number looks not very exciting. I can get ~3Mpps when using testpmd
>>> in
>>> a guest with xdp_redirect.sh on host between ixgbe and TAP/vhost. I
>>> believe
>>> we can even better performance without virt. It would be interesting to
>>> compare this performance with e.g testpmd + virito_user(vhost_kernel) +
>>> XDP.
>>
>> Note that all the XDP_SKB numbers plus the TX part of XDP_DRV for l2fwd
>> uses SKBs and the generic XDP path in the kernel. I am not surprised those
>> numbers are lower than what you are seeing with XDP_DRV support.
>> (If that is what you are running? Unsure about your setup).
>
>
> Yes, I'm using haswell E5-2630 v3 @ 2.40GHz and ixgbe.
>
>> The
>> 9.4 Mpps for RX is what you get with the XDP_DRV support and copies
>> out to user space. Or is it this number you think is low?
>
>
> No rxdrop looks ok. I mean for l2fwd only.
OK, sounds good. l2fwd will get much better once we add XDP_DRV support for TX.
Thanks: Magnus
>> Zerocopy will be added
>> in later patch sets.
>>
>> With that said, both XDP_SKB and XDP_DRV can be optimized. We
>> have not spent that much time on optimizations at this point.
>>
>
> Yes, and it is interesting to compare the performance numbers between AF_XDP
> and TAP XDP + vhost_net since their functions are almost equivalent.
>
> Thanks
^ permalink raw reply
* Re: [PATCH] vhost_net: use packet weight for rx handler, too
From: Jason Wang @ 2018-04-24 9:11 UTC (permalink / raw)
To: Paolo Abeni, kvm; +Cc: netdev, virtualization, haibinzhang, Michael S. Tsirkin
In-Reply-To: <11f2a27cee0c660a611af381ac1b68d9526095e3.1524556673.git.pabeni@redhat.com>
On 2018年04月24日 16:34, Paolo Abeni wrote:
> Similar to commit a2ac99905f1e ("vhost-net: set packet weight of
> tx polling to 2 * vq size"), we need a packet-based limit for
> handler_rx, too - elsewhere, under rx flood with small packets,
> tx can be delayed for a very long time, even without busypolling.
>
> The pkt limit applied to handle_rx must be the same applied by
> handle_tx, or we will get unfair scheduling between rx and tx.
> Tying such limit to the queue length makes it less effective for
> large queue length values and can introduce large process
> scheduler latencies, so a constant valued is used - likewise
> the existing bytes limit.
>
> The selected limit has been validated with PVP[1] performance
> test with different queue sizes:
>
> queue size 256 512 1024
>
> baseline 366 354 362
> weight 128 715 723 670
> weight 256 740 745 733
> weight 512 600 460 583
> weight 1024 423 427 418
>
> A packet weight of 256 gives peek performances in under all the
> tested scenarios.
>
> No measurable regression in unidirectional performance tests has
> been detected.
>
> [1] https://developers.redhat.com/blog/2017/06/05/measuring-and-comparing-open-vswitch-performance/
>
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> drivers/vhost/net.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
> index bbf38befefb2..c4b49fca4871 100644
> --- a/drivers/vhost/net.c
> +++ b/drivers/vhost/net.c
> @@ -46,8 +46,10 @@ MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;"
> #define VHOST_NET_WEIGHT 0x80000
>
> /* Max number of packets transferred before requeueing the job.
> - * Using this limit prevents one virtqueue from starving rx. */
> -#define VHOST_NET_PKT_WEIGHT(vq) ((vq)->num * 2)
> + * Using this limit prevents one virtqueue from starving others with small
> + * pkts.
> + */
> +#define VHOST_NET_PKT_WEIGHT 256
>
> /* MAX number of TX used buffers for outstanding zerocopy */
> #define VHOST_MAX_PEND 128
> @@ -587,7 +589,7 @@ static void handle_tx(struct vhost_net *net)
> vhost_zerocopy_signal_used(net, vq);
> vhost_net_tx_packet(net);
> if (unlikely(total_len >= VHOST_NET_WEIGHT) ||
> - unlikely(++sent_pkts >= VHOST_NET_PKT_WEIGHT(vq))) {
> + unlikely(++sent_pkts >= VHOST_NET_PKT_WEIGHT)) {
> vhost_poll_queue(&vq->poll);
> break;
> }
> @@ -769,6 +771,7 @@ static void handle_rx(struct vhost_net *net)
> struct socket *sock;
> struct iov_iter fixup;
> __virtio16 num_buffers;
> + int recv_pkts = 0;
>
> mutex_lock_nested(&vq->mutex, 0);
> sock = vq->private_data;
> @@ -872,7 +875,8 @@ static void handle_rx(struct vhost_net *net)
> if (unlikely(vq_log))
> vhost_log_write(vq, vq_log, log, vhost_len);
> total_len += vhost_len;
> - if (unlikely(total_len >= VHOST_NET_WEIGHT)) {
> + if (unlikely(total_len >= VHOST_NET_WEIGHT) ||
> + unlikely(++recv_pkts >= VHOST_NET_PKT_WEIGHT)) {
> vhost_poll_queue(&vq->poll);
> goto out;
> }
The numbers looks impressive.
Acked-by: Jason Wang <jasowang@redhat.com>
Thanks!
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Jason Wang @ 2018-04-24 9:10 UTC (permalink / raw)
To: Magnus Karlsson
Cc: Björn Töpel, Karlsson, Magnus, Alexander Duyck,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Jesper Dangaard Brouer, Willem de Bruijn, Daniel Borkmann,
Michael S. Tsirkin, Network Development, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <CAJ8uoz3WEfowgwXXdG3LYbNmJ3Y1CW8nkc=7pvzLvNdfWSCAsA@mail.gmail.com>
On 2018年04月24日 16:44, Magnus Karlsson wrote:
>>> We have run some benchmarks on a dual socket system with two Broadwell
>>> E5 2660 @ 2.0 GHz with hyperthreading turned off. Each socket has 14
>>> cores which gives a total of 28, but only two cores are used in these
>>> experiments. One for TR/RX and one for the user space application. The
>>> memory is DDR4 @ 2133 MT/s (1067 MHz) and the size of each DIMM is
>>> 8192MB and with 8 of those DIMMs in the system we have 64 GB of total
>>> memory. The compiler used is gcc version 5.4.0 20160609. The NIC is an
>>> Intel I40E 40Gbit/s using the i40e driver.
>>>
>>> Below are the results in Mpps of the I40E NIC benchmark runs for 64
>>> and 1500 byte packets, generated by commercial packet generator HW that is
>>> generating packets at full 40 Gbit/s line rate.
>>>
>>> AF_XDP performance 64 byte packets. Results from RFC V2 in parenthesis.
>>> Benchmark XDP_SKB XDP_DRV
>>> rxdrop 2.9(3.0) 9.4(9.3)
>>> txpush 2.5(2.2) NA*
>>> l2fwd 1.9(1.7) 2.4(2.4) (TX using XDP_SKB in both cases)
>> This number looks not very exciting. I can get ~3Mpps when using testpmd in
>> a guest with xdp_redirect.sh on host between ixgbe and TAP/vhost. I believe
>> we can even better performance without virt. It would be interesting to
>> compare this performance with e.g testpmd + virito_user(vhost_kernel) + XDP.
> Note that all the XDP_SKB numbers plus the TX part of XDP_DRV for l2fwd
> uses SKBs and the generic XDP path in the kernel. I am not surprised those
> numbers are lower than what you are seeing with XDP_DRV support.
> (If that is what you are running? Unsure about your setup).
Yes, I'm using haswell E5-2630 v3 @ 2.40GHz and ixgbe.
> The
> 9.4 Mpps for RX is what you get with the XDP_DRV support and copies
> out to user space. Or is it this number you think is low?
No rxdrop looks ok. I mean for l2fwd only.
> Zerocopy will be added
> in later patch sets.
>
> With that said, both XDP_SKB and XDP_DRV can be optimized. We
> have not spent that much time on optimizations at this point.
>
Yes, and it is interesting to compare the performance numbers between
AF_XDP and TAP XDP + vhost_net since their functions are almost equivalent.
Thanks
^ permalink raw reply
* Re: [PATCH 03/12] netfilter: ebtables: don't attempt to allocate 0-sized compat array
From: Sergei Shtylyov @ 2018-04-24 8:55 UTC (permalink / raw)
To: Pablo Neira Ayuso, netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20180423175714.9794-4-pablo@netfilter.org>
Hello!
On 4/23/2018 8:57 PM, Pablo Neira Ayuso wrote:
> From: Florian Westphal <fw@strlen.de>
>
> Dmitry reports 32bit ebtables on 64bit kernel got broken by
> a recent change that returns -EINVAL when ruleset has no entries.
>
> ebtables however only counts user-defined chains, so for the
> initial table nentries will be 0.
>
> Don't try to allocate the compat array in this case, as no user
As if, perhaps?
> defined rules exist no rule will need 64bit translation.
>
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Fixes: 7d7d7e02111e9 ("netfilter: compat: reject huge allocation requests")
> Signed-off-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> net/bridge/netfilter/ebtables.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
> index 032e0fe45940..28a4c3490359 100644
> --- a/net/bridge/netfilter/ebtables.c
> +++ b/net/bridge/netfilter/ebtables.c
> @@ -1825,13 +1825,14 @@ static int compat_table_info(const struct ebt_table_info *info,
> {
> unsigned int size = info->entries_size;
> const void *entries = info->entries;
> - int ret;
>
> newinfo->entries_size = size;
> -
> - ret = xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries);
> - if (ret)
> - return ret;
> + if (info->nentries) {
> + int ret = xt_compat_init_offsets(NFPROTO_BRIDGE,
> + info->nentries);
Need an empty line here...
> + if (ret)
> + return ret;
> + }
>
> return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info,
> entries, newinfo);
MBR, Sergei
^ permalink raw reply
* Re: [RFC v3 net-next 13/18] net/sched: Introduce the TBS Qdisc
From: Thomas Gleixner @ 2018-04-24 8:50 UTC (permalink / raw)
To: Jesus Sanchez-Palencia
Cc: netdev, jhs, xiyou.wangcong, jiri, vinicius.gomes, richardcochran,
intel-wired-lan, anna-maria, henrik, john.stultz, levi.pearson,
edumazet, willemb, mlichvar
In-Reply-To: <768e8da5-502e-d36f-0f32-9324eaca4a1d@intel.com>
On Mon, 23 Apr 2018, Jesus Sanchez-Palencia wrote:
> On 03/21/2018 06:46 AM, Thomas Gleixner wrote:
> > On Tue, 6 Mar 2018, Jesus Sanchez-Palencia wrote:
> >> +struct tbs_sched_data {
> >> + bool sorting;
> >> + int clockid;
> >> + int queue;
> >> + s32 delta; /* in ns */
> >> + ktime_t last; /* The txtime of the last skb sent to the netdevice. */
> >> + struct rb_root head;
> >
> > Hmm. You are reimplementing timerqueue open coded. Have you checked whether
> > you could reuse the timerqueue implementation?
> >
> > That requires to add a timerqueue node to struct skbuff
> >
> > @@ -671,7 +671,8 @@ struct sk_buff {
> > unsigned long dev_scratch;
> > };
> > };
> > - struct rb_node rbnode; /* used in netem & tcp stack */
> > + struct rb_node rbnode; /* used in netem & tcp stack */
> > + struct timerqueue_node tqnode;
> > };
> > struct sock *sk;
> >
> > Then you can use timerqueue_head in your scheduler data and all the open
> > coded rbtree handling goes away.
>
>
> I just noticed that doing the above increases the size of struct sk_buff by 8
> bytes - struct timerqueue_node is 32bytes long while struct rb_node is only
> 24bytes long.
>
> Given the feedback we got here before against touching struct sk_buff at all for
> non-generic use cases, I will keep the implementation of sch_tbs.c as is, thus
> keeping the open-coded version for now, ok?
The size of sk_buff is 216 and the size of sk_buff_fclones is 440
bytes. The sk_buff and sk_buff_fclones kmem_caches use objects sized 256
and 512 bytes because the kmem_caches are created with SLAB_HWCACHE_ALIGN.
So adding 8 bytes to spare duplicated code will not change the kmem_cache
object size and I really doubt that anyone will notice.
Thanks,
tglx
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Magnus Karlsson @ 2018-04-24 8:44 UTC (permalink / raw)
To: Jason Wang
Cc: Björn Töpel, Karlsson, Magnus, Alexander Duyck,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Jesper Dangaard Brouer, Willem de Bruijn, Daniel Borkmann,
Michael S. Tsirkin, Network Development, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <3165e013-fab9-a0a2-2048-6d7aac0bd85e@redhat.com>
>> We have run some benchmarks on a dual socket system with two Broadwell
>> E5 2660 @ 2.0 GHz with hyperthreading turned off. Each socket has 14
>> cores which gives a total of 28, but only two cores are used in these
>> experiments. One for TR/RX and one for the user space application. The
>> memory is DDR4 @ 2133 MT/s (1067 MHz) and the size of each DIMM is
>> 8192MB and with 8 of those DIMMs in the system we have 64 GB of total
>> memory. The compiler used is gcc version 5.4.0 20160609. The NIC is an
>> Intel I40E 40Gbit/s using the i40e driver.
>>
>> Below are the results in Mpps of the I40E NIC benchmark runs for 64
>> and 1500 byte packets, generated by commercial packet generator HW that is
>> generating packets at full 40 Gbit/s line rate.
>>
>> AF_XDP performance 64 byte packets. Results from RFC V2 in parenthesis.
>> Benchmark XDP_SKB XDP_DRV
>> rxdrop 2.9(3.0) 9.4(9.3)
>> txpush 2.5(2.2) NA*
>> l2fwd 1.9(1.7) 2.4(2.4) (TX using XDP_SKB in both cases)
>
>
> This number looks not very exciting. I can get ~3Mpps when using testpmd in
> a guest with xdp_redirect.sh on host between ixgbe and TAP/vhost. I believe
> we can even better performance without virt. It would be interesting to
> compare this performance with e.g testpmd + virito_user(vhost_kernel) + XDP.
Note that all the XDP_SKB numbers plus the TX part of XDP_DRV for l2fwd
uses SKBs and the generic XDP path in the kernel. I am not surprised those
numbers are lower than what you are seeing with XDP_DRV support.
(If that is what you are running? Unsure about your setup). The
9.4 Mpps for RX is what you get with the XDP_DRV support and copies
out to user space. Or is it this number you think is low? Zerocopy will be added
in later patch sets.
With that said, both XDP_SKB and XDP_DRV can be optimized. We
have not spent that much time on optimizations at this point.
>
>>
>> AF_XDP performance 1500 byte packets:
>> Benchmark XDP_SKB XDP_DRV
>> rxdrop 2.1(2.2) 3.3(3.1)
>> l2fwd 1.4(1.1) 1.8(1.7) (TX using XDP_SKB in both cases)
>>
>> * NA since we have no support for TX using the XDP_DRV infrastructure
>> in this RFC. This is for a future patch set since it involves
>> changes to the XDP NDOs. Some of this has been upstreamed by Jesper
>> Dangaard Brouer.
>>
>> XDP performance on our system as a base line:
>>
>> 64 byte packets:
>> XDP stats CPU pps issue-pps
>> XDP-RX CPU 16 32,921,521 0
>>
>> 1500 byte packets:
>> XDP stats CPU pps issue-pps
>> XDP-RX CPU 16 3,289,491 0
>>
>> Changes from RFC V2:
>>
>> * Optimizations and simplifications to the ring structures inspired by
>> ptr_ring.h
>> * Renamed XDP_[RX|TX]_QUEUE to XDP_[RX|TX]_RING in the uapi to be
>> consistent with AF_PACKET
>> * Support for only having an RX queue or a TX queue defined
>> * Some bug fixes and code cleanup
>>
>> The structure of the patch set is as follows:
>>
>> Patches 1-2: Basic socket and umem plumbing
>> Patches 3-10: RX support together with the new XSKMAP
>> Patches 11-14: TX support
>> Patch 15: Sample application
>>
>> We based this patch set on bpf-next commit fbcf93ebcaef ("bpf: btf:
>> Clean up btf.h in uapi")
>>
>> Questions:
>>
>> * How to deal with cache alignment for uapi when different
>> architectures can have different cache line sizes? We have just
>> aligned it to 64 bytes for now, which works for many popular
>> architectures, but not all. Please advise.
>>
>> To do:
>>
>> * Optimize performance
>>
>> * Kernel selftest
>>
>> Post-series plan:
>>
>> * Kernel load module support of AF_XDP would be nice. Unclear how to
>> achieve this though since our XDP code depends on net/core.
>>
>> * Support for AF_XDP sockets without an XPD program loaded. In this
>> case all the traffic on a queue should go up to the user space socket.
>
>
> I think we probably need this in the case of TUN XDP for virt guest too.
Yes.
Thanks: Magnus
> Thanks
>
>
>>
>> * Daniel Borkmann's suggestion for a "copy to XDP socket, and return
>> XDP_PASS" for a tcpdump-like functionality.
>>
>> * And of course getting to zero-copy support in small increments.
>>
>> Thanks: Björn and Magnus
>>
>> Björn Töpel (8):
>> net: initial AF_XDP skeleton
>> xsk: add user memory registration support sockopt
>> xsk: add Rx queue setup and mmap support
>> xdp: introduce xdp_return_buff API
>> xsk: add Rx receive functions and poll support
>> bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP
>> xsk: wire up XDP_DRV side of AF_XDP
>> xsk: wire up XDP_SKB side of AF_XDP
>>
>> Magnus Karlsson (7):
>> xsk: add umem fill queue support and mmap
>> xsk: add support for bind for Rx
>> xsk: add umem completion queue support and mmap
>> xsk: add Tx queue setup and mmap support
>> xsk: support for Tx
>> xsk: statistics support
>> samples/bpf: sample application for AF_XDP sockets
>>
>> MAINTAINERS | 8 +
>> include/linux/bpf.h | 26 +
>> include/linux/bpf_types.h | 3 +
>> include/linux/filter.h | 2 +-
>> include/linux/socket.h | 5 +-
>> include/net/xdp.h | 1 +
>> include/net/xdp_sock.h | 46 ++
>> include/uapi/linux/bpf.h | 1 +
>> include/uapi/linux/if_xdp.h | 87 ++++
>> kernel/bpf/Makefile | 3 +
>> kernel/bpf/verifier.c | 8 +-
>> kernel/bpf/xskmap.c | 286 +++++++++++
>> net/Kconfig | 1 +
>> net/Makefile | 1 +
>> net/core/dev.c | 34 +-
>> net/core/filter.c | 40 +-
>> net/core/sock.c | 12 +-
>> net/core/xdp.c | 15 +-
>> net/xdp/Kconfig | 7 +
>> net/xdp/Makefile | 2 +
>> net/xdp/xdp_umem.c | 256 ++++++++++
>> net/xdp/xdp_umem.h | 65 +++
>> net/xdp/xdp_umem_props.h | 23 +
>> net/xdp/xsk.c | 704 +++++++++++++++++++++++++++
>> net/xdp/xsk_queue.c | 73 +++
>> net/xdp/xsk_queue.h | 245 ++++++++++
>> samples/bpf/Makefile | 4 +
>> samples/bpf/xdpsock.h | 11 +
>> samples/bpf/xdpsock_kern.c | 56 +++
>> samples/bpf/xdpsock_user.c | 947
>> ++++++++++++++++++++++++++++++++++++
>> security/selinux/hooks.c | 4 +-
>> security/selinux/include/classmap.h | 4 +-
>> 32 files changed, 2945 insertions(+), 35 deletions(-)
>> create mode 100644 include/net/xdp_sock.h
>> create mode 100644 include/uapi/linux/if_xdp.h
>> create mode 100644 kernel/bpf/xskmap.c
>> create mode 100644 net/xdp/Kconfig
>> create mode 100644 net/xdp/Makefile
>> create mode 100644 net/xdp/xdp_umem.c
>> create mode 100644 net/xdp/xdp_umem.h
>> create mode 100644 net/xdp/xdp_umem_props.h
>> create mode 100644 net/xdp/xsk.c
>> create mode 100644 net/xdp/xsk_queue.c
>> create mode 100644 net/xdp/xsk_queue.h
>> create mode 100644 samples/bpf/xdpsock.h
>> create mode 100644 samples/bpf/xdpsock_kern.c
>> create mode 100644 samples/bpf/xdpsock_user.c
>>
>
^ permalink raw reply
* Re: [PATCH 1/1] IB/rxe: avoid double kfree_skb
From: Yanjun Zhu @ 2018-04-24 8:34 UTC (permalink / raw)
To: Doug Ledford, monis, jgg, linux-rdma; +Cc: netdev
In-Reply-To: <89cbf00d-40b1-d3cc-dd1c-3c4b6fd365d8@oracle.com>
Hi, all
rxe_send
ip_local_out
__ip_local_out
nf_hook_slow
In the above call process, nf_hook_slow drops and frees skb, then -EPERM
is returned when iptables rules(iptables -I OUTPUT -p udp --dport 4791
-j DROP) is set.
If skb->users is not changed in softroce, kfree_skb should not be called
in this module.
I will make further investigations about other error handler after
ip_local_out.
If I am wrong, please correct me.
Any reply is appreciated.
Zhu Yanjun
On 2018/4/20 13:46, Yanjun Zhu wrote:
>
>
> On 2018/4/20 10:19, Doug Ledford wrote:
>> On Thu, 2018-04-19 at 10:01 -0400, Zhu Yanjun wrote:
>>> When skb is dropped by iptables rules, the skb is freed at the same
>>> time
>>> -EPERM is returned. So in softroce, it is not necessary to free skb
>>> again.
>>> Or else, crash will occur.
>>>
>>> The steps to reproduce:
>>>
>>> server client
>>> --------- ---------
>>> |1.1.1.1|<----rxe-channel--->|1.1.1.2|
>>> --------- ---------
>>>
>>> On server: rping -s -a 1.1.1.1 -v -C 10000 -S 512
>>> On client: rping -c -a 1.1.1.1 -v -C 10000 -S 512
>>>
>>> The kernel configs CONFIG_DEBUG_KMEMLEAK and
>>> CONFIG_DEBUG_OBJECTS are enabled on both server and client.
>>>
>>> When rping runs, run the following command in server:
>>>
>>> iptables -I OUTPUT -p udp --dport 4791 -j DROP
>>>
>>> Without this patch, crash will occur.
>>>
>>> CC: Srinivas Eeda <srinivas.eeda@oracle.com>
>>> CC: Junxiao Bi <junxiao.bi@oracle.com>
>>> Signed-off-by: Zhu Yanjun <yanjun.zhu@oracle.com>
>>> Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
>> I have no reason to doubt your analysis, but if there are a bunch of
>> error paths for net_xmit and they all return with your skb still being
>> valid and holding a reference, and then one oddball that returns with
>> your skb already gone, that just sounds like a mistake waiting to happen
>> (not to mention a bajillion special cases sprinkled everywhere to deal
>> with this apparent inconsistency).
>>
>> Can we get a netdev@ confirmation on this being the right solution?
> Yes. I agree with you.
> After iptables rule "iptables -I OUTPUT -p udp --dport 4791 -j DROP",
> the skb is freed in this function
>
> /* Returns 1 if okfn() needs to be executed by the caller,
> * -EPERM for NF_DROP, 0 otherwise. Caller must hold rcu_read_lock. */
> int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
> const struct nf_hook_entries *e, unsigned int s)
> {
> unsigned int verdict;
> int ret;
>
> for (; s < e->num_hook_entries; s++) {
> verdict = nf_hook_entry_hookfn(&e->hooks[s], skb, state);
> switch (verdict & NF_VERDICT_MASK) {
> case NF_ACCEPT:
> break;
> case NF_DROP:
> kfree_skb(skb); <----here, skb is freed
> ret = NF_DROP_GETERR(verdict);
> if (ret == 0)
> ret = -EPERM;
> return ret;
> case NF_QUEUE:
> ret = nf_queue(skb, state, e, s, verdict);
> if (ret == 1)
> continue;
> return ret;
> default:
> /* Implicit handling for NF_STOLEN, as well as
> any other
> * non conventional verdicts.
> */
> return 0;
> }
> }
>
> return 1;
> }
> EXPORT_SYMBOL(nf_hook_slow);
>
> If I am wrong, please correct me.
>
> And my test environment is still there, any solution can be verified
> in it.
>
> Zhu Yanjun
>>
>>> ---
>>> drivers/infiniband/sw/rxe/rxe_net.c | 3 +++
>>> drivers/infiniband/sw/rxe/rxe_req.c | 5 +++--
>>> drivers/infiniband/sw/rxe/rxe_resp.c | 9 ++++++---
>>> 3 files changed, 12 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/drivers/infiniband/sw/rxe/rxe_net.c
>>> b/drivers/infiniband/sw/rxe/rxe_net.c
>>> index 9da6e37..2094434 100644
>>> --- a/drivers/infiniband/sw/rxe/rxe_net.c
>>> +++ b/drivers/infiniband/sw/rxe/rxe_net.c
>>> @@ -511,6 +511,9 @@ int rxe_send(struct rxe_pkt_info *pkt, struct
>>> sk_buff *skb)
>>> if (unlikely(net_xmit_eval(err))) {
>>> pr_debug("error sending packet: %d\n", err);
>>> + /* -EPERM means the skb is dropped and freed. */
>>> + if (err == -EPERM)
>>> + return -EPERM;
>>> return -EAGAIN;
>>> }
>>> diff --git a/drivers/infiniband/sw/rxe/rxe_req.c
>>> b/drivers/infiniband/sw/rxe/rxe_req.c
>>> index 7bdaf71..9d2efec 100644
>>> --- a/drivers/infiniband/sw/rxe/rxe_req.c
>>> +++ b/drivers/infiniband/sw/rxe/rxe_req.c
>>> @@ -727,8 +727,9 @@ int rxe_requester(void *arg)
>>> rollback_state(wqe, qp, &rollback_wqe,
>>> rollback_psn);
>>> - if (ret == -EAGAIN) {
>>> - kfree_skb(skb);
>>> + if ((ret == -EAGAIN) || (ret == -EPERM)) {
>>> + if (ret == -EAGAIN)
>>> + kfree_skb(skb);
>>> rxe_run_task(&qp->req.task, 1);
>>> goto exit;
>>> }
>>> diff --git a/drivers/infiniband/sw/rxe/rxe_resp.c
>>> b/drivers/infiniband/sw/rxe/rxe_resp.c
>>> index a65c996..6bdf9b2 100644
>>> --- a/drivers/infiniband/sw/rxe/rxe_resp.c
>>> +++ b/drivers/infiniband/sw/rxe/rxe_resp.c
>>> @@ -742,7 +742,8 @@ static enum resp_states read_reply(struct rxe_qp
>>> *qp,
>>> err = rxe_xmit_packet(rxe, qp, &ack_pkt, skb);
>>> if (err) {
>>> pr_err("Failed sending RDMA reply.\n");
>>> - kfree_skb(skb);
>>> + if (err != -EPERM)
>>> + kfree_skb(skb);
>>> return RESPST_ERR_RNR;
>>> }
>>> @@ -956,7 +957,8 @@ static int send_ack(struct rxe_qp *qp, struct
>>> rxe_pkt_info *pkt,
>>> err = rxe_xmit_packet(rxe, qp, &ack_pkt, skb);
>>> if (err) {
>>> pr_err_ratelimited("Failed sending ack\n");
>>> - kfree_skb(skb);
>>> + if (err != -EPERM)
>>> + kfree_skb(skb);
>>> }
>>> err1:
>>> @@ -1141,7 +1143,8 @@ static enum resp_states
>>> duplicate_request(struct rxe_qp *qp,
>>> if (rc) {
>>> pr_err("Failed resending result.
>>> This flow is not handled - skb ignored\n");
>>> rxe_drop_ref(qp);
>>> - kfree_skb(skb_copy);
>>> + if (rc != -EPERM)
>>> + kfree_skb(skb_copy);
>>> rc = RESPST_CLEANUP;
>>> goto out;
>>> }
>>> --
>>> 2.7.4
>>>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* [PATCH] vhost_net: use packet weight for rx handler, too
From: Paolo Abeni @ 2018-04-24 8:34 UTC (permalink / raw)
To: kvm; +Cc: haibinzhang, Michael S. Tsirkin, Jason Wang, virtualization,
netdev
Similar to commit a2ac99905f1e ("vhost-net: set packet weight of
tx polling to 2 * vq size"), we need a packet-based limit for
handler_rx, too - elsewhere, under rx flood with small packets,
tx can be delayed for a very long time, even without busypolling.
The pkt limit applied to handle_rx must be the same applied by
handle_tx, or we will get unfair scheduling between rx and tx.
Tying such limit to the queue length makes it less effective for
large queue length values and can introduce large process
scheduler latencies, so a constant valued is used - likewise
the existing bytes limit.
The selected limit has been validated with PVP[1] performance
test with different queue sizes:
queue size 256 512 1024
baseline 366 354 362
weight 128 715 723 670
weight 256 740 745 733
weight 512 600 460 583
weight 1024 423 427 418
A packet weight of 256 gives peek performances in under all the
tested scenarios.
No measurable regression in unidirectional performance tests has
been detected.
[1] https://developers.redhat.com/blog/2017/06/05/measuring-and-comparing-open-vswitch-performance/
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
drivers/vhost/net.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index bbf38befefb2..c4b49fca4871 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -46,8 +46,10 @@ MODULE_PARM_DESC(experimental_zcopytx, "Enable Zero Copy TX;"
#define VHOST_NET_WEIGHT 0x80000
/* Max number of packets transferred before requeueing the job.
- * Using this limit prevents one virtqueue from starving rx. */
-#define VHOST_NET_PKT_WEIGHT(vq) ((vq)->num * 2)
+ * Using this limit prevents one virtqueue from starving others with small
+ * pkts.
+ */
+#define VHOST_NET_PKT_WEIGHT 256
/* MAX number of TX used buffers for outstanding zerocopy */
#define VHOST_MAX_PEND 128
@@ -587,7 +589,7 @@ static void handle_tx(struct vhost_net *net)
vhost_zerocopy_signal_used(net, vq);
vhost_net_tx_packet(net);
if (unlikely(total_len >= VHOST_NET_WEIGHT) ||
- unlikely(++sent_pkts >= VHOST_NET_PKT_WEIGHT(vq))) {
+ unlikely(++sent_pkts >= VHOST_NET_PKT_WEIGHT)) {
vhost_poll_queue(&vq->poll);
break;
}
@@ -769,6 +771,7 @@ static void handle_rx(struct vhost_net *net)
struct socket *sock;
struct iov_iter fixup;
__virtio16 num_buffers;
+ int recv_pkts = 0;
mutex_lock_nested(&vq->mutex, 0);
sock = vq->private_data;
@@ -872,7 +875,8 @@ static void handle_rx(struct vhost_net *net)
if (unlikely(vq_log))
vhost_log_write(vq, vq_log, log, vhost_len);
total_len += vhost_len;
- if (unlikely(total_len >= VHOST_NET_WEIGHT)) {
+ if (unlikely(total_len >= VHOST_NET_WEIGHT) ||
+ unlikely(++recv_pkts >= VHOST_NET_PKT_WEIGHT)) {
vhost_poll_queue(&vq->poll);
goto out;
}
--
2.14.3
^ permalink raw reply related
* Re: [PATCH net] l2tp: check sockaddr length in pppol2tp_connect()
From: Guillaume Nault @ 2018-04-24 8:23 UTC (permalink / raw)
To: David Miller; +Cc: netdev, jchapman
In-Reply-To: <20180423.211122.76873901039312656.davem@davemloft.net>
On Mon, Apr 23, 2018 at 09:11:22PM -0400, David Miller wrote:
> From: Guillaume Nault <g.nault@alphalink.fr>
> Date: Mon, 23 Apr 2018 16:15:14 +0200
>
> > Check sockaddr_len before dereferencing sp->sa_protocol, to ensure that
> > it actually points to valid data.
> >
> > Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
> > Reported-by: syzbot+a70ac890b23b1bf29f5c@syzkaller.appspotmail.com
> > Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
>
> Applied and queued up for -stable.
>
> I guess you can completely remove the "bad socket address" -EINVAL else
> clause later in the function as a cleanup in net-next.
>
Yes, will do. Thanks.
^ permalink raw reply
* Re: [PATCH bpf-next 15/15] samples/bpf: sample application for AF_XDP sockets
From: Magnus Karlsson @ 2018-04-24 8:22 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Björn Töpel, Karlsson, Magnus, Alexander Duyck,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Jesper Dangaard Brouer, Willem de Bruijn, Daniel Borkmann,
Network Development, michael.lundkvist, Brandeburg, Jesse,
Singhai, Anjali, Zhang, Qi Z, Björn Töpel
In-Reply-To: <20180424022858-mutt-send-email-mst@kernel.org>
On Tue, Apr 24, 2018 at 1:31 AM, Michael S. Tsirkin <mst@redhat.com> wrote:
> On Mon, Apr 23, 2018 at 03:56:19PM +0200, Björn Töpel wrote:
>> From: Magnus Karlsson <magnus.karlsson@intel.com>
>>
>> This is a sample application for AF_XDP sockets. The application
>> supports three different modes of operation: rxdrop, txonly and l2fwd.
>>
>> To show-case a simple round-robin load-balancing between a set of
>> sockets in an xskmap, set the RR_LB compile time define option to 1 in
>> "xdpsock.h".
>>
>> Co-authored-by: Björn Töpel <bjorn.topel@intel.com>
>> Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
>> Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
>> ---
>> samples/bpf/Makefile | 4 +
>> samples/bpf/xdpsock.h | 11 +
>> samples/bpf/xdpsock_kern.c | 56 +++
>> samples/bpf/xdpsock_user.c | 947 +++++++++++++++++++++++++++++++++++++++++++++
>> 4 files changed, 1018 insertions(+)
>> create mode 100644 samples/bpf/xdpsock.h
>> create mode 100644 samples/bpf/xdpsock_kern.c
>> create mode 100644 samples/bpf/xdpsock_user.c
>>
>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
>> index aa8c392e2e52..d0ddc1abf20d 100644
>> --- a/samples/bpf/Makefile
>> +++ b/samples/bpf/Makefile
>> @@ -45,6 +45,7 @@ hostprogs-y += xdp_rxq_info
>> hostprogs-y += syscall_tp
>> hostprogs-y += cpustat
>> hostprogs-y += xdp_adjust_tail
>> +hostprogs-y += xdpsock
>>
>> # Libbpf dependencies
>> LIBBPF := ../../tools/lib/bpf/bpf.o ../../tools/lib/bpf/nlattr.o
>> @@ -97,6 +98,7 @@ xdp_rxq_info-objs := bpf_load.o $(LIBBPF) xdp_rxq_info_user.o
>> syscall_tp-objs := bpf_load.o $(LIBBPF) syscall_tp_user.o
>> cpustat-objs := bpf_load.o $(LIBBPF) cpustat_user.o
>> xdp_adjust_tail-objs := bpf_load.o $(LIBBPF) xdp_adjust_tail_user.o
>> +xdpsock-objs := bpf_load.o $(LIBBPF) xdpsock_user.o
>>
>> # Tell kbuild to always build the programs
>> always := $(hostprogs-y)
>> @@ -151,6 +153,7 @@ always += xdp2skb_meta_kern.o
>> always += syscall_tp_kern.o
>> always += cpustat_kern.o
>> always += xdp_adjust_tail_kern.o
>> +always += xdpsock_kern.o
>>
>> HOSTCFLAGS += -I$(objtree)/usr/include
>> HOSTCFLAGS += -I$(srctree)/tools/lib/
>> @@ -197,6 +200,7 @@ HOSTLOADLIBES_xdp_rxq_info += -lelf
>> HOSTLOADLIBES_syscall_tp += -lelf
>> HOSTLOADLIBES_cpustat += -lelf
>> HOSTLOADLIBES_xdp_adjust_tail += -lelf
>> +HOSTLOADLIBES_xdpsock += -lelf -pthread
>>
>> # Allows pointing LLC/CLANG to a LLVM backend with bpf support, redefine on cmdline:
>> # make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang
>> diff --git a/samples/bpf/xdpsock.h b/samples/bpf/xdpsock.h
>> new file mode 100644
>> index 000000000000..533ab81adfa1
>> --- /dev/null
>> +++ b/samples/bpf/xdpsock.h
>> @@ -0,0 +1,11 @@
>> +/* SPDX-License-Identifier: GPL-2.0 */
>> +#ifndef XDPSOCK_H_
>> +#define XDPSOCK_H_
>> +
>> +/* Power-of-2 number of sockets */
>> +#define MAX_SOCKS 4
>> +
>> +/* Round-robin receive */
>> +#define RR_LB 0
>> +
>> +#endif /* XDPSOCK_H_ */
>> diff --git a/samples/bpf/xdpsock_kern.c b/samples/bpf/xdpsock_kern.c
>> new file mode 100644
>> index 000000000000..d8806c41362e
>> --- /dev/null
>> +++ b/samples/bpf/xdpsock_kern.c
>> @@ -0,0 +1,56 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +#define KBUILD_MODNAME "foo"
>> +#include <uapi/linux/bpf.h>
>> +#include "bpf_helpers.h"
>> +
>> +#include "xdpsock.h"
>> +
>> +struct bpf_map_def SEC("maps") qidconf_map = {
>> + .type = BPF_MAP_TYPE_ARRAY,
>> + .key_size = sizeof(int),
>> + .value_size = sizeof(int),
>> + .max_entries = 1,
>> +};
>> +
>> +struct bpf_map_def SEC("maps") xsks_map = {
>> + .type = BPF_MAP_TYPE_XSKMAP,
>> + .key_size = sizeof(int),
>> + .value_size = sizeof(int),
>> + .max_entries = 4,
>> +};
>> +
>> +struct bpf_map_def SEC("maps") rr_map = {
>> + .type = BPF_MAP_TYPE_PERCPU_ARRAY,
>> + .key_size = sizeof(int),
>> + .value_size = sizeof(unsigned int),
>> + .max_entries = 1,
>> +};
>> +
>> +SEC("xdp_sock")
>> +int xdp_sock_prog(struct xdp_md *ctx)
>> +{
>> + int *qidconf, key = 0, idx;
>> + unsigned int *rr;
>> +
>> + qidconf = bpf_map_lookup_elem(&qidconf_map, &key);
>> + if (!qidconf)
>> + return XDP_ABORTED;
>> +
>> + if (*qidconf != ctx->rx_queue_index)
>> + return XDP_PASS;
>> +
>> +#if RR_LB /* NB! RR_LB is configured in xdpsock.h */
>> + rr = bpf_map_lookup_elem(&rr_map, &key);
>> + if (!rr)
>> + return XDP_ABORTED;
>> +
>> + *rr = (*rr + 1) & (MAX_SOCKS - 1);
>> + idx = *rr;
>> +#else
>> + idx = 0;
>> +#endif
>> +
>> + return bpf_redirect_map(&xsks_map, idx, 0);
>> +}
>> +
>> +char _license[] SEC("license") = "GPL";
>> diff --git a/samples/bpf/xdpsock_user.c b/samples/bpf/xdpsock_user.c
>> new file mode 100644
>> index 000000000000..690bac1a0ab7
>> --- /dev/null
>> +++ b/samples/bpf/xdpsock_user.c
>> @@ -0,0 +1,947 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright(c) 2017 - 2018 Intel Corporation.
>> + *
>> + * This program is free software; you can redistribute it and/or modify it
>> + * under the terms and conditions of the GNU General Public License,
>> + * version 2, as published by the Free Software Foundation.
>> + *
>> + * This program is distributed in the hope it will be useful, but WITHOUT
>> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>> + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
>> + * more details.
>> + */
>> +
>> +#include <assert.h>
>> +#include <errno.h>
>> +#include <getopt.h>
>> +#include <libgen.h>
>> +#include <linux/bpf.h>
>> +#include <linux/if_link.h>
>> +#include <linux/if_xdp.h>
>> +#include <linux/if_ether.h>
>> +#include <net/if.h>
>> +#include <signal.h>
>> +#include <stdbool.h>
>> +#include <stdio.h>
>> +#include <stdlib.h>
>> +#include <string.h>
>> +#include <net/ethernet.h>
>> +#include <sys/resource.h>
>> +#include <sys/socket.h>
>> +#include <sys/mman.h>
>> +#include <time.h>
>> +#include <unistd.h>
>> +#include <pthread.h>
>> +#include <locale.h>
>> +#include <sys/types.h>
>> +#include <poll.h>
>> +
>> +#include "bpf_load.h"
>> +#include "bpf_util.h"
>> +#include "libbpf.h"
>> +
>> +#include "xdpsock.h"
>> +
>> +#ifndef SOL_XDP
>> +#define SOL_XDP 283
>> +#endif
>> +
>> +#ifndef AF_XDP
>> +#define AF_XDP 44
>> +#endif
>> +
>> +#ifndef PF_XDP
>> +#define PF_XDP AF_XDP
>> +#endif
>> +
>> +#define NUM_FRAMES 131072
>> +#define FRAME_HEADROOM 0
>> +#define FRAME_SIZE 2048
>> +#define NUM_DESCS 1024
>> +#define BATCH_SIZE 16
>> +
>> +#define FQ_NUM_DESCS 1024
>> +#define CQ_NUM_DESCS 1024
>> +
>> +#define DEBUG_HEXDUMP 0
>> +
>> +typedef __u32 u32;
>> +
>> +static unsigned long prev_time;
>> +
>> +enum benchmark_type {
>> + BENCH_RXDROP = 0,
>> + BENCH_TXONLY = 1,
>> + BENCH_L2FWD = 2,
>> +};
>> +
>> +static enum benchmark_type opt_bench = BENCH_RXDROP;
>> +static u32 opt_xdp_flags;
>> +static const char *opt_if = "";
>> +static int opt_ifindex;
>> +static int opt_queue;
>> +static int opt_poll;
>> +static int opt_shared_packet_buffer;
>> +static int opt_interval = 1;
>> +
>> +struct xdp_umem_uqueue {
>> + u32 cached_prod;
>> + u32 cached_cons;
>> + u32 mask;
>> + u32 size;
>> + struct xdp_umem_ring *ring;
>> +};
>> +
>> +struct xdp_umem {
>> + char (*frames)[FRAME_SIZE];
>> + struct xdp_umem_uqueue fq;
>> + struct xdp_umem_uqueue cq;
>> + int fd;
>> +};
>> +
>> +struct xdp_uqueue {
>> + u32 cached_prod;
>> + u32 cached_cons;
>> + u32 mask;
>> + u32 size;
>> + struct xdp_rxtx_ring *ring;
>> +};
>> +
>> +struct xdpsock {
>> + struct xdp_uqueue rx;
>> + struct xdp_uqueue tx;
>> + int sfd;
>> + struct xdp_umem *umem;
>> + u32 outstanding_tx;
>> + unsigned long rx_npkts;
>> + unsigned long tx_npkts;
>> + unsigned long prev_rx_npkts;
>> + unsigned long prev_tx_npkts;
>> +};
>> +
>> +#define MAX_SOCKS 4
>> +static int num_socks;
>> +struct xdpsock *xsks[MAX_SOCKS];
>> +
>> +static unsigned long get_nsecs(void)
>> +{
>> + struct timespec ts;
>> +
>> + clock_gettime(CLOCK_MONOTONIC, &ts);
>> + return ts.tv_sec * 1000000000UL + ts.tv_nsec;
>> +}
>> +
>> +static void dump_stats(void);
>> +
>> +#define lassert(expr) \
>> + do { \
>> + if (!(expr)) { \
>> + fprintf(stderr, "%s:%s:%i: Assertion failed: " \
>> + #expr ": errno: %d/\"%s\"\n", \
>> + __FILE__, __func__, __LINE__, \
>> + errno, strerror(errno)); \
>> + dump_stats(); \
>> + exit(EXIT_FAILURE); \
>> + } \
>> + } while (0)
>> +
>> +#define barrier() __asm__ __volatile__("": : :"memory")
>> +#define u_smp_rmb() barrier()
>> +#define u_smp_wmb() barrier()
>> +#define likely(x) __builtin_expect(!!(x), 1)
>> +#define unlikely(x) __builtin_expect(!!(x), 0)
>> +
>> +static const char pkt_data[] =
>> + "\x3c\xfd\xfe\x9e\x7f\x71\xec\xb1\xd7\x98\x3a\xc0\x08\x00\x45\x00"
>> + "\x00\x2e\x00\x00\x00\x00\x40\x11\x88\x97\x05\x08\x07\x08\xc8\x14"
>> + "\x1e\x04\x10\x92\x10\x92\x00\x1a\x6d\xa3\x34\x33\x1f\x69\x40\x6b"
>> + "\x54\x59\xb6\x14\x2d\x11\x44\xbf\xaf\xd9\xbe\xaa";
>> +
>> +static inline u32 umem_nb_free(struct xdp_umem_uqueue *q, u32 nb)
>> +{
>> + u32 free_entries = q->size - (q->cached_prod - q->cached_cons);
>> +
>> + if (free_entries >= nb)
>> + return free_entries;
>> +
>> + /* Refresh the local tail pointer */
>> + q->cached_cons = q->ring->ptrs.consumer;
>> +
>> + return q->size - (q->cached_prod - q->cached_cons);
>> +}
>> +
>> +static inline u32 xq_nb_free(struct xdp_uqueue *q, u32 ndescs)
>> +{
>> + u32 free_entries = q->cached_cons - q->cached_prod;
>> +
>> + if (free_entries >= ndescs)
>> + return free_entries;
>> +
>> + /* Refresh the local tail pointer */
>> + q->cached_cons = q->ring->ptrs.consumer + q->size;
>> + return q->cached_cons - q->cached_prod;
>> +}
>> +
>> +static inline u32 umem_nb_avail(struct xdp_umem_uqueue *q, u32 nb)
>> +{
>> + u32 entries = q->cached_prod - q->cached_cons;
>> +
>> + if (entries == 0)
>> + q->cached_prod = q->ring->ptrs.producer;
>> +
>> + entries = q->cached_prod - q->cached_cons;
>> +
>> + return (entries > nb) ? nb : entries;
>> +}
>> +
>> +static inline u32 xq_nb_avail(struct xdp_uqueue *q, u32 ndescs)
>> +{
>> + u32 entries = q->cached_prod - q->cached_cons;
>> +
>> + if (entries == 0)
>> + q->cached_prod = q->ring->ptrs.producer;
>> +
>> + entries = q->cached_prod - q->cached_cons;
>> + return (entries > ndescs) ? ndescs : entries;
>> +}
>> +
>> +static inline int umem_fill_to_kernel_ex(struct xdp_umem_uqueue *fq,
>> + struct xdp_desc *d,
>> + size_t nb)
>> +{
>> + u32 i;
>> +
>> + if (umem_nb_free(fq, nb) < nb)
>> + return -ENOSPC;
>> +
>> + for (i = 0; i < nb; i++) {
>> + u32 idx = fq->cached_prod++ & fq->mask;
>> +
>> + fq->ring->desc[idx] = d[i].idx;
>> + }
>> +
>> + u_smp_wmb();
>> +
>> + fq->ring->ptrs.producer = fq->cached_prod;
>> +
>> + return 0;
>> +}
>> +
>> +static inline int umem_fill_to_kernel(struct xdp_umem_uqueue *fq, u32 *d,
>> + size_t nb)
>> +{
>> + u32 i;
>> +
>> + if (umem_nb_free(fq, nb) < nb)
>> + return -ENOSPC;
>> +
>> + for (i = 0; i < nb; i++) {
>> + u32 idx = fq->cached_prod++ & fq->mask;
>> +
>> + fq->ring->desc[idx] = d[i];
>> + }
>> +
>> + u_smp_wmb();
>> +
>> + fq->ring->ptrs.producer = fq->cached_prod;
>> +
>> + return 0;
>> +}
>> +
>> +static inline size_t umem_complete_from_kernel(struct xdp_umem_uqueue *cq,
>> + u32 *d, size_t nb)
>> +{
>> + u32 idx, i, entries = umem_nb_avail(cq, nb);
>> +
>> + u_smp_rmb();
>> +
>> + for (i = 0; i < entries; i++) {
>> + idx = cq->cached_cons++ & cq->mask;
>> + d[i] = cq->ring->desc[idx];
>> + }
>> +
>> + if (entries > 0) {
>> + u_smp_wmb();
>> +
>> + cq->ring->ptrs.consumer = cq->cached_cons;
>> + }
>> +
>> + return entries;
>> +}
>> +
>> +static inline void *xq_get_data(struct xdpsock *xsk, __u32 idx, __u32 off)
>> +{
>> + lassert(idx < NUM_FRAMES);
>> + return &xsk->umem->frames[idx][off];
>> +}
>> +
>> +static inline int xq_enq(struct xdp_uqueue *uq,
>> + const struct xdp_desc *descs,
>> + unsigned int ndescs)
>> +{
>> + struct xdp_rxtx_ring *r = uq->ring;
>> + unsigned int i;
>> +
>> + if (xq_nb_free(uq, ndescs) < ndescs)
>> + return -ENOSPC;
>> +
>> + for (i = 0; i < ndescs; i++) {
>> + u32 idx = uq->cached_prod++ & uq->mask;
>> +
>> + r->desc[idx].idx = descs[i].idx;
>> + r->desc[idx].len = descs[i].len;
>> + r->desc[idx].offset = descs[i].offset;
>> + }
>> +
>> + u_smp_wmb();
>> +
>> + r->ptrs.producer = uq->cached_prod;
>> + return 0;
>> +}
>> +
>> +static inline int xq_enq_tx_only(struct xdp_uqueue *uq,
>> + __u32 idx, unsigned int ndescs)
>> +{
>> + struct xdp_rxtx_ring *q = uq->ring;
>> + unsigned int i;
>> +
>> + if (xq_nb_free(uq, ndescs) < ndescs)
>> + return -ENOSPC;
>> +
>> + for (i = 0; i < ndescs; i++) {
>> + u32 idx = uq->cached_prod++ & uq->mask;
>> +
>> + q->desc[idx].idx = idx + i;
>> + q->desc[idx].len = sizeof(pkt_data) - 1;
>> + q->desc[idx].offset = 0;
>> + }
>> +
>> + u_smp_wmb();
>> +
>> + q->ptrs.producer = uq->cached_prod;
>> + return 0;
>> +}
>> +
>> +static inline int xq_deq(struct xdp_uqueue *uq,
>> + struct xdp_desc *descs,
>> + int ndescs)
>> +{
>> + struct xdp_rxtx_ring *r = uq->ring;
>> + unsigned int idx;
>> + int i, entries;
>> +
>> + entries = xq_nb_avail(uq, ndescs);
>> +
>> + u_smp_rmb();
>> +
>> + for (i = 0; i < entries; i++) {
>> + idx = uq->cached_cons++ & uq->mask;
>> + descs[i] = r->desc[idx];
>> + }
>> +
>> + if (entries > 0) {
>> + u_smp_wmb();
>> +
>> + r->ptrs.consumer = uq->cached_cons;
>> + }
>> +
>> + return entries;
>> +}
>
> Interesting, I was under the impression that you were
> planning to get rid of consumer/producer counters
> and validate the descriptors instead.
>
> That's the ptr_ring design.
>
> You can then drop all the code around synchronising
> counter caches, as well as smp_rmb barriers.
We evaluated the current producer/consumer ring vs a
version of the ptr_ring modified for our purposes in a previous
mail thread (https://patchwork.ozlabs.org/patch/891713/)
and came to the conclusion that adopting everything in ptr_ring
was not better. That is the reason while we have kept the prod/cons ring.
Note that we did adopt a number of things from your design, but
not the approach of validating a descriptor by checking for a zero
in a specific field. It did not provide a performance benefit for our
balanced test cases and performed worse in the contended
corner cases.
>
>> +
>> +static void swap_mac_addresses(void *data)
>> +{
>> + struct ether_header *eth = (struct ether_header *)data;
>> + struct ether_addr *src_addr = (struct ether_addr *)ð->ether_shost;
>> + struct ether_addr *dst_addr = (struct ether_addr *)ð->ether_dhost;
>> + struct ether_addr tmp;
>> +
>> + tmp = *src_addr;
>> + *src_addr = *dst_addr;
>> + *dst_addr = tmp;
>> +}
>> +
>> +#if DEBUG_HEXDUMP
>> +static void hex_dump(void *pkt, size_t length, const char *prefix)
>> +{
>> + int i = 0;
>> + const unsigned char *address = (unsigned char *)pkt;
>> + const unsigned char *line = address;
>> + size_t line_size = 32;
>> + unsigned char c;
>> +
>> + printf("length = %zu\n", length);
>> + printf("%s | ", prefix);
>> + while (length-- > 0) {
>> + printf("%02X ", *address++);
>> + if (!(++i % line_size) || (length == 0 && i % line_size)) {
>> + if (length == 0) {
>> + while (i++ % line_size)
>> + printf("__ ");
>> + }
>> + printf(" | "); /* right close */
>> + while (line < address) {
>> + c = *line++;
>> + printf("%c", (c < 33 || c == 255) ? 0x2E : c);
>> + }
>> + printf("\n");
>> + if (length > 0)
>> + printf("%s | ", prefix);
>> + }
>> + }
>> + printf("\n");
>> +}
>> +#endif
>> +
>> +static size_t gen_eth_frame(char *frame)
>> +{
>> + memcpy(frame, pkt_data, sizeof(pkt_data) - 1);
>> + return sizeof(pkt_data) - 1;
>> +}
>> +
>> +static struct xdp_umem *xdp_umem_configure(int sfd)
>> +{
>> + int fq_size = FQ_NUM_DESCS, cq_size = CQ_NUM_DESCS;
>> + struct xdp_umem_reg mr;
>> + struct xdp_umem *umem;
>> + void *bufs;
>> +
>> + umem = calloc(1, sizeof(*umem));
>> + lassert(umem);
>> +
>> + lassert(posix_memalign(&bufs, getpagesize(), /* PAGE_SIZE aligned */
>> + NUM_FRAMES * FRAME_SIZE) == 0);
>> +
>> + mr.addr = (__u64)bufs;
>> + mr.len = NUM_FRAMES * FRAME_SIZE;
>> + mr.frame_size = FRAME_SIZE;
>> + mr.frame_headroom = FRAME_HEADROOM;
>> +
>> + lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_REG, &mr, sizeof(mr)) == 0);
>> + lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_FILL_RING, &fq_size,
>> + sizeof(int)) == 0);
>> + lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_COMPLETION_RING, &cq_size,
>> + sizeof(int)) == 0);
>> +
>> + umem->fq.ring = mmap(0, sizeof(struct xdp_umem_ring) +
>> + FQ_NUM_DESCS * sizeof(u32),
>> + PROT_READ | PROT_WRITE,
>> + MAP_SHARED | MAP_POPULATE, sfd,
>> + XDP_UMEM_PGOFF_FILL_RING);
>> + lassert(umem->fq.ring != MAP_FAILED);
>> +
>> + umem->fq.mask = FQ_NUM_DESCS - 1;
>> + umem->fq.size = FQ_NUM_DESCS;
>> +
>> + umem->cq.ring = mmap(0, sizeof(struct xdp_umem_ring) +
>> + CQ_NUM_DESCS * sizeof(u32),
>> + PROT_READ | PROT_WRITE,
>> + MAP_SHARED | MAP_POPULATE, sfd,
>> + XDP_UMEM_PGOFF_COMPLETION_RING);
>> + lassert(umem->cq.ring != MAP_FAILED);
>> +
>> + umem->cq.mask = CQ_NUM_DESCS - 1;
>> + umem->cq.size = CQ_NUM_DESCS;
>> +
>> + umem->frames = (char (*)[FRAME_SIZE])bufs;
>> + umem->fd = sfd;
>> +
>> + if (opt_bench == BENCH_TXONLY) {
>> + int i;
>> +
>> + for (i = 0; i < NUM_FRAMES; i++)
>> + (void)gen_eth_frame(&umem->frames[i][0]);
>> + }
>> +
>> + return umem;
>> +}
>> +
>> +static struct xdpsock *xsk_configure(struct xdp_umem *umem)
>> +{
>> + struct sockaddr_xdp sxdp = {};
>> + int sfd, ndescs = NUM_DESCS;
>> + struct xdpsock *xsk;
>> + bool shared = true;
>> + u32 i;
>> +
>> + sfd = socket(PF_XDP, SOCK_RAW, 0);
>> + lassert(sfd >= 0);
>> +
>> + xsk = calloc(1, sizeof(*xsk));
>> + lassert(xsk);
>> +
>> + xsk->sfd = sfd;
>> + xsk->outstanding_tx = 0;
>> +
>> + if (!umem) {
>> + shared = false;
>> + xsk->umem = xdp_umem_configure(sfd);
>> + } else {
>> + xsk->umem = umem;
>> + }
>> +
>> + lassert(setsockopt(sfd, SOL_XDP, XDP_RX_RING,
>> + &ndescs, sizeof(int)) == 0);
>> + lassert(setsockopt(sfd, SOL_XDP, XDP_TX_RING,
>> + &ndescs, sizeof(int)) == 0);
>> +
>> + /* Rx */
>> + xsk->rx.ring = mmap(NULL,
>> + sizeof(struct xdp_ring) +
>> + NUM_DESCS * sizeof(struct xdp_desc),
>> + PROT_READ | PROT_WRITE,
>> + MAP_SHARED | MAP_POPULATE, sfd,
>> + XDP_PGOFF_RX_RING);
>> + lassert(xsk->rx.ring != MAP_FAILED);
>> +
>> + if (!shared) {
>> + for (i = 0; i < NUM_DESCS / 2; i++)
>> + lassert(umem_fill_to_kernel(&xsk->umem->fq, &i, 1)
>> + == 0);
>> + }
>> +
>> + /* Tx */
>> + xsk->tx.ring = mmap(NULL,
>> + sizeof(struct xdp_ring) +
>> + NUM_DESCS * sizeof(struct xdp_desc),
>> + PROT_READ | PROT_WRITE,
>> + MAP_SHARED | MAP_POPULATE, sfd,
>> + XDP_PGOFF_TX_RING);
>> + lassert(xsk->tx.ring != MAP_FAILED);
>> +
>> + xsk->rx.mask = NUM_DESCS - 1;
>> + xsk->rx.size = NUM_DESCS;
>> +
>> + xsk->tx.mask = NUM_DESCS - 1;
>> + xsk->tx.size = NUM_DESCS;
>> +
>> + sxdp.sxdp_family = PF_XDP;
>> + sxdp.sxdp_ifindex = opt_ifindex;
>> + sxdp.sxdp_queue_id = opt_queue;
>> + if (shared) {
>> + sxdp.sxdp_flags = XDP_SHARED_UMEM;
>> + sxdp.sxdp_shared_umem_fd = umem->fd;
>> + }
>> +
>> + lassert(bind(sfd, (struct sockaddr *)&sxdp, sizeof(sxdp)) == 0);
>> +
>> + return xsk;
>> +}
>> +
>> +static void print_benchmark(bool running)
>> +{
>> + const char *bench_str = "INVALID";
>> +
>> + if (opt_bench == BENCH_RXDROP)
>> + bench_str = "rxdrop";
>> + else if (opt_bench == BENCH_TXONLY)
>> + bench_str = "txonly";
>> + else if (opt_bench == BENCH_L2FWD)
>> + bench_str = "l2fwd";
>> +
>> + printf("%s:%d %s ", opt_if, opt_queue, bench_str);
>> + if (opt_xdp_flags & XDP_FLAGS_SKB_MODE)
>> + printf("xdp-skb ");
>> + else if (opt_xdp_flags & XDP_FLAGS_DRV_MODE)
>> + printf("xdp-drv ");
>> + else
>> + printf(" ");
>> +
>> + if (opt_poll)
>> + printf("poll() ");
>> +
>> + if (running) {
>> + printf("running...");
>> + fflush(stdout);
>> + }
>> +}
>> +
>> +static void dump_stats(void)
>> +{
>> + unsigned long now = get_nsecs();
>> + long dt = now - prev_time;
>> + int i;
>> +
>> + prev_time = now;
>> +
>> + for (i = 0; i < num_socks; i++) {
>> + char *fmt = "%-15s %'-11.0f %'-11lu\n";
>> + double rx_pps, tx_pps;
>> +
>> + rx_pps = (xsks[i]->rx_npkts - xsks[i]->prev_rx_npkts) *
>> + 1000000000. / dt;
>> + tx_pps = (xsks[i]->tx_npkts - xsks[i]->prev_tx_npkts) *
>> + 1000000000. / dt;
>> +
>> + printf("\n sock%d@", i);
>> + print_benchmark(false);
>> + printf("\n");
>> +
>> + printf("%-15s %-11s %-11s %-11.2f\n", "", "pps", "pkts",
>> + dt / 1000000000.);
>> + printf(fmt, "rx", rx_pps, xsks[i]->rx_npkts);
>> + printf(fmt, "tx", tx_pps, xsks[i]->tx_npkts);
>> +
>> + xsks[i]->prev_rx_npkts = xsks[i]->rx_npkts;
>> + xsks[i]->prev_tx_npkts = xsks[i]->tx_npkts;
>> + }
>> +}
>> +
>> +static void *poller(void *arg)
>> +{
>> + (void)arg;
>> + for (;;) {
>> + sleep(opt_interval);
>> + dump_stats();
>> + }
>> +
>> + return NULL;
>> +}
>> +
>> +static void int_exit(int sig)
>> +{
>> + (void)sig;
>> + dump_stats();
>> + bpf_set_link_xdp_fd(opt_ifindex, -1, opt_xdp_flags);
>> + exit(EXIT_SUCCESS);
>> +}
>> +
>> +static struct option long_options[] = {
>> + {"rxdrop", no_argument, 0, 'r'},
>> + {"txonly", no_argument, 0, 't'},
>> + {"l2fwd", no_argument, 0, 'l'},
>> + {"interface", required_argument, 0, 'i'},
>> + {"queue", required_argument, 0, 'q'},
>> + {"poll", no_argument, 0, 'p'},
>> + {"shared-buffer", no_argument, 0, 's'},
>> + {"xdp-skb", no_argument, 0, 'S'},
>> + {"xdp-native", no_argument, 0, 'N'},
>> + {"interval", required_argument, 0, 'n'},
>> + {0, 0, 0, 0}
>> +};
>> +
>> +static void usage(const char *prog)
>> +{
>> + const char *str =
>> + " Usage: %s [OPTIONS]\n"
>> + " Options:\n"
>> + " -r, --rxdrop Discard all incoming packets (default)\n"
>> + " -t, --txonly Only send packets\n"
>> + " -l, --l2fwd MAC swap L2 forwarding\n"
>> + " -i, --interface=n Run on interface n\n"
>> + " -q, --queue=n Use queue n (default 0)\n"
>> + " -p, --poll Use poll syscall\n"
>> + " -s, --shared-buffer Use shared packet buffer\n"
>> + " -S, --xdp-skb=n Use XDP skb-mod\n"
>> + " -N, --xdp-native=n Enfore XDP native mode\n"
>> + " -n, --interval=n Specify statistics update interval (default 1 sec).\n"
>> + "\n";
>> + fprintf(stderr, str, prog);
>> + exit(EXIT_FAILURE);
>> +}
>> +
>> +static void parse_command_line(int argc, char **argv)
>> +{
>> + int option_index, c;
>> +
>> + opterr = 0;
>> +
>> + for (;;) {
>> + c = getopt_long(argc, argv, "rtli:q:psSNn:", long_options,
>> + &option_index);
>> + if (c == -1)
>> + break;
>> +
>> + switch (c) {
>> + case 'r':
>> + opt_bench = BENCH_RXDROP;
>> + break;
>> + case 't':
>> + opt_bench = BENCH_TXONLY;
>> + break;
>> + case 'l':
>> + opt_bench = BENCH_L2FWD;
>> + break;
>> + case 'i':
>> + opt_if = optarg;
>> + break;
>> + case 'q':
>> + opt_queue = atoi(optarg);
>> + break;
>> + case 's':
>> + opt_shared_packet_buffer = 1;
>> + break;
>> + case 'p':
>> + opt_poll = 1;
>> + break;
>> + case 'S':
>> + opt_xdp_flags |= XDP_FLAGS_SKB_MODE;
>> + break;
>> + case 'N':
>> + opt_xdp_flags |= XDP_FLAGS_DRV_MODE;
>> + break;
>> + case 'n':
>> + opt_interval = atoi(optarg);
>> + break;
>> + default:
>> + usage(basename(argv[0]));
>> + }
>> + }
>> +
>> + opt_ifindex = if_nametoindex(opt_if);
>> + if (!opt_ifindex) {
>> + fprintf(stderr, "ERROR: interface \"%s\" does not exist\n",
>> + opt_if);
>> + usage(basename(argv[0]));
>> + }
>> +}
>> +
>> +static void kick_tx(int fd)
>> +{
>> + int ret;
>> +
>> + ret = sendto(fd, NULL, 0, MSG_DONTWAIT, NULL, 0);
>> + if (ret >= 0 || errno == ENOBUFS || errno == EAGAIN)
>> + return;
>> + lassert(0);
>> +}
>> +
>> +static inline void complete_tx_l2fwd(struct xdpsock *xsk)
>> +{
>> + u32 descs[BATCH_SIZE];
>> + unsigned int rcvd;
>> + size_t ndescs;
>> +
>> + if (!xsk->outstanding_tx)
>> + return;
>> +
>> + kick_tx(xsk->sfd);
>> + ndescs = (xsk->outstanding_tx > BATCH_SIZE) ? BATCH_SIZE :
>> + xsk->outstanding_tx;
>> +
>> + /* re-add completed Tx buffers */
>> + rcvd = umem_complete_from_kernel(&xsk->umem->cq, descs, ndescs);
>> + if (rcvd > 0) {
>> + umem_fill_to_kernel(&xsk->umem->fq, descs, rcvd);
>> + xsk->outstanding_tx -= rcvd;
>> + xsk->tx_npkts += rcvd;
>> + }
>> +}
>> +
>> +static inline void complete_tx_only(struct xdpsock *xsk)
>> +{
>> + u32 descs[BATCH_SIZE];
>> + unsigned int rcvd;
>> +
>> + if (!xsk->outstanding_tx)
>> + return;
>> +
>> + kick_tx(xsk->sfd);
>> +
>> + rcvd = umem_complete_from_kernel(&xsk->umem->cq, descs, BATCH_SIZE);
>> + if (rcvd > 0) {
>> + xsk->outstanding_tx -= rcvd;
>> + xsk->tx_npkts += rcvd;
>> + }
>> +}
>> +
>> +static void rx_drop(struct xdpsock *xsk)
>> +{
>> + struct xdp_desc descs[BATCH_SIZE];
>> + unsigned int rcvd, i;
>> +
>> + rcvd = xq_deq(&xsk->rx, descs, BATCH_SIZE);
>> + if (!rcvd)
>> + return;
>> +
>> + for (i = 0; i < rcvd; i++) {
>> + u32 idx = descs[i].idx;
>> +
>> + lassert(idx < NUM_FRAMES);
>> +#if DEBUG_HEXDUMP
>> + char *pkt;
>> + char buf[32];
>> +
>> + pkt = xq_get_data(xsk, idx, descs[i].offset);
>> + sprintf(buf, "idx=%d", idx);
>> + hex_dump(pkt, descs[i].len, buf);
>> +#endif
>> + }
>> +
>> + xsk->rx_npkts += rcvd;
>> +
>> + umem_fill_to_kernel_ex(&xsk->umem->fq, descs, rcvd);
>> +}
>> +
>> +static void rx_drop_all(void)
>> +{
>> + struct pollfd fds[MAX_SOCKS + 1];
>> + int i, ret, timeout, nfds = 1;
>> +
>> + memset(fds, 0, sizeof(fds));
>> +
>> + for (i = 0; i < num_socks; i++) {
>> + fds[i].fd = xsks[i]->sfd;
>> + fds[i].events = POLLIN;
>> + timeout = 1000; /* 1sn */
>> + }
>> +
>> + for (;;) {
>> + if (opt_poll) {
>> + ret = poll(fds, nfds, timeout);
>> + if (ret <= 0)
>> + continue;
>> + }
>> +
>> + for (i = 0; i < num_socks; i++)
>> + rx_drop(xsks[i]);
>> + }
>> +}
>> +
>> +static void tx_only(struct xdpsock *xsk)
>> +{
>> + int timeout, ret, nfds = 1;
>> + struct pollfd fds[nfds + 1];
>> + unsigned int idx = 0;
>> +
>> + memset(fds, 0, sizeof(fds));
>> + fds[0].fd = xsk->sfd;
>> + fds[0].events = POLLOUT;
>> + timeout = 1000; /* 1sn */
>> +
>> + for (;;) {
>> + if (opt_poll) {
>> + ret = poll(fds, nfds, timeout);
>> + if (ret <= 0)
>> + continue;
>> +
>> + if (fds[0].fd != xsk->sfd ||
>> + !(fds[0].revents & POLLOUT))
>> + continue;
>> + }
>> +
>> + if (xq_nb_free(&xsk->tx, BATCH_SIZE) >= BATCH_SIZE) {
>> + lassert(xq_enq_tx_only(&xsk->tx, idx, BATCH_SIZE) == 0);
>> +
>> + xsk->outstanding_tx += BATCH_SIZE;
>> + idx += BATCH_SIZE;
>> + idx %= NUM_FRAMES;
>> + }
>> +
>> + complete_tx_only(xsk);
>> + }
>> +}
>> +
>> +static void l2fwd(struct xdpsock *xsk)
>> +{
>> + for (;;) {
>> + struct xdp_desc descs[BATCH_SIZE];
>> + unsigned int rcvd, i;
>> + int ret;
>> +
>> + for (;;) {
>> + complete_tx_l2fwd(xsk);
>> +
>> + rcvd = xq_deq(&xsk->rx, descs, BATCH_SIZE);
>> + if (rcvd > 0)
>> + break;
>> + }
>> +
>> + for (i = 0; i < rcvd; i++) {
>> + char *pkt = xq_get_data(xsk, descs[i].idx,
>> + descs[i].offset);
>> +
>> + swap_mac_addresses(pkt);
>> +#if DEBUG_HEXDUMP
>> + char buf[32];
>> + u32 idx = descs[i].idx;
>> +
>> + sprintf(buf, "idx=%d", idx);
>> + hex_dump(pkt, descs[i].len, buf);
>> +#endif
>> + }
>> +
>> + xsk->rx_npkts += rcvd;
>> +
>> + ret = xq_enq(&xsk->tx, descs, rcvd);
>> + lassert(ret == 0);
>> + xsk->outstanding_tx += rcvd;
>> + }
>> +}
>> +
>> +int main(int argc, char **argv)
>> +{
>> + struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
>> + char xdp_filename[256];
>> + int i, ret, key = 0;
>> + pthread_t pt;
>> +
>> + parse_command_line(argc, argv);
>> +
>> + if (setrlimit(RLIMIT_MEMLOCK, &r)) {
>> + fprintf(stderr, "ERROR: setrlimit(RLIMIT_MEMLOCK) \"%s\"\n",
>> + strerror(errno));
>> + exit(EXIT_FAILURE);
>> + }
>> +
>> + snprintf(xdp_filename, sizeof(xdp_filename), "%s_kern.o", argv[0]);
>> +
>> + if (load_bpf_file(xdp_filename)) {
>> + fprintf(stderr, "ERROR: load_bpf_file %s\n", bpf_log_buf);
>> + exit(EXIT_FAILURE);
>> + }
>> +
>> + if (!prog_fd[0]) {
>> + fprintf(stderr, "ERROR: load_bpf_file: \"%s\"\n",
>> + strerror(errno));
>> + exit(EXIT_FAILURE);
>> + }
>> +
>> + if (bpf_set_link_xdp_fd(opt_ifindex, prog_fd[0], opt_xdp_flags) < 0) {
>> + fprintf(stderr, "ERROR: link set xdp fd failed\n");
>> + exit(EXIT_FAILURE);
>> + }
>> +
>> + ret = bpf_map_update_elem(map_fd[0], &key, &opt_queue, 0);
>> + if (ret) {
>> + fprintf(stderr, "ERROR: bpf_map_update_elem qidconf\n");
>> + exit(EXIT_FAILURE);
>> + }
>> +
>> + /* Create sockets... */
>> + xsks[num_socks++] = xsk_configure(NULL);
>> +
>> +#if RR_LB
>> + for (i = 0; i < MAX_SOCKS - 1; i++)
>> + xsks[num_socks++] = xsk_configure(xsks[0]->umem);
>> +#endif
>> +
>> + /* ...and insert them into the map. */
>> + for (i = 0; i < num_socks; i++) {
>> + key = i;
>> + ret = bpf_map_update_elem(map_fd[1], &key, &xsks[i]->sfd, 0);
>> + if (ret) {
>> + fprintf(stderr, "ERROR: bpf_map_update_elem %d\n", i);
>> + exit(EXIT_FAILURE);
>> + }
>> + }
>> +
>> + signal(SIGINT, int_exit);
>> + signal(SIGTERM, int_exit);
>> + signal(SIGABRT, int_exit);
>> +
>> + setlocale(LC_ALL, "");
>> +
>> + ret = pthread_create(&pt, NULL, poller, NULL);
>> + lassert(ret == 0);
>> +
>> + prev_time = get_nsecs();
>> +
>> + if (opt_bench == BENCH_RXDROP)
>> + rx_drop_all();
>> + else if (opt_bench == BENCH_TXONLY)
>> + tx_only(xsks[0]);
>> + else
>> + l2fwd(xsks[0]);
>> +
>> + return 0;
>> +}
>> --
>> 2.14.1
^ permalink raw reply
* Re: [PATCH bpf-next 03/15] xsk: add umem fill queue support and mmap
From: Magnus Karlsson @ 2018-04-24 8:08 UTC (permalink / raw)
To: Willem de Bruijn
Cc: Michael S. Tsirkin, Björn Töpel, Karlsson, Magnus,
Alexander Duyck, Alexander Duyck, John Fastabend,
Alexei Starovoitov, Jesper Dangaard Brouer, Daniel Borkmann,
Network Development, michael.lundkvist, Brandeburg, Jesse,
Singhai, Anjali, Zhang, Qi Z
In-Reply-To: <CAF=yD-+m5+5sKvo2Z1YOOX+zFKNYLVFqjq6+b4wpP6dTX=cyEA@mail.gmail.com>
On Tue, Apr 24, 2018 at 1:59 AM, Willem de Bruijn
<willemdebruijn.kernel@gmail.com> wrote:
> On Mon, Apr 23, 2018 at 7:21 PM, Michael S. Tsirkin <mst@redhat.com> wrote:
>> On Mon, Apr 23, 2018 at 03:56:07PM +0200, Björn Töpel wrote:
>>> From: Magnus Karlsson <magnus.karlsson@intel.com>
>>>
>>> Here, we add another setsockopt for registered user memory (umem)
>>> called XDP_UMEM_FILL_QUEUE. Using this socket option, the process can
>>> ask the kernel to allocate a queue (ring buffer) and also mmap it
>>> (XDP_UMEM_PGOFF_FILL_QUEUE) into the process.
>>>
>>> The queue is used to explicitly pass ownership of umem frames from the
>>> user process to the kernel. These frames will in a later patch be
>>> filled in with Rx packet data by the kernel.
>>>
>>> Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
>>> ---
>>> include/uapi/linux/if_xdp.h | 15 +++++++++++
>>> net/xdp/Makefile | 2 +-
>>> net/xdp/xdp_umem.c | 5 ++++
>>> net/xdp/xdp_umem.h | 2 ++
>>> net/xdp/xsk.c | 62 ++++++++++++++++++++++++++++++++++++++++++++-
>>> net/xdp/xsk_queue.c | 58 ++++++++++++++++++++++++++++++++++++++++++
>>> net/xdp/xsk_queue.h | 38 +++++++++++++++++++++++++++
>>> 7 files changed, 180 insertions(+), 2 deletions(-)
>>> create mode 100644 net/xdp/xsk_queue.c
>>> create mode 100644 net/xdp/xsk_queue.h
>>>
>>> diff --git a/include/uapi/linux/if_xdp.h b/include/uapi/linux/if_xdp.h
>>> index 41252135a0fe..975661e1baca 100644
>>> --- a/include/uapi/linux/if_xdp.h
>>> +++ b/include/uapi/linux/if_xdp.h
>>> @@ -23,6 +23,7 @@
>>>
>>> /* XDP socket options */
>>> #define XDP_UMEM_REG 3
>>> +#define XDP_UMEM_FILL_RING 4
>>>
>>> struct xdp_umem_reg {
>>> __u64 addr; /* Start of packet data area */
>>> @@ -31,4 +32,18 @@ struct xdp_umem_reg {
>>> __u32 frame_headroom; /* Frame head room */
>>> };
>>>
>>> +/* Pgoff for mmaping the rings */
>>> +#define XDP_UMEM_PGOFF_FILL_RING 0x100000000
>>> +
>>> +struct xdp_ring {
>>> + __u32 producer __attribute__((aligned(64)));
>>> + __u32 consumer __attribute__((aligned(64)));
>>> +};
>>
>> Why 64? And do you still need these guys in uapi?
>
> I was just about to ask the same. You mean cacheline_aligned?
Yes, I would like to have these cache aligned. How can I accomplish
this in a uapi?
I put a note around this in the cover letter:
* How to deal with cache alignment for uapi when different
architectures can have different cache line sizes? We have just
aligned it to 64 bytes for now, which works for many popular
architectures, but not all. Please advise.
>
>>> +static int xsk_mmap(struct file *file, struct socket *sock,
>>> + struct vm_area_struct *vma)
>>> +{
>>> + unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;
>>> + unsigned long size = vma->vm_end - vma->vm_start;
>>> + struct xdp_sock *xs = xdp_sk(sock->sk);
>>> + struct xsk_queue *q;
>>> + unsigned long pfn;
>>> + struct page *qpg;
>>> +
>>> + if (!xs->umem)
>>> + return -EINVAL;
>>> +
>>> + if (offset == XDP_UMEM_PGOFF_FILL_RING)
>>> + q = xs->umem->fq;
>>> + else
>>> + return -EINVAL;
>>> +
>>> + qpg = virt_to_head_page(q->ring);
>
> Is it assured that q is initialized with a call to setsockopt
> XDP_UMEM_FILL_RING before the call the mmap?
Unfortunately not, so this is a bug. Case in point for running
syzkaller below, definitely.
> In general, with such an extensive new API, it might be worthwhile to
> run syzkaller locally on a kernel with these patches. It is pretty
> easy to set up (https://github.com/google/syzkaller/blob/master/docs/linux/setup.md),
> though it also needs to be taught about any new APIs.
Good idea. Will set this up and have it torture the API.
Thanks: Magnus
^ permalink raw reply
* Summary of the Linux IPsec workshop 2018
From: Steffen Klassert @ 2018-04-24 8:02 UTC (permalink / raw)
To: netdev; +Cc: lwn
We have created a webpage that summarizes the Linux IPsec workshop 2018
that was held March 26 - 28 in Dresden, Germany:
https://workshop.linux-ipsec.org/2018/
The page was created from the etherpad we used during the workshop,
so don't expect anything fancy. It still does not cover all session
notes, but it gets updated whenever new information comes in.
^ permalink raw reply
* Re: ipset losing entries on its own
From: Akshat Kakkar @ 2018-04-24 7:58 UTC (permalink / raw)
To: Denys Fedoryshchenko; +Cc: netdev, netdev-owner
In-Reply-To: <CAA5aLPgPU5u6k+rB+5zNCsqp3UBnx3oZoSv_0drNCRK0tcSSBQ@mail.gmail.com>
Has anybody got any clue in this?
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Björn Töpel @ 2018-04-24 7:33 UTC (permalink / raw)
To: Jesper Dangaard Brouer
Cc: Michael S. Tsirkin, Karlsson, Magnus, Duyck, Alexander H,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Willem de Bruijn, Daniel Borkmann, Netdev, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <20180424092747.2f01330f@redhat.com>
2018-04-24 9:27 GMT+02:00 Jesper Dangaard Brouer <brouer@redhat.com>:
> On Tue, 24 Apr 2018 08:55:33 +0200
> Björn Töpel <bjorn.topel@gmail.com> wrote:
>
>> > Is there a chance of Documentation/networking/af_xdp.txt ?
>> >
>>
>> Yes. :-) We'll add that to the next spin!
>
> Could we please create it using RST format (ReStructuredText) from the
> start?
>
Good point! We'll do a Documentation/net/af_xdp.rst in favor of a text file!
^ permalink raw reply
* [PATCH net-next] ipv6: addrconf: don't evaluate keep_addr_on_down twice
From: Ivan Vecera @ 2018-04-24 7:31 UTC (permalink / raw)
To: netdev; +Cc: David Ahern
The addrconf_ifdown() evaluates keep_addr_on_down state twice. There
is no need to do it.
Cc: David Ahern <dsahern@gmail.com>
Signed-off-by: Ivan Vecera <cera@cera.cz>
---
net/ipv6/addrconf.c | 23 ++++++++++-------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 78cef00c9596..f40e25fd15ee 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3612,8 +3612,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
struct net *net = dev_net(dev);
struct inet6_dev *idev;
struct inet6_ifaddr *ifa, *tmp;
- int _keep_addr;
- bool keep_addr;
+ bool keep_addr = false;
int state, i;
ASSERT_RTNL();
@@ -3639,15 +3638,18 @@ static int addrconf_ifdown(struct net_device *dev, int how)
}
- /* aggregate the system setting and interface setting */
- _keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
- if (!_keep_addr)
- _keep_addr = idev->cnf.keep_addr_on_down;
-
/* combine the user config with event to determine if permanent
* addresses are to be removed from address hash table
*/
- keep_addr = !(how || _keep_addr <= 0 || idev->cnf.disable_ipv6);
+ if (!how && !idev->cnf.disable_ipv6) {
+ /* aggregate the system setting and interface setting */
+ int _keep_addr = net->ipv6.devconf_all->keep_addr_on_down;
+
+ if (!_keep_addr)
+ _keep_addr = idev->cnf.keep_addr_on_down;
+
+ keep_addr = (_keep_addr > 0);
+ }
/* Step 2: clear hash table */
for (i = 0; i < IN6_ADDR_HSIZE; i++) {
@@ -3697,11 +3699,6 @@ static int addrconf_ifdown(struct net_device *dev, int how)
write_lock_bh(&idev->lock);
}
- /* re-combine the user config with event to determine if permanent
- * addresses are to be removed from the interface list
- */
- keep_addr = (!how && _keep_addr > 0 && !idev->cnf.disable_ipv6);
-
list_for_each_entry_safe(ifa, tmp, &idev->addr_list, if_list) {
struct rt6_info *rt = NULL;
bool keep;
--
2.16.1
^ permalink raw reply related
* Re: [PATCH bpf-next 02/15] xsk: add user memory registration support sockopt
From: Björn Töpel @ 2018-04-24 7:30 UTC (permalink / raw)
To: Willem de Bruijn
Cc: Karlsson, Magnus, Alexander Duyck, Alexander Duyck,
John Fastabend, Alexei Starovoitov, Jesper Dangaard Brouer,
Daniel Borkmann, Michael S. Tsirkin, Network Development,
Björn Töpel, michael.lundkvist, Brandeburg, Jesse,
Singhai, Anjali, Zhang, Qi Z
In-Reply-To: <CAF=yD-+VKKspFwPCXrX_U9_rVgAXrFkarFXu8mfLsL2=QuLdPg@mail.gmail.com>
2018-04-24 1:04 GMT+02:00 Willem de Bruijn <willemdebruijn.kernel@gmail.com>:
> On Mon, Apr 23, 2018 at 9:56 AM, Björn Töpel <bjorn.topel@gmail.com> wrote:
>> From: Björn Töpel <bjorn.topel@intel.com>
>>
>> In this commit the base structure of the AF_XDP address family is set
>> up. Further, we introduce the abilty register a window of user memory
>> to the kernel via the XDP_UMEM_REG setsockopt syscall. The memory
>> window is viewed by an AF_XDP socket as a set of equally large
>> frames. After a user memory registration all frames are "owned" by the
>> user application, and not the kernel.
>>
>> Co-authored-by: Magnus Karlsson <magnus.karlsson@intel.com>
>> Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
>> Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
>
>> +static void xdp_umem_release(struct xdp_umem *umem)
>> +{
>> + struct task_struct *task;
>> + struct mm_struct *mm;
>> + unsigned long diff;
>> +
>> + if (umem->pgs) {
>> + xdp_umem_unpin_pages(umem);
>> +
>> + task = get_pid_task(umem->pid, PIDTYPE_PID);
>> + put_pid(umem->pid);
>> + if (!task)
>> + goto out;
>> + mm = get_task_mm(task);
>> + put_task_struct(task);
>> + if (!mm)
>> + goto out;
>> +
>> + diff = umem->size >> PAGE_SHIFT;
>
> Need to round up or size must always be a multiple of PAGE_SIZE.
>
Yes, you're right! I'll add constraints to the umem setup. See further
down in the reply.
>> +
>> + down_write(&mm->mmap_sem);
>> + mm->pinned_vm -= diff;
>> + up_write(&mm->mmap_sem);
>
> When using user->locked_vm for resource limit checks, no need
> to also update mm->pinned_vm?
>
Hmm, dug around in the code, and it looks like you're correct -- i.e.
if user->locked_vm is used, we shouldn't update the mm->pinned_vm.
I'll need to check a bit more, so that I'm certain, but if so, I'll
remove it in the next revision.
>> +static int __xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr)
>> +{
>> + u32 frame_size = mr->frame_size, frame_headroom = mr->frame_headroom;
>> + u64 addr = mr->addr, size = mr->len;
>> + unsigned int nframes;
>> + int size_chk, err;
>> +
>> + if (frame_size < XDP_UMEM_MIN_FRAME_SIZE || frame_size > PAGE_SIZE) {
>> + /* Strictly speaking we could support this, if:
>> + * - huge pages, or*
>> + * - using an IOMMU, or
>> + * - making sure the memory area is consecutive
>> + * but for now, we simply say "computer says no".
>> + */
>> + return -EINVAL;
>> + }
>
> Ideally, AF_XDP subsumes all packet socket use cases. It does not
> have packet v3's small packet optimizations of variable sized frames
> and block signaling.
>
> I don't suggest adding that now. But for the non-zerocopy case, it may
> make sense to ensure that nothing is blocking a later addition of these
> features. Especially for header-only (snaplen) workloads. So far, I don't
> see any issues.
>
Ok. Block signaling is sort of ring batching, so I think we're good
for that case. As for variable sized frames *within* a umem, that's
trickier. To support different sizes, multiple umems (and multiple
queues) -- if that makes sense?
>> + if (!is_power_of_2(frame_size))
>> + return -EINVAL;
>> +
>> + if (!PAGE_ALIGNED(addr)) {
>> + /* Memory area has to be page size aligned. For
>> + * simplicity, this might change.
>> + */
>> + return -EINVAL;
>> + }
>> +
>> + if ((addr + size) < addr)
>> + return -EINVAL;
>> +
>> + nframes = size / frame_size;
>> + if (nframes == 0 || nframes > UINT_MAX)
>> + return -EINVAL;
>
> You may also want a check here that nframes * frame_size is at least
> PAGE_SIZE and probably a multiple of that.
>
Yup! I'll add those checks. This will make the "diff shift" in the
release code safe as well. Thanks!
>> + frame_headroom = ALIGN(frame_headroom, 64);
>> +
>> + size_chk = frame_size - frame_headroom - XDP_PACKET_HEADROOM;
>> + if (size_chk < 0)
>> + return -EINVAL;
>> +
>> + umem->pid = get_task_pid(current, PIDTYPE_PID);
>> + umem->size = (size_t)size;
>> + umem->address = (unsigned long)addr;
>> + umem->props.frame_size = frame_size;
>> + umem->props.nframes = nframes;
>> + umem->frame_headroom = frame_headroom;
>> + umem->npgs = size / PAGE_SIZE;
>> + umem->pgs = NULL;
>> + umem->user = NULL;
>> +
>> + umem->frame_size_log2 = ilog2(frame_size);
>> + umem->nfpp_mask = (PAGE_SIZE / frame_size) - 1;
>> + umem->nfpplog2 = ilog2(PAGE_SIZE / frame_size);
>> + atomic_set(&umem->users, 1);
>> +
>> + err = xdp_umem_account_pages(umem);
>> + if (err)
>> + goto out;
>> +
>> + err = xdp_umem_pin_pages(umem);
>> + if (err)
>
> need to call xdp_umem_unaccount_pages on error
Indeed! I'll fix that!
>> + goto out;
>> + return 0;
>> +
>> +out:
>> + put_pid(umem->pid);
>> + return err;
>> +}
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Jesper Dangaard Brouer @ 2018-04-24 7:27 UTC (permalink / raw)
To: Björn Töpel
Cc: Michael S. Tsirkin, Karlsson, Magnus, Duyck, Alexander H,
Alexander Duyck, John Fastabend, Alexei Starovoitov,
Willem de Bruijn, Daniel Borkmann, Netdev, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z, brouer
In-Reply-To: <CAJ+HfNjJjVLPY_Si4-f91_o2HOQGCBmPuNN3cyAahpixTcRRXw@mail.gmail.com>
On Tue, 24 Apr 2018 08:55:33 +0200
Björn Töpel <bjorn.topel@gmail.com> wrote:
> > Is there a chance of Documentation/networking/af_xdp.txt ?
> >
>
> Yes. :-) We'll add that to the next spin!
Could we please create it using RST format (ReStructuredText) from the
start?
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Principal Kernel Engineer at Red Hat
LinkedIn: http://www.linkedin.com/in/brouer
^ permalink raw reply
* Re: [PATCH bpf-next 02/15] xsk: add user memory registration support sockopt
From: Björn Töpel @ 2018-04-24 7:01 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Karlsson, Magnus, Duyck, Alexander H, Alexander Duyck,
John Fastabend, Alexei Starovoitov, Jesper Dangaard Brouer,
Willem de Bruijn, Daniel Borkmann, Netdev, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <20180423232619-mutt-send-email-mst@kernel.org>
2018-04-23 22:26 GMT+02:00 Michael S. Tsirkin <mst@redhat.com>:
> On Mon, Apr 23, 2018 at 10:15:18PM +0200, Björn Töpel wrote:
>> 2018-04-23 22:11 GMT+02:00 Michael S. Tsirkin <mst@redhat.com>:
>> > On Mon, Apr 23, 2018 at 10:00:15PM +0200, Björn Töpel wrote:
>> >> 2018-04-23 18:18 GMT+02:00 Michael S. Tsirkin <mst@redhat.com>:
>> >>
>> >> [...]
>> >>
>> >> >> +static void xdp_umem_unpin_pages(struct xdp_umem *umem)
>> >> >> +{
>> >> >> + unsigned int i;
>> >> >> +
>> >> >> + if (umem->pgs) {
>> >> >> + for (i = 0; i < umem->npgs; i++)
>> >> >
>> >> > Since you pin them with FOLL_WRITE, I assume these pages
>> >> > are written to.
>> >> > Don't you need set_page_dirty_lock here?
>> >> >
>> >>
>> >> Hmm, I actually *removed* it from the RFC V2, but after doing some
>> >> homework, I think you're right. Thanks for pointing this out!
>> >>
>> >> Thinking more about this; This function is called from sk_destruct,
>> >> and in the Tx case the sk_destruct can be called from interrupt
>> >> context, where set_page_dirty_lock cannot be called.
>> >>
>> >> Are there any preferred ways of solving this? Scheduling the whole
>> >> xsk_destruct call to a workqueue is one way (I think). Any
>> >> cleaner/better way?
>> >>
>> >> [...]
>> >
>> > Defer unpinning pages until the next tx call?
>> >
>>
>> If the sock is released, there wont be another tx call.
>
> unpin them on socket release too?
>
AF_XDP pins all memory up front, and unpins it when the socket is
released (final sock_put), which in this case is in the skb
destructor. So there's no later point from a sock lifetime
perspective.
I'll make a stab at doing umem clean up in a worker queue.
>> Or am I
>> missing something obvious?
>>
>> >
>> >> >> +static int __xdp_umem_reg(struct xdp_umem *umem, struct xdp_umem_reg *mr)
>> >> >> +{
>> >> >> + u32 frame_size = mr->frame_size, frame_headroom = mr->frame_headroom;
>> >> >> + u64 addr = mr->addr, size = mr->len;
>> >> >> + unsigned int nframes;
>> >> >> + int size_chk, err;
>> >> >> +
>> >> >> + if (frame_size < XDP_UMEM_MIN_FRAME_SIZE || frame_size > PAGE_SIZE) {
>> >> >> + /* Strictly speaking we could support this, if:
>> >> >> + * - huge pages, or*
>> >> >
>> >> > what does "or*" here mean?
>> >> >
>> >>
>> >> Oops, I'll change to just 'or' in the next revision.
>> >>
>> >>
>> >> Thanks!
>> >> Björn
^ permalink raw reply
* Re: [PATCH bpf-next 00/15] Introducing AF_XDP support
From: Björn Töpel @ 2018-04-24 6:55 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Karlsson, Magnus, Duyck, Alexander H, Alexander Duyck,
John Fastabend, Alexei Starovoitov, Jesper Dangaard Brouer,
Willem de Bruijn, Daniel Borkmann, Netdev, Björn Töpel,
michael.lundkvist, Brandeburg, Jesse, Singhai, Anjali,
Zhang, Qi Z
In-Reply-To: <20180424022124-mutt-send-email-mst@kernel.org>
2018-04-24 1:22 GMT+02:00 Michael S. Tsirkin <mst@redhat.com>:
> On Mon, Apr 23, 2018 at 03:56:04PM +0200, Björn Töpel wrote:
>> From: Björn Töpel <bjorn.topel@intel.com>
>>
>> This RFC introduces a new address family called AF_XDP that is
>> optimized for high performance packet processing and, in upcoming
>> patch sets, zero-copy semantics. In this v2 version, we have removed
>> all zero-copy related code in order to make it smaller, simpler and
>> hopefully more review friendly. This RFC only supports copy-mode for
>> the generic XDP path (XDP_SKB) for both RX and TX and copy-mode for RX
>> using the XDP_DRV path. Zero-copy support requires XDP and driver
>> changes that Jesper Dangaard Brouer is working on. Some of his work
>> has already been accepted. We will publish our zero-copy support for
>> RX and TX on top of his patch sets at a later point in time.
>>
>> An AF_XDP socket (XSK) is created with the normal socket()
>> syscall. Associated with each XSK are two queues: the RX queue and the
>> TX queue. A socket can receive packets on the RX queue and it can send
>> packets on the TX queue. These queues are registered and sized with
>> the setsockopts XDP_RX_RING and XDP_TX_RING, respectively. It is
>> mandatory to have at least one of these queues for each socket. In
>> contrast to AF_PACKET V2/V3 these descriptor queues are separated from
>> packet buffers. An RX or TX descriptor points to a data buffer in a
>> memory area called a UMEM. RX and TX can share the same UMEM so that a
>> packet does not have to be copied between RX and TX. Moreover, if a
>> packet needs to be kept for a while due to a possible retransmit, the
>> descriptor that points to that packet can be changed to point to
>> another and reused right away. This again avoids copying data.
>>
>> This new dedicated packet buffer area is call a UMEM. It consists of a
>> number of equally size frames and each frame has a unique frame id. A
>> descriptor in one of the queues references a frame by referencing its
>> frame id. The user space allocates memory for this UMEM using whatever
>> means it feels is most appropriate (malloc, mmap, huge pages,
>> etc). This memory area is then registered with the kernel using the new
>> setsockopt XDP_UMEM_REG. The UMEM also has two queues: the FILL queue
>> and the COMPLETION queue. The fill queue is used by the application to
>> send down frame ids for the kernel to fill in with RX packet
>> data. References to these frames will then appear in the RX queue of
>> the XSK once they have been received. The completion queue, on the
>> other hand, contains frame ids that the kernel has transmitted
>> completely and can now be used again by user space, for either TX or
>> RX. Thus, the frame ids appearing in the completion queue are ids that
>> were previously transmitted using the TX queue. In summary, the RX and
>> FILL queues are used for the RX path and the TX and COMPLETION queues
>> are used for the TX path.
>>
>> The socket is then finally bound with a bind() call to a device and a
>> specific queue id on that device, and it is not until bind is
>> completed that traffic starts to flow. Note that in this RFC, all
>> packet data is copied out to user-space.
>>
>> A new feature in this RFC is that the UMEM can be shared between
>> processes, if desired. If a process wants to do this, it simply skips
>> the registration of the UMEM and its corresponding two queues, sets a
>> flag in the bind call and submits the XSK of the process it would like
>> to share UMEM with as well as its own newly created XSK socket. The
>> new process will then receive frame id references in its own RX queue
>> that point to this shared UMEM. Note that since the queue structures
>> are single-consumer / single-producer (for performance reasons), the
>> new process has to create its own socket with associated RX and TX
>> queues, since it cannot share this with the other process. This is
>> also the reason that there is only one set of FILL and COMPLETION
>> queues per UMEM. It is the responsibility of a single process to
>> handle the UMEM. If multiple-producer / multiple-consumer queues are
>> implemented in the future, this requirement could be relaxed.
>>
>> How is then packets distributed between these two XSK? We have
>> introduced a new BPF map called XSKMAP (or BPF_MAP_TYPE_XSKMAP in
>> full). The user-space application can place an XSK at an arbitrary
>> place in this map. The XDP program can then redirect a packet to a
>> specific index in this map and at this point XDP validates that the
>> XSK in that map was indeed bound to that device and queue number. If
>> not, the packet is dropped. If the map is empty at that index, the
>> packet is also dropped. This also means that it is currently mandatory
>> to have an XDP program loaded (and one XSK in the XSKMAP) to be able
>> to get any traffic to user space through the XSK.
>>
>> AF_XDP can operate in two different modes: XDP_SKB and XDP_DRV. If the
>> driver does not have support for XDP, or XDP_SKB is explicitly chosen
>> when loading the XDP program, XDP_SKB mode is employed that uses SKBs
>> together with the generic XDP support and copies out the data to user
>> space. A fallback mode that works for any network device. On the other
>> hand, if the driver has support for XDP, it will be used by the AF_XDP
>> code to provide better performance, but there is still a copy of the
>> data into user space.
>>
>> There is a xdpsock benchmarking/test application included that
>> demonstrates how to use AF_XDP sockets with both private and shared
>> UMEMs. Say that you would like your UDP traffic from port 4242 to end
>> up in queue 16, that we will enable AF_XDP on. Here, we use ethtool
>> for this:
>>
>> ethtool -N p3p2 rx-flow-hash udp4 fn
>> ethtool -N p3p2 flow-type udp4 src-port 4242 dst-port 4242 \
>> action 16
>>
>> Running the rxdrop benchmark in XDP_DRV mode can then be done
>> using:
>>
>> samples/bpf/xdpsock -i p3p2 -q 16 -r -N
>>
>> For XDP_SKB mode, use the switch "-S" instead of "-N" and all options
>> can be displayed with "-h", as usual.
>>
>> We have run some benchmarks on a dual socket system with two Broadwell
>> E5 2660 @ 2.0 GHz with hyperthreading turned off. Each socket has 14
>> cores which gives a total of 28, but only two cores are used in these
>> experiments. One for TR/RX and one for the user space application. The
>> memory is DDR4 @ 2133 MT/s (1067 MHz) and the size of each DIMM is
>> 8192MB and with 8 of those DIMMs in the system we have 64 GB of total
>> memory. The compiler used is gcc version 5.4.0 20160609. The NIC is an
>> Intel I40E 40Gbit/s using the i40e driver.
>>
>> Below are the results in Mpps of the I40E NIC benchmark runs for 64
>> and 1500 byte packets, generated by commercial packet generator HW that is
>> generating packets at full 40 Gbit/s line rate.
>>
>> AF_XDP performance 64 byte packets. Results from RFC V2 in parenthesis.
>> Benchmark XDP_SKB XDP_DRV
>> rxdrop 2.9(3.0) 9.4(9.3)
>> txpush 2.5(2.2) NA*
>> l2fwd 1.9(1.7) 2.4(2.4) (TX using XDP_SKB in both cases)
>>
>> AF_XDP performance 1500 byte packets:
>> Benchmark XDP_SKB XDP_DRV
>> rxdrop 2.1(2.2) 3.3(3.1)
>> l2fwd 1.4(1.1) 1.8(1.7) (TX using XDP_SKB in both cases)
>>
>> * NA since we have no support for TX using the XDP_DRV infrastructure
>> in this RFC. This is for a future patch set since it involves
>> changes to the XDP NDOs. Some of this has been upstreamed by Jesper
>> Dangaard Brouer.
>>
>> XDP performance on our system as a base line:
>>
>> 64 byte packets:
>> XDP stats CPU pps issue-pps
>> XDP-RX CPU 16 32,921,521 0
>>
>> 1500 byte packets:
>> XDP stats CPU pps issue-pps
>> XDP-RX CPU 16 3,289,491 0
>>
>> Changes from RFC V2:
>>
>> * Optimizations and simplifications to the ring structures inspired by
>> ptr_ring.h
>> * Renamed XDP_[RX|TX]_QUEUE to XDP_[RX|TX]_RING in the uapi to be
>> consistent with AF_PACKET
>> * Support for only having an RX queue or a TX queue defined
>> * Some bug fixes and code cleanup
>>
>> The structure of the patch set is as follows:
>>
>> Patches 1-2: Basic socket and umem plumbing
>> Patches 3-10: RX support together with the new XSKMAP
>> Patches 11-14: TX support
>> Patch 15: Sample application
>>
>> We based this patch set on bpf-next commit fbcf93ebcaef ("bpf: btf:
>> Clean up btf.h in uapi")
>>
>> Questions:
>>
>> * How to deal with cache alignment for uapi when different
>> architectures can have different cache line sizes? We have just
>> aligned it to 64 bytes for now, which works for many popular
>> architectures, but not all. Please advise.
>>
>> To do:
>>
>> * Optimize performance
>>
>> * Kernel selftest
>>
>> Post-series plan:
>>
>> * Kernel load module support of AF_XDP would be nice. Unclear how to
>> achieve this though since our XDP code depends on net/core.
>>
>> * Support for AF_XDP sockets without an XPD program loaded. In this
>> case all the traffic on a queue should go up to the user space socket.
>>
>> * Daniel Borkmann's suggestion for a "copy to XDP socket, and return
>> XDP_PASS" for a tcpdump-like functionality.
>>
>> * And of course getting to zero-copy support in small increments.
>>
>> Thanks: Björn and Magnus
>>
>> Björn Töpel (8):
>> net: initial AF_XDP skeleton
>> xsk: add user memory registration support sockopt
>> xsk: add Rx queue setup and mmap support
>> xdp: introduce xdp_return_buff API
>> xsk: add Rx receive functions and poll support
>> bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP
>> xsk: wire up XDP_DRV side of AF_XDP
>> xsk: wire up XDP_SKB side of AF_XDP
>>
>> Magnus Karlsson (7):
>> xsk: add umem fill queue support and mmap
>> xsk: add support for bind for Rx
>> xsk: add umem completion queue support and mmap
>> xsk: add Tx queue setup and mmap support
>> xsk: support for Tx
>> xsk: statistics support
>> samples/bpf: sample application for AF_XDP sockets
>>
>> MAINTAINERS | 8 +
>> include/linux/bpf.h | 26 +
>> include/linux/bpf_types.h | 3 +
>> include/linux/filter.h | 2 +-
>> include/linux/socket.h | 5 +-
>> include/net/xdp.h | 1 +
>> include/net/xdp_sock.h | 46 ++
>> include/uapi/linux/bpf.h | 1 +
>> include/uapi/linux/if_xdp.h | 87 ++++
>> kernel/bpf/Makefile | 3 +
>> kernel/bpf/verifier.c | 8 +-
>> kernel/bpf/xskmap.c | 286 +++++++++++
>> net/Kconfig | 1 +
>> net/Makefile | 1 +
>> net/core/dev.c | 34 +-
>> net/core/filter.c | 40 +-
>> net/core/sock.c | 12 +-
>> net/core/xdp.c | 15 +-
>> net/xdp/Kconfig | 7 +
>> net/xdp/Makefile | 2 +
>> net/xdp/xdp_umem.c | 256 ++++++++++
>> net/xdp/xdp_umem.h | 65 +++
>> net/xdp/xdp_umem_props.h | 23 +
>> net/xdp/xsk.c | 704 +++++++++++++++++++++++++++
>> net/xdp/xsk_queue.c | 73 +++
>> net/xdp/xsk_queue.h | 245 ++++++++++
>> samples/bpf/Makefile | 4 +
>> samples/bpf/xdpsock.h | 11 +
>> samples/bpf/xdpsock_kern.c | 56 +++
>> samples/bpf/xdpsock_user.c | 947 ++++++++++++++++++++++++++++++++++++
>> security/selinux/hooks.c | 4 +-
>> security/selinux/include/classmap.h | 4 +-
>> 32 files changed, 2945 insertions(+), 35 deletions(-)
>> create mode 100644 include/net/xdp_sock.h
>> create mode 100644 include/uapi/linux/if_xdp.h
>> create mode 100644 kernel/bpf/xskmap.c
>> create mode 100644 net/xdp/Kconfig
>> create mode 100644 net/xdp/Makefile
>> create mode 100644 net/xdp/xdp_umem.c
>> create mode 100644 net/xdp/xdp_umem.h
>> create mode 100644 net/xdp/xdp_umem_props.h
>> create mode 100644 net/xdp/xsk.c
>> create mode 100644 net/xdp/xsk_queue.c
>> create mode 100644 net/xdp/xsk_queue.h
>> create mode 100644 samples/bpf/xdpsock.h
>> create mode 100644 samples/bpf/xdpsock_kern.c
>> create mode 100644 samples/bpf/xdpsock_user.c
>
> Is there a chance of Documentation/networking/af_xdp.txt ?
>
Yes. :-) We'll add that to the next spin!
>
>>
>> --
>> 2.14.1
^ permalink raw reply
* Re: [PATCH net-next v2 0/2] openvswitch: Support conntrack zone limit
From: Pravin Shelar @ 2018-04-24 6:34 UTC (permalink / raw)
To: Yi-Hung Wei
Cc: David Miller, Linux Kernel Network Developers, Florian Westphal
In-Reply-To: <CAG1aQh+_KRCOSscVXAGc-2+09pB_WcMm4q0p9=Ewqr-YCT=FBA@mail.gmail.com>
On Mon, Apr 23, 2018 at 2:19 PM, Yi-Hung Wei <yihung.wei@gmail.com> wrote:
> On Mon, Apr 23, 2018 at 1:10 PM, Pravin Shelar <pshelar@ovn.org> wrote:
>> On Mon, Apr 23, 2018 at 6:39 AM, David Miller <davem@davemloft.net> wrote:
>>> From: Yi-Hung Wei <yihung.wei@gmail.com>
>>> Date: Tue, 17 Apr 2018 17:30:27 -0700
>>>
>>>> Currently, nf_conntrack_max is used to limit the maximum number of
>>>> conntrack entries in the conntrack table for every network namespace.
>>>> For the VMs and containers that reside in the same namespace,
>>>> they share the same conntrack table, and the total # of conntrack entries
>>>> for all the VMs and containers are limited by nf_conntrack_max. In this
>>>> case, if one of the VM/container abuses the usage the conntrack entries,
>>>> it blocks the others from committing valid conntrack entries into the
>>>> conntrack table. Even if we can possibly put the VM in different network
>>>> namespace, the current nf_conntrack_max configuration is kind of rigid
>>>> that we cannot limit different VM/container to have different # conntrack
>>>> entries.
>>>>
>>
>> Hi
>> This looks like general problem related to nf zone usage limit, Did
>> you considered changing nf-conntrack to have a per zone limit, so that
>> all users of nf-filter can use it. I prefer this to adding a wrapper
>> in OVS nf-filter layer.
>>
>> Thanks,
>> Pravin.
>>
>
> Hi Prvain,
>
> Thanks for your comment. Originally, I was thinking to add this
> feature in nf_conntrack and had some discussion with Florian. It
> turns out that iptables and nft have their own way to keep track of
> the connection limits, and it sounds reasonable to share the backend
> that counts the number of connections, but each module can enforce the
> connection limit in their own way. Therefore, Florian helped to pull
> out the common backend to nf_conncount in the following commit. The
> nf_conncount then can be used by xtables, nft, and ovs.
>
> commit 625c556118f3c2fd28bb8ef6da18c53bd4037be4
> Author: Florian Westphal <fw@strlen.de>
> Date: Sat Dec 9 21:01:08 2017 +0100
>
> netfilter: connlimit: split xt_connlimit into front and backend
>
> This allows to reuse xt_connlimit infrastructure from nf_tables.
> The upcoming nf_tables frontend can just pass in an nftables register
> as input key, this allows limiting by any nft-supported key, including
> concatenations. For xt_connlimit, pass in the zone and the ip/ipv6 addres.
> ....
>
>
> Basically, to achieve conntrack zone limit in OVS. We need the
> following 3 parts.
> 1. Count the number of connections (this is provided by netfilter's
> nf_conncount backend)
> 2. Keep track of the connection limits of zones, and check if it
> exceeds the limit.
> 3. An API for userspace to set/delete/get the conntrack zone limit.
>
> This patch series implements item 2 and 3, and it reuses the
> nf_conncount from netfiler for the first part.
>
OK. Thanks for the info.
^ permalink raw reply
* [PATCHv2 net] team: fix netconsole setup over team
From: Xin Long @ 2018-04-24 6:33 UTC (permalink / raw)
To: network dev; +Cc: davem, Jiri Pirko, Stephen Hemminger, Cong Wang
The same fix in Commit dbe173079ab5 ("bridge: fix netconsole
setup over bridge") is also needed for team driver.
While at it, remove the unnecessary parameter *team from
team_port_enable_netpoll().
v1->v2:
- fix it in a better way, as does bridge.
Fixes: 0fb52a27a04a ("team: cleanup netpoll clode")
Reported-by: João Avelino Bellomo Filho <jbellomo@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
drivers/net/team/team.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index acbe849..ddb6bf8 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -1072,14 +1072,11 @@ static void team_port_leave(struct team *team, struct team_port *port)
}
#ifdef CONFIG_NET_POLL_CONTROLLER
-static int team_port_enable_netpoll(struct team *team, struct team_port *port)
+static int __team_port_enable_netpoll(struct team_port *port)
{
struct netpoll *np;
int err;
- if (!team->dev->npinfo)
- return 0;
-
np = kzalloc(sizeof(*np), GFP_KERNEL);
if (!np)
return -ENOMEM;
@@ -1093,6 +1090,14 @@ static int team_port_enable_netpoll(struct team *team, struct team_port *port)
return err;
}
+static int team_port_enable_netpoll(struct team_port *port)
+{
+ if (!port->team->dev->npinfo)
+ return 0;
+
+ return __team_port_enable_netpoll(port);
+}
+
static void team_port_disable_netpoll(struct team_port *port)
{
struct netpoll *np = port->np;
@@ -1107,7 +1112,7 @@ static void team_port_disable_netpoll(struct team_port *port)
kfree(np);
}
#else
-static int team_port_enable_netpoll(struct team *team, struct team_port *port)
+static int team_port_enable_netpoll(struct team_port *port)
{
return 0;
}
@@ -1221,7 +1226,7 @@ static int team_port_add(struct team *team, struct net_device *port_dev,
goto err_vids_add;
}
- err = team_port_enable_netpoll(team, port);
+ err = team_port_enable_netpoll(port);
if (err) {
netdev_err(dev, "Failed to enable netpoll on device %s\n",
portname);
@@ -1918,7 +1923,7 @@ static int team_netpoll_setup(struct net_device *dev,
mutex_lock(&team->lock);
list_for_each_entry(port, &team->port_list, list) {
- err = team_port_enable_netpoll(team, port);
+ err = __team_port_enable_netpoll(port);
if (err) {
__team_netpoll_cleanup(team);
break;
--
2.1.0
^ permalink raw reply related
* Re: [PATCH net-next v2 2/2] openvswitch: Support conntrack zone limit
From: Pravin Shelar @ 2018-04-24 6:30 UTC (permalink / raw)
To: Yi-Hung Wei; +Cc: Linux Kernel Network Developers
In-Reply-To: <1524011429-14500-3-git-send-email-yihung.wei@gmail.com>
On Tue, Apr 17, 2018 at 5:30 PM, Yi-Hung Wei <yihung.wei@gmail.com> wrote:
> Currently, nf_conntrack_max is used to limit the maximum number of
> conntrack entries in the conntrack table for every network namespace.
> For the VMs and containers that reside in the same namespace,
> they share the same conntrack table, and the total # of conntrack entries
> for all the VMs and containers are limited by nf_conntrack_max. In this
> case, if one of the VM/container abuses the usage the conntrack entries,
> it blocks the others from committing valid conntrack entries into the
> conntrack table. Even if we can possibly put the VM in different network
> namespace, the current nf_conntrack_max configuration is kind of rigid
> that we cannot limit different VM/container to have different # conntrack
> entries.
>
> To address the aforementioned issue, this patch proposes to have a
> fine-grained mechanism that could further limit the # of conntrack entries
> per-zone. For example, we can designate different zone to different VM,
> and set conntrack limit to each zone. By providing this isolation, a
> mis-behaved VM only consumes the conntrack entries in its own zone, and
> it will not influence other well-behaved VMs. Moreover, the users can
> set various conntrack limit to different zone based on their preference.
>
> The proposed implementation utilizes Netfilter's nf_conncount backend
> to count the number of connections in a particular zone. If the number of
> connection is above a configured limitation, ovs will return ENOMEM to the
> userspace. If userspace does not configure the zone limit, the limit
> defaults to zero that is no limitation, which is backward compatible to
> the behavior without this patch.
>
> The following high leve APIs are provided to the userspace:
> - OVS_CT_LIMIT_CMD_SET:
> * set default connection limit for all zones
> * set the connection limit for a particular zone
> - OVS_CT_LIMIT_CMD_DEL:
> * remove the connection limit for a particular zone
> - OVS_CT_LIMIT_CMD_GET:
> * get the default connection limit for all zones
> * get the connection limit for a particular zone
>
> Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
> ---
> net/openvswitch/Kconfig | 3 +-
> net/openvswitch/conntrack.c | 498 +++++++++++++++++++++++++++++++++++++++++++-
> net/openvswitch/conntrack.h | 9 +-
> net/openvswitch/datapath.c | 7 +-
> net/openvswitch/datapath.h | 1 +
> 5 files changed, 512 insertions(+), 6 deletions(-)
>
> diff --git a/net/openvswitch/Kconfig b/net/openvswitch/Kconfig
> index 2650205cdaf9..89da9512ec1e 100644
> --- a/net/openvswitch/Kconfig
> +++ b/net/openvswitch/Kconfig
> @@ -9,7 +9,8 @@ config OPENVSWITCH
> (NF_CONNTRACK && ((!NF_DEFRAG_IPV6 || NF_DEFRAG_IPV6) && \
> (!NF_NAT || NF_NAT) && \
> (!NF_NAT_IPV4 || NF_NAT_IPV4) && \
> - (!NF_NAT_IPV6 || NF_NAT_IPV6)))
> + (!NF_NAT_IPV6 || NF_NAT_IPV6) && \
> + (!NETFILTER_CONNCOUNT || NETFILTER_CONNCOUNT)))
> select LIBCRC32C
> select MPLS
> select NET_MPLS_GSO
> diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> index c5904f629091..d09b572f72b4 100644
> --- a/net/openvswitch/conntrack.c
> +++ b/net/openvswitch/conntrack.c
> @@ -17,7 +17,9 @@
> #include <linux/udp.h>
> #include <linux/sctp.h>
> #include <net/ip.h>
> +#include <net/genetlink.h>
> #include <net/netfilter/nf_conntrack_core.h>
> +#include <net/netfilter/nf_conntrack_count.h>
> #include <net/netfilter/nf_conntrack_helper.h>
> #include <net/netfilter/nf_conntrack_labels.h>
> #include <net/netfilter/nf_conntrack_seqadj.h>
> @@ -76,6 +78,38 @@ struct ovs_conntrack_info {
> #endif
> };
>
> +#if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT)
> +#define OVS_CT_LIMIT_UNLIMITED 0
> +#define OVS_CT_LIMIT_DEFAULT OVS_CT_LIMIT_UNLIMITED
> +#define CT_LIMIT_HASH_BUCKETS 512
> +
Can you use static key when the limit is not set.
This would avoid overhead in datapath when these limits are not used.
> +struct ovs_ct_limit {
> + /* Elements in ovs_ct_limit_info->limits hash table */
> + struct hlist_node hlist_node;
> + struct rcu_head rcu;
> + u16 zone;
> + u32 limit;
> +};
> +
...
> +#endif
> +
> /* Lookup connection and confirm if unconfirmed. */
> static int ovs_ct_commit(struct net *net, struct sw_flow_key *key,
> const struct ovs_conntrack_info *info,
> @@ -1054,6 +1176,13 @@ static int ovs_ct_commit(struct net *net, struct sw_flow_key *key,
> if (!ct)
> return 0;
>
> +#if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT)
> + err = ovs_ct_check_limit(net, info,
> + &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
> + if (err)
> + return err;
> +#endif
> +
This could be checked during flow install time, so that only permitted
flows would have 'ct commit' action, we can avoid per packet cost
checking the limit.
returning error code form ovs_ct_commit() is lost in datapath and it
would be hard to debug packet lost in case of the limit is reached. So
another advantage of checking the limit in flow install be better
traceability. datapath would return error to usespace and it can log
the error code.
^ permalink raw reply
* VRF: Ingress IPv6 Linklocal/Multicast destined pkt from slave VRF device does not map to Master device socket
From: Sukumar Gopalakrishnan @ 2018-04-24 5:57 UTC (permalink / raw)
To: netdev
VRF: Ingress IPv6 Linklocal/Multicast pkt from slave VRF device does
not map to Master device socket.
KERNEL VERSION:
================
4.14.28
BUG REPORT:
============
https://bugzilla.kernel.org/show_bug.cgi?id=199409
CONFIGURATION AND PROBLEM ROOT CAUSE:
========================================
1) Created VRF device(Vrf_258) and enslaved network device(v1_F4246) to this
VRF.
/exos/bin # ip link show v1_F4246
54: v1_F4246: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
master vrf_258 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 00:04:96:98:c9:18 brd ff:ff:ff:ff:ff:ff
/exos/bin # ip link show vrf_258
14: vrf_258: <NOARP,MASTER,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UP mode DEFAULT group default qlen 1000
link/ether 00:04:96:98:c9:18 brd ff:ff:ff:ff:ff:ff
2) Opened PIM protocol raw socket for AF_INET6 family
pim_socket = socket(AF_INET6, SOCK_RAW , IPPROTO_PIM )
3) PIM user daemon process per VRF so opened RX socket SO_BINDTODEVICE
to VRF_258 netdevice.
PIM control packets ingressing any slave devices belongs to this
master VRF device should be sent to this socket.
4) Ingressing PIM hello control packets which is having SrcIP =
fe80::204:96ff:fe98:c918 (IPv6 Link-local) and DestIP = ff02::0d
(Multicast pkt)
does not mapped to vrf_258 bounded socket and gets dropped in socket
lookup function.
5) inet6_iif() is returning v1_F4246's ifindex 54 and inet6_sdif()
returns value zero.
__raw_v6_lookup(net, sk, nexthdr, daddr, saddr, inet6_iif(skb),
inet6_sdif(skb));
sk->sk_bound_dev_if is having vrf_258(ifIndex value 14) but dif(value
54) and sdif(value 0) does not match this socket hence socket not
found.
struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
unsigned short num, const struct in6_addr *loc_addr,
const struct in6_addr *rmt_addr, int dif, int sdif) {
<snip>
..
if (sk->sk_bound_dev_if &&
sk->sk_bound_dev_if != dif &&
sk->sk_bound_dev_if != sdif)
..
<snip>
}
6) This problem is seen for Raw, Udp and TCP socket look up function
for IPv6 packets destined to linklocal or multicast address.
7) This issue do not occur for all types of IPV4 address and IPv6
unicast global address.
TEMP FIX:
=========
Get master device address from (skb->dev) and pass master to socket
lookup up function for Ipv6 Linklocal/Multicast address.
ipv6_raw_deliver()
{
int mdif;
..
..
mdif = (((nexthdr == IPPROTO_PIM || nexthdr == 89 /* IPPROTO_OSPF */ ||
nexthdr == IPPROTO_ICMPV6 || nexthdr == 112 /*IPPROTO_VRRP*/) &&
(ipv6_addr_type(daddr) &
(IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL))) ?
l3mdev_master_ifindex_rcu(skb->dev) : inet6_iif(skb));
sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr, mdif,
inet6_sdif(skb));
...
..
}
Regards,
Sukumar
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox