From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: David Ahern <dsahern@kernel.org>, netdev@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
prashantbhole.linux@gmail.com, brouer@redhat.com,
daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org,
kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com,
dsahern@gmail.com, David Ahern <dahern@digitalocean.com>
Subject: Re: [PATCH v5 bpf-next 00/11] net: Add support for XDP in egress path
Date: Wed, 13 May 2020 12:43:39 +0200 [thread overview]
Message-ID: <87sgg4t8ro.fsf@toke.dk> (raw)
In-Reply-To: <20200513014607.40418-1-dsahern@kernel.org>
David Ahern <dsahern@kernel.org> writes:
> From: David Ahern <dahern@digitalocean.com>
>
> This series adds support for XDP in the egress path by introducing
> a new XDP attachment type, BPF_XDP_EGRESS, and adding a UAPI to
> if_link.h for attaching the program to a netdevice and reporting
> the program. This allows bpf programs to be run on redirected xdp
> frames with the context showing the Tx device.
>
> This is a missing primitive for XDP allowing solutions to build small,
> targeted programs properly distributed in the networking path allowing,
> for example, an egress firewall/ACL/traffic verification or packet
> manipulation based on data specific to the egress device.
>
> Nothing about running a program in the Tx path requires driver specific
> resources like the Rx path has. Thus, programs can be run in core
> code and attached to the net_device struct similar to skb mode. The
> egress attach is done using the new XDP_FLAGS_EGRESS_MODE flag, and
> is reported by the kernel using the XDP_ATTACHED_EGRESS_CORE attach
> flag with IFLA_XDP_EGRESS_PROG_ID making the api similar to existing
> APIs for XDP.
>
> The egress program is run in bq_xmit_all before invoking ndo_xdp_xmit.
> This is similar to cls_bpf programs which run before the call to
> ndo_dev_xmit. Together the 2 locations cover all packets about to be
> sent to a device for Tx.
>
> xdp egress programs are not run on skbs, so a cls-bpf counterpart
> should also be attached to the device to cover all packets -
> xdp_frames and skbs.
>
> v5:
> - rebased to top of bpf-next
> - dropped skb path; cls-bpf provides an option for the same functionality
> without having to take a performance hit (e.g., disabling GSO).
I don't like this. I makes the egress hook asymmetrical with the ingress
hook (ingress hook sees all traffic, egress only some of it). If the
performance hit of disabling GSO is the concern, maybe it's better to
wait until we figure out how to deal with that (presumably by
multi-buffer XDP)?
-Toke
next prev parent reply other threads:[~2020-05-13 10:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-13 1:45 [PATCH v5 bpf-next 00/11] net: Add support for XDP in egress path David Ahern
2020-05-13 1:45 ` [PATCH v5 bpf-next 01/11] net: Refactor convert_to_xdp_frame David Ahern
2020-05-13 1:45 ` [PATCH v5 bpf-next 02/11] net: uapi for XDP programs in the egress path David Ahern
2020-05-13 1:45 ` [PATCH v5 bpf-next 03/11] net: Add XDP setup and query commands for Tx programs David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 04/11] net: Add BPF_XDP_EGRESS as a bpf_attach_type David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 05/11] xdp: Add xdp_txq_info to xdp_buff David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 06/11] net: set XDP egress program on netdevice David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 07/11] net: Support xdp in the Tx path for xdp_frames David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 08/11] libbpf: Add egress XDP support David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 09/11] bpftool: Add support for XDP egress David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 10/11] selftest: Add xdp_egress attach tests David Ahern
2020-05-13 1:46 ` [PATCH v5 bpf-next 11/11] samples/bpf: add XDP egress support to xdp1 David Ahern
2020-05-13 10:43 ` Toke Høiland-Jørgensen [this message]
2020-05-13 19:37 ` [PATCH v5 bpf-next 00/11] net: Add support for XDP in egress path David Ahern
2020-05-15 22:54 ` John Fastabend
2020-05-15 23:15 ` David Ahern
2020-05-18 18:10 ` John Fastabend
2020-05-18 23:52 ` David Ahern
2020-05-19 6:04 ` John Fastabend
2020-05-18 3:40 ` David Ahern
2020-05-18 9:08 ` Toke Høiland-Jørgensen
2020-05-18 14:44 ` David Ahern
2020-05-18 18:00 ` Toke Høiland-Jørgensen
2020-05-18 21:06 ` Daniel Borkmann
2020-05-19 0:02 ` David Ahern
2020-05-19 13:31 ` Daniel Borkmann
2020-05-19 14:21 ` Jesper Dangaard Brouer
2020-05-19 16:58 ` Lorenzo Bianconi
2020-05-19 14:52 ` Toke Høiland-Jørgensen
2020-05-19 16:37 ` David Ahern
2020-05-18 23:37 ` David Ahern
2020-05-18 21:23 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sgg4t8ro.fsf@toke.dk \
--to=toke@redhat.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=brouer@redhat.com \
--cc=dahern@digitalocean.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=dsahern@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=prashantbhole.linux@gmail.com \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.