From: John Fastabend <john.fastabend@gmail.com>
To: Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Martin KaFai Lau <kafai@fb.com>
Cc: "Toke Høiland-Jørgensen" <toke@redhat.com>,
"Alexei Starovoitov" <alexei.starovoitov@gmail.com>,
"Cong Wang" <xiyou.wangcong@gmail.com>,
"David Miller" <davem@davemloft.net>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
"John Fastabend" <john.fastabend@gmail.com>,
"Lorenz Bauer" <lmb@cloudflare.com>,
"Linux Kernel Network Developers" <netdev@vger.kernel.org>,
bpf <bpf@vger.kernel.org>, kernel-team <kernel-team@fb.com>
Subject: Re: [RFC PATCH bpf-next] bpf: Introduce bpf_timer
Date: Wed, 02 Jun 2021 11:46:15 -0700 [thread overview]
Message-ID: <60b7d1f7e3640_5c74020841@john-XPS-13-9370.notmuch> (raw)
In-Reply-To: <20210602181333.3m4vz2xqd5klbvyf@apollo>
Kumar Kartikeya Dwivedi wrote:
> On Wed, Jun 02, 2021 at 11:24:36PM IST, Martin KaFai Lau wrote:
> > On Wed, Jun 02, 2021 at 10:48:02AM +0200, Toke Høiland-Jørgensen wrote:
> > > Alexei Starovoitov <alexei.starovoitov@gmail.com> writes:
> > >
> > > >> > In general the garbage collection in any form doesn't scale.
> > > >> > The conntrack logic doesn't need it. The cillium conntrack is a great
> > > >> > example of how to implement a conntrack without GC.
> > > >>
> > > >> That is simply not a conntrack. We expire connections based on
> > > >> its time, not based on the size of the map where it residents.
> > > >
> > > > Sounds like your goal is to replicate existing kernel conntrack
> > > > as bpf program by doing exactly the same algorithm and repeating
> > > > the same mistakes. Then add kernel conntrack functions to allow list
> > > > of kfuncs (unstable helpers) and call them from your bpf progs.
> > >
> > > FYI, we're working on exactly this (exposing kernel conntrack to BPF).
> > > Hoping to have something to show for our efforts before too long, but
> > > it's still in a bit of an early stage...
> > Just curious, what conntrack functions will be made callable to BPF?
>
> Initially we're planning to expose the equivalent of nf_conntrack_in and
> nf_conntrack_confirm to XDP and TC programs (so XDP one works without an skb,
> and TC one works with an skb), to map these to higher level lookup/insert.
>
> --
> Kartikeya
I think this is a missed opportunity. I can't see any advantage to
tying a XDP datapath into nft. For local connections use a socket lookup
no need for tables at all. For middle boxes you need some tables, but
again really don't see why you want nft here. An entirely XDP based
connection tracker is going to be faster, easier to debug, and
more easy to tune to do what you want as your use cases changes.
Other than architecture disagreements, the implementation of this
gets ugly. You will need to export a set of nft hooks, teach nft
about xdp_buffs and then on every packet poke nft. Just looking
at nf_conntrack_in() tells me you likely need some serious surgery
there to make this work and now you've forked a bunch of code that
could be done generically in BPF into some C hard coded stuff you
will have to maintain. Or you do an ugly hack to convert xdp into
skb on every packet, but I'll NAK that because its really defeats
the point of XDP. Maybe TC side is easier because you have skb,
but then you miss the real win in XDP side. Sorry I don't see any
upsides here and just more work to review, maintain code that is
dubious to start with.
Anyways original timers code above LGTM.
.John
next prev parent reply other threads:[~2021-06-02 18:46 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-20 18:55 [RFC PATCH bpf-next] bpf: Introduce bpf_timer Alexei Starovoitov
2021-05-21 14:38 ` Alexei Starovoitov
2021-05-21 21:37 ` Cong Wang
2021-05-23 16:01 ` Alexei Starovoitov
2021-05-24 8:45 ` Lorenz Bauer
2021-05-25 3:16 ` Cong Wang
2021-05-25 4:59 ` Cong Wang
2021-05-25 18:21 ` Alexei Starovoitov
2021-05-25 19:35 ` Jamal Hadi Salim
2021-05-25 19:57 ` Alexei Starovoitov
2021-05-25 21:09 ` Jamal Hadi Salim
2021-05-25 22:08 ` Alexei Starovoitov
2021-05-26 15:34 ` Jamal Hadi Salim
2021-05-26 16:58 ` Alexei Starovoitov
2021-05-26 18:25 ` Jamal Hadi Salim
2021-05-30 6:36 ` Cong Wang
2021-06-02 2:00 ` Alexei Starovoitov
2021-06-02 8:48 ` Toke Høiland-Jørgensen
2021-06-02 17:54 ` Martin KaFai Lau
2021-06-02 18:13 ` Kumar Kartikeya Dwivedi
2021-06-02 18:26 ` Alexei Starovoitov
2021-06-02 18:30 ` Kumar Kartikeya Dwivedi
2021-06-02 18:46 ` John Fastabend [this message]
2021-05-22 16:06 ` kernel test robot
2021-05-22 16:41 ` kernel test robot
2021-05-22 16:41 ` [RFC PATCH] bpf: bpf_timer_init_proto can be static kernel test robot
2021-05-23 11:48 ` [RFC PATCH bpf-next] bpf: Introduce bpf_timer Toke Høiland-Jørgensen
2021-05-23 15:58 ` Alexei Starovoitov
2021-05-24 8:42 ` Lorenz Bauer
2021-05-24 14:48 ` Alexei Starovoitov
2021-05-24 17:33 ` Alexei Starovoitov
2021-05-24 18:39 ` Toke Høiland-Jørgensen
2021-05-24 18:38 ` Toke Høiland-Jørgensen
2021-05-24 11:49 ` Lorenz Bauer
2021-05-24 14:56 ` Alexei Starovoitov
2021-05-24 19:13 ` Andrii Nakryiko
2021-05-25 5:22 ` Cong Wang
2021-05-25 19:47 ` Andrii Nakryiko
-- strict thread matches above, loose matches on Subject: below --
2021-04-01 4:26 [RFC Patch bpf-next] bpf: introduce bpf timer Cong Wang
2021-04-01 6:38 ` Song Liu
2021-04-01 17:28 ` Cong Wang
2021-04-01 20:17 ` Song Liu
2021-04-02 17:34 ` Cong Wang
2021-04-02 17:57 ` Song Liu
2021-04-02 19:08 ` Cong Wang
2021-04-02 19:43 ` Song Liu
2021-04-02 20:57 ` Cong Wang
2021-04-02 23:31 ` Song Liu
2021-04-05 23:49 ` Cong Wang
2021-04-06 1:07 ` Song Liu
2021-04-06 1:24 ` Cong Wang
2021-04-06 6:17 ` Song Liu
2021-04-06 16:48 ` Cong Wang
2021-04-06 23:36 ` Song Liu
2021-04-08 22:45 ` Cong Wang
2021-04-02 19:28 ` Alexei Starovoitov
2021-04-02 21:24 ` Cong Wang
2021-04-02 23:45 ` Alexei Starovoitov
2021-04-06 0:36 ` Cong Wang
2021-04-12 23:01 ` Alexei Starovoitov
2021-04-15 4:02 ` Cong Wang
2021-04-15 4:25 ` Alexei Starovoitov
2021-04-15 15:51 ` Cong Wang
2021-04-26 23:00 ` Cong Wang
2021-04-26 23:05 ` Alexei Starovoitov
2021-04-26 23:37 ` Cong Wang
2021-04-27 2:01 ` Alexei Starovoitov
2021-04-27 11:52 ` Jamal Hadi Salim
2021-04-27 16:36 ` Cong Wang
2021-04-27 18:33 ` Alexei Starovoitov
2021-05-09 5:37 ` Cong Wang
2021-05-10 20:55 ` Jamal Hadi Salim
2021-05-11 21:29 ` Cong Wang
2021-05-12 22:56 ` Jamal Hadi Salim
2021-05-11 5:05 ` Joe Stringer
2021-05-11 21:08 ` Cong Wang
2021-05-12 22:43 ` Jamal Hadi Salim
2021-05-13 18:45 ` Jamal Hadi Salim
2021-05-14 2:53 ` Cong Wang
2021-08-11 21:03 ` Joe Stringer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60b7d1f7e3640_5c74020841@john-XPS-13-9370.notmuch \
--to=john.fastabend@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kafai@fb.com \
--cc=kernel-team@fb.com \
--cc=lmb@cloudflare.com \
--cc=memxor@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=toke@redhat.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.