| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Apr 2016 21:47:54 -0700
From: Brenden Blanco <bblanco@...mgrid.com>
To: davem@...emloft.net
Cc: Brenden Blanco <bblanco@...mgrid.com>, netdev@...r.kernel.org,
tom@...bertland.com, alexei.starovoitov@...il.com,
ogerlitz@...lanox.com, daniel@...earbox.net, brouer@...hat.com,
eric.dumazet@...il.com, ecree@...arflare.com,
john.fastabend@...il.com, tgraf@...g.ch, johannes@...solutions.net,
eranlinuxmellanox@...il.com, lorenzo@...gle.com
Subject: [RFC PATCH v2 0/5] Add driver bpf hook for early packet drop
This patch set introduces new infrastructure for programmatically
processing packets in the earliest stages of rx, as part of an effort
others are calling Express Data Path (XDP) [1]. Start this effort by
introducing a new bpf program type for early packet filtering, before even
an skb has been allocated.
With this, hope to enable line rate filtering, with this initial
implementation providing drop/allow action only.
Patch 1 introduces the new prog type and helpers for validating the bpf
program. A new userspace struct is defined containing only len as a field,
with others to follow in the future.
In patch 2, create a new ndo to pass the fd to support drivers.
In patch 3, expose a new rtnl option to userspace.
In patch 4, enable support in mlx4 driver. No skb allocation is required,
instead a static percpu skb is kept in the driver and minimally initialized
for each driver frag.
In patch 5, create a sample drop and count program. With single core,
achieved ~20 Mpps drop rate on a 40G mlx4. This includes packet data
access, bpf array lookup, and increment.
Interestingly, accessing packet data from the program did not have a
noticeable impact on performance. Even so, future enhancements to
prefetching / batching / page-allocs should hopefully improve the
performance in this path.
[1] https://github.com/iovisor/bpf-docs/blob/master/Express_Data_Path.pdf
v2:
1/5: Drop xdp from types, instead consistently use bpf_phys_dev_.
Introduce enum for return values from phys_dev hook.
2/5: Move prog->type check to just before invoking ndo.
Change ndo to take a bpf_prog * instead of fd.
Add ndo_bpf_get rather than keeping a bool in the netdev struct.
3/5: Use ndo_bpf_get to fetch bool.
4/5: Enforce that only 1 frag is ever given to bpf prog by disallowing
mtu to increase beyond FRAG_SZ0 when bpf prog is running, or conversely
to set a bpf prog when priv->num_frags > 1.
Rename pseudo_skb to bpf_phys_dev_md.
Implement ndo_bpf_get.
Add dma sync just before invoking prog.
Check for explicit bpf return code rather than nonzero.
Remove increment of rx_dropped.
5/5: Use explicit bpf return code in example.
Update commit log with higher pps numbers.
Brenden Blanco (5):
bpf: add PHYS_DEV prog type for early driver filter
net: add ndo to set bpf prog in adapter rx
rtnl: add option for setting link bpf prog
mlx4: add support for fast rx drop bpf program
Add sample for adding simple drop program to link
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 65 +++++++++++
drivers/net/ethernet/mellanox/mlx4/en_rx.c | 25 +++-
drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 6 +
include/linux/netdevice.h | 13 +++
include/uapi/linux/bpf.h | 14 +++
include/uapi/linux/if_link.h | 1 +
kernel/bpf/verifier.c | 1 +
net/core/dev.c | 38 ++++++
net/core/filter.c | 68 +++++++++++
net/core/rtnetlink.c | 12 ++
samples/bpf/Makefile | 4 +
samples/bpf/bpf_load.c | 8 ++
samples/bpf/netdrvx1_kern.c | 26 +++++
samples/bpf/netdrvx1_user.c | 155 +++++++++++++++++++++++++
14 files changed, 432 insertions(+), 4 deletions(-)
create mode 100644 samples/bpf/netdrvx1_kern.c
create mode 100644 samples/bpf/netdrvx1_user.c
--
2.8.0
Powered by blists - more mailing lists