[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <cover.1698431765.git.dxu@dxuuu.xyz>
Date: Fri, 27 Oct 2023 12:46:16 -0600
From: Daniel Xu <dxu@...uu.xyz>
To: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, linux-kselftest@...r.kernel.org,
steffen.klassert@...unet.com, antony.antony@...unet.com
Cc: devel@...ux-ipsec.org
Subject: [RFC bpf-next 0/6] Add bpf_xdp_get_xfrm_state() kfunc
This patchset adds a kfunc helper, bpf_xdp_get_xfrm_state(), that wraps
xfrm_state_lookup(). The intent is to support software RSS (via XDP) for
the ongoing/upcoming ipsec pcpu work [0]. Recent experiments performed
on (hopefully) reproducible AWS testbeds indicate that single tunnel
pcpu ipsec can reach line rate on 100G ENA nics.
More details about that will be presented at netdev next week [1].
Antony did the initial stable bpf helper - I later ported it to unstable
kfuncs. So for the series, please apply a Co-developed-by for Antony,
provided he acks and signs off on this.
[0]: https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-multi-sa-performance-02
[1]: https://netdevconf.info/0x17/sessions/workshop/security-workshop.html
Daniel Xu (6):
bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc
bpf: selftests: test_tunnel: Use ping -6 over ping6
bpf: selftests: test_tunnel: Mount bpffs if necessary
bpf: selftests: test_tunnel: Use vmlinux.h declarations
bpf: selftests: test_tunnel: Disable CO-RE relocations
bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()
include/net/xfrm.h | 9 ++
net/xfrm/Makefile | 1 +
net/xfrm/xfrm_policy.c | 2 +
net/xfrm/xfrm_state_bpf.c | 105 ++++++++++++++++++
.../selftests/bpf/progs/bpf_tracing_net.h | 1 +
.../selftests/bpf/progs/test_tunnel_kern.c | 95 +++++++++-------
tools/testing/selftests/bpf/test_tunnel.sh | 43 ++++---
7 files changed, 202 insertions(+), 54 deletions(-)
create mode 100644 net/xfrm/xfrm_state_bpf.c
--
2.42.0
Powered by blists - more mailing lists