lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <550749D6.3070906@plumgrid.com>
Date:	Mon, 16 Mar 2015 14:23:34 -0700
From:	Alexei Starovoitov <ast@...mgrid.com>
To:	Daniel Borkmann <daniel@...earbox.net>, stephen@...workplumber.org
CC:	jhs@...atatu.com, jiri@...nulli.us, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 -next v2 2/2] tc: add eBPF support to f_bpf

On 3/16/15 11:37 AM, Daniel Borkmann wrote:
> This work adds the tc frontend for kernel commit e2e9b6541dd4 ("cls_bpf:
> add initial eBPF support for programmable classifiers").
>
> A C-like classifier program (f.e. see e2e9b6541dd4) is being compiled via
> LLVM's eBPF backend into an ELF file, that is then being passed to tc. tc
> then loads, if any, eBPF maps and eBPF opcodes (with fixed-up eBPF map file
> descriptors) out of its dedicated sections, and via bpf(2) into the kernel
> and then the resulting fd via netlink down to cls_bpf. cls_bpf allows for
> annotations, currently, I've used the file name for that, so that the user
> can easily identify his filter when dumping configurations back.
>
> Example usage:
>
>    clang -O2 -emit-llvm -c cls.c -o - | llc -march=bpf -filetype=obj -o cls.o
>    tc filter add dev em1 parent 1: bpf run object-file cls.o classid x:y
>
>    tc filter show dev em1 [...]
>    filter parent 1: protocol all pref 49152 bpf handle 0x1 flowid x:y cls.o
>
> I placed the parser bits derived from Alexei's kernel sample, into tc_bpf.c
> as my next step is to also add the same support for BPF action, so we can
> have a fully fledged eBPF classifier and action in tc.
>
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>

looks good to me
Acked-by: Alexei Starovoitov <ast@...mgrid.com>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ