| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Dec 2015 21:45:46 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Thomas Graf <tgraf@...g.ch> Cc: Jamal Hadi Salim <jhs@...atatu.com>, John Fastabend <john.fastabend@...il.com>, Tom Herbert <tom@...bertland.com>, Hannes Frederic Sowa <hannes@...essinduktion.org>, "John W. Linville" <linville@...driver.com>, Jesse Gross <jesse@...nel.org>, David Miller <davem@...emloft.net>, Anjali Singhai Jain <anjali.singhai@...el.com>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Kiran Patil <kiran.patil@...el.com> Subject: Re: [PATCH v1 1/6] net: Generalize udp based tunnel offload On Wed, Dec 09, 2015 at 02:40:38AM +0100, Thomas Graf wrote: > > I'm still having a difficulty trying to understand what exactly > the intended proposal around this is. You may have just answered > my question but just to make sure: When people refer to > implementing or interpreting BPF in hardware, do they mean: > > 1) A limited BPF instruction set used as descriptive language > to define match/action logic? > 2) A specific (versioned) BPF instruction set which hardware > can support? > 3) The full BPF instruction set of the current kernel + all > defined helper functions and tail call support? definetely not 1, not 2 and hardly 3. bpf verifier in 2k lines does full code analysis with all branches, memory accesses and so on, so it's not hard to understand _intent_ of the program by any HW backend. I agree with John that it's not trivial to convert bpf program into parse graph that intel asic understands, but it's not hard either. fpga based nic/switch can convert a program into parallel gates. netronom nic can JIT it into their instruction set. Programmable switch asics can equally understand intent of the program and convert it into their firmware. The easiest would be arm-based nics. In all cases HW will not be able to convert all possible programs, but it's not a limitation of instruction set. That's why 1 and 2 above doesn't really apply. Different explanation of the above: think of bpf as intermediate representation. When C or some other language is used to describe what dataplane suppose to do the compiler generates bpf==IR which is later compiled by hw specific backend into target. That target can be fpga, asic, npu, etc. Some backends will be simple and small enough to stay completely within kernel. Some backends (like fpga) would need to call_usermodehelper() or similar, since netlist compilation is tedious and slow process. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists