lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <57837676.3010900@iogearbox.net>
Date:	Mon, 11 Jul 2016 12:35:34 +0200
From:	Daniel Borkmann <daniel@...earbox.net>
To:	Tom Herbert <tom@...bertland.com>,
	Brenden Blanco <bblanco@...mgrid.com>
CC:	"David S. Miller" <davem@...emloft.net>,
	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Martin KaFai Lau <kafai@...com>,
	Jesper Dangaard Brouer <brouer@...hat.com>,
	Ari Saha <as754m@....com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>,
	Or Gerlitz <gerlitz.or@...il.com>,
	john fastabend <john.fastabend@...il.com>,
	Hannes Frederic Sowa <hannes@...essinduktion.org>,
	Thomas Graf <tgraf@...g.ch>
Subject: Re: [PATCH v6 02/12] net: add ndo to set xdp prog in adapter rx

On 07/10/2016 10:59 PM, Tom Herbert wrote:
> On Thu, Jul 7, 2016 at 9:15 PM, Brenden Blanco <bblanco@...mgrid.com> wrote:
>> Add two new set/check netdev ops for drivers implementing the
>> BPF_PROG_TYPE_XDP filter.
>>
>> Signed-off-by: Brenden Blanco <bblanco@...mgrid.com>
>> ---
>>   include/linux/netdevice.h | 14 ++++++++++++++
>>   net/core/dev.c            | 30 ++++++++++++++++++++++++++++++
>>   2 files changed, 44 insertions(+)
>>
>> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
>> index 49736a3..36ae955 100644
>> --- a/include/linux/netdevice.h
>> +++ b/include/linux/netdevice.h
>> @@ -63,6 +63,7 @@ struct wpan_dev;
>>   struct mpls_dev;
>>   /* UDP Tunnel offloads */
>>   struct udp_tunnel_info;
>> +struct bpf_prog;
>>
>>   void netdev_set_default_ethtool_ops(struct net_device *dev,
>>                                      const struct ethtool_ops *ops);
>> @@ -1087,6 +1088,15 @@ struct tc_to_netdev {
>>    *     appropriate rx headroom value allows avoiding skb head copy on
>>    *     forward. Setting a negative value resets the rx headroom to the
>>    *     default value.
>> + * int (*ndo_xdp_set)(struct net_device *dev, struct bpf_prog *prog);
>> + *     This function is used to set or clear a bpf program used in the
>> + *     earliest stages of packet rx. The prog will have been loaded as
>> + *     BPF_PROG_TYPE_XDP. The callee is responsible for calling bpf_prog_put
>> + *     on any old progs that are stored, but not on the passed in prog.
>> + * bool (*ndo_xdp_attached)(struct net_device *dev);
>> + *     This function is used to check if a bpf program is set on the device.
>> + *     The callee should return true if a program is currently attached and
>> + *     running.
>>    *
>>    */
>>   struct net_device_ops {
>> @@ -1271,6 +1281,9 @@ struct net_device_ops {
>>                                                         struct sk_buff *skb);
>>          void                    (*ndo_set_rx_headroom)(struct net_device *dev,
>>                                                         int needed_headroom);
>> +       int                     (*ndo_xdp_set)(struct net_device *dev,
>> +                                              struct bpf_prog *prog);
>> +       bool                    (*ndo_xdp_attached)(struct net_device *dev);
>
> It might nice if everything could be accomplished with with one ndo
> function (just too many ndo's flying around). Also, may want to
> consider future like maybe we have an XDP function in output path, or
> multiple programs pipelined together somehow.

You could probably have it roughly similar to ndo_setup_tc where you pass
commands down to the driver, if it should just be one central ndo, good
thing is that this is not set in stone anyway.

For pipelining, you'd most likely use tail calls, so you just have the root
program passed here, which is fine already as-is, since the rest for it is
handeled by bpf(2).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ