| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99b1958f-d04c-2b4a-81c1-e9942512df37@iogearbox.net>
Date: Thu, 24 Jan 2019 12:56:36 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Jesper Dangaard Brouer <brouer@...hat.com>,
Maciej Fijalkowski <maciejromanfijalkowski@...il.com>
Cc: ast@...nel.org, netdev@...r.kernel.org,
jakub.kicinski@...ronome.com
Subject: Re: [PATCH bpf-next v2 2/8] libbpf: Add a helper for retrieving a
prog via index
On 01/23/2019 03:24 PM, Jesper Dangaard Brouer wrote:
> On Wed, 23 Jan 2019 14:41:59 +0100
> Maciej Fijalkowski <maciejromanfijalkowski@...il.com> wrote:
>
>> On Wed, 23 Jan 2019 11:41:11 +0100
>> Daniel Borkmann <daniel@...earbox.net> wrote:
>>
>>> On 01/21/2019 10:10 AM, Maciej Fijalkowski wrote:
>>>> xdp_redirect_cpu has a 6 different XDP programs that can be attached to
>>>> network interface. This sample has a option --prognum that allows user
>>>> for specifying which particular program from a given set will be
>>>> attached to network interface.
>>>> In order to make it easier when converting the mentioned sample to
>>>> libbpf usage, add a function to libbpf that will return program's fd for
>>>> a given index.
>>>>
>>>> Note that there is already a bpf_object__find_prog_by_idx, which could
>>>> be exported and might be used for that purpose, but it operates on the
>>>> number of ELF section and here we need an index from a programs array
>>>> within the bpf_object.
>>>
>>> Series in general looks good to me. Few minor comments, mainly in relation
>>> to the need for libbpf extensions.
>>>
>>> Would it not be a better interface to the user to instead choose the prog
>>> based on section name and then retrieve it via bpf_object__find_program_by_title()
>>> instead of prognum (which feels less user friendly) at least?
>>
>> I couldn't decide which one from:
>> * adding a libbpf helper
>> * changing the xdp_redirect_cpu behaviour
>>
>> would be more invasive when I was converting this sample to libbpf
>> support.
>>
>> Your suggestion sounds good, but I'm wondering about the actual
>> implementation. I suppose that we would choose the program via
>> command line. Some program section names in this sample are a bit
>> long and it might be irritating for user to type in for example
>> "xdp_cpu_map5_lb_hash_ip_pairs", no? Or maybe we can live with this.
>> In case of typo and program being not found it would be good to print
>> out the section names to choose from in usage().
>
> Please feel free to deprecate or remove the xdp_redirect_cpu --prognum
> option. I would prefer if this was indeed converted to selecting the
> program based on the name in the _kern.c file, instead of a number.
Given this is BPF sample code, there is no need to deprecate, lets just
remove --prognum option and add a new one for selection by name.
> Listing the avail programs will be helpful, and you can also
> shorten/rename the program names.
>
> For easy of use, consider doing like 'ip' tool from[1] iproute2, and
> find the first best matching string. Copy pasted code below signature
> for inspiration.
Powered by blists - more mailing lists