lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <99b1958f-d04c-2b4a-81c1-e9942512df37@iogearbox.net> Date: Thu, 24 Jan 2019 12:56:36 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Jesper Dangaard Brouer <brouer@...hat.com>, Maciej Fijalkowski <maciejromanfijalkowski@...il.com> Cc: ast@...nel.org, netdev@...r.kernel.org, jakub.kicinski@...ronome.com Subject: Re: [PATCH bpf-next v2 2/8] libbpf: Add a helper for retrieving a prog via index On 01/23/2019 03:24 PM, Jesper Dangaard Brouer wrote: > On Wed, 23 Jan 2019 14:41:59 +0100 > Maciej Fijalkowski <maciejromanfijalkowski@...il.com> wrote: > >> On Wed, 23 Jan 2019 11:41:11 +0100 >> Daniel Borkmann <daniel@...earbox.net> wrote: >> >>> On 01/21/2019 10:10 AM, Maciej Fijalkowski wrote: >>>> xdp_redirect_cpu has a 6 different XDP programs that can be attached to >>>> network interface. This sample has a option --prognum that allows user >>>> for specifying which particular program from a given set will be >>>> attached to network interface. >>>> In order to make it easier when converting the mentioned sample to >>>> libbpf usage, add a function to libbpf that will return program's fd for >>>> a given index. >>>> >>>> Note that there is already a bpf_object__find_prog_by_idx, which could >>>> be exported and might be used for that purpose, but it operates on the >>>> number of ELF section and here we need an index from a programs array >>>> within the bpf_object. >>> >>> Series in general looks good to me. Few minor comments, mainly in relation >>> to the need for libbpf extensions. >>> >>> Would it not be a better interface to the user to instead choose the prog >>> based on section name and then retrieve it via bpf_object__find_program_by_title() >>> instead of prognum (which feels less user friendly) at least? >> >> I couldn't decide which one from: >> * adding a libbpf helper >> * changing the xdp_redirect_cpu behaviour >> >> would be more invasive when I was converting this sample to libbpf >> support. >> >> Your suggestion sounds good, but I'm wondering about the actual >> implementation. I suppose that we would choose the program via >> command line. Some program section names in this sample are a bit >> long and it might be irritating for user to type in for example >> "xdp_cpu_map5_lb_hash_ip_pairs", no? Or maybe we can live with this. >> In case of typo and program being not found it would be good to print >> out the section names to choose from in usage(). > > Please feel free to deprecate or remove the xdp_redirect_cpu --prognum > option. I would prefer if this was indeed converted to selecting the > program based on the name in the _kern.c file, instead of a number. Given this is BPF sample code, there is no need to deprecate, lets just remove --prognum option and add a new one for selection by name. > Listing the avail programs will be helpful, and you can also > shorten/rename the program names. > > For easy of use, consider doing like 'ip' tool from[1] iproute2, and > find the first best matching string. Copy pasted code below signature > for inspiration.
Powered by blists - more mailing lists