lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 1 Mar 2019 12:38:44 -0800
From:   brakmo <brakmo@...com>
To:     netdev <netdev@...r.kernel.org>
CC:     Martin Lau <kafai@...com>, Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <Kernel-team@...com>
Subject: [PATCH v3 bpf-next 0/5] bpf: Host Bandwidth Manager (HBM)

Host Bandwidth Manager is a framework for limiting the bandwidth used
by v2 cgroups. It consists of 1 BPF helper, a sample BPF program to
limit egress bandwdith as well as a sample user program and script to
simplify HBM testing.

The sample HBM BPF program is not meant to be production quality, it is
provided as proof of concept. A lot more information, including sample
runs in some cases, are provided in the commit messages of the individual
patches.

A future patch will add support for reducing TCP's cwnd (we are evaluating
alternatives). Another patch will add support for fair queueing's Earliest
Departure Time. Until then, HBM is better suited for flows supporitng ECN.

In addition, A BPF program to limit ingress bandwidth will be provided in
an upcomming patchset.

Changes from v1 to v2:
  * bpf_tcp_enter_cwr can only be called from a cgroup skb egress BPF
    program (otherwise load or attach will fail) where we already hold
    the sk lock. Also only applies for ESTABLISHED state.
  * bpf_skb_ecn_set_ce uses INET_ECN_set_ce()
  * bpf_tcp_check_probe_timer now uses tcp_reset_xmit_timer. Can only be
    used by egress cgroup skb programs.
  * removed load_cg_skb user program.
  * nrm bpf egress program checks packet header in skb to determine
    ECN value. Now also works for ECN enabled UDP packets.
    Using ECN_ defines instead of integers.
  * NRM script test program now uses bpftool instead of load_cg_skb

Changes from v2 to v3:
  * Changed name from NRM (Network Resource Manager) to HBM (Host
    Bandwdith Manager)
  * The bpf helper to set ECN ce now checks that the header is writeable
  * Removed helper bpf functions that modified TCP state due to a concern
    about whether the socket is locked by the current thread.

brakmo (5):
  bpf: add bpf helper bpf_skb_ecn_set_ce
  bpf: sync bpf.h to tools and update bpf_helpers.h
  bpf: Sample HBM BPF program to limit egress bw
  bpf: User program for testing HBM
  bpf: HBM test script

 include/uapi/linux/bpf.h                  |  10 +-
 net/core/filter.c                         |  28 ++
 samples/bpf/Makefile                      |   5 +
 samples/bpf/do_hbm_test.sh                | 436 +++++++++++++++++++++
 samples/bpf/hbm.c                         | 441 ++++++++++++++++++++++
 samples/bpf/hbm.h                         |  31 ++
 samples/bpf/hbm_kern.h                    | 137 +++++++
 samples/bpf/hbm_out_kern.c                | 157 ++++++++
 tools/include/uapi/linux/bpf.h            |  10 +-
 tools/testing/selftests/bpf/bpf_helpers.h |   2 +
 10 files changed, 1255 insertions(+), 2 deletions(-)
 create mode 100755 samples/bpf/do_hbm_test.sh
 create mode 100644 samples/bpf/hbm.c
 create mode 100644 samples/bpf/hbm.h
 create mode 100644 samples/bpf/hbm_kern.h
 create mode 100644 samples/bpf/hbm_out_kern.c

-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ