| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 May 2021 12:00:05 +0200
From: Magnus Karlsson <magnus.karlsson@...il.com>
To: Jesper Dangaard Brouer <brouer@...hat.com>
Cc: Xuan Zhuo <xuanzhuo@...ux.alibaba.com>,
Eelco Chaudron <echaudro@...hat.com>,
Lorenzo Bianconi <lorenzo.bianconi@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Björn Töpel <bjorn@...nel.org>,
Magnus Karlsson <magnus.karlsson@...el.com>,
Jonathan Lemon <jonathan.lemon@...il.com>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
John Fastabend <john.fastabend@...il.com>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
KP Singh <kpsingh@...nel.org>,
Willem de Bruijn <willemb@...gle.com>,
Xie He <xie.he.0141@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
John Ogness <john.ogness@...utronix.de>,
Wang Hai <wanghai38@...wei.com>,
Tanner Love <tannerlove@...gle.com>,
Eyal Birger <eyal.birger@...il.com>,
Menglong Dong <dong.menglong@....com.cn>,
Network Development <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next] xsk: support AF_PACKET
On Fri, May 28, 2021 at 11:52 AM Jesper Dangaard Brouer
<brouer@...hat.com> wrote:
>
> On Fri, 28 May 2021 17:02:01 +0800
> Xuan Zhuo <xuanzhuo@...ux.alibaba.com> wrote:
>
> > On Fri, 28 May 2021 10:55:58 +0200, Toke Høiland-Jørgensen <toke@...hat.com> wrote:
> > > Xuan Zhuo <xuanzhuo@...ux.alibaba.com> writes:
> > >
> > > > In xsk mode, users cannot use AF_PACKET(tcpdump) to observe the current
> > > > rx/tx data packets. This feature is very important in many cases. So
> > > > this patch allows AF_PACKET to obtain xsk packages.
> > >
> > > You can use xdpdump to dump the packets from the XDP program before it
> > > gets redirected into the XSK:
> > > https://github.com/xdp-project/xdp-tools/tree/master/xdp-dump
> >
> > Wow, this is a good idea.
>
> Yes, it is rather cool (credit to Eelco). Notice the extra info you
> can capture from 'exit', like XDP return codes, if_index, rx_queue.
>
> The tool uses the perf ring-buffer to send/copy data to userspace.
> This is actually surprisingly fast, but I still think AF_XDP will be
> faster (but it usually 'steals' the packet).
>
> Another (crazy?) idea is to extend this (and xdpdump), is to leverage
> Hangbin's recent XDP_REDIRECT extension e624d4ed4aa8 ("xdp: Extend
> xdp_redirect_map with broadcast support"). We now have a
> xdp_redirect_map flag BPF_F_BROADCAST, what if we create a
> BPF_F_CLONE_PASS flag?
>
> The semantic meaning of BPF_F_CLONE_PASS flag is to copy/clone the
> packet for the specified map target index (e.g AF_XDP map), but
> afterwards it does like veth/cpumap and creates an SKB from the
> xdp_frame (see __xdp_build_skb_from_frame()) and send to netstack.
> (Feel free to kick me if this doesn't make any sense)
This would be a smooth way to implement clone support for AF_XDP. If
we had this and someone added AF_XDP support to libpcap, we could both
capture AF_XDP traffic with tcpdump (using this clone functionality in
the XDP program) and speed up tcpdump for dumping traffic destined for
regular sockets. Would that solve your use case Xuan? Note that I have
not looked into the BPF_F_CLONE_PASS code, so do not know at this
point what it would take to support this for XSKMAPs.
> --
> Best regards,
> Jesper Dangaard Brouer
> MSc.CS, Principal Kernel Engineer at Red Hat
> LinkedIn: http://www.linkedin.com/in/brouer
>
Powered by blists - more mailing lists