| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Jul 2021 02:58:25 +0530
From: Kumar Kartikeya Dwivedi <memxor@...il.com>
To: bpf@...r.kernel.org
Cc: Kumar Kartikeya Dwivedi <memxor@...il.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
netdev@...r.kernel.org
Subject: [PATCH bpf-next v2 0/8] Improve XDP samples usability and output
This set revamps XDP samples related to redirection to show better output and
implement missing features consolidating all their differences and giving them a
consistent look and feel, by implementing common features and command line
options. Some of the TODO items like reporting redirect error numbers
(ENETDOWN, EINVAL, ENOSPC, etc.) have also been implemented.
Some of the features are:
* Received packet statistics
* xdp_redirect/xdp_redirect_map tracepoint statistics
* xdp_redirect_err/xdp_redirect_map_err tracepoint statistics (with support for
showing exact errno)
* xdp_cpumap_enqueue/xdp_cpumap_kthread tracepoint statistics
* xdp_devmap_xmit tracepoint statistics
* xdp_exception tracepoint statistics
* Per ifindex pair devmap_xmit stats shown dynamically (for xdp_monitor) to
decompose the total.
* Use of BPF skeleton and BPF static linking to share BPF programs.
* Use of vmlinux.h and tp_btf for raw_tracepoint support.
* Removal of redundant -N/--native-mode option (enforced by default now)
* ... and massive cleanups all over the place.
All tracepoints also use raw_tp now, and tracepoints like xdp_redirect
are only enabled when requested explicitly to capture successful redirection
statistics.
The set of programs converted as part of this series are:
* xdp_redirect_cpu
* xdp_redirect_map_multi
* xdp_redirect_map
* xdp_redirect
* xdp_monitor
Explanation of the output:
There is now a concise output mode by default that shows primarily four fields:
rx/s Number of packets received per second
redir/s Number of packets successfully redirected per second
err,drop/s Aggregated count of errors per second (including dropped packets)
xmit/s Number of packets transmitted on the output device per second
Some examples:
; sudo ./xdp_redirect_map veth0 veth1 -s
Redirecting from veth0 (ifindex 15; driver veth) to veth1 (ifindex 14; driver veth)
veth0->veth1 0 rx/s 0 redir/s 0 err,drop/s 0 xmit/s
veth0->veth1 9,998,660 rx/s 9,998,658 redir/s 0 err,drop/s 9,998,654 xmit/s
...
There is also a verbose mode, that can also be enabled by default using -v (--verbose).
The output mode can be switched dynamically at runtime using Ctrl + \ (SIGQUIT).
To make the concise output more useful, the errors that occur are expanded inline
(as if verbose mode was enabled) to let the user pin down the source of the
problem without having to clutter output (or possibly miss it) or always use verbose mode.
For instance, let's consider a case where the output device link state is set to
down while redirection is happening:
[...]
veth0->veth1 24,503,376 rx/s 0 err,drop/s 24,503,372 xmit/s
veth0->veth1 25,044,775 rx/s 0 err,drop/s 25,044,783 xmit/s
veth0->veth1 25,263,046 rx/s 4 err,drop/s 25,263,028 xmit/s
redirect_err 4 error/s
ENETDOWN 4 error/s
[...]
The same holds for xdp_exception actions.
An example of how a complete xdp_redirect_map session would look:
; sudo ./xdp_redirect_map veth0 veth1 -s
Redirecting from veth0 (ifindex 5; driver veth) to veth1 (ifindex 4; driver veth)
veth0->veth1 10,557,813 rx/s 10,557,810 redir/s 0 err,drop/s 10,557,810 xmit/s
veth0->veth1 11,556,537 rx/s 11,556,536 redir/s 0 err,drop/s 11,556,535 xmit/s
^\
veth0->veth1 11,565,356 rx/s 11,565,358 redir/s 0 err,drop/s 11,565,367 xmit/s
receive total 11,565,356 pkt/s 0 drop/s 0 error/s
cpu:0 11,565,356 pkt/s 0 drop/s 0 error/s
redirect total 11,565,358 redir/s
cpu:6 11,565,358 redir/s
redirect_err 0 error/s
xdp_exception 0 hit/s
devmap_xmit total 11,565,367 xmit/s 0 drop/s 0 drv_err/s 2.00 bulk_avg
cpu:6 11,565,367 xmit/s 0 drop/s 0 drv_err/s 2.00 bulk_avg
veth0->veth1 11,554,701 rx/s 11,554,702 redir/s 0 err,drop/s 11,554,701 xmit/s
receive total 11,554,701 pkt/s 0 drop/s 0 error/s
cpu:0 11,554,701 pkt/s 0 drop/s 0 error/s
redirect total 11,554,702 redir/s
cpu:6 11,554,702 redir/s
redirect_err 0 error/s
xdp_exception 0 hit/s
devmap_xmit total 11,554,701 xmit/s 0 drop/s 0 drv_err/s 2.00 bulk_avg
cpu:6 11,554,701 xmit/s 0 drop/s 0 drv_err/s 2.00 bulk_avg
^C
Totals
Packets received : 45,234,407
Average packets/s : 5,654,301
Packets redirected : 45,234,406
Average redir/s : 5,654,301
Rx dropped : 0
Tx dropped : 0
Errors recorded : 0
Packets transmitted : 45,234,413
Average transmit/s : 5,654,302
The xdp_redirect tracepoint (for success stats) needs to be enabled explicitly using --stats/-s.
Changelog:
----------
RFC (v1) -> v2
RFC (v1): https://lore.kernel.org/bpf/20210528235250.2635167-1-memxor@gmail.com
* Address all feedback from Andrii
* Use BPF static linking
* Use vmlinux.h
* Use BPF_PROG macro
* Use global variables instead of maps
* Use of tp_btf for raw_tracepoint progs
* Switch to timerfd for polling
* Use libbpf hashmap for maintaing device sets for per ifindex pair
devmap_xmit stats
* Fix Makefile to specify object dependencies properly
* Use in-tree bpftool
* ... misc fixes and cleanups all over the place
Kumar Kartikeya Dwivedi (8):
samples: bpf: fix a couple of warnings
samples: bpf: Add common infrastructure for XDP samples
samples: bpf: Add BPF support for XDP samples helper
samples: bpf: Convert xdp_monitor to use XDP samples helper
samples: bpf: Convert xdp_redirect to use XDP samples helper
samples: bpf: Convert xdp_redirect_map to use XDP samples helpers
samples: bpf: Convert xdp_redirect_map_multi to use XDP samples
helpers
samples: bpf: Convert xdp_redirect_cpu to use XDP samples helpers
samples/bpf/Makefile | 113 +-
samples/bpf/cookie_uid_helper_example.c | 12 +-
samples/bpf/tracex4_user.c | 2 +-
samples/bpf/xdp_monitor.bpf.c | 8 +
samples/bpf/xdp_monitor_kern.c | 257 ---
samples/bpf/xdp_monitor_user.c | 768 +--------
samples/bpf/xdp_redirect.bpf.c | 52 +
samples/bpf/xdp_redirect_cpu.bpf.c | 561 +++++++
samples/bpf/xdp_redirect_cpu_kern.c | 730 ---------
samples/bpf/xdp_redirect_cpu_user.c | 916 ++---------
samples/bpf/xdp_redirect_kern.c | 90 --
...rect_map_kern.c => xdp_redirect_map.bpf.c} | 75 +-
...ti_kern.c => xdp_redirect_map_multi.bpf.c} | 40 +-
samples/bpf/xdp_redirect_map_multi_user.c | 316 ++--
samples/bpf/xdp_redirect_map_user.c | 385 ++---
samples/bpf/xdp_redirect_user.c | 262 ++--
samples/bpf/xdp_sample.bpf.c | 215 +++
samples/bpf/xdp_sample.bpf.h | 57 +
samples/bpf/xdp_sample_shared.h | 53 +
samples/bpf/xdp_sample_user.c | 1380 +++++++++++++++++
samples/bpf/xdp_sample_user.h | 202 +++
21 files changed, 3277 insertions(+), 3217 deletions(-)
create mode 100644 samples/bpf/xdp_monitor.bpf.c
delete mode 100644 samples/bpf/xdp_monitor_kern.c
create mode 100644 samples/bpf/xdp_redirect.bpf.c
create mode 100644 samples/bpf/xdp_redirect_cpu.bpf.c
delete mode 100644 samples/bpf/xdp_redirect_cpu_kern.c
delete mode 100644 samples/bpf/xdp_redirect_kern.c
rename samples/bpf/{xdp_redirect_map_kern.c => xdp_redirect_map.bpf.c} (62%)
rename samples/bpf/{xdp_redirect_map_multi_kern.c => xdp_redirect_map_multi.bpf.c} (74%)
create mode 100644 samples/bpf/xdp_sample.bpf.c
create mode 100644 samples/bpf/xdp_sample.bpf.h
create mode 100644 samples/bpf/xdp_sample_shared.h
create mode 100644 samples/bpf/xdp_sample_user.c
create mode 100644 samples/bpf/xdp_sample_user.h
--
2.32.0
Powered by blists - more mailing lists