lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 29 Jan 2023 23:14:18 +0100
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Jamal Hadi Salim <jhs@...atatu.com>,
        Willem de Bruijn <willemb@...gle.com>
Cc:     Stanislav Fomichev <sdf@...gle.com>,
        Jamal Hadi Salim <hadi@...atatu.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        kernel@...atatu.com, deb.chatterjee@...el.com,
        anjali.singhai@...el.com, namrata.limaye@...el.com,
        khalidm@...dia.com, tom@...anda.io, pratyush@...anda.io,
        xiyou.wangcong@...il.com, davem@...emloft.net, edumazet@...gle.com,
        pabeni@...hat.com, vladbu@...dia.com, simon.horman@...igine.com,
        stefanc@...vell.com, seong.kim@....com, mattyk@...dia.com,
        dan.daly@...el.com, john.andy.fingerhut@...el.com
Subject: Re: [PATCH net-next RFC 00/20] Introducing P4TC

Jamal Hadi Salim <jhs@...atatu.com> writes:

>> > We use the skip_sw and skip_hw knobs in tc to indicate whether a
>> > policy is targeting hw or sw. Not sure if you are familiar with it but its
>> > been around (and deployed) for a few years now. So a P4 program
>> > policy can target either.
>>
>> I know. So the only reason the kernel ABI needs to be extended with P4
>> objects is to be able to pass the same commands to hardware. The whole
>> kernel dataplane could be implemented as a BPF program, correct?
>>
>
> It's more than an ABI (although that is important as well).
> It is about reuse of the infra which provides a transparent symbiosis
> between hardware offload and software that has matured over time: For
> example, you can take a pipeline or a table or actions (lately) and
> split them between hardware and software transparently, etc. To
> re-iterate, we are reusing and plugging into a proven and deployed
> mechanism which enables our goal (of HW + SW scripting of arbitrary
> P4-enabled datapaths which are functionally equivalent).

But you're doing this in a way that completely ignores the existing
ecosystem for creating programmable software datapaths in the kernel
(i.e., eBPF/XDP) in favour of adding *yet another* interpreter to the
kernel.

In particular, completely excluding the XDP from this is misguided.
Programmable networking in Linux operates at three layers:

- HW: for stuff that's supported and practical there
- XDP: software fast-path for high-performance bits that can't go into HW
- TC/rest of stack: SW slow path for functional equivalence

I can see P4 playing a role as a higher-level data plane definition
language even for Linux SW stacks, but let's have it integrate with the
full ecosystem, not be its own little island in a corner...

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ