On 05/20/2018 03:58 PM, Mathieu Xhonneux wrote: > As of Linux 4.14, it is possible to define advanced local processing for > IPv6 packets with a Segment Routing Header through the seg6local LWT > infrastructure. This LWT implements the network programming principles > defined in the IETF “SRv6 Network Programming” draft. > > The implemented operations are generic, and it would be very interesting to > be able to implement user-specific seg6local actions, without having to > modify the kernel directly. To do so, this patchset adds an End.BPF action > to seg6local, powered by some specific Segment Routing-related helpers, > which provide SR functionalities that can be applied on the packet. This > BPF hook would then allow to implement specific actions at native kernel > speed such as OAM features, advanced SR SDN policies, SRv6 actions like > Segment Routing Header (SRH) encapsulation depending on the content of > the packet, etc. > > This patchset is divided in 6 patches, whose main features are : > > - A new seg6local action End.BPF with the corresponding new BPF program > type BPF_PROG_TYPE_LWT_SEG6LOCAL. Such attached BPF program can be > passed to the LWT seg6local through netlink, the same way as the LWT > BPF hook operates. > - 3 new BPF helpers for the seg6local BPF hook, allowing to edit/grow/ > shrink a SRH and apply on a packet some of the generic SRv6 actions. > - 1 new BPF helper for the LWT BPF IN hook, allowing to add a SRH through > encapsulation (via IPv6 encapsulation or inlining if the packet contains > already an IPv6 header). > > As this patchset adds a new LWT BPF hook, I took into account the result of > the discussions when the LWT BPF infrastructure got merged. Hence, the > seg6local BPF hook doesn’t allow write access to skb->data directly, only > the SRH can be modified through specific helpers, which ensures that the > integrity of the packet is maintained. > More details are available in the related patches messages. > > The performances of this BPF hook have been assessed with the BPF JIT > enabled on an Intel Xeon X3440 processors with 4 cores and 8 threads > clocked at 2.53 GHz. No throughput losses are noted with the seg6local > BPF hook when the BPF program does nothing (440kpps). Adding a 8-bytes > TLV (1 call each to bpf_lwt_seg6_adjust_srh and bpf_lwt_seg6_store_bytes) > drops the throughput to 410kpps, and inlining a SRH via > bpf_lwt_seg6_action drops the throughput to 420kpps. > All throughputs are stable. > > ------- > v2: move the SRH integrity state from skb->cb to a per-cpu buffer > v3: - document helpers in man-page style > - fix kbuild bugs > - un-break BPF LWT out hook > - bpf_push_seg6_encap is now static > - preempt_enable is now called when the packet is dropped in > input_action_end_bpf > v4: fix kbuild bugs when CONFIG_IPV6=m > v5: fix kbuild sparse warnings when CONFIG_IPV6=m > v6: fix skb pointers-related bugs in helpers > v7: - fix memory leak in error path of End.BPF setup > - add freeing of BPF data in seg6_local_destroy_state > - new enums SEG6_LOCAL_BPF_* instead of re-using ones of lwt bpf for > netlink nested bpf attributes > - SEG6_LOCAL_BPF_PROG attr now contains prog->aux->id when dumping > state > > Thanks. > > Mathieu Xhonneux (6): > ipv6: sr: make seg6.h includable without IPv6 > ipv6: sr: export function lookup_nexthop > bpf: Add IPv6 Segment Routing helpers > bpf: Split lwt inout verifier structures > ipv6: sr: Add seg6local action End.BPF > selftests/bpf: test for seg6local End.BPF action > > include/linux/bpf_types.h | 5 +- > include/net/seg6.h | 7 +- > include/net/seg6_local.h | 32 ++ > include/uapi/linux/bpf.h | 97 ++++- > include/uapi/linux/seg6_local.h | 12 + > kernel/bpf/verifier.c | 1 + > net/core/filter.c | 393 ++++++++++++++++--- > net/ipv6/Kconfig | 5 + > net/ipv6/seg6_local.c | 190 +++++++++- > tools/include/uapi/linux/bpf.h | 97 ++++- > tools/lib/bpf/libbpf.c | 1 + > tools/testing/selftests/bpf/Makefile | 6 +- > tools/testing/selftests/bpf/bpf_helpers.h | 12 + > tools/testing/selftests/bpf/test_lwt_seg6local.c | 437 > ++++++++++++++++++++++ > tools/testing/selftests/bpf/test_lwt_seg6local.sh | 140 +++++++ > 15 files changed, 1363 insertions(+), 72 deletions(-) > create mode 100644 include/net/seg6_local.h > create mode 100644 tools/testing/selftests/bpf/test_lwt_seg6local.c > create mode 100755 tools/testing/selftests/bpf/test_lwt_seg6local.sh
Applied to bpf-next, thanks Mathieu!
