From: Stephen Hemminger <stephen@networkplumber•org>
To: Daniel Borkmann <daniel@iogearbox•net>
Cc: hannes@stressinduktion•org, ast@plumgrid•com, netdev@vger•kernel.org
Subject: Re: [PATCH iproute2 -next v2] tc: built-in eBPF exec proxy
Date: Mon, 27 Apr 2015 16:41:44 -0700 [thread overview]
Message-ID: <20150427164144.2d7279ef@urahara> (raw)
In-Reply-To: <d41d6003521cbb231112e4a78c10cb8c07f05cc2.1429211530.git.daniel@iogearbox.net>
On Thu, 16 Apr 2015 21:20:06 +0200
Daniel Borkmann <daniel@iogearbox•net> wrote:
> This work follows upon commit 6256f8c9e45f ("tc, bpf: finalize eBPF
> support for cls and act front-end") and takes up the idea proposed by
> Hannes Frederic Sowa to spawn a shell (or any other command) that holds
> generated eBPF map file descriptors.
>
> File descriptors, based on their id, are being fetched from the same
> unix domain socket as demonstrated in the bpf_agent, the shell spawned
> via execvpe(2) and the map fds passed over the environment, and thus
> are made available to applications in the fashion of std{in,out,err}
> for read/write access, for example in case of iproute2's examples/bpf/:
>
> # env | grep BPF
> BPF_NUM_MAPS=3
> BPF_MAP1=6 <- BPF_MAP_ID_QUEUE (id 1)
> BPF_MAP0=5 <- BPF_MAP_ID_PROTO (id 0)
> BPF_MAP2=7 <- BPF_MAP_ID_DROPS (id 2)
>
> # ls -la /proc/self/fd
> [...]
> lrwx------. 1 root root 64 Apr 14 16:46 0 -> /dev/pts/4
> lrwx------. 1 root root 64 Apr 14 16:46 1 -> /dev/pts/4
> lrwx------. 1 root root 64 Apr 14 16:46 2 -> /dev/pts/4
> [...]
> lrwx------. 1 root root 64 Apr 14 16:46 5 -> anon_inode:bpf-map
> lrwx------. 1 root root 64 Apr 14 16:46 6 -> anon_inode:bpf-map
> lrwx------. 1 root root 64 Apr 14 16:46 7 -> anon_inode:bpf-map
>
> The advantage (as opposed to the direct/native usage) is that now the
> shell is map fd owner and applications can terminate and easily reattach
> to descriptors w/o any kernel changes. Moreover, multiple applications
> can easily read/write eBPF maps simultaneously.
>
> To further allow users for experimenting with that, next step is to add
> a small helper that can get along with simple data types, so that also
> shell scripts can make use of bpf syscall, f.e to read/write into maps.
>
> Generally, this allows for prepopulating maps, or any runtime altering
> which could influence eBPF program behaviour (f.e. different run-time
> classifications, skb modifications, ...), dumping of statistics, etc.
>
> Reference: http://thread.gmane.org/gmane.linux.network/357471/focus=357860
> Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion•org>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox•net>
> Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion•org>
> Acked-by: Alexei Starovoitov <ast@plumgrid•com>
Cool but a little hard to explain and awkward to use.
I see no reason not to put it in, might be useful and doesn't interfere
with basic usage.
This will go in for 4.1 version of iproute2.
next prev parent reply other threads:[~2015-04-27 23:41 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-16 19:20 [PATCH iproute2 -next v2] tc: built-in eBPF exec proxy Daniel Borkmann
2015-04-27 23:41 ` Stephen Hemminger [this message]
2015-04-28 7:45 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150427164144.2d7279ef@urahara \
--to=stephen@networkplumber$(echo .)org \
--cc=ast@plumgrid$(echo .)com \
--cc=daniel@iogearbox$(echo .)net \
--cc=hannes@stressinduktion$(echo .)org \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox