Re: [PATCH iproute2 -next] tc, bpf: finalize eBPF support for cls and act front-end

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox•net>
To: Hannes Frederic Sowa <hannes@stressinduktion•org>,
	stephen@networkplumber•org
Cc: ast@plumgrid•com, jiri@resnulli•us, tgraf@suug•ch,
	netdev@vger•kernel.org, Jamal Hadi Salim <jhs@mojatatu•com>
Subject: Re: [PATCH iproute2 -next] tc, bpf: finalize eBPF support for cls and act front-end
Date: Thu, 02 Apr 2015 14:08:54 +0200	[thread overview]
Message-ID: <551D3156.9030407@iogearbox.net> (raw)
In-Reply-To: <1427974255.2093319.248499373.05D36231@webmail.messagingengine.com>

On 04/02/2015 01:30 PM, Hannes Frederic Sowa wrote:
> On Thu, Apr 2, 2015, at 12:19, Daniel Borkmann wrote:
>> On 04/02/2015 02:29 AM, Hannes Frederic Sowa wrote:
>>> On Thu, Apr 2, 2015, at 02:24, Daniel Borkmann wrote:
>>>> On 04/02/2015 02:13 AM, Hannes Frederic Sowa wrote:
>>>> ...
>>>>> Maybe a small utility programs like:
>>>>>
>>>>> bpf (--lookup|--update|--delete|--get-next-key) -fd
>>>>> filedescriptor-number (type conversion parameters here) key [value]
>>>>>
>>>>> So it can be easily used by shell scripts.
>>>>>
>>>>> For that the filedescriptor numbers would need to be exported (already
>>>>> opened) into a spawned shell and the numbers could be specified either
>>>>> in environment or just by printing text which can be sourced by shells
>>>>> (we already talked about the maybe exec 5</proc/pid/fd/1234 idea). Seems
>>>>> this can be just build ontop this current patch by extending the
>>>>> bpf-agent you already build, no?
>>>>
>>>> I was thinking about that and trying it out, but as far as I can tell,
>>>> due to the anon inodes that are currently underlying as the fd provider,
>>>> it doesn't work w/o larger kernel changes. So, the file descriptor
>>>> passing
>>>> is currently the only way to transfer control.
>>>
>>> Does receiving them via af_unix and spawning a new shell with the fds
>>> already open work?
>>
>> I'm probably missing something, would that need changes to bash?
>>
>> I mean exec could bind an fd in the shell to sockets and use that,
>> for example ...
>>
>>     exec 3<>/dev/tcp/www.slashdot.org/80
>>     echo -e "GET / HTTP/1.1\r\nhost:
>>     http://www.slashdot.org\r\nConnection: close\r\n\r\n" >&3
>>     cat <&3
>>
>> ... perhaps such a built-in fake device for retrieving bpf map fds
>> might be interesting, e.g. exec 4<>/dev/bpf/<obj-file>/<map-name> if
>> that has been given to bash?
>>
>> Anyway, I think to have some utility for shell scripts, as you
>> suggest, certainly sounds interesting!
>
> All file descriptors will be inherited by exec as long as the O_CLOEXEC
> flag wasn't specified on them. So you can retrieve the fds via af_unix
> and just exec a new shell. The file descriptors will stay open and you
> can pass the numbers of the fds via environment. This wouldn't need
> changes to bash or kernel.

Okay, I will give it a try. Thanks!

next prev parent reply	other threads:[~2015-04-02 12:09 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-30 22:35 [PATCH iproute2 -next] tc, bpf: finalize eBPF support for cls and act front-end Daniel Borkmann
2015-04-01  5:16 ` Alexei Starovoitov
2015-04-01  8:48   ` Daniel Borkmann
2015-04-01 12:36 ` Jamal Hadi Salim
2015-04-01 14:13   ` Daniel Borkmann
2015-04-01 22:30     ` Thomas Graf
2015-04-08 11:58       ` Jamal Hadi Salim
2015-04-02  0:13 ` Hannes Frederic Sowa
2015-04-02  0:24   ` Daniel Borkmann
2015-04-02  0:29     ` Hannes Frederic Sowa
2015-04-02 10:19       ` Daniel Borkmann
2015-04-02 11:30         ` Hannes Frederic Sowa
2015-04-02 12:08           ` Daniel Borkmann [this message]
2015-04-02 16:14             ` Alexei Starovoitov
2015-04-02 18:38               ` Daniel Borkmann
2015-04-02 12:10           ` Thomas Graf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=551D3156.9030407@iogearbox.net \
    --to=daniel@iogearbox$(echo .)net \
    --cc=ast@plumgrid$(echo .)com \
    --cc=hannes@stressinduktion$(echo .)org \
    --cc=jhs@mojatatu$(echo .)com \
    --cc=jiri@resnulli$(echo .)us \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=stephen@networkplumber$(echo .)org \
    --cc=tgraf@suug$(echo .)ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox