]> git.proxmox.com Git - mirror_iproute2.git/commit - tc/m_bpf.c
projects / mirror_iproute2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 505f918) | patch
tc: built-in eBPF exec proxy
authorDaniel Borkmann <daniel@iogearbox.net>
Thu, 16 Apr 2015 19:20:06 +0000 (21:20 +0200)
committerStephen Hemminger <shemming@brocade.com>
Mon, 27 Apr 2015 23:39:23 +0000 (16:39 -0700)
commit4bd624467bc6f8f6e8b4c676f3dd8ae7593fbe70
tree1548ec475a1fed6286be482101615148ac5a2837tree
parent505f91869f559f492db1afde0b1b4ba8fae9a425commit | diff
tc: built-in eBPF exec proxy

This work follows upon commit 6256f8c9e45f ("tc, bpf: finalize eBPF
support for cls and act front-end") and takes up the idea proposed by
Hannes Frederic Sowa to spawn a shell (or any other command) that holds
generated eBPF map file descriptors.

File descriptors, based on their id, are being fetched from the same
unix domain socket as demonstrated in the bpf_agent, the shell spawned
via execvpe(2) and the map fds passed over the environment, and thus
are made available to applications in the fashion of std{in,out,err}
for read/write access, for example in case of iproute2's examples/bpf/:

  # env | grep BPF
  BPF_NUM_MAPS=3
  BPF_MAP1=6        <- BPF_MAP_ID_QUEUE (id 1)
  BPF_MAP0=5        <- BPF_MAP_ID_PROTO (id 0)
  BPF_MAP2=7        <- BPF_MAP_ID_DROPS (id 2)

  # ls -la /proc/self/fd
  [...]
  lrwx------. 1 root root 64 Apr 14 16:46 0 -> /dev/pts/4
  lrwx------. 1 root root 64 Apr 14 16:46 1 -> /dev/pts/4
  lrwx------. 1 root root 64 Apr 14 16:46 2 -> /dev/pts/4
  [...]
  lrwx------. 1 root root 64 Apr 14 16:46 5 -> anon_inode:bpf-map
  lrwx------. 1 root root 64 Apr 14 16:46 6 -> anon_inode:bpf-map
  lrwx------. 1 root root 64 Apr 14 16:46 7 -> anon_inode:bpf-map

The advantage (as opposed to the direct/native usage) is that now the
shell is map fd owner and applications can terminate and easily reattach
to descriptors w/o any kernel changes. Moreover, multiple applications
can easily read/write eBPF maps simultaneously.

To further allow users for experimenting with that, next step is to add
a small helper that can get along with simple data types, so that also
shell scripts can make use of bpf syscall, f.e to read/write into maps.

Generally, this allows for prepopulating maps, or any runtime altering
which could influence eBPF program behaviour (f.e. different run-time
classifications, skb modifications, ...), dumping of statistics, etc.

Reference: http://thread.gmane.org/gmane.linux.network/357471/focus=357860
Suggested-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
14 files changed:
examples/bpf/bpf_agent.c diff | blob | blame | history
examples/bpf/bpf_prog.c diff | blob | blame | history
tc/Makefile diff | blob | blame | history
tc/e_bpf.c [new file with mode: 0644] blob
tc/f_bpf.c diff | blob | blame | history
tc/m_action.c diff | blob | blame | history
tc/m_bpf.c diff | blob | blame | history
tc/tc.c diff | blob | blame | history
tc/tc_bpf.c diff | blob | blame | history
tc/tc_bpf.h diff | blob | blame | history
tc/tc_common.h diff | blob | blame | history
tc/tc_exec.c [new file with mode: 0644] blob
tc/tc_filter.c diff | blob | blame | history
tc/tc_util.h diff | blob | blame | history
Upstream mirror of iproute2