Re: run bpf prog w/o sockmap [was: bpf: Add bpf_link support for sk_msg and sk_skb progs]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/4/24 9:41 PM, John Fastabend wrote:


How do you see the interface will look like (e.g. attaching the bpf prog to a sk) ?

I would propse doing it directly with a helper/kfunc from the sockops
programs.

    attach_sk_msg_prog(sk, sk_msg_prog)
    attach_sk_skb_prog(sk, sk_skb_prog)


or the whole 'struct sk_psock_progs'

attach_sk_parser(struct sock *sk, struct sk_psock_progs *progs).




It will be nice if the whole function (e.g. sk->sk_data_ready or may be some of
the sk->sk_prot) can be implemented completely in bpf. I don't have a concrete
use case for now but I think it will be powerful.

Perhaps a data_ready prog could also replace the ops?

    attach_sk_data_ready(sk, sk_msg_data_ready)
Other than sk_data_ready, I am also wondering how much of the 'struct proto' can be written in bpf. For example, the {tcp,udp}_bpf_prots. May be with some help of new kfunc and some of the functions can just use the kernel default one. 


The attach_sk_data_ready could use pretty much the logic we have for
creating psocks but only replace the sk_data_ready callback.


sounds a good idea. Do we need to support detach function or atomic
update function as well? Can each sk has multiple sk_msg_prog programs?


I've not found any use for multiple programs, detach functions, or updating
the psock once its created to be honest. Also why syzbot finds all the bugs
in this space because we unfortunately don't stress this area much. In the
original design I had fresh in my head building hardware load balancers and the
XDP redirect bits so a map seemed natural. Also we didn't have a lot of the
machinery we have now so went with the map. As I noted above the L7 LB
hasn't really got much traction on my side at least not yet.

In reality we've been using sk_msg and sk_skb progs attaching 1:1
with protocols and observing, auditing, adding/removing fields from
data streams.

I would probably suggest for first implementation of a sk msg attach without
maps I would just make it one prog no need for multiple programs and even
skip a detach function. Maybe there is some use for multiple programs but
I would at least keep the detach (and update) program possibility open. Is it still too hard to support them without a map get into the way?
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux