On Mon, Jan 24, 2022 at 10:32 AM Nikolay Aleksandrov <nikolay@xxxxxxxxxx> wrote:
> >
> > +int br_fdb_find_port_from_ifindex(struct xdp_md *xdp_ctx,
> > + struct bpf_fdb_lookup *opt,
> > + u32 opt__sz)
> > +{
> > + struct xdp_buff *ctx = (struct xdp_buff *)xdp_ctx;
> > + struct net_bridge_port *port;
> > + struct net_device *dev;
> > + int ret = -ENODEV;
> > +
> > + BUILD_BUG_ON(sizeof(struct bpf_fdb_lookup) != NF_BPF_FDB_OPTS_SZ);
> > + if (!opt || opt__sz != sizeof(struct bpf_fdb_lookup))
> > + return -ENODEV;
> > +
> > + rcu_read_lock();
> > +
> > + dev = dev_get_by_index_rcu(dev_net(ctx->rxq->dev), opt->ifindex);
> > + if (!dev)
> > + goto out;
imo that is way too much wrapping for an unstable helper.
The dev lookup is not cheap.
With all the extra checks the XDP acceleration gets reduced.
I think it would be better to use kprobe/fentry on bridge
functions that operate on fdb and replicate necessary
data into bpf map.
Then xdp prog would do a single cheap lookup from that map
to figure out 'port'.
