Lorenzo Bianconi <lorenzo@xxxxxxxxxx> writes:
>> On Mon, Jan 24, 2022 at 10:32 AM Nikolay Aleksandrov <nikolay@xxxxxxxxxx> wrote:
>> > >
>> > > +int br_fdb_find_port_from_ifindex(struct xdp_md *xdp_ctx,
>> > > + struct bpf_fdb_lookup *opt,
>> > > + u32 opt__sz)
>> > > +{
>> > > + struct xdp_buff *ctx = (struct xdp_buff *)xdp_ctx;
>> > > + struct net_bridge_port *port;
>> > > + struct net_device *dev;
>> > > + int ret = -ENODEV;
>> > > +
>> > > + BUILD_BUG_ON(sizeof(struct bpf_fdb_lookup) != NF_BPF_FDB_OPTS_SZ);
>> > > + if (!opt || opt__sz != sizeof(struct bpf_fdb_lookup))
>> > > + return -ENODEV;
>> > > +
>> > > + rcu_read_lock();
>> > > +
>> > > + dev = dev_get_by_index_rcu(dev_net(ctx->rxq->dev), opt->ifindex);
>> > > + if (!dev)
>> > > + goto out;
>>
>> imo that is way too much wrapping for an unstable helper.
>> The dev lookup is not cheap.
>>
>> With all the extra checks the XDP acceleration gets reduced.
>> I think it would be better to use kprobe/fentry on bridge
>> functions that operate on fdb and replicate necessary
>> data into bpf map.
>> Then xdp prog would do a single cheap lookup from that map
>> to figure out 'port'.
>
> ack, right. This is a very interesting approach. I will investigate
> it. Thanks.
I think it would be interesting to try both, and compare their
performance. I'm a bit sceptical about Alexei's assertion that
dev_get_by_index_rcu() is that expensive: we do such a lookup in the XDP
redirect code when using the non-map bpf_redirect() helper, and I have
not been able to measure a significant performance difference between
the map and non-map variants (after we added bulking to the latter).
If looking up devices by ifindex does turn out to be too expensive,
maybe what we really need is a way to pass around 'struct net_device'
pointers to BPF helpers, so a given BPF program only has to do the
lookup once if it's calling multiple dev-based helpers? I think this
should be doable with BTF, no?
-Toke
