Re: [RFC -next v0 1/3] bpf: modular maps

From: Aaron Conole
Date: Wed Nov 28 2018 - 13:51:51 EST

Next message: Trent Piepho: "Re: [PATCH] pci: imx6: support kernels built in Thumb-2 mode"
Previous message: David Miller: "Re: [PATCH] amd-xgbe: set skb to NULL after freeing it"
In reply to: Alexei Starovoitov: "Re: [RFC -next v0 1/3] bpf: modular maps"
Next in thread: Alexei Starovoitov: "Re: [RFC -next v0 1/3] bpf: modular maps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes:

> On Tue, Nov 27, 2018 at 09:24:05AM -0500, Aaron Conole wrote:
>>
>> 1. Introduce flowmap again, this time, basically having it close to a
>> copy of the hashmap. Introduce a few function calls that allow an
>> external module to easily manipulate all maps of that type to insert
>> / remove / update entries. This makes it similar to, for example,
>> devmap.
>
> what is a flowmap?
> How is this flowmap different from existing hash, lpm and lru maps?

The biggest difference is how relationship works. Normal map would
have single key and single value. Flow map needs to have two keys
"single-value," because there are two sets of flow tuples to track
(forward and reverse direction). That means that when updating the k-v
pairs, we need to ensure that the data is always consistent and up to
date. Probably we could do that with the existing maps if we had some
kind of allocation mechanism, too (so, keep a pointer to data from two
keys - not sure if there's a way to do that in ebpf)?

Still I need a way to get the conntrack information from netfilter (or
really any other entity that will provide it) into the bpf map, whatever
map type it takes.

> 'close to a copy of hashmap'... why hashmap is not enough for your purpose?

It might be (see the item 2. in that list). I'm trying to allow
netfilter conntrack to update the bpf map so that the flow offload data
is available, and make sure that when I look up a 5-tuple from the
bpf program in the map, I get the appropriate flow-offload data (ie:
forward direction addresses could be different from reverse direction so
just swapping addresses / ports will not match). Like I wrote in the
cover letter (but probably poorly, sorry for that), I want to forward
packets into the stack until a connection is added to the table, and
then push the packets directly to the places they need to go, doing the
nat etc. That lets us use xdp as a fast forwarding path for
connections, getting all of the advantage of helper modules to do the
control / parsing, and all the advantage of xdp for packet movement.

Maybe I don't see a better solution, though - or possibly there's a more
generic approach that works better.

Next message: Trent Piepho: "Re: [PATCH] pci: imx6: support kernels built in Thumb-2 mode"
Previous message: David Miller: "Re: [PATCH] amd-xgbe: set skb to NULL after freeing it"
In reply to: Alexei Starovoitov: "Re: [RFC -next v0 1/3] bpf: modular maps"
Next in thread: Alexei Starovoitov: "Re: [RFC -next v0 1/3] bpf: modular maps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]