Re: [iovisor-dev] How to get function param in kretprobe bpf program? #bcc #pragma
On Fri, Aug 7, 2020 at 11:31 AM, Andrii Nakryiko wrote: > > You can't do it reliably with kretprobe. kretprobe is executed right > before the function is exiting, by that time all the registers that > contained input parameters could have been used for something else. So > you got lucky with struct sock * here, but as a general rule you > shouldn't rely on this. You either have to pair kprobe with kretprobe > and store input arguments, or take a look at fexit program type, it is > just like kretprobe, but faster and guarantees input arguments are > preserved. Thanks for reply. It seems fexit it a new feature and I'm using linux v4.15, so fexit can't help here. kretprobe with kprobe is an option and I've found a lot examples in bbc, but I am also wondering if it is always right to use pid_tgid as key to store params and get it from kretprobe. I am wondering if there is a chance that following case would happen: 0. attach kprobe program in tcp_set_state, store params in HASHMAP using pid_tgid as key; attach kretprobe in tcp_set_state, lookup params using pid_tgid 1. kprobe program triggered twice with same pid_tgid before kretprobe executed, so can only get the last params I have this concern because I'm using golang and the two goroutines may map to one thread in kernel. If one goroutine gets interrupted when executing tcp_set_state, another one would have a chance to execute tcp_set_state with the same pid_tgid. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1886): https://lists.iovisor.org/g/iovisor-dev/message/1886 Mute This Topic: https://lists.iovisor.org/mt/76044869/21656 Mute #pragma: https://lists.iovisor.org/g/iovisor+iovisor-dev/mutehashtag/pragma Mute #bcc: https://lists.iovisor.org/g/iovisor+iovisor-dev/mutehashtag/bcc Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] How to get function param in kretprobe bpf program? #bcc #pragma
When using kprobe in bcc, I can get param directly like ` *int kprobe__tcp_set_state( struct pt_regs *ctx, struct sock *sk, int state)* ` But it seems not to work in kretprobe, I've found that I can get first param by using `struct sock *sk = (void*)ctx->bx` but I can't get the second param through `ctx->cx`. Am I get the wrong register? I'm in x86-64 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1884): https://lists.iovisor.org/g/iovisor-dev/message/1884 Mute This Topic: https://lists.iovisor.org/mt/76044869/21656 Mute #bcc: https://lists.iovisor.org/g/iovisor+iovisor-dev/mutehashtag/bcc Mute #pragma: https://lists.iovisor.org/g/iovisor+iovisor-dev/mutehashtag/pragma Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] Performance with sockhash in istio/k8s
Cilium has an idea to accelerate packet forward performance using sockops &
sockhash when using istio service mesh, the code is here (
https://github.com/cilium/cilium/tree/master/bpf/sockops ). But this function
is heavily coupling with cilium codebase so I would like to extract the
sockhash part from cilium. I find a demo code
https://github.com/zachidan/ebpf-sockops and try to see if it really improve
the performance. My test case is from
https://github.com/istio/tools/tree/master/perf/benchmark. In this case, I
setup two pods, fortio client and fortio server. And generate packet from
client using kubectl -n $NAMESPACE exec -it $client_pod -- fortio load -c 1
-qps 1 -t 30s -a -r 0.5 -httpbufferkb=128
"http://$server_svc_ip:8080/echo?size=1024; , the qps *decrease* sharply from
6k to 200+ when apply sockmap prog. If I enter into the server pod and test
using fortio load -c 1 -qps 1 -t 30s -a -r 0.5 -httpbufferkb=128 "
http://127.0.0.1:8080/echo?size=1024 " , the qps *increase* from 6k to 9k.
In addition, I also override the bpf_redir function which always return SK_PASS
and not call msg_redirect_hash , __section("sk_msg")
int bpf_redir_proxy(struct sk_msg_md *msg)
{
if (1)
return SK_PASS;
...
...
} and the qps also about 200+, so I think it is because the call to
bpf_redir_proxy is expensive so the qps descrease sharply?
I also enter into the fortio server container and running test using fortio
load -c 1 -qps 1 -t 30s -a -r 0.5 -httpbufferkb=128 "
http://172.16.2.70:8080/echo?size=1024 " , here the ip 172.16.2.70 is the
server IP(local ip), the result shows also 200+ qps…In this case, packet from
client wiil first be redirected to envoy proxy, then the envoy proxy will send
the packet to the server with dst address 127.0.0.1:8080
Why would this happen? How should I debug this? Need your help
Thanks,
forrest chen
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1788): https://lists.iovisor.org/g/iovisor-dev/message/1788
Mute This Topic: https://lists.iovisor.org/mt/34287210/21656
Group Owner: iovisor-dev+ow...@lists.iovisor.org
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] Does bpf_redirect_map support redirect packet to bridge device or veth which master is a bridge?
[Edited Message Follows] Hi all, I attach an XDP prog(SKB mode) to host net device(enp0s9) and the prog will redirect packet to veth device. If there's only veth device, I can redirect packet into netns through veth device in host, but if the veth device is attached in a bridge device, the redirect will fail(bpf_redirect_map return XDP_REDIRECT but no packet found in netns). My sample code is here ( https://gist.github.com/ChenLingPeng/dcb8d03eabaf10c8458da76e73496c2b ) The network topo shows below note1: that if a remove br1, I can redirect successfully. note2: currently our k8s network mode has bridge device to forword packet. If bridge will make xdp not work, I have to consider to eliminate the bridge. note3: I have test this sample in both 4.18 and 5.0.0, both of them failed. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1772): https://lists.iovisor.org/g/iovisor-dev/message/1772 Mute This Topic: https://lists.iovisor.org/mt/32778941/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] Does bpf_redirect_map support redirect packet to bridge device or veth which master is a bridge?
Hi all, I attach an XDP prog(SKB mode) to host net device(enp0s9) and the prog will redirect packet to veth device. If there's only veth device, I can redirect packet into netns through veth device in host, but if the veth device is attached in a bridge device, the redirect will fail(bpf_redirect_map return XDP_REDIRECT but no packet found in netns). My sample code is here ( https://gist.github.com/ChenLingPeng/dcb8d03eabaf10c8458da76e73496c2b ) The network topo shows below note that if a remove br1, I can redirect successfully. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1772): https://lists.iovisor.org/g/iovisor-dev/message/1772 Mute This Topic: https://lists.iovisor.org/mt/32778941/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] sockmap redirect doesn't work all the time
Hi Ferenc, I think sock_ops is a good option for me, it seems the cilium project also use this to accelerate networks. > > All of your curl request successfully establish his TCP connection? If > there are some connection reset failure, maybe you could increase > net.somaxconn and the backlog size of the listener socket. Yes, all TCP connection established. There're no connection pressures and I send curl requests manually. Thanks, Forrest chen -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1768): https://lists.iovisor.org/g/iovisor-dev/message/1768 Mute This Topic: https://lists.iovisor.org/mt/32229403/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] the size of BPF_MAP_TYPE_PERCPU_ARRAY doesn't match the number of CPU
On Thu, Aug 1, 2019 at 07:16 PM, Yonghong Song wrote: > > I guess you mean value size. here. > When you got the values from kernel, the value size is rounded to 8. See > https://github.com/torvalds/linux/blob/master/kernel/bpf/arraymap.c#L81 > > So if you use 64bit value size, you will get correct value. > If you use 32bit value size, you should iterate through with int64_t > size, but only read the first 4 bytes for each iteration. Thank you, Yonghong Song -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1760): https://lists.iovisor.org/g/iovisor-dev/message/1760 Mute This Topic: https://lists.iovisor.org/mt/32664687/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] the size of BPF_MAP_TYPE_PERCPU_ARRAY doesn't match the number of CPU
map defined:
struct bpf_map_def SEC("maps/protocount") proto_count = {
.type = BPF_MAP_TYPE_PERCPU_ARRAY,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 1,
}; userspace code:
int32_t * allocArray(size_t ln) { return (int32_t*) malloc(ln *
sizeof(int32_t)); }
void sum(int32_t* arr, size_t ln, void* sum) {
int32_t* s = (int32_t*)sum;
int i=0;
for(i=0;ihttps://lists.iovisor.org/g/iovisor-dev/message/1758
Mute This Topic: https://lists.iovisor.org/mt/32664687/21656
Group Owner: iovisor-dev+ow...@lists.iovisor.org
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] the size of BPF_MAP_TYPE_PERCPU_ARRAY doesn't match the number of CPU
Hi all, I define a BPF_MAP_TYPE_PERCPU_ARRAY and use it to count packets in the xdp program. When I read the map from userspace program, I find that the entry number doesn't match local CPU numbers. I have 2 CPUs in my VM, but the count result appear in index 0 and 2, my expectation is index 0 and 1. So why the counting result always appear in index 0 and 2 (or CPU 0 and 2), even when my VM only have 2 cores. Does it because I run the program in VM? Thanks, forrest chen -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1756): https://lists.iovisor.org/g/iovisor-dev/message/1756 Mute This Topic: https://lists.iovisor.org/mt/32664687/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] sockmap redirect doesn't work all the time
Hi Ferenc: The packets are really small, I just send a curl get request. Sometimes I can receive the packets from my program, I think it is because the packets arrive before I set the socket desc so the bpf program doesn't work for that and I have to handle these packets in userspace. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1754): https://lists.iovisor.org/g/iovisor-dev/message/1754 Mute This Topic: https://lists.iovisor.org/mt/32229403/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] sockmap redirect doesn't work all the time
Hi all, Recently I've been testing with ebpf sockmap. I know that after setting the sock fd in sockmap, the data send to this socket can redirect to another socket that register in the sockmap. I rewrite an example based on https://github.com/dippynark/bpf-sockmap and find something unexpected. In my example, my program(an LB instance with sockmap support to redirect data from client to the backend real server) will accept a connection from client and build a new connection to real server. Than set both the two sock fds to sockmap and the verdict program will redirect packet from one socket to another. I find that some packets are not handled by sockmap if the packet arrived before I set sock fd. So I have to read the packets from my program and send it out to the real server. In my expectation, I think that after set sockfd to sockmap, all packets should be handled by parser/verdict ebpf functions and should not read any data from userspace, even if the packet received before the sock fd. But it seems I'm wrong... If the description above is as expected, in what scenario I could use the sockmap since it doesn't make sure all packet handled by ebpf redirect. Or if I am wrong, or using the sockmap in the wrong way/scenario, please point this out Thanks, Forrest Chen -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1730): https://lists.iovisor.org/g/iovisor-dev/message/1730 Mute This Topic: https://lists.iovisor.org/mt/32229403/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] Performance of veth XDP
On Wed, Jun 12, 2019 at 09:31 PM, Toshiaki Makita wrote: > > I cannot reproduce it. > Is it an XDP-related problem? What happens if you use bridge in place of > XDP_REDIRECT? > Did you collect tcpdump result in server-side? > Also how about checking "ethtool -S" and "nstat" (not netstat) > periodically? Thanks. I have tested in non-XDP mode and the problem also happen. It maybe a netperf bug... -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1725): https://lists.iovisor.org/g/iovisor-dev/message/1725 Mute This Topic: https://lists.iovisor.org/mt/32038988/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] Performance of veth XDP
In https://lists.iovisor.org/g/iovisor-dev/topic/how_to_make_redirect_map/31867035 I have built up an environment to make veth+XDP work. There're some question when I do some performance test 1. When I do a performance test using iperf, I found that the test result with xdp is nearly the same as without xdp. I guess maybe it is because in xdp I have to turn off de tx offload. So my question is why the xdp would affect the veth tx offload? 2. When I test using netperf with TCP_CRR type, I find that after some connection test, the test will be blocked. After debug with tcpdump & netstat, I find that the last connection in client-side enter into FIN_WAIT2 state, the tcpdump result for normal and abnormal connection show in gist ( https://gist.github.com/ChenLingPeng/50f02a1c6f6e4e5a195206f60baece14 ). Every normal connection has 10 records but the blocked abnormal connection has only 8 records. And the sequence of the first 8 records is different. I have no idea why this would happen since what I do is just redirect packets. DO anyone have any ideas? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1716): https://lists.iovisor.org/g/iovisor-dev/message/1716 Mute This Topic: https://lists.iovisor.org/mt/32038988/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] how to make redirect_map work?
On Mon, Jun 3, 2019 at 02:53 AM, Toshiaki Makita wrote: > > You should not need SKB mode on kernel 5.0. > Do you attach any XDP program on vbox1 and vbox2? If not, redirected > packets will be dropped. > Please refer to the slides below for details. > https://netdevconf.org/0x13/session.html?talk-veth-xdp Thanks for your material. It is really helpful. After attach XDP_PASS program on vbox1 and vbox2, and set the right dst mac address in xdp redirect program, I can now ping success from ns1 to ns2 (192.168.1.2->192.168.2.2) :) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1709): https://lists.iovisor.org/g/iovisor-dev/message/1709 Mute This Topic: https://lists.iovisor.org/mt/31867035/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] how to make redirect_map work?
On Thu, May 30, 2019 at 05:40 AM, Mauricio Vasquez wrote: > > > > You're using veth interfaces, in this case you have to attach the program > in SKB mode, to do it set flags = 1 << 1. > > > > > > Why should I attach xdp in SKB mode when using veth interface, is there any docs for that? Is it because I use DEVMAP? In my test, I can attach my xdp program in driver mode using veth and just works as my expect when I just return XDP_DROP or XDP_PASS. My kerner version is "5.0.0-15"(ubuntu/disco64) which support veth xdp in driver mode. https://github.com/xdp-project/xdp-project/issues/23 And when I test my program in SKB mode, the connection also can't be built. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1704): https://lists.iovisor.org/g/iovisor-dev/message/1704 Mute This Topic: https://lists.iovisor.org/mt/31867035/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] how to make redirect_map work?
Hi all,
Recently I try to build a network topology to test redirect_map, the topology
is as below and the build script in the attachment(setup_env.sh).
My test case is run `ping` from netns ns1 to 192.168.2.2 in netns ns2.
I load xdp prog to vhost1 and vhost2. What the prog do is just use redirect_map
to redirect package from one ingress to another egress(AFAIK, redirect func is
working for that, ifx me if I am wrong).
The result is I can't ping from one netns to another. The xdp prog is in the
attachment(xdp_ping.py).
Thanks for helping me!
Forrest
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1697): https://lists.iovisor.org/g/iovisor-dev/message/1697
Mute This Topic: https://lists.iovisor.org/mt/31867035/21656
Group Owner: iovisor-dev+ow...@lists.iovisor.org
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
ip netns add ns1
ip netns add ns2
ip netns exec ns1 ip link set lo up
ip netns exec ns2 ip link set lo up
ip link add vhost1 type veth peer name vbox1
ip link add vhost2 type veth peer name vbox2
ip link set vbox1 netns ns1
ip link set vbox2 netns ns2
ip netns exec ns1 ip addr add dev vbox1 192.168.1.2/24
ip netns exec ns1 ip r add default via 169.254.1.1 dev vbox1
ip netns exec ns1 ip neigh add 169.254.1.1 dev vbox1 lladdr `cat /sys/class/net/vhost1/address`
ip netns exec ns2 ip addr add dev vbox1 192.168.1.2/24
ip netns exec ns2 ip r add default via 169.254.1.1 dev vbox2
ip netns exec ns2 ip neigh add 169.254.1.1 dev vbox1 lladdr `cat /sys/class/net/vhost2/address`
ip link set vhost1 up
ip netns exec ns1 ip link set vbox1 up
ip netns exec ns1 ip link set vbox1 promisc on
ip link set vhost2 up
ip netns exec ns2 ip link set vbox2 up
ip netns exec ns2 ip link set vbox2 promisc on
# ip route add 192.168.1.0/24 dev vhost1
# ip route add 192.168.2.0/24 dev vhost2
#!/usr/bin/python
#
# xdp_ping.py Redirect the incoming packet to another interface
# with the helper: bpf_redirect_map()
#
from bcc import BPF
import pyroute2
import time
import sys
import ctypes as ct
flags = 0
def usage():
print("Usage: {0} ".format(sys.argv[0]))
print("e.g.: {0} eth0 eth1\n".format(sys.argv[0]))
exit(1)
if len(sys.argv) != 3:
usage()
in_if = sys.argv[1]
out_if = sys.argv[2]
ip = pyroute2.IPRoute()
out_idx = ip.link_lookup(ifname=out_if)[0]
in_idx = ip.link_lookup(ifname=in_if)[0]
# load BPF program
b = BPF(text = """
#define KBUILD_MODNAME "foo"
#include
#include
#include
BPF_DEVMAP(tx_port, 2);
BPF_PERCPU_ARRAY(rxcnt, long, 1);
int xdp_redirect_map0(struct xdp_md *ctx) {
void* data_end = (void*)(long)ctx->data_end;
void* data = (void*)(long)ctx->data;
struct ethhdr *eth = data;
uint32_t key = 0;
long *value;
uint64_t nh_off;
nh_off = sizeof(*eth);
if (data + nh_off > data_end)
return XDP_DROP;
value = rxcnt.lookup();
if (value)
*value += 1;
int ret = tx_port.redirect_map(0, 0);
bpf_trace_printk("Hello, World %d!\\n", ret);
return ret;
}
int xdp_redirect_map1(struct xdp_md *ctx) {
void* data_end = (void*)(long)ctx->data_end;
void* data = (void*)(long)ctx->data;
struct ethhdr *eth = data;
uint64_t nh_off;
nh_off = sizeof(*eth);
if (data + nh_off > data_end)
return XDP_DROP;
return tx_port.redirect_map(1, 0);
}
int xdp_dummy(struct xdp_md *ctx) {
return XDP_PASS;
}
""", cflags=["-w"])
tx_port = b.get_table("tx_port")
tx_port[0] = ct.c_int(out_idx)
tx_port[1] = ct.c_int(in_idx)
print("to {} back {}".format(out_idx, in_idx))
in_fn = b.load_func("xdp_redirect_map0", BPF.XDP)
out_fn = b.load_func("xdp_redirect_map1", BPF.XDP)
b.attach_xdp(in_if, in_fn, flags)
b.attach_xdp(out_if, out_fn, flags)
rxcnt = b.get_table("rxcnt")
prev = 0
print("Printing redirected packets, hit CTRL+C to stop")
while 1:
try:
val = rxcnt.sum(0).value
if val:
delta = val - prev
prev = val
print("{} pkt/s".format(delta))
time.sleep(1)
except KeyboardInterrupt:
print("Removing filter from device")
break;
b.remove_xdp(in_if, flags)
b.remove_xdp(out_if, flags)
Re: [iovisor-dev] how to set environment to run xdp_redirect_map.py example?
Thanks a lot, Gary! Very appreciate for your answer. Forrest -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1695): https://lists.iovisor.org/g/iovisor-dev/message/1695 Mute This Topic: https://lists.iovisor.org/mt/31829746/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [iovisor-dev] how to set environment to run xdp_redirect_map.py example?
On Tue, May 28, 2019 at 09:20 PM, Gary Lin wrote: > > On Tue, May 28, 2019 at 07:32:33PM -0700, forrest0...@gmail.com wrote: > >> Hi all, >> What kind of network topology should I set up to make xdp_redirect_map.py >> runnable and what user-case this example represent for? > > The script does nothing really meaningful but demostrates how to use > XDP_REDIRECT. > > It redirects all traffic from one network interface to another, so you > need a machine with at least two XDP-enabled network interfaces. When you > send a packet from eth0 of Machine B to eth0 of Machine A, the script > swaps the src IP and dst IP of the incoming packets and sends them out > through eth1 of Machine A, so the packets will flow like this: > > (Machine A) (Machine B) > [ eth0 ]<--[ eth0 ] > | ^ > v | > [ eth1 ] -+ > > The script also counts the number of packet processed per second as a > rough performance measurement for XDP_REDIRECT, so you can generate a > huge volume of traffic with the programs like trafgen in Machine B to > do the test. > > Cheers, > > Gary Lin > > >> PS: I have the same question about xdp_macswap_count.py too >> >> Thanks for helping me! >> Forrest >> >> >> > > These two examples swap mac instead of IP address. And as an effect with the given topology, the egress package from MachineA-eth1 has dst mac of MachineB-eth0 and src mac of MachineA-eth0, dst IP of MachineA and src IP of MachineB. Assume that due to the dst mac, the package finally delivered back to MachineB, but the dst IP does not match the IP in MachineB. I have no idea in which kind of topology the package could be consumed. Another question, after swap mac, shouldn't we re-calculate the l2 csum? or if I modify that field like src/dst IP/Port, how can I re-calculate these csum? Does BPF_FUNC_csum_diff helper function work for this? Thanks Forrest -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1693): https://lists.iovisor.org/g/iovisor-dev/message/1693 Mute This Topic: https://lists.iovisor.org/mt/31829746/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] how to set environment to run xdp_redirect_map.py example?
Hi all, What kind of network topology should I set up to make xdp_redirect_map.py runnable and what user-case this example represent for? PS: I have the same question about xdp_macswap_count.py too Thanks for helping me! Forrest -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1690): https://lists.iovisor.org/g/iovisor-dev/message/1690 Mute This Topic: https://lists.iovisor.org/mt/31829746/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] how to run bcc xdp_redirect_cpu.py example
Hi, I’m new to bpf and when run `iovisor/bcc` examples with `xdp_redirect_cpu.py` in my vm, the connection will lost and I have to restart my vm. In my understanding this example just foword the package from one cpu to another and the package should not lost. Am I missing something? Anyone can help me? Thank you PS: xdp is loaded in xdpgeneric mode -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1671): https://lists.iovisor.org/g/iovisor-dev/message/1671 Mute This Topic: https://lists.iovisor.org/mt/31716133/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
