Re: [bpf-next v3 0/9] bpf: Add helper to do FIB lookups
On 05/10/2018 05:34 AM, David Ahern wrote: > Provide a helper for doing a FIB and neighbor lookup in the kernel > tables from an XDP program. The helper provides a fastpath for forwarding > packets. If the packet is a local delivery or for any reason is not a > simple lookup and forward, the packet is expected to continue up the stack > for full processing. > > The response from a FIB and neighbor lookup is either the egress index > with the bpf_fib_lookup struct filled in with dmac and gateway or > 0 meaning the packet should continue up the stack. In time we can > revisit this to return the FIB lookup result errno if it is one of the > special RTN_'s such as RTN_BLACKHOLE (-EINVAL) so that the XDP > programs can do an early drop if desired. > > Patches 1-6 do some more refactoring to IPv6 with the end goal of > extracting a FIB lookup function that aligns with fib_lookup for IPv4, > basically returning a fib6_info without creating a dst based entry. > > Patch 7 adds lookup functions to the ipv6 stub. These are needed since > bpf is built into the kernel and ipv6 may not be built or loaded. > > Patch 8 adds the bpf helper and 9 adds a sample program. > > v3 > - remove ETH_ALEN and in6_addr from uapi header Applied to bpf-next, thanks David!
[bpf-next v3 0/9] bpf: Add helper to do FIB lookups
Provide a helper for doing a FIB and neighbor lookup in the kernel tables from an XDP program. The helper provides a fastpath for forwarding packets. If the packet is a local delivery or for any reason is not a simple lookup and forward, the packet is expected to continue up the stack for full processing. The response from a FIB and neighbor lookup is either the egress index with the bpf_fib_lookup struct filled in with dmac and gateway or 0 meaning the packet should continue up the stack. In time we can revisit this to return the FIB lookup result errno if it is one of the special RTN_'s such as RTN_BLACKHOLE (-EINVAL) so that the XDP programs can do an early drop if desired. Patches 1-6 do some more refactoring to IPv6 with the end goal of extracting a FIB lookup function that aligns with fib_lookup for IPv4, basically returning a fib6_info without creating a dst based entry. Patch 7 adds lookup functions to the ipv6 stub. These are needed since bpf is built into the kernel and ipv6 may not be built or loaded. Patch 8 adds the bpf helper and 9 adds a sample program. v3 - remove ETH_ALEN and in6_addr from uapi header v2 - removed pkt_access from bpf_func_proto as noticed by Daniel - added check in that IPv6 forwarding is enabled - added DaveM's ack on patches 1-7 and 9 based on v1 response and fact that no changes were made to them in v2 v1 - updated commit messages and cover letter - added comment to sample program noting lack of verification on egress device supporting XDP RFC v2 - fixed use of foward helper from cls_act as noted by Daniel - in patch 1 rename fib6_lookup_1 as well for consistency David Ahern (9): net/ipv6: Rename fib6_lookup to fib6_node_lookup net/ipv6: Rename rt6_multipath_select net/ipv6: Extract table lookup from ip6_pol_route net/ipv6: Refactor fib6_rule_action net/ipv6: Add fib6_lookup net/ipv6: Update fib6 tracepoint to take fib6_info net/ipv6: Add fib lookup stubs for use in bpf helper bpf: Provide helper to do forwarding lookups in kernel FIB table samples/bpf: Add example of ipv4 and ipv6 forwarding in XDP include/net/addrconf.h| 14 ++ include/net/ip6_fib.h | 21 ++- include/trace/events/fib6.h | 14 +- include/uapi/linux/bpf.h | 81 - net/core/filter.c | 267 ++ net/ipv6/addrconf_core.c | 33 +++- net/ipv6/af_inet6.c | 6 +- net/ipv6/fib6_rules.c | 138 --- net/ipv6/ip6_fib.c| 21 ++- net/ipv6/route.c | 76 + samples/bpf/Makefile | 4 + samples/bpf/xdp_fwd_kern.c| 115 + samples/bpf/xdp_fwd_user.c| 136 +++ tools/testing/selftests/bpf/bpf_helpers.h | 3 + 14 files changed, 854 insertions(+), 75 deletions(-) create mode 100644 samples/bpf/xdp_fwd_kern.c create mode 100644 samples/bpf/xdp_fwd_user.c -- 2.11.0
