[bpf-next,v5,0/5] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap

Message ID	20190130235136.136527-1-posk@google.com
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Date: Wed, 30 Jan 2019 15:51:31 -0800 Message-Id: <20190130235136.136527-1-posk@google.com> Mime-Version: 1.0 Subject: [PATCH bpf-next v5 0/5] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap From: Peter Oskolkov <posk@google.com> To: Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org Cc: Peter Oskolkov <posk.devel@gmail.com>, David Ahern <dsahern@gmail.com>, Peter Oskolkov <posk@google.com> Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap \| expand [bpf-next,v5,0/5] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap [bpf-next,v5,1/5] bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap [bpf-next,v5,2/5] bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap [bpf-next,v5,3/5] bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c [bpf-next,v5,4/5] bpf: sync <kdir>/<uapi>/bpf.h with tools/<uapi>/bpf.h [bpf-next,v5,5/5] selftests: bpf: add test_lwt_ip_encap selftest

Message ID

20190130235136.136527-1-posk@google.com

Headers

Date: Wed, 30 Jan 2019 15:51:31 -0800
Message-Id: <20190130235136.136527-1-posk@google.com>
Mime-Version: 1.0
Subject: [PATCH bpf-next v5 0/5] bpf: add BPF_LWT_ENCAP_IP option to
	bpf_lwt_push_encap
From: Peter Oskolkov <posk@google.com>
To: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org
Cc: Peter Oskolkov <posk.devel@gmail.com>, David Ahern <dsahern@gmail.com>,
	Peter Oskolkov <posk@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap | expand

Message

Peter Oskolkov Jan. 30, 2019, 11:51 p.m. UTC

This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN
and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers
to packets (e.g. IP/GRE, GUE, IPIP).

This is useful when thousands of different short-lived flows should be
encapped, each with different and dynamically determined destination.
Although lwtunnels can be used in some of these scenarios, the ability
to dynamically generate encap headers adds more flexibility, e.g.
when routing depends on the state of the host (reflected in global bpf
maps).

V2 changes: Added flowi-based route lookup, IPv6 encapping, and
   encapping on ingress.

V3 changes: incorporated David Ahern's suggestions:
   - added l3mdev check/oif (patch 2)
   - sync bpf.h from include/uapi into tools/include/uapi
   - selftest tweaks

V4 changes: moved route lookup/dst change from bpf_push_ip_encap
   to when BPF_LWT_REROUTE is handled, as suggested by David Ahern.

V5 changes: added a check in lwt_xmit that skb->protocol stays the
   same if the skb is to be passed back to the stack (ret == BPF_OK).
   Again, suggested by David Ahern.

Peter Oskolkov (5):
  bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap
  bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
  bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c
  bpf: sync <kdir>/<uapi>/bpf.h with tools/<uapi>/bpf.h
  selftests: bpf: add test_lwt_ip_encap selftest

 include/net/lwtunnel.h                        |   3 +
 include/uapi/linux/bpf.h                      |  23 +-
 net/core/filter.c                             |  47 ++-
 net/core/lwt_bpf.c                            | 184 +++++++++++
 tools/include/uapi/linux/bpf.h                |  23 +-
 tools/testing/selftests/bpf/Makefile          |   5 +-
 .../testing/selftests/bpf/test_lwt_ip_encap.c |  85 +++++
 .../selftests/bpf/test_lwt_ip_encap.sh        | 311 ++++++++++++++++++
 8 files changed, 670 insertions(+), 11 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/test_lwt_ip_encap.c
 create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh

Comments

David Ahern Jan. 31, 2019, 4:38 p.m. UTC | #1

On 1/30/19 4:51 PM, Peter Oskolkov wrote:
> This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap
> BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN
> and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers
> to packets (e.g. IP/GRE, GUE, IPIP).
> 
> This is useful when thousands of different short-lived flows should be
> encapped, each with different and dynamically determined destination.
> Although lwtunnels can be used in some of these scenarios, the ability
> to dynamically generate encap headers adds more flexibility, e.g.
> when routing depends on the state of the host (reflected in global bpf
> maps).
> 

For the set:
Reviewed-by: David Ahern <dsahern@gmail.com>