BPF Updates 11
This is issue 11 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.
The highlights since last time are
- New helper functions
bpf_perf_read_counter_time
andbpf_perf_prog_read_time
. - Initial BPF assembly support in LLVM.
- LRU map lookup improvements.
Linux 4.13 was released last week and net-next closed around the same time. The last [GIT] Networking
pull request includes a couple of BPF fixes and so do the two after the merge window opened up as well. See the dates for all the details
LLVM 5.0.0 was released. For BPF there is some fixes like improved code generation for certain instructions which can prevent your program from being rejected. Also the latest release of iproute2 4.13 is worth checking out for the map in map support and the improved error messages for tailcalls.
Presentations
Slides
Making the Kernel’s Networking Data Path Programmable with BPF and XDP.
Great slides covering the what, why and how on BPF and XDP. Also has an interesting graph on the number of contributions to the BPF subsystem from v4.1 - v4.13+.
Cilium - Network security for microservices
Updated Cilium slides presented at Open Source Summit North America. Includes new performance numbers around XDP for DDoS mitigation, kernel proxy (kproxy), and socket redirect.
Our Experiences Deploying Kubernetes With IPv6
While primarily on Kubernetes and IPv6, this shows how Cilium fits into that picture.
Performance Analysis Superpowers with Linux BPF
Covering the use cases for BPF with a emphasis on tracing. Several programs shown that utilize BCC. The slide on possible improvements to BCC is interesting.
Videos
Future:Net 2017 - Layer 7 is the New Layer 4: Cilium – Layer 7 Aware Networking & Security with BPF
Great talk on the potential of BPF for application level security and more.
Future:Net 2017 - The Rise of Programmable Networks
Nice introduction to BPF with a focus on some of the history of IO Visor and related things.
Future:Net 2017 - The Role of Hardware and IO Processors in the Ongoing Network Transformation
Panel from some of the NIC vendors talking about smartNICs. BPF is mentioned as a option for the dataplane and offloading.
In case you missed it
Terraform recipes to test Cilium on Kubernetes
Mostly related to Cilium, but there is some introductory information on BPF and XDP.
eBPF, Microservices, Docker, and Cilium: From Novice to Seasoned
Introduction to BPF focusing mostly on Cilium. The post also covers parts of the bpf(2) syscall with code from the v4.11 kernel.
An update on gobpf - ELF loading, uprobes, more program types
A look at the progress made in gobpf and how far it's come. Also has some kprobe examples in there.
Linux の BPF : (3) eBPF の基礎
Introductory post using code from the 4.7 kernel. While some of it is dated, most of it should still apply today, for example the sample code.
Linux の BPF : (4) Clang による eBPF プログラムの作成と,BPF Compiler Collection (BCC)
Nice post going through some code from the kernel, LLVM, BCC programs and the code generation.
[iovisor-dev] Accessing user memory and minor page faults
Interesting post on tracing experiences.
Random cool note
Mind blown by eBPF performance! A simple ingress firewall I wrote using XDP processes 11 million packets/s. Time for more optimizations!
Patches
- Ingo Molnar, [PATCH] tools/include: Sync kernel ABI headers with tooling headers
- Yonghong Song, [llvm] r313055 - bpf: Add BPF AsmParser support in LLVM
- Yonghong Song, [llvm] r312978 - bpf: add " ll" in the
LD_IMM64
asmstring - Jesper Dangaard Brouer, [V3 PATCH net] xdp: implement
xdp_redirect_map
for generic XDP - Rafael Buchbinder, [PATCH] extensions:
libxt_bpf
: fix missing__NR_bpf
declaration - Paul Chaignon, [iovisor-dev] [PATCH RFC v2] bpf: allow map helpers access to map values directly
- John Fastabend, [net PATCH 0/3] Fixes for XDP/BPF
- Eric Dumazet, [PATCH net] tcp: fix a request socket leak
- Yonghong Song, [llvm] r312833 - bpf: proper print imm64 expression in inst printer
- Daniel Borkmann, [PATCH net] bpf: make error reporting in
bpf_warn_invalid_xdp_action
more clear - Yonghong Song, [llvm] r312840 - bpf: fix test failures due to previous bpf change of assembly code syntax
- Thomas Meyer, [PATCH] selftests/bpf: Make
bpf_util
work on uniprocessor systems - Jesper Dangaard Brouer, [V2 PATCH net-next 0/2] Fixes for
XDP_REDIRECT
map - Daniel Borkmann, [PATCH net] bpf: don't select potentially stale ri->map from buggy xdp progs
- Yonghong Song, [PATCH net] perf/bpf: fix a clang compilation issue
- Jiong Wang, [PATCH RFC] Add BPF AsmParser support in LLVM
- Naresh Kamboju, [PATCH v2 1/2] selftests: bpf:
test_kmod.sh
: check if module is present in the path before insert - Jason Wang, [PATCH net-next 1/2] tun: reserve extra headroom only when XDP is set
- Eric Dumazet, [PATCH net-next] bpf: fix numa_node validation
- Daniel Borkmann, [PATCH iproute2 master 0/2] Two minor BPF updates
- Joel Fernandes, [PATCH RFC v3 0/4] Add cross-compilation support to eBPF samples
- Yonghong Song, [PATCH v2 net-next 0/4] bpf: add two helpers to read perf event enabled/running time
- [PATCH v2 net-next 1/4] bpf: add helper
bpf_perf_read_counter_time
for perf event array map - [PATCH v2 net-next 2/4] bpf: add a test case to read enabled/running time for perf array
- [PATCH v2 net-next 3/4] bpf: add helper
bpf_perf_prog_read_time
- [PATCH v2 net-next 4/4] bpf: add a test case for helper
bpf_perf_prog_read_time
- [PATCH v2 net-next 1/4] bpf: add helper
- John Fastabend, [net-next PATCH] bpf: sockmap update/simplify memory accounting scheme
- Sandipan Das, [PATCH 1/1] bpf: take advantage of
stack_depth
tracking in powerpc JIT - William Tu, [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions
- David Ahern, [PATCH net-next] bpf: Collapse offset checks in
sock_filter_is_valid_access
- Martin KaFai La, [PATCH net-next 0/3] bpf: Improve LRU map lookup performance
- David Ahern, [PATCH v3 net-next 0/7] bpf: Add option to set mark and priority in cgroup sock programs
- [PATCH v3 net-next 1/7] bpf: Add mark and priority to sock options that can be set
- [PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use
get_current_uid_gid
helper - [PATCH v3 net-next 3/7] samples/bpf: Update sock test to allow setting mark and priority
- [PATCH v3 net-next 4/7] samples/bpf: Add detach option to
test_cgrp2_sock
- [PATCH v3 net-next 5/7] samples/bpf: Add option to dump socket settings
- [PATCH v3 net-next 6/7] samples/bpf: Update cgrp2 socket tests
- [PATCH v3 net-next 7/7] samples/bpf: Update cgroup socket examples to use uid gid helper
- Chenbo Feng, [PATCH 0/3] Security: add lsm hooks for checking permissions on eBPF objects
- Eric Dumazet, [PATCH net-next] x86:
bpf_jit
: small optimization inemit_bpf_tail_call()
- Tariq Toukan, [PATCH net-next] samples/bpf: Fix compilation issue in redirect dummy program
- Colin Ian King, [PATCH][net-next][V3] bpf:
test_maps
: fix typos, "conenct" and "listeen" - Phil Sutter, [iproute PATCH] lib/bpf: Fix bytecode-file parsing
- Jesper Dangaard Brouer, [PATCH net-next 0/7] XDP redirect tracepoints
- [PATCH net-next 1/7] xdp: remove redundant argument to
trace_xdp_redirect
- [PATCH net-next 2/7] xdp: tracepoint
xdp_redirect
also need a map argument - [PATCH net-next 3/7] xdp: make xdp tracepoints report bpf prog id instead of
prog_tag
- [PATCH net-next 4/7] xdp: separate
xdp_redirect
tracepoint in error case - [PATCH net-next 5/7] xdp: separate
xdp_redirect
tracepoint in map case - [PATCH net-next 6/7] samples/bpf:
xdp_redirect
load XDP dummy prog on TX device - [PATCH net-next 7/7] samples/bpf:
xdp_monitor
tool based on tracepoints
- [PATCH net-next 1/7] xdp: remove redundant argument to
Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.
Happy eBPF hacking! ;)