BPF updates 10
This is issue 10 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.
The highlights since last time are
- A new iteration of the Landlock unprivileged sandbox series.
- A new iteration of the socket redirect series.
- ARM eBPF JIT got finally merged.
- Bug fixes and tests.
Now that there is 32bit eBPF JIT support for ARM, will more embedded devices start running eBPF? Marvell routers, wifi devices soon? :) Also worth checking out the Landlock documentation, which is really nice, both rendered and the code comments.
Some interesting topics from the lists
- XDP redirect measurements, gotchas and tracepoints
- Permissions for eBPF objects
- modifying packets in XDP
- What library to use ?
Presentations
Slides
Past, Present And Future Of High Speed Packet Filtering On Linux
Great slides on DDoS mitigation approaches with code examples for XDP.
Videos
FRNOG 28 - Quentin Monnet (6Wind) : Introduction à eBPF
Short introductory talk to eBPF.
USENIX ATC '17: Performance Superpowers with Enhanced BPF
Entertaining talk introducing BPF and highlighting some of the challenges. One of the more interesting ideas mentioned is the need for a higher level language. This seems like great a opportunity for someone to create a new language that fits the mindset of the users better.
In case you missed it
Cilium 0.10.1 release
The 0.10.1 release had a couple nice updates like a more compact monitor output, policy revision number, CIDR based filter, and much more. See the release notes for all the details.
sched-time.py and generalizing workloads
Debugging post using BCC.
Parse BPF_ARRAY
macro in bcc
Closer look at one of the maps macros in BCC.
Linux Load Averages: Solving the Mystery
Mostly about load averages, but there is one or two mentions of eBPF in there.
Netdev 2.2 Registration
The early bird registration is still open til September, but why wait? There are already some interesting sessions scheduled like XDP for the Rest of Us and XDP + Netem = XNetem.
XDP Newbies...
Which is a place where people can talk about getting up to speed with setting up an XDP build environment and writing XDP programs.
You can subscribe by sending a email to majordomo@vger.kernel.org
, with a message body containing subscribe xdp-newbies
. No subject is needed, but you can of course add one if you like.
Projects
While grav itself is not strictly BPF related, the tools in the repository utilize BCC.
grav
A collection of tools to help visualise process execution.
Random cool note
eBPF is just a gateway drug to writing kernel code.
Patches
- John Fastabend, [net-next PATCH 0/9] sockmap UAPI updates and fixes
- [net-next PATCH 1/9] bpf: convert sockmap field
attach_bpf_fd2
to type - [net-next PATCH 2/9] bpf: sockmap, remove STRPARSER
map_flags
and add multi-map support - [net-next PATCH 3/9] bpf: sockmap add missing
rcu_read_(un)lock
insmap_data_ready
- [net-next PATCH 4/9] bpf: additional sockmap self tests
- [net-next PATCH 5/9] bpf: more SK_SKB selftests
- [net-next PATCH 6/9] bpf: harden sockmap program attach to ensure correct map type
- [net-next PATCH 7/9] bpf: sockmap indicate sock events to listeners
- [net-next PATCH 8/9] bpf: sockmap requires
STREAM_PARSER
add Kconfig entry - [net-next PATCH 9/9] bpf: test_maps add sockmap stress test
- [net-next PATCH 1/9] bpf: convert sockmap field
- Eric Biggers, strparser: initialize all callbacks
- Mickaël Salaün, [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
- [PATCH net-next v7 01/10] selftest: Enhance kselftest_harness.h with a step mechanism
- [PATCH net-next v7 02/10] bpf: Add eBPF program subtype and
is_valid_subtype()
verifier - [PATCH net-next v7 03/10] bpf,landlock: Define an eBPF program type for a Landlock rule
- [PATCH net-next v7 04/10] bpf: Define
handle_fs
and add a new helperbpf_handle_fs_get_mode()
- [PATCH net-next v7 05/10] landlock: Add LSM hooks related to filesystem
- [PATCH net-next v7 06/10] seccomp,landlock: Handle Landlock events per process hierarchy
- [PATCH net-next v7 07/10] landlock: Add ptrace restrictions
- [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example
- [PATCH net-next v7 09/10] bpf,landlock: Add tests for Landlock
- [PATCH net-next v7 10/10] landlock: Add user and kernel documentation for Landlock
- William Tu, [PATCH net-next 0/3] gre: add
collect_md
mode for ERSPAN tunnel - Jakub Kicinski, [PATCH net-next] selftests/bpf: check the instruction dumps are populated
- Dan Carpenter, [PATCH net-next] bpf: fix oops on allocation failure
- David Ahern, [PATCH v2 net-next 0/8] bpf: Add option to set mark and priority in cgroup sock programs
- [PATCH v2 net-next 1/8] bpf: Add support for recursively running cgroup sock filters
- [PATCH v2 net-next 2/8] bpf: Add mark and priority to sock options that can be set
- [PATCH v2 net-next 3/8] bpf: Allow cgroup sock filters to use
get_current_uid_gid
helper - [PATCH v2 net-next 4/8] samples/bpf: Update sock test to allow setting mark and priority
- [PATCH v2 net-next 5/8] samples/bpf: Add detach option to
test_cgrp2_sock
- [PATCH v2 net-next 6/8] samples/bpf: Add option to dump socket settings
- [PATCH v2 net-next 7/8] samples/bpf: Add test case for nested socket options
- [PATCH v2 net-next 8/8] samples/bpf: Update cgroup socket examples to use uid gid helper
- Edward Cree, [PATCH v2 net-next 0/5] bpf: verifier fixes
- [PATCH v2 net-next 1/5] selftests/bpf: add a test for a bug in liveness-based pruning
- [PATCH v2 net-next 2/5] bpf/verifier: when pruning a branch, ignore its write marks
- [PATCH v2 net-next 3/5] selftests/bpf: add a test for a pruning bug in the verifier
- [PATCH v2 net-next 4/5] bpf/verifier: remove
varlen_map_value_access
flag - [PATCH v2 net-next 5/5] bpf/verifier: document liveness analysis
- Sabrina Dubroca, [PATCH net] tcp: fix refcnt leak with ebpf congestion control
- Yuchung Cheng, [PATCH net] bpf: fix bpf_setsockopts return value
- Jesper Dangaard Brouer, [V3 PATCH net-next 0/5] xdp: more work on xdp tracepoints
- [V3 PATCH net-next 1/5] xdp: remove
bpf_warn_invalid_xdp_redirect
- [V3 PATCH net-next 2/5] xdp: make generic xdp redirect use tracepoint
trace_xdp_redirect
- [V3 PATCH net-next 3/5] ixgbe: use return codes from
ndo_xdp_xmit
that are distinguishable - [V3 PATCH net-next 4/5] xdp: remove
net_device
names fromxdp_redirect
tracepoint - [V3 PATCH net-next 5/5] xdp: get tracepoints
xdp_exception
andxdp_redirect
in sync
- [V3 PATCH net-next 1/5] xdp: remove
- Shubham Bansal, [PATCH net-next] bpf, doc: Add arm32 as arch supporting eBPF JIT
- Daniel Borkmann, [PATCH net-next] bpf: netdev is never null in
__dev_map_flush
- Brenden Blanco, [iovisor-dev] [RFC] pktgen: add bpf fill support
- Yonghong Song, [llvm] r311567 - bpf: close the file descriptor after probe inside getHostCPUNameForBPF
- Colin King, [PATCH][net-next] MIPS,bpf: fix missing break in switch statement
- Daniel Borkmann, [PATCH net] bpf: fix map value attribute for hash of maps
- Daniel Borkmann, [PATCH net-next 0/2] Two minor BPF cleanups
- Yonghong Song, http://llvm.org/viewvc/llvm-project?view=revision&revision=311522
- Phil Sutter, [iproute PATCH v2] lib/bpf: Don't leak fp in
bpf_find_mntpt()
- Daniel Borkmann, [PATCH net-next] bpf: fix double free from
dev_map_notification()
- Daniel Borkmann, [PATCH net] bpf, doc: also add s390x as arch to sysctl description
- Eric Leblond, [PATCH] tools lib bpf: improve warning
- Daniel Borkmann [PATCH net-next v2 0/2] BPF inline improvements
- Martin KaFai La, [PATCH net-next 0/2] bpf: Allow selecting numa node during map creation
- Shubham Bansal, [PATCH net-next v4] arm: eBPF JIT compiler
- David Daney, [PATCH 0/3] MIPS,bpf: Improvements for MIPS eBPF JIT
- Daniel Borkmann, [PATCH net] bpf, doc: improve sysctl knob description
- Dan Carpenter, [PATCH net-next] bpf: fix a return in
sockmap_get_from_fd()
- Martin KaFai Lau, [PATCH net-next] bpf: Fix map-in-map checking in the verifier
- Daniel Borkmann, [PATCH net-next 0/2] Two BPF smap related followups
- Jesper Dangaard Brouer, [PATCH 0/2] xdp: adjust xdp redirect tracepoint
- Daniel Borkmann, [PATCH net-next] bpf: no need to nullify ri->map in
xdp_do_redirect
- Daniel Borkmann, [PATCH net-next] bpf: fix liveness propagation to parent in stack slots
- John Fastabend, [net-next PATCH] net: rcu lock and preempt disable missing around generic xdp
- John Fastabend, [net-next PATCH 0/2] bpf: sockmap build fixes
- John Fastabend, [net-next PATCH 00/10] BPF: sockmap and sk redirect support
- [net-next PATCH 01/10] net: early init support for strparser
- [net-next PATCH 02/10] net: add
sendmsg_locked
andsendpage_locked
toaf_inet6
- [net-next PATCH 03/10] net: fixes for
skb_send_sock
- [net-next PATCH 04/10] bpf: introduce new program type for skbs on sockets
- [net-next PATCH 05/10] bpf: export
bpf_prog_inc_not_zero
- [net-next PATCH 06/10] bpf: sockmap with sk redirect support
- [net-next PATCH 07/10] bpf: add access to sock fields and pkt data from
sk_skb
programs - [net-next PATCH 08/10] bpf: sockmap sample program
- [net-next PATCH 09/10] bpf: selftests: add tests for new
__sk_buff
members - [net-next PATCH 10/10] bpf: selftests add sockmap tests
- Jason Wang, [PATCH] tun: thread safe
tun_build_skb()
- Daniel Díaz, [PATCH] tools lib bpf: Fix double file test in Makefile
- Edward Cree, [PATCH v3 net-next] bpf/verifier: track liveness for pruning
- Daniel Borkmann, [PATCH net] bpf: fix
bpf_trace_printk
on 32 bit archs - Michael Ellerman, [PATCH v2] bpf: Update sysctl documentation to list all supported architectures
- Daniel Borkmann, [net-next PATCH] bpf: devmap: remove unnecessary value size check
Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.
Happy eBPF hacking! ;)