From patchwork Sun Jun 10 16:02:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Toshiaki Makita X-Patchwork-Id: 927382 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="a0ykoZ3H"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 413gsS0jQ7z9rvt for ; Mon, 11 Jun 2018 02:02:52 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932337AbeFJQCo (ORCPT ); Sun, 10 Jun 2018 12:02:44 -0400 Received: from mail-pg0-f65.google.com ([74.125.83.65]:44060 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932269AbeFJQCf (ORCPT ); Sun, 10 Jun 2018 12:02:35 -0400 Received: by mail-pg0-f65.google.com with SMTP id p21-v6so8565724pgd.11 for ; Sun, 10 Jun 2018 09:02:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=91ZhUkOOhsz9Km0tva/dfjGbO9uymm73oWhcmGvU1Fk=; b=a0ykoZ3HdaXRSOyF3kBPnPwhkl7MptA1YPdCGBLb5hXtnfKpNwo8G8SQRTzC0PsxzP NyXYqOfV04dG31tAloOEqL5pcy+feChCp1uBRxtgHgqV3LZ/DnnCnagpN5cbl0bQe2Lx /aiR6THiT++EuKyzN8h6e5N9rdkqtYFYvqKaFM0ae96brRiu0hk6OFtMHvPpbBwDwanv h4AxHNa6eliCMatAF3l/2auWqy/Kh4tAzrfzYf3RSRIni7EZnkx1gH++6qPb75JD2fDm h+XI7VtbanrF9k2AY88Piz5Z8o4Qf5Y5yM0OBVQOPf8DkBvbja0/vTQTLF8mj6enDz5n EFXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=91ZhUkOOhsz9Km0tva/dfjGbO9uymm73oWhcmGvU1Fk=; b=qU03DD+2GdigD6KCjmwl6DLOYxsSZooICgNgkodQSJKLE1FnpxDA85kwuyRKDxqhw0 mwx7rhIozj11q0x1GthHOH3p7hnx6zFnaAqvUdh6AmKznumx8kVQArDiO+OUSMGLogvi 7+VRe4u5r4elRj/Zx5+ntaYripIWTvMCjUlgYMUDhn3KZPo+a9npUrZ0bOyEjG7t22pS 7hmFrTLqvIxI/qy8S+PeR9F2njrYeNi0Nmbftq4pvoCz78z2aUwSZTe7TWGda1IjIEYk tDom9rTxoMwnsibfzFs+dzFyFPZrDPPEOtX37NK4wvP5/pwsFTWBwpRYhdB4sb+tROYG fgcQ== X-Gm-Message-State: APt69E2ihYaa0Bk+T3HR5WuYhSoNcYmJRMTPeLIheV+hRT83YLrilWSu HDTs6mJ3H89JLpEHwNT6Z2cg2w== X-Google-Smtp-Source: ADUXVKL8HELnv427zIZuKymQCKCGNpqPtpjenftTKf+DSdZUdoQnWNQJQdWMIllLj5g2HWg9iIE/wg== X-Received: by 2002:a65:6504:: with SMTP id x4-v6mr11989834pgv.131.1528646555265; Sun, 10 Jun 2018 09:02:35 -0700 (PDT) Received: from localhost.localdomain (i153-145-22-9.s42.a013.ap.plala.or.jp. [153.145.22.9]) by smtp.gmail.com with ESMTPSA id o87-v6sm56068211pfa.106.2018.06.10.09.02.33 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 10 Jun 2018 09:02:34 -0700 (PDT) From: Toshiaki Makita To: netdev@vger.kernel.org Cc: Toshiaki Makita , Jesper Dangaard Brouer , Alexei Starovoitov , Daniel Borkmann Subject: [PATCH RFC v2 5/9] veth: Add ndo_xdp_xmit Date: Mon, 11 Jun 2018 01:02:13 +0900 Message-Id: <20180610160217.3146-6-toshiaki.makita1@gmail.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180610160217.3146-1-toshiaki.makita1@gmail.com> References: <20180610160217.3146-1-toshiaki.makita1@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Toshiaki Makita This allows NIC's XDP to redirect packets to veth. The destination veth device enqueues redirected packets to the napi ring of its peer, then they are processed by XDP on its peer veth device. This can be thought as calling another XDP program by XDP program using REDIRECT, when the peer enables driver XDP. Note that when the peer veth device does not set driver xdp, redirected packets will be dropped because the peer is not ready for NAPI. v2: - Drop the part converting xdp_frame into skb when XDP is not enabled. - Implement bulk interface of ndo_xdp_xmit. - Implement XDP_XMIT_FLUSH bit and drop ndo_xdp_flush. Signed-off-by: Toshiaki Makita --- drivers/net/veth.c | 39 +++++++++++++++++++++++++++++++++++++++ include/linux/filter.h | 16 ++++++++++++++++ net/core/filter.c | 11 +---------- 3 files changed, 56 insertions(+), 10 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net/veth.c index cb3fa558fbe0..b809d609a642 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -254,6 +255,43 @@ static struct sk_buff *veth_build_skb(void *head, int headroom, int len, return skb; } +static int veth_xdp_xmit(struct net_device *dev, int n, + struct xdp_frame **frames, u32 flags) +{ + struct veth_priv *rcv_priv, *priv = netdev_priv(dev); + struct net_device *rcv; + int i, drops = 0; + + if (unlikely(flags & ~XDP_XMIT_FLAGS_MASK)) + return -EINVAL; + + rcv = rcu_dereference(priv->peer); + if (unlikely(!rcv)) + return -ENXIO; + + rcv_priv = netdev_priv(rcv); + /* xdp_ring is initialized on receive side? */ + if (!rcu_access_pointer(rcv_priv->xdp_prog)) + return -ENXIO; + + spin_lock(&rcv_priv->xdp_tx_ring.producer_lock); + for (i = 0; i < n; i++) { + struct xdp_frame *frame = frames[i]; + + if (unlikely(xdp_ok_fwd_dev(rcv, frame->len) || + __ptr_ring_produce(&rcv_priv->xdp_tx_ring, frame))) { + xdp_return_frame_rx_napi(frame); + drops++; + } + } + spin_unlock(&rcv_priv->xdp_tx_ring.producer_lock); + + if (flags & XDP_XMIT_FLUSH) + __veth_xdp_flush(rcv_priv); + + return n - drops; +} + static struct sk_buff *veth_xdp_rcv_one(struct veth_priv *priv, struct xdp_frame *frame) { @@ -770,6 +808,7 @@ static const struct net_device_ops veth_netdev_ops = { .ndo_features_check = passthru_features_check, .ndo_set_rx_headroom = veth_set_rx_headroom, .ndo_bpf = veth_xdp, + .ndo_xdp_xmit = veth_xdp_xmit, }; #define VETH_FEATURES (NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HW_CSUM | \ diff --git a/include/linux/filter.h b/include/linux/filter.h index 45fc0f5000d8..12777eb70b40 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -19,6 +19,7 @@ #include #include #include +#include #include @@ -786,6 +787,21 @@ static inline bool bpf_dump_raw_ok(void) struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off, const struct bpf_insn *patch, u32 len); +static __always_inline int +xdp_ok_fwd_dev(const struct net_device *fwd, unsigned int pktlen) +{ + unsigned int len; + + if (unlikely(!(fwd->flags & IFF_UP))) + return -ENETDOWN; + + len = fwd->mtu + fwd->hard_header_len + VLAN_HLEN; + if (pktlen > len) + return -EMSGSIZE; + + return 0; +} + /* The pair of xdp_do_redirect and xdp_do_flush_map MUST be called in the * same cpu context. Further for best results no more than a single map * for the do_redirect/do_flush pair should be used. This limitation is diff --git a/net/core/filter.c b/net/core/filter.c index 3d9ba7e5965a..05d9e84566a4 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3216,16 +3216,7 @@ EXPORT_SYMBOL_GPL(xdp_do_redirect); static int __xdp_generic_ok_fwd_dev(struct sk_buff *skb, struct net_device *fwd) { - unsigned int len; - - if (unlikely(!(fwd->flags & IFF_UP))) - return -ENETDOWN; - - len = fwd->mtu + fwd->hard_header_len + VLAN_HLEN; - if (skb->len > len) - return -EMSGSIZE; - - return 0; + return xdp_ok_fwd_dev(fwd, skb->len); } static int xdp_do_generic_redirect_map(struct net_device *dev,