From patchwork Tue May 31 00:42:37 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Numan Siddique <numans@ovn.org>
X-Patchwork-Id: 1637174
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LBtr72TvVz9s1l
	for <incoming@patchwork.ozlabs.org>; Tue, 31 May 2022 10:46:13 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp1.osuosl.org (Postfix) with ESMTP id 268F483FA4;
	Tue, 31 May 2022 00:46:11 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
	by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zyUs92Vi5Wr2; Tue, 31 May 2022 00:46:10 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp1.osuosl.org (Postfix) with ESMTPS id 4FFD283FA0;
	Tue, 31 May 2022 00:46:09 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id D1815C0032;
	Tue, 31 May 2022 00:46:08 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 098A5C002D
 for <dev@openvswitch.org>; Tue, 31 May 2022 00:46:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp3.osuosl.org (Postfix) with ESMTP id D83A46120D
 for <dev@openvswitch.org>; Tue, 31 May 2022 00:46:06 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp3.osuosl.org ([127.0.0.1])
 by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1NjtmjdxvJ3K for <dev@openvswitch.org>;
 Tue, 31 May 2022 00:46:03 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by smtp3.osuosl.org (Postfix) with ESMTPS id 3D1AE6120C
 for <dev@openvswitch.org>; Tue, 31 May 2022 00:46:02 +0000 (UTC)
Received: (Authenticated sender: numans@ovn.org)
 by mail.gandi.net (Postfix) with ESMTPSA id A3D16E0002;
 Tue, 31 May 2022 00:45:58 +0000 (UTC)
From: numans@ovn.org
To: dev@openvswitch.org
Date: Mon, 30 May 2022 20:42:37 -0400
Message-Id: <20220531004237.3872754-1-numans@ovn.org>
X-Mailer: git-send-email 2.35.3
MIME-Version: 1.0
Subject: [ovs-dev] [RFC ovn 0/2] Basic eBPF/XDP support in OVN.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

From: Numan Siddique <numans@ovn.org>

XDP program - ovn_xdp.c added in this RFC patch  series implements basic port
security and drops any packet if the port security check fails.
There are still few TODOs in the port security checks. Like
      - Make ovn xdp configurable.
      - Removing the ingress Openflow rules from table 73 and 74 if ovn xdp
        is enabled.
      - Add IPv6 support.
      - Enhance the port security xdp program for ARP/IPv6 ND checks.
    
This patch adds a basic XDP support in OVN and in future we can
leverage eBPF/XDP features.

I'm not sure how much value this RFC patch adds to make use of eBPF/XDP
just for port security.  Submitting as RFC to get some feedback and
start some conversation on eBPF/XDP in OVN.

In order to attach and detach xdp programs,  libxdp [1] and libbpf is used.
    
To test it out locally, please install libxdp-devel and libbpf-devel
and the compile OVN first and then compile ovn_xdp by running "make
bpf".  Copy ovn_xdp.o to either /usr/share/ovn/ or /usr/local/share/ovn/


Numan Siddique (2):
  RFC: Add basic xdp/eBPF support in OVN.
  RFC: ovn-controller: Attach XDP progs to the VIFs of the logical
    ports.

 Makefile.am                 |   6 +-
 bpf/.gitignore              |   5 +
 bpf/automake.mk             |  23 +++
 bpf/ovn_xdp.c               | 156 +++++++++++++++
 configure.ac                |   2 +
 controller/automake.mk      |   4 +-
 controller/binding.c        |  45 +++--
 controller/binding.h        |   7 +
 controller/ovn-controller.c |  79 +++++++-
 controller/xdp.c            | 389 ++++++++++++++++++++++++++++++++++++
 controller/xdp.h            |  41 ++++
 m4/ovn.m4                   |  20 ++
 tests/automake.mk           |   1 +
 13 files changed, 753 insertions(+), 25 deletions(-)
 create mode 100644 bpf/.gitignore
 create mode 100644 bpf/automake.mk
 create mode 100644 bpf/ovn_xdp.c
 create mode 100644 controller/xdp.c
 create mode 100644 controller/xdp.h