Skip to content

Refactor program management #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Aug 20, 2024
Merged

Conversation

qdeslandes
Copy link
Contributor

Update the bf_flavor_ops to simplify program loading and attachment to the BPF hooks. TC and XDP now use BPF link and BPF_LINK_UPDATE to attach and update an existing program. For BPF_NETFILTER, the program update logic is handle in attach_prog to, but slightly differently as it doesn't support BPF_LINK_UPDATE.

The generation and program management logic in codegen.c and program.c has been simplified to provide to main paths:

  • bf_codegen_up(): create the bf_program objects for a given bf_codegen, generate the BPF bytecode and attach the programs to the system.
  • bf_codegen_update(): update the bytecode of existing BPF programs, and attach them to the system, replacing the out-of-date version of the same program.

This updated logic makes the daemon's workflow simpler and easier to work with. Both ipt and nft front-end have been updated.

Matchers check whether the current packet contains the protocols they
match against, before any further action. The IP matchers used the wrong
check: instead of comparing a register against an immediate, they used
an immediate value as a register, to compare against another register.
bf_bpf_xdp_link_update() allows to easily update a BPF link used for an
XDP program.
Add helpers to create a TC link and a update a link.
_bf_program_load_counters_map

_bf_program_load_counters_map() would receive a pointer to a file
descriptor that would be updated once the map has been created. The
function has been modfied to directly update the program given as an
arugment.
bf_codegen_up() will be used to create the bf_programs for a bf_codegen,
generate the bytecode, and attach the BPF programs to the system in one
step. This is usually how the codegens are used, to it make sense to
provide a function to do all this steps in one call.
Add support for the new attach_prog flavor callback to load and attach
the BPF programs in one step. This callback also support atomic
replacement of an existing program. Both TC and XDP support
BPF_LINK_UPDATE, so they use it to replace an existing program.
BPF_NETFILTER doesn't yet support it, to it replaces a BPF program in
two steps: attach the new program with priority 1, detach the existing
program, attach the new program (again) with priority new_prog->ifindex,
detach the temporary attachment. This ensure the same program always has
the same priority.
The new bf_codegen API provides two functions:
- bf_codegen_up(): from a new codegen, create the bf_program objects,
  generate the BPF programs, and load them to the kernel.
- bf_codegen_update(): update the bf_program of an existing codegen:
  regenerate the BPF bytecode and update the program attached to the
  kernel.

This new API simplifies codegens and programs management by allowing
front-ends to perform a single call to handle all the generation/loading
operations. Also, update of existing programs is now simpler, and the
codebase has been simplified.
@qdeslandes qdeslandes merged commit 719a890 into facebook:main Aug 20, 2024
13 checks passed
@qdeslandes qdeslandes deleted the link_update branch August 20, 2024 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants