This is issue 10 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.
The highlights since last time are
- A new iteration of the Landlock unprivileged sandbox series.
- A new iteration of the socket redirect series.
- ARM eBPF JIT got finally merged.
- Bug fixes and tests.
Now that there is 32bit eBPF JIT support for ARM, will more embedded devices start running eBPF? Marvell routers, wifi devices soon? :) Also worth checking out the Landlock documentation, which is really nice, both rendered and the code comments.
Some interesting topics from the lists
- XDP redirect measurements, gotchas and tracepoints
- Permissions for eBPF objects
- modifying packets in XDP
- What library to use ?
Great slides on DDoS mitigation approaches with code examples for XDP.
Short introductory talk to eBPF.
Entertaining talk introducing BPF and highlighting some of the challenges. One of the more interesting ideas mentioned is the need for a higher level language. This seems like great a opportunity for someone to create a new language that fits the mindset of the users better.
In case you missed it
The 0.10.1 release had a couple nice updates like a more compact monitor output, policy revision number, CIDR based filter, and much more. See the release notes for all the details.
Debugging post using BCC.
Closer look at one of the maps macros in BCC.
Mostly about load averages, but there is one or two mentions of eBPF in there.
Which is a place where people can talk about getting up to speed with setting up an XDP build environment and writing XDP programs.
You can subscribe by sending a email to
firstname.lastname@example.org, with a
message body containing
subscribe xdp-newbies. No subject is needed, but you
can of course add one if you like.
While grav itself is not strictly BPF related, the tools in the repository utilize BCC.
A collection of tools to help visualise process execution.
eBPF is just a gateway drug to writing kernel code.
- John Fastabend, [net-next PATCH 0/9] sockmap UAPI updates and fixes
- [net-next PATCH 1/9] bpf: convert sockmap field attach_bpf_fd2 to type
- [net-next PATCH 2/9] bpf: sockmap, remove STRPARSER map_flags and add multi-map support
- [net-next PATCH 3/9] bpf: sockmap add missing rcuread(un)lock in smap_data_ready
- [net-next PATCH 4/9] bpf: additional sockmap self tests
- [net-next PATCH 5/9] bpf: more SK_SKB selftests
- [net-next PATCH 6/9] bpf: harden sockmap program attach to ensure correct map type
- [net-next PATCH 7/9] bpf: sockmap indicate sock events to listeners
- [net-next PATCH 8/9] bpf: sockmap requires STREAM_PARSER add Kconfig entry
- [net-next PATCH 9/9] bpf: test_maps add sockmap stress test
- Eric Biggers, strparser: initialize all callbacks
- Mickaël Salaün, [PATCH net-next v7 00/10] Landlock LSM: Toward unprivileged sandboxing
- [PATCH net-next v7 01/10] selftest: Enhance kselftest_harness.h with a step mechanism
- [PATCH net-next v7 02/10] bpf: Add eBPF program subtype and is_valid_subtype() verifier
- [PATCH net-next v7 03/10] bpf,landlock: Define an eBPF program type for a Landlock rule
- [PATCH net-next v7 04/10] bpf: Define handle_fs and add a new helper bpf_handle_fs_get_mode()
- [PATCH net-next v7 05/10] landlock: Add LSM hooks related to filesystem
- [PATCH net-next v7 06/10] seccomp,landlock: Handle Landlock events per process hierarchy
- [PATCH net-next v7 07/10] landlock: Add ptrace restrictions
- [PATCH net-next v7 08/10] bpf: Add a Landlock sandbox example
- [PATCH net-next v7 09/10] bpf,landlock: Add tests for Landlock
- [PATCH net-next v7 10/10] landlock: Add user and kernel documentation for Landlock
- William Tu, [PATCH net-next 0/3] gre: add collect_md mode for ERSPAN tunnel
- Jakub Kicinski, [PATCH net-next] selftests/bpf: check the instruction dumps are populated
- Dan Carpenter, [PATCH net-next] bpf: fix oops on allocation failure
- David Ahern, [PATCH v2 net-next 0/8] bpf: Add option to set mark and priority in cgroup sock programs
- [PATCH v2 net-next 1/8] bpf: Add support for recursively running cgroup sock filters
- [PATCH v2 net-next 2/8] bpf: Add mark and priority to sock options that can be set
- [PATCH v2 net-next 3/8] bpf: Allow cgroup sock filters to use get_current_uid_gid helper
- [PATCH v2 net-next 4/8] samples/bpf: Update sock test to allow setting mark and priority
- [PATCH v2 net-next 5/8] samples/bpf: Add detach option to test_cgrp2_sock
- [PATCH v2 net-next 6/8] samples/bpf: Add option to dump socket settings
- [PATCH v2 net-next 7/8] samples/bpf: Add test case for nested socket options
- [PATCH v2 net-next 8/8] samples/bpf: Update cgroup socket examples to use uid gid helper
- Edward Cree, [PATCH v2 net-next 0/5] bpf: verifier fixes
- [PATCH v2 net-next 1/5] selftests/bpf: add a test for a bug in liveness-based pruning
- [PATCH v2 net-next 2/5] bpf/verifier: when pruning a branch, ignore its write marks
- [PATCH v2 net-next 3/5] selftests/bpf: add a test for a pruning bug in the verifier
- [PATCH v2 net-next 4/5] bpf/verifier: remove varlen_map_value_access flag
- [PATCH v2 net-next 5/5] bpf/verifier: document liveness analysis
- Sabrina Dubroca, [PATCH net] tcp: fix refcnt leak with ebpf congestion control
- Yuchung Cheng, [PATCH net] bpf: fix bpf_setsockopts return value
- Jesper Dangaard Brouer, [V3 PATCH net-next 0/5] xdp: more work on xdp tracepoints
- [V3 PATCH net-next 1/5] xdp: remove bpf_warn_invalid_xdp_redirect
- [V3 PATCH net-next 2/5] xdp: make generic xdp redirect use tracepoint trace_xdp_redirect
- [V3 PATCH net-next 3/5] ixgbe: use return codes from ndo_xdp_xmit that are distinguishable
- [V3 PATCH net-next 4/5] xdp: remove net_device names from xdp_redirect tracepoint
- [V3 PATCH net-next 5/5] xdp: get tracepoints xdp_exception and xdp_redirect in sync
- Shubham Bansal, [PATCH net-next] bpf, doc: Add arm32 as arch supporting eBPF JIT
- Daniel Borkmann, [PATCH net-next] bpf: netdev is never null in __dev_map_flush
- Brenden Blanco, [iovisor-dev] [RFC] pktgen: add bpf fill support
- Yonghong Song, [llvm] r311567 - bpf: close the file descriptor after probe inside getHostCPUNameForBPF
- Colin King, [PATCH][net-next] MIPS,bpf: fix missing break in switch statement
- Daniel Borkmann, [PATCH net] bpf: fix map value attribute for hash of maps
- Daniel Borkmann, [PATCH net-next 0/2] Two minor BPF cleanups
- Yonghong Song, http://llvm.org/viewvc/llvm-project?view=revision&revision=311522
- Phil Sutter, [iproute PATCH v2] lib/bpf: Don't leak fp in bpf_find_mntpt()
- Daniel Borkmann, [PATCH net-next] bpf: fix double free from dev_map_notification()
- Daniel Borkmann, [PATCH net] bpf, doc: also add s390x as arch to sysctl description
- Eric Leblond, [PATCH] tools lib bpf: improve warning
- Daniel Borkmann [PATCH net-next v2 0/2] BPF inline improvements
- Martin KaFai La, [PATCH net-next 0/2] bpf: Allow selecting numa node during map creation
- Shubham Bansal, [PATCH net-next v4] arm: eBPF JIT compiler
- David Daney, [PATCH 0/3] MIPS,bpf: Improvements for MIPS eBPF JIT
- Daniel Borkmann, [PATCH net] bpf, doc: improve sysctl knob description
- Dan Carpenter, [PATCH net-next] bpf: fix a return in sockmap_get_from_fd()
- Martin KaFai Lau, [PATCH net-next] bpf: Fix map-in-map checking in the verifier
- Daniel Borkmann, [PATCH net-next 0/2] Two BPF smap related followups
- Jesper Dangaard Brouer, [PATCH 0/2] xdp: adjust xdp redirect tracepoint
- Daniel Borkmann, [PATCH net-next] bpf: no need to nullify ri->map in xdp_do_redirect
- Daniel Borkmann, [PATCH net-next] bpf: fix liveness propagation to parent in stack slots
- John Fastabend, [net-next PATCH] net: rcu lock and preempt disable missing around generic xdp
- John Fastabend, [net-next PATCH 0/2] bpf: sockmap build fixes
- John Fastabend, [net-next PATCH 00/10] BPF: sockmap and sk redirect support
- [net-next PATCH 01/10] net: early init support for strparser
- [net-next PATCH 02/10] net: add sendmsg_locked and sendpage_locked to af_inet6
- [net-next PATCH 03/10] net: fixes for skb_send_sock
- [net-next PATCH 04/10] bpf: introduce new program type for skbs on sockets
- [net-next PATCH 05/10] bpf: export bpf_prog_inc_not_zero
- [net-next PATCH 06/10] bpf: sockmap with sk redirect support
- [net-next PATCH 07/10] bpf: add access to sock fields and pkt data from sk_skb programs
- [net-next PATCH 08/10] bpf: sockmap sample program
- [net-next PATCH 09/10] bpf: selftests: add tests for new __sk_buff members
- [net-next PATCH 10/10] bpf: selftests add sockmap tests
- Jason Wang, [PATCH] tun: thread safe tun_build_skb()
- Daniel Díaz, [PATCH] tools lib bpf: Fix double file test in Makefile
- Edward Cree, [PATCH v3 net-next] bpf/verifier: track liveness for pruning
- Daniel Borkmann, [PATCH net] bpf: fix bpf_trace_printk on 32 bit archs
- Michael Ellerman, [PATCH v2] bpf: Update sysctl documentation to list all supported architectures
- Daniel Borkmann, [net-next PATCH] bpf: devmap: remove unnecessary value size check
Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.
You can sign up for email notifications on https://www.cilium.io/learn/
Happy eBPF hacking! ;)