This is issue 11 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.
The highlights since last time are
- New helper functions
- Initial BPF assembly support in LLVM.
- LRU map lookup improvements.
Linux 4.13 was released last week and net-next closed around the same time. The
[GIT] Networking pull request includes a couple of BPF fixes and so do
the two after the merge window opened up as well. See the dates for all the
LLVM 5.0.0 was released. For BPF there is some fixes like improved code generation for certain instructions which can prevent your program from being rejected. Also the latest release of iproute2 4.13 is worth checking out for the map in map support and the improved error messages for tailcalls.
Great slides covering the what, why and how on BPF and XDP. Also has an interesting graph on the number of contributions to the BPF subsystem from v4.1 - v4.13+.
Updated Cilium slides presented at Open Source Summit North America. Includes new performance numbers around XDP for DDoS mitigation, kernel proxy (kproxy), and socket redirect.
While primarily on Kubernetes and IPv6, this shows how Cilium fits into that picture.
Covering the use cases for BPF with a emphasis on tracing. Several programs shown that utilize BCC. The slide on possible improvements to BCC is interesting.
Great talk on the potential of BPF for application level security and more.
Nice introduction to BPF with a focus on some of the history of IO Visor and related things.
Panel from some of the NIC vendors talking about smartNICs. BPF is mentioned as a option for the dataplane and offloading.
In case you missed it
Mostly related to Cilium, but there is some introductory information on BPF and XDP.
Introduction to BPF focusing mostly on Cilium. The post also covers parts of the bpf(2) syscall with code from the v4.11 kernel.
A look at the progress made in gobpf and how far it's come. Also has some kprobe examples in there.
Introductory post using code from the 4.7 kernel. While some of it is dated, most of it should still apply today, for example the sample code.
Nice post going through some code from the kernel, LLVM, BCC programs and the code generation.
Interesting post on tracing experiences.
Mind blown by eBPF performance! A simple ingress firewall I wrote using XDP processes 11 million packets/s. Time for more optimizations!
- Ingo Molnar, [PATCH] tools/include: Sync kernel ABI headers with tooling headers
- Yonghong Song, [llvm] r313055 - bpf: Add BPF AsmParser support in LLVM
- Yonghong Song, [llvm] r312978 - bpf: add " ll" in the LD_IMM64 asmstring
- Jesper Dangaard Brouer, [V3 PATCH net] xdp: implement xdp_redirect_map for generic XDP
- Rafael Buchbinder, [PATCH] extensions: libxt_bpf: fix missing __NR_bpf declaration
- Paul Chaignon, [iovisor-dev] [PATCH RFC v2] bpf: allow map helpers access to map values directly
- John Fastabend, [net PATCH 0/3] Fixes for XDP/BPF
- Eric Dumazet, [PATCH net] tcp: fix a request socket leak
- Yonghong Song, [llvm] r312833 - bpf: proper print imm64 expression in inst printer
- Daniel Borkmann, [PATCH net] bpf: make error reporting in bpf_warn_invalid_xdp_action more clear
- Yonghong Song, [llvm] r312840 - bpf: fix test failures due to previous bpf change of assembly code syntax
- Thomas Meyer, [PATCH] selftests/bpf: Make bpf_util work on uniprocessor systems
- Jesper Dangaard Brouer, [V2 PATCH net-next 0/2] Fixes for XDP_REDIRECT map
- Daniel Borkmann, [PATCH net] bpf: don't select potentially stale ri->map from buggy xdp progs
- Yonghong Song, [PATCH net] perf/bpf: fix a clang compilation issue
- Jiong Wang, [PATCH RFC] Add BPF AsmParser support in LLVM
- Naresh Kamboju, [PATCH v2 1/2] selftests: bpf: test_kmod.sh: check if module is present in the path before insert
- Jason Wang, [PATCH net-next 1/2] tun: reserve extra headroom only when XDP is set
- Eric Dumazet, [PATCH net-next] bpf: fix numa_node validation
- Daniel Borkmann, [PATCH iproute2 master 0/2] Two minor BPF updates
- Joel Fernandes, [PATCH RFC v3 0/4] Add cross-compilation support to eBPF samples
- Yonghong Song, [PATCH v2 net-next 0/4] bpf: add two helpers to read perf event enabled/running time
- [PATCH v2 net-next 1/4] bpf: add helper bpf_perf_read_counter_time for perf event array map
- [PATCH v2 net-next 2/4] bpf: add a test case to read enabled/running time for perf array
- [PATCH v2 net-next 3/4] bpf: add helper bpf_perf_prog_read_time
- [PATCH v2 net-next 4/4] bpf: add a test case for helper bpf_perf_prog_read_time
- John Fastabend, [net-next PATCH] bpf: sockmap update/simplify memory accounting scheme
- Sandipan Das, [PATCH 1/1] bpf: take advantage of stack_depth tracking in powerpc JIT
- William Tu, [iovisor-dev] [PATCH RFC] bpf: add connection tracking helper functions
- David Ahern, [PATCH net-next] bpf: Collapse offset checks in sock_filter_is_valid_access
- Martin KaFai La, [PATCH net-next 0/3] bpf: Improve LRU map lookup performance
- David Ahern, [PATCH v3 net-next 0/7] bpf: Add option to set mark and priority in cgroup sock programs
- [PATCH v3 net-next 1/7] bpf: Add mark and priority to sock options that can be set
- [PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use get_current_uid_gid helper
- [PATCH v3 net-next 3/7] samples/bpf: Update sock test to allow setting mark and priority
- [PATCH v3 net-next 4/7] samples/bpf: Add detach option to test_cgrp2_sock
- [PATCH v3 net-next 5/7] samples/bpf: Add option to dump socket settings
- [PATCH v3 net-next 6/7] samples/bpf: Update cgrp2 socket tests
- [PATCH v3 net-next 7/7] samples/bpf: Update cgroup socket examples to use uid gid helper
- Chenbo Feng, [PATCH 0/3] Security: add lsm hooks for checking permissions on eBPF objects
- Eric Dumazet, [PATCH net-next] x86: bpf_jit: small optimization in emit_bpf_tail_call()
- Tariq Toukan, [PATCH net-next] samples/bpf: Fix compilation issue in redirect dummy program
- Colin Ian King, [PATCH][net-next][V3] bpf: test_maps: fix typos, "conenct" and "listeen"
- Phil Sutter, [iproute PATCH] lib/bpf: Fix bytecode-file parsing
- Jesper Dangaard Brouer, [PATCH net-next 0/7] XDP redirect tracepoints
- [PATCH net-next 1/7] xdp: remove redundant argument to trace_xdp_redirect
- [PATCH net-next 2/7] xdp: tracepoint xdp_redirect also need a map argument
- [PATCH net-next 3/7] xdp: make xdp tracepoints report bpf prog id instead of prog_tag
- [PATCH net-next 4/7] xdp: separate xdp_redirect tracepoint in error case
- [PATCH net-next 5/7] xdp: separate xdp_redirect tracepoint in map case
- [PATCH net-next 6/7] samples/bpf: xdp_redirect load XDP dummy prog on TX device
- [PATCH net-next 7/7] samples/bpf: xdp_monitor tool based on tracepoints
Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.
You can sign up for email notifications on https://www.cilium.io/learn/
Happy eBPF hacking! ;)