linux_dsm_epyc7002/tools
Lorenz Bauer 234589012b selftests/bpf: Add cls_redirect classifier
cls_redirect is a TC clsact based replacement for the glb-redirect iptables
module available at [1]. It enables what GitHub calls "second chance"
flows [2], similarly proposed by the Beamer paper [3]. In contrast to
glb-redirect, it also supports migrating UDP flows as long as connected
sockets are used. cls_redirect is in production at Cloudflare, as part of
our own L4 load balancer.

We have modified the encapsulation format slightly from glb-redirect:
glbgue_chained_routing.private_data_type has been repurposed to form a
version field and several flags. Both have been arranged in a way that
a private_data_type value of zero matches the current glb-redirect
behaviour. This means that cls_redirect will understand packets in
glb-redirect format, but not vice versa.

The test suite only covers basic features. For example, cls_redirect will
correctly forward path MTU discovery packets, but this is not exercised.
It is also possible to switch the encapsulation format to GRE on the last
hop, which is also not tested.

There are two major distinctions from glb-redirect: first, cls_redirect
relies on receiving encapsulated packets directly from a router. This is
because we don't have access to the neighbour tables from BPF, yet. See
forward_to_next_hop for details. Second, cls_redirect performs decapsulation
instead of using separate ipip and sit tunnel devices. This
avoids issues with the sit tunnel [4] and makes deploying the classifier
easier: decapsulated packets appear on the same interface, so existing
firewall rules continue to work as expected.

The code base started it's life on v4.19, so there are most likely still
hold overs from old workarounds. In no particular order:

- The function buf_off is required to defeat a clang optimization
  that leads to the verifier rejecting the program due to pointer
  arithmetic in the wrong order.

- The function pkt_parse_ipv6 is force inlined, because it would
  otherwise be rejected due to returning a pointer to stack memory.

- The functions fill_tuple and classify_tcp contain kludges, because
  we've run out of function arguments.

- The logic in general is rather nested, due to verifier restrictions.
  I think this is either because the verifier loses track of constants
  on the stack, or because it can't track enum like variables.

1: https://github.com/github/glb-director/tree/master/src/glb-redirect
2: https://github.com/github/glb-director/blob/master/docs/development/second-chance-design.md
3: https://www.usenix.org/conference/nsdi18/presentation/olteanu
4: https://github.com/github/glb-director/issues/64

Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200424185556.7358-2-lmb@cloudflare.com
2020-04-26 10:00:36 -07:00
..
accounting SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
arch tools arch x86: Sync asm/cpufeatures.h with the kernel sources 2020-04-14 09:08:23 -03:00
bootconfig New tracing features: 2020-04-05 10:36:18 -07:00
bpf tools/bpf/bpftool: Remove duplicate headers 2020-04-26 08:40:01 -07:00
build tools/build: tweak unused value workaround 2020-04-21 11:11:55 -07:00
cgroup .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
debugging
edid tools/edid: Move EDID data sets from Documentation/ 2020-02-19 04:10:32 -07:00
firewire
firmware
gpio This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
hv Tools: hv: Reopen the devices if read() or write() returns errors 2020-01-26 22:10:10 -05:00
iio .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
include bpf: add bpf_ktime_get_boot_ns() 2020-04-26 09:43:05 -07:00
io_uring
kvm/kvm_stat tools/kvm_stat: add command line switch '-c' to log in csv format 2020-03-23 15:44:21 -04:00
laptop change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
leds .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
lib bpf_helpers.h: Add note for building with vmlinux.h or linux/types.h 2020-04-26 08:40:01 -07:00
memory-model .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
nfsd
objtool objtool: Fix off-by-one in symbol_by_offset() 2020-04-22 23:14:46 +02:00
pci tools: PCI: Add 'e' to clear IRQ 2020-04-02 17:57:10 +01:00
pcmcia .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
perf tools headers: Synchronize linux/bits.h with the kernel sources 2020-04-14 11:40:05 -03:00
power pm-graph v5.6 2020-04-20 10:37:02 +02:00
scripts Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
spi SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
testing selftests/bpf: Add cls_redirect classifier 2020-04-26 10:00:36 -07:00
thermal/tmon - Convert tsens configuration DT binding to yaml (Rajeshwari) 2020-04-07 20:00:16 -07:00
time
usb .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
virtio tools/virtio: make asm/barrier.h self contained 2020-04-17 06:05:29 -04:00
vm tools/vm: fix cross-compile build 2020-04-21 11:11:56 -07:00
wmi
Makefile tools: bootconfig: Add bootconfig command 2020-01-13 13:19:39 -05:00