Re: [RFC bpf-next 0/6] Add bpf_xdp_get_xfrm_state() kfunc
From: Antony Antony
Date: Sat Oct 28 2023 - 22:13:57 EST
On Fri, Oct 27, 2023 at 12:46:16 -0600, Daniel Xu wrote:
> This patchset adds a kfunc helper, bpf_xdp_get_xfrm_state(), that wraps
> xfrm_state_lookup(). The intent is to support software RSS (via XDP) for
> the ongoing/upcoming ipsec pcpu work [0]. Recent experiments performed
> on (hopefully) reproducible AWS testbeds indicate that single tunnel
> pcpu ipsec can reach line rate on 100G ENA nics.
>
> More details about that will be presented at netdev next week [1].
>
> Antony did the initial stable bpf helper - I later ported it to unstable
> kfuncs. So for the series, please apply a Co-developed-by for Antony,
> provided he acks and signs off on this.
Thanks Daniel for working on this and bringing it upstreadm.
Co-developed-by: Antony Antony <antony.antony@xxxxxxxxxxx>
Signed-off-by: Antony Antony <antony.antony@xxxxxxxxxxx>
>
> [0]: https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-multi-sa-performance-02
> [1]: https://netdevconf.info/0x17/sessions/workshop/security-workshop.html
>
> Daniel Xu (6):
> bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc
> bpf: selftests: test_tunnel: Use ping -6 over ping6
> bpf: selftests: test_tunnel: Mount bpffs if necessary
> bpf: selftests: test_tunnel: Use vmlinux.h declarations
> bpf: selftests: test_tunnel: Disable CO-RE relocations
> bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()
>
> include/net/xfrm.h | 9 ++
> net/xfrm/Makefile | 1 +
> net/xfrm/xfrm_policy.c | 2 +
> net/xfrm/xfrm_state_bpf.c | 105 ++++++++++++++++++
> .../selftests/bpf/progs/bpf_tracing_net.h | 1 +
> .../selftests/bpf/progs/test_tunnel_kern.c | 95 +++++++++-------
> tools/testing/selftests/bpf/test_tunnel.sh | 43 ++++---
> 7 files changed, 202 insertions(+), 54 deletions(-)
> create mode 100644 net/xfrm/xfrm_state_bpf.c
>
> --
> 2.42.0
>