[dpdk-dev] [RFC 5/8] pdump: add classic BPF filtering
Stephen Hemminger
stephen at networkplumber.org
Tue Oct 8 06:01:13 CEST 2019
On Tue, 8 Oct 2019 09:17:08 +0530
Jerin Jacob <jerinjacobk at gmail.com> wrote:
> On Tue, 8 Oct, 2019, 3:15 AM Stephen Hemminger, <stephen at networkplumber.org>
> wrote:
>
> > On Tue, 8 Oct 2019 01:03:17 +0530
> > Jerin Jacob <jerinjacobk at gmail.com> wrote:
> >
> > > On Mon, 7 Oct, 2019, 11:03 PM Stephen Hemminger, <
> > stephen at networkplumber.org>
> > > wrote:
> > >
> > > > On Mon, 7 Oct 2019 22:37:43 +0530
> > > > Jerin Jacob <jerinjacobk at gmail.com> wrote:
> > > >
> > > > > On Mon, 7 Oct, 2019, 10:23 PM Stephen Hemminger, <
> > > > stephen at networkplumber.org>
> > > > > wrote:
> > > > >
> > > > > > Simple classic BPF interpreter based off of libpcap.
> > > > > >
> > > > > > This is a copy of the BPF interpreter from libpcap which is
> > > > > > modified to handle mbuf meta data. The existing pcap_offline_filter
> > > > > > does not expose a way to match VLAN tags. Copying the BPF
> > interpreter
> > > > > > also means that rte_pdump still does not have a hard dependency
> > > > > > on libpcap.
> > > > > >
> > > > >
> > > > > Why not use DPDK's librte_bpf library? Rather implementing cBPF
> > > > > interpreter. Currently it supports eBPF which is super set of
> > cBPF.if is
> > > > > this features very specific to cBPF, we clould simply implement
> > cBPF
> > > > using
> > > > > eBPF or implement a new cBPF program type. That scheme could leverage
> > > > > existing JIT infrastructure also. Using JIT will improve filtering
> > > > > performance.
> > > > >
> > > > > >
> > > > > >
> > > >
> > > > Because pcap library generates cBPF in its string to BPF compiler.
> > > > Translating cBPF to eBPF is non trivial.
> > > >
> > >
> > > Then at least cBPF interpreter should move to librte_bpf. We can hook to
> > > JIT if required in future.
> >
> > The opcodes for cBPF and eBPF are not compatiable.
> >
>
> Yeah. I am saying to add new program type in bpf library of cBPF. Obviously
> pdump is not the correct place for cBPF interpreter. Moving to rte_libbpf
> library would help to enable other applications or libraries to use cBPF
> bpf program class.
The problem is you need a version of string to BPF program which is what
the libpcap pcap_compile() function does for you. eBPF as used now is all
about having a full language (CLANG or GCC) and that is not what is needed
here at all. The problem is not the interpreter, the problem is on the
userspace BPF side. Until/unless that is fixed, cBPF is a better solution.
More information about the dev
mailing list