[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [PATCH v9] virtio-net: support inner header hash
On Mon, Feb 27, 2023 at 04:35:09PM +0800, Jason Wang wrote: > On Mon, Feb 27, 2023 at 3:39âPM Michael S. Tsirkin <mst@redhat.com> wrote: > > > > On Mon, Feb 27, 2023 at 12:07:17PM +0800, Jason Wang wrote: > > > Btw, this kind of 1:1 hash features seems not scalable and flexible. > > > It requires an endless extension on bits/fields. Modern NICs allow the > > > user to customize the hash calculation, for virtio-net we can allow to > > > use eBPF program to classify the packets. It seems to be more flexible > > > and scalable and there's almost no maintain burden in the spec (only > > > bytecode is required, no need any fancy features/interactions like > > > maps), easy to be migrated etc. > > > > > > Prototype is also easy, tun/tap had an eBPF classifier for years. > > > > > > Thanks > > > > Yea BPF offload would be great to have. We have been discussing it for > > years though - security issues keep blocking it. *Maybe* it's finally > > going to be there but I'm not going to block this work waiting for BPF > > offload. And easily migrated is what BPF is not. > > Just to make sure we're at the same page. I meant to find a way to > allow the driver/user to fully customize what it wants to > hash/classify. Similar technologies which is based on private solution > has been used by some vendors, which allow user to customize the > classifier[1] > > ePBF looks like a good open-source solution candidate for this (there > could be others). But there could be many kinds of eBPF programs that > could be offloaded. One famous one is XDP which requires many features > other than the bytecode/VM like map access, tailcall. Starting from > such a complicated type is hard. Instead, we can start from a simple > type, that is the eBPF classifier. All it needs is to pass the > bytecode to the device, the device can choose to run it or compile it > to what it can understand for classifying. We don't need maps, tail > calls and other features. Until people start asking exactly for maps because they want state for their classifier? And it makes sense - if you want e.g. load balancing you need stats which needs maps. > We don't need to worry about the security > because of its simplicity: the eBPF program is only in charge of doing > classification, no other interactions with the driver and packet > modification is prohibited. The feature is limited only to the > VM/bytecode abstraction itself. > > What's more, it's a good first step to achieve full eBPF offloading in > the future. > > Thanks > > [1] https://www.intel.com/content/www/us/en/architecture-and-technology/ethernet/dynamic-device-personalization-brief.html Dave seems to have nacked this approach, no? > > > > -- > > MST > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]