Development discussion of WireGuard
 help / color / Atom feed
* Attaching XDP program into wireguard interface
@ 2020-04-22 13:05 adhipati
  2020-04-24 20:55 ` Jason
  0 siblings, 1 reply; 7+ messages in thread
From: adhipati @ 2020-04-22 13:05 UTC (permalink / raw)


Hello everyone,

I have tried to search for the same question in this mailing-list archive, but got no result.

I have wireguard connection in all of my machines running in production, and it works pretty well. Currently, we are thinking of doing some packet-classification using XDP as an early hook in the RX path.

A simple XDP program has been successfully attached to our "standard" interface. But, when I tried to attach the same XDP program to my wg0 interface, the logic in the XDP program did not kicked in. Is this something expected? if yes, is there any plan to support this use-case? I would like to help. But if not, could you guys shed me some light on what went wrong?

Thanks!

Adhipati B.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-22 13:05 Attaching XDP program into wireguard interface adhipati
@ 2020-04-24 20:55 ` Jason
  2020-04-24 21:01   ` Jason
  0 siblings, 1 reply; 7+ messages in thread
From: Jason @ 2020-04-24 20:55 UTC (permalink / raw)


Could you send some sample code for us to debug this with?


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-24 20:55 ` Jason
@ 2020-04-24 21:01   ` Jason
  2020-04-24 21:06     ` Jason
  2020-04-24 21:59     ` 
  0 siblings, 2 replies; 7+ messages in thread
From: Jason @ 2020-04-24 21:01 UTC (permalink / raw)


Oh. Set XDP_FLAGS_SKB_MODE.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-24 21:01   ` Jason
@ 2020-04-24 21:06     ` Jason
  2020-04-24 21:59     ` 
  1 sibling, 0 replies; 7+ messages in thread
From: Jason @ 2020-04-24 21:06 UTC (permalink / raw)


Actually, try clearing XDP_FLAGS_DRV_MODE and XDP_FLAGS_HW_MODE.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-24 21:01   ` Jason
  2020-04-24 21:06     ` Jason
@ 2020-04-24 21:59     ` 
  2020-04-24 22:02       ` Jason
  1 sibling, 1 reply; 7+ messages in thread
From:  @ 2020-04-24 21:59 UTC (permalink / raw)


"Jason A. Donenfeld" <Jason at zx2c4.com> writes:

> Oh. Set XDP_FLAGS_SKB_MODE.

Yeah, you'd definitely need to run this in skb/generic XDP mode.

-Toke


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-24 21:59     ` 
@ 2020-04-24 22:02       ` Jason
  2020-04-24 22:25         ` 
  0 siblings, 1 reply; 7+ messages in thread
From: Jason @ 2020-04-24 22:02 UTC (permalink / raw)


On Fri, Apr 24, 2020 at 3:59 PM Toke H?iland-J?rgensen <toke at toke.dk> wrote:
>
> "Jason A. Donenfeld" <Jason at zx2c4.com> writes:
>
> > Oh. Set XDP_FLAGS_SKB_MODE.
>
> Yeah, you'd definitely need to run this in skb/generic XDP mode.
>
> -Toke

It looks like the code in question is likely:

        bpf_op = bpf_chk = ops->ndo_bpf;
       if (!bpf_op && (flags & (XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE))) {
               NL_SET_ERR_MSG(extack, "underlying driver does not
support XDP in native mode");
               return -EOPNOTSUPP;
       }
       if (!bpf_op || (flags & XDP_FLAGS_SKB_MODE))
               bpf_op = generic_xdp_install;
       if (bpf_op == bpf_chk)
               bpf_chk = generic_xdp_install;

It looks like bpf_op == generic_xdp_install is the case when neither
XDP_FLAGS_DRV_MODE or XDP_FLAGS_HW_MODE is set. Setting
XDP_FLAGS_SKB_MODE explicitly will force it on all drivers, but not
specifying it will fallback to it if the driver doesn't have hardware
support, which is WireGuard's case, unless either XDP_FLAGS_DRV_MODE
or XDP_FLAGS_HW_MODE are set.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Attaching XDP program into wireguard interface
  2020-04-24 22:02       ` Jason
@ 2020-04-24 22:25         ` 
  0 siblings, 0 replies; 7+ messages in thread
From:  @ 2020-04-24 22:25 UTC (permalink / raw)


"Jason A. Donenfeld" <Jason at zx2c4.com> writes:

> On Fri, Apr 24, 2020 at 3:59 PM Toke H?iland-J?rgensen <toke at toke.dk> wrote:
>>
>> "Jason A. Donenfeld" <Jason at zx2c4.com> writes:
>>
>> > Oh. Set XDP_FLAGS_SKB_MODE.
>>
>> Yeah, you'd definitely need to run this in skb/generic XDP mode.
>>
>> -Toke
>
> It looks like the code in question is likely:
>
>         bpf_op = bpf_chk = ops->ndo_bpf;
>        if (!bpf_op && (flags & (XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE))) {
>                NL_SET_ERR_MSG(extack, "underlying driver does not
> support XDP in native mode");
>                return -EOPNOTSUPP;
>        }
>        if (!bpf_op || (flags & XDP_FLAGS_SKB_MODE))
>                bpf_op = generic_xdp_install;
>        if (bpf_op == bpf_chk)
>                bpf_chk = generic_xdp_install;
>
> It looks like bpf_op == generic_xdp_install is the case when neither
> XDP_FLAGS_DRV_MODE or XDP_FLAGS_HW_MODE is set. Setting
> XDP_FLAGS_SKB_MODE explicitly will force it on all drivers, but not
> specifying it will fallback to it if the driver doesn't have hardware
> support, which is WireGuard's case, unless either XDP_FLAGS_DRV_MODE
> or XDP_FLAGS_HW_MODE are set.

Yup, that sounds right :)

-Toke


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-22 13:05 Attaching XDP program into wireguard interface adhipati
2020-04-24 20:55 ` Jason
2020-04-24 21:01   ` Jason
2020-04-24 21:06     ` Jason
2020-04-24 21:59     ` 
2020-04-24 22:02       ` Jason
2020-04-24 22:25         ` 

Development discussion of WireGuard

Archives are clonable: git clone --mirror http://inbox.vuxu.org/wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git