Development discussion of WireGuard
 help / color / mirror / Atom feed
* Attaching XDP program into wireguard interface
@ 2020-04-22 13:05 Adhipati Blambangan
  2020-04-24 20:55 ` Jason A. Donenfeld
  0 siblings, 1 reply; 7+ messages in thread
From: Adhipati Blambangan @ 2020-04-22 13:05 UTC (permalink / raw)
  To: wireguard

Hello everyone,

I have tried to search for the same question in this mailing-list archive, but got no result.

I have wireguard connection in all of my machines running in production, and it works pretty well. Currently, we are thinking of doing some packet-classification using XDP as an early hook in the RX path.

A simple XDP program has been successfully attached to our "standard" interface. But, when I tried to attach the same XDP program to my wg0 interface, the logic in the XDP program did not kicked in. Is this something expected? if yes, is there any plan to support this use-case? I would like to help. But if not, could you guys shed me some light on what went wrong?

Thanks!

Adhipati B.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-22 13:05 Attaching XDP program into wireguard interface Adhipati Blambangan
@ 2020-04-24 20:55 ` Jason A. Donenfeld
  2020-04-24 21:01   ` Jason A. Donenfeld
  0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2020-04-24 20:55 UTC (permalink / raw)
  To: Adhipati Blambangan; +Cc: WireGuard mailing list

Could you send some sample code for us to debug this with?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-24 20:55 ` Jason A. Donenfeld
@ 2020-04-24 21:01   ` Jason A. Donenfeld
  2020-04-24 21:06     ` Jason A. Donenfeld
  2020-04-24 21:59     ` Toke Høiland-Jørgensen
  0 siblings, 2 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2020-04-24 21:01 UTC (permalink / raw)
  To: Adhipati Blambangan; +Cc: WireGuard mailing list

Oh. Set XDP_FLAGS_SKB_MODE.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-24 21:01   ` Jason A. Donenfeld
@ 2020-04-24 21:06     ` Jason A. Donenfeld
  2020-04-24 21:59     ` Toke Høiland-Jørgensen
  1 sibling, 0 replies; 7+ messages in thread
From: Jason A. Donenfeld @ 2020-04-24 21:06 UTC (permalink / raw)
  To: Adhipati Blambangan; +Cc: WireGuard mailing list

Actually, try clearing XDP_FLAGS_DRV_MODE and XDP_FLAGS_HW_MODE.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-24 21:01   ` Jason A. Donenfeld
  2020-04-24 21:06     ` Jason A. Donenfeld
@ 2020-04-24 21:59     ` Toke Høiland-Jørgensen
  2020-04-24 22:02       ` Jason A. Donenfeld
  1 sibling, 1 reply; 7+ messages in thread
From: Toke Høiland-Jørgensen @ 2020-04-24 21:59 UTC (permalink / raw)
  To: Jason A. Donenfeld, Adhipati Blambangan; +Cc: WireGuard mailing list

"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> Oh. Set XDP_FLAGS_SKB_MODE.

Yeah, you'd definitely need to run this in skb/generic XDP mode.

-Toke

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-24 21:59     ` Toke Høiland-Jørgensen
@ 2020-04-24 22:02       ` Jason A. Donenfeld
  2020-04-24 22:25         ` Toke Høiland-Jørgensen
  0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2020-04-24 22:02 UTC (permalink / raw)
  To: Toke Høiland-Jørgensen
  Cc: Adhipati Blambangan, WireGuard mailing list

On Fri, Apr 24, 2020 at 3:59 PM Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>
> "Jason A. Donenfeld" <Jason@zx2c4.com> writes:
>
> > Oh. Set XDP_FLAGS_SKB_MODE.
>
> Yeah, you'd definitely need to run this in skb/generic XDP mode.
>
> -Toke

It looks like the code in question is likely:

        bpf_op = bpf_chk = ops->ndo_bpf;
       if (!bpf_op && (flags & (XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE))) {
               NL_SET_ERR_MSG(extack, "underlying driver does not
support XDP in native mode");
               return -EOPNOTSUPP;
       }
       if (!bpf_op || (flags & XDP_FLAGS_SKB_MODE))
               bpf_op = generic_xdp_install;
       if (bpf_op == bpf_chk)
               bpf_chk = generic_xdp_install;

It looks like bpf_op == generic_xdp_install is the case when neither
XDP_FLAGS_DRV_MODE or XDP_FLAGS_HW_MODE is set. Setting
XDP_FLAGS_SKB_MODE explicitly will force it on all drivers, but not
specifying it will fallback to it if the driver doesn't have hardware
support, which is WireGuard's case, unless either XDP_FLAGS_DRV_MODE
or XDP_FLAGS_HW_MODE are set.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Attaching XDP program into wireguard interface
  2020-04-24 22:02       ` Jason A. Donenfeld
@ 2020-04-24 22:25         ` Toke Høiland-Jørgensen
  0 siblings, 0 replies; 7+ messages in thread
From: Toke Høiland-Jørgensen @ 2020-04-24 22:25 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: Adhipati Blambangan, WireGuard mailing list

"Jason A. Donenfeld" <Jason@zx2c4.com> writes:

> On Fri, Apr 24, 2020 at 3:59 PM Toke Høiland-Jørgensen <toke@toke.dk> wrote:
>>
>> "Jason A. Donenfeld" <Jason@zx2c4.com> writes:
>>
>> > Oh. Set XDP_FLAGS_SKB_MODE.
>>
>> Yeah, you'd definitely need to run this in skb/generic XDP mode.
>>
>> -Toke
>
> It looks like the code in question is likely:
>
>         bpf_op = bpf_chk = ops->ndo_bpf;
>        if (!bpf_op && (flags & (XDP_FLAGS_DRV_MODE | XDP_FLAGS_HW_MODE))) {
>                NL_SET_ERR_MSG(extack, "underlying driver does not
> support XDP in native mode");
>                return -EOPNOTSUPP;
>        }
>        if (!bpf_op || (flags & XDP_FLAGS_SKB_MODE))
>                bpf_op = generic_xdp_install;
>        if (bpf_op == bpf_chk)
>                bpf_chk = generic_xdp_install;
>
> It looks like bpf_op == generic_xdp_install is the case when neither
> XDP_FLAGS_DRV_MODE or XDP_FLAGS_HW_MODE is set. Setting
> XDP_FLAGS_SKB_MODE explicitly will force it on all drivers, but not
> specifying it will fallback to it if the driver doesn't have hardware
> support, which is WireGuard's case, unless either XDP_FLAGS_DRV_MODE
> or XDP_FLAGS_HW_MODE are set.

Yup, that sounds right :)

-Toke

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-04-24 22:25 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-22 13:05 Attaching XDP program into wireguard interface Adhipati Blambangan
2020-04-24 20:55 ` Jason A. Donenfeld
2020-04-24 21:01   ` Jason A. Donenfeld
2020-04-24 21:06     ` Jason A. Donenfeld
2020-04-24 21:59     ` Toke Høiland-Jørgensen
2020-04-24 22:02       ` Jason A. Donenfeld
2020-04-24 22:25         ` Toke Høiland-Jørgensen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).