-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Declare contents of tail call maps in map declarations #25005
Comments
Your outline doesn't account for gems such as |
One option could be declaring POLICY_CALL_MAP as struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
__type(key, uint32_t);
__type(value, uint32_t);
__uint(max_entries, POLICY_PROG_MAP_SIZE);
__array(values, int());
} POLICY_CALL_MAP __section(".maps") = {
.values =
{
[TEMPLATE_HOST_EP_ID] = &handle_lxc_traffic,
},
} (the downside of this approach is that we'll need FWDs for all tail calls anyway) The resulting MapSpec.Contents will have a single |
It's going to take me a long time to fix this, is it okay if I'm assigned to it? |
Hey @Jack-R-lantern, thanks for the interest! This one is going to be a bit tricky even for committers, but of course you're free to work on it. With the proposal I put forward in the OP, the order of tail calls in the prog arrays might change, so #20691 would be a requirement for the tail call map conversion to land. Would you be willing to pick this up instead? |
Sure! thanks. |
Closing the loop on this with #29307. ELFs should be very careful inserting entries into shared prog arrays, as doing so means making code reachable from the rest of the system. Adding an entry to such a global prog array is basically the equivalent of attaching an entrypoint. It should not be done as part of loading an ELF, as the control flow of its various programs is only guaranteed to be sane after all (internal) tail call maps have been populated. As such, inserting these programs should be delegated to the code responsible for loading Endpoints. That code already has knowledge of the endpoint ID, so it can easily insert a prog into policy call map(s). Tracking this in #29331. |
This issue has been automatically marked as stale because it has not |
This issue has not seen any activity since it was marked stale. |
Now #24876 is merged, we no longer need to worry about retaining compatibility with iproute2's ELF loader.
Currently, there are 4 remaining prog arrays that use the legacy
struct bpf_elf_map
:This issue is for:
CILIUM_CALL_*
macros with manually-allocated identifiers. This could be done using a fn->id lookup function that contains a jump table populated using a COUNT macro.ep_tail_call()
to take the above changes into account. Ideally, it would be called using the actual function reference, likeep_tail_call(ctx, tail_handle_ipv6)
instead ofep_tail_call(ctx, CILIUM_CALL_IPV6_FROM_NETDEV)
.pkg/bpf.iproute2Compat()
.struct bpf_elf_map
.The text was updated successfully, but these errors were encountered: