$30 off During Our Annual Pro Sale. View Details »

eBPF Implementation for FreeBSD

Yutaro Hayakawa
June 06, 2018
Technology
0
290

eBPF Implementation for FreeBSD

Talk at: BSDCan 2018

This talk introduces a work-in-progress implementation of the eBPF(Extended Berkeley Packet Filter) for FreeBSD. First we show an overview of Linux's eBPF system structure and how we implemented that on FreeBSD. After that, we demonstrate how it is useful for the FreeBSD with some concrete use cases such as fast and flexible packet processing with eBPF-enabled VALE/mSwitch software switch with some performance number.

Yutaro Hayakawa

June 06, 2018
Tweet

More Decks by Yutaro Hayakawa

See All by Yutaro Hayakawa
eBPFは何が嬉しいのか?
yutarohayakawa
3
1.5k
BufferbloatとLinux
yutarohayakawa
4
800
Prism: Proxies without the Pain
yutarohayakawa
0
180
ipftrace: A Linux Function Tracer for Network People
yutarohayakawa
4
5.4k
きっと明日から役立つeBPFのしくみ
yutarohayakawa
9
2.7k
eBPFをFreeBSDにポーティングしようとしている話
yutarohayakawa
4
2.7k

Other Decks in Technology

See All in Technology
Podmanで実現する手軽なCI/CD環境
na0x2c6
1
350
スタートアップにおける、チーム拡大を見据えたコンポーネント分割の取り組み
rynsuke
1
140
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
2
3.9k
エンジニア志望学生が"ブログの会社"に入社してみて思ったこと〜新卒目線のブログ戦略〜
oshanqq
1
470
IAMAccessAnalyzer_Security-JAWS
koheiawa
PRO
1
270
実装がすべてではない、開発者の周りから考える Web プロダクトセキュリティ
oldbigbuddha
0
170
分散型SNS最新状況
kojira
0
170
フロントエンドリアーキテクチャリングと開発チームのスキルトランスファーにおける9ヶ月間の奮闘記
wakamsha
5
3.7k
Exploring Postgres VACUUM with the VACUUM Simulator
keiko713
5
530
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
120
これからの EnterPrise GenAI / EnterPrise GenAI
cyberagentdevelopers
PRO
0
270
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.1k

Featured

See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
Practical Orchestrator
shlominoach
179
9.4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Statistics for Hackers
jakevdp
787
220k
Optimizing for Happiness
mojombo
368
68k
Bash Introduction
62gerente
603
210k
Clear Off the Table
cherdarchuk
81
300k
In The Pink: A Labor of Love
frogandcode
135
21k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Become a Pro
speakerdeck
PRO
8
3.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.8k
Stop Working from a Prison Cell
hatefulcrawdad
265
18k

Transcript

  1. Yutaro Hayakawa
    Mail: [email protected]
    Twitter: @YutaroHayakawa
    1
    eBPF Implementation for FreeBSD

    View Slide

  2. Agenda
    1. Linux eBPF the Basic
    2. eBPF implementation for FreeBSD
    3. Usecase: VALE-BPF
    Yutaro Hayakawa | eBPF implementation for FreeBSD 2

    View Slide

  3. Agenda
    1. Linux eBPF the Basic
    2. eBPF implementation for FreeBSD
    3. VALE-BPF
    Yutaro Hayakawa | eBPF implementation for FreeBSD 3

    View Slide

  4. What’s eBPF?
    Extended general perpose BPF virtual machine ISA
    - Closer to modern CPU ISA (64bit registers * 11, 64bit wide instructions...)
    - C calling convention and LLVM backend
    - Call instruction
    - Maps (in-kernel key-value store shared with user space program)
    - Write data to tracing buffer
    - etc…
    More performance optimization (JIT, static code analysis)
    bpf(2) for loading program, creating maps, manipulating maps ...
    Yutaro Hayakawa | eBPF implementation for FreeBSD 4

    View Slide

  5. Use cases?

    View Slide

  6. Use cases: Dynamic tracing
    Use eBPF as a backend of dynamic tracing (like DTrace)
    Yutaro Hayakawa | eBPF implementation for FreeBSD 6
    https://github.com/iovisor/bcc
    http://www.brendangregg.com/blog/2015-05-15/ebpf-one-small-step.html

    View Slide

  7. Use cases: XDP (eXpress Data Path)
    No “kernel bypass” (e.g. DPDK,
    netmap)
    Hook and process packet right after
    reception inside the driver by eBPF
    - DDos mitigation: Droplet
    - Load balancing: Katran
    - IDS/IPS backend: Surikata
    Hardware offloading
    - Netronome Agilio
    Yutaro Hayakawa | eBPF implementation for FreeBSD 7
    https://www.iovisor.org/technology/xdp

    View Slide

  8. Tooling?

    View Slide

  9. eBPF Tooling
    Linux kernel provides only very premitive API to users
    - bpf(2)
    - Program loader (e.g. Netlink, setsockopt, ioctl... )
    - Some useful libraries (but very primitive)
    Need tooling for better utilization
    Yutaro Hayakawa | eBPF implementation for FreeBSD 9

    View Slide

  10. Tooling: BCC (BPF Compiler Collection)
    Compiler driver and useful libraries for eBPF
    - Deal with restricted C, call clang/llvm
    - Compiler frontend for various languages (C, P4)
    - ELF parsing, Map libraries
    - Language bindings (Python, C++, Lua…)
    Yutaro Hayakawa | eBPF implementation for FreeBSD 10
    Source: https://github.com/iovisor/bcc

    View Slide

  11. View Slide

  12. Embedded C

    View Slide

  13. Embedded C
    Interact with Map

    View Slide

  14. Embedded C
    Interact with Map
    Output

    View Slide

  15. Tooling: PLY
    Tracing frontend which is heavily
    inspired by DTrace
    dtrace -n syscall:::entry'{@syscalls[probefunc] = count();}'
    Yutaro Hayakawa | eBPF implementation for FreeBSD 15
    Source: https://github.com/iovisor/ply

    View Slide

  16. Tooling: PLY
    Tracing frontend which is heavily
    inspired by DTrace
    dtrace -n syscall:::entry'{@syscalls[probefunc] = count();}'
    Yutaro Hayakawa | eBPF implementation for FreeBSD 16
    Source: https://github.com/iovisor/ply

    View Slide

  17. Tooling: bpfilter
    iptables (Linux’s ipfw or pf) which uses XDP as a backend
    Transparently accerelates existing iptables
    RFC patch: https://www.mail-archive.com/[email protected]/msg217095.html
    Yutaro Hayakawa | eBPF implementation for FreeBSD 17
    https://www.netronome.com/blog/bpf-ebpf-xdp-and-bpfilter-what-are-these-things-and-what-do-they-mean-enterprise/

    View Slide

  18. Conclusion for this section
    Recent Linux implements a lot of interesting features using eBPF
    - Dynamic tracing
    - Very fast packet processing framework
    - etc ...
    The community also introduces a lot of interesting tools
    - BCC, PLY, bpfilter
    More information
    - https://qmonnet.github.io/whirl-offload/2016/09/01/dive-into-bpf/
    - Really useful collection of links
    Yutaro Hayakawa | eBPF implementation for FreeBSD 18

    View Slide

  19. Agenda
    1. Linux eBPF the Basic
    2. eBPF implementation for FreeBSD
    3. VALE-BPF
    Yutaro Hayakawa | eBPF implementation for FreeBSD 19

    View Slide

  20. generic-ebpf
    Generalized multi-platform eBPF implementation
    - Currently supports FreeBSD user/kernel, Linux user/kernel and macOS user
    - About 200 lines of glue code for each platform
    - Shares most of the code (easy to test in userspace)
    - Interpreter and JIT compiler for x86-64 based on ubpf
    - Maps which uses tommyds as a backend
    - Verifier is not yet implemented...
    Yutaro Hayakawa | eBPF implementation for FreeBSD 20
    Source: https://github.com/YutaroHayakawa/generic-ebpf

    View Slide

  21. Current status
    /dev/ebpf + ioctl(2) interface (Linux bpf(2))
    - load program, create and manipulate maps, run simple test
    Interpreter and JIT compiler for x86-64
    - Most of the instructions are implemented
    - atomic operations are missing
    Array, Hashtable maps
    Yutaro Hayakawa | eBPF implementation for FreeBSD 21

    View Slide

  22. Hashtable map benchmark
    Yutaro Hayakawa | eBPF implementation for FreeBSD 22
    For more details: https://github.com/YutaroHayakawa/generic-ebpf/tree/master/benchmark

    View Slide

  23. Why is FreeBSD case so slow?
    Experiment
    - Simply returns immediately from ioctl
    handler
    - See latency of ioctl
    Yutaro Hayakawa | eBPF implementation for FreeBSD 23
    ioctl(2) ioctl(2)
    struct cdevsw struct file_operations
    ebpf_dev_ioctl
    ioctl handler ioctl handler
    Map operations
    (update/delete/lookup)
    FreeBSD Linux

    View Slide

  24. Why is FreeBSD case so slow?
    Experiment
    - Simply returns immediately from ioctl
    handler
    - See latency of ioctl
    About 85% of the difference comes from ioctl
    Need more precise analysis...
    Yutaro Hayakawa | eBPF implementation for FreeBSD 24
    ioctl(2) ioctl(2)
    struct cdevsw struct file_operations
    ebpf_dev_ioctl
    ioctl handler ioctl handler
    Map operations
    (update/delete/lookup)
    FreeBSD Linux

    View Slide

  25. Agenda
    1. Linux eBPF the Basic
    2. eBPF implementation for FreeBSD
    3. VALE-BPF
    Yutaro Hayakawa | eBPF implementation for FreeBSD 25

    View Slide

  26. VALE (Virtual Local Ethernet)
    Fast and modular software switch (a.k.a mSwitch)
    Yutaro Hayakawa | eBPF implementation for FreeBSD 26
    Kernel
    User
    netmap API netmap API
    Modular Lookup
    Logic
    uint32_t
    mylookup(struct nm_bdg_fwd *ft, uint8_t *dst_ring,
    struct netmap_vp_adapter *na, void *private_data)
    {
    struct ip *iph;
    iph = (struct ip)(buf + ETHER_HDR_LEN);
    if (iph - ft->ft_buf > ft->ft_len) {
    return NM_BDG_DROP;
    }
    return ntohl(iph->ip_dst) & 0xff;
    }
    mymodule.ko
    VALE

    View Slide

  27. VALE-BPF
    VALE module which enhances eBPF programmability to VALE
    Yutaro Hayakawa | eBPF implementation for FreeBSD 27
    uint32_t
    vale_bpf_lookup(struct vale_bpf_md *md)
    {
    struct ip iph;
    iph = (struct ip)(md->buf + ETHER_HDR_LEN);
    if (iph > md->buf_end) {
    return VALE_BPF_DROP;
    }
    return ntohl(iph->ip_dst) & 0xff;
    }
    Source: https://github.com/YutaroHayakawa/vale-bpf
    Kernel
    User
    netmap API netmap API
    vale-bpf.ko
    VALE
    eBPF lookup logic

    View Slide

  28. Performance evaluation
    Forward packets between two virtual ports with different logic
    - Learning bridge
    - No logic
    Yutaro Hayakawa | eBPF implementation for FreeBSD 28
    Learning Bridge [Mpps] No Logic [Mpps]
    VALE 17.74 27.71
    VALE-BPF 8.52 23.66
    For more details: https://docs.google.com/document/d/1rdrHIeap8gYRh3es4yCnuWkuA6zDDot4UDFgEyiuG3E/edit?usp=sharing

    View Slide

  29. Demo

    View Slide

  30. Miscellaneous ideas
    Networking
    - ng_ebpf: Netgraph module for eBPF
    - XDP emulator: Compatibility with XDP program
    - Hardware offloading
    Security
    - Systemcall filtering like seccomp
    Yutaro Hayakawa | eBPF implementation for FreeBSD 30

    View Slide

  31. Summary
    1. eBPF is a hot technology among Linux community and they introduce
    a lot of interesting features and useful tools around that
    2. eBPF implementation for FreeBSD is going on
    3. VALE-BPF, a extension module which enhances eBPF
    programmability to VALE switch improves the programmability of
    VALE switch
    Yutaro Hayakawa | eBPF implementation for FreeBSD 31

    View Slide

  32. Questions?

    View Slide