Paul Chaignon

@pchaigno

System security, BPF, and programmable networks. Co-maintainer of github-linguist library. He/him.

Joined August 2015

Tweets

You blocked @pchaigno

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @pchaigno

  1. Pinned Tweet
    2 Oct 2019
    Show this thread
    Undo
  2. Feb 1

    And if you're not struggling, come anyway! A lot improved recently.

    Show this thread
    Undo
  3. Feb 1

    If you're struggling with BPF debugging, check out 's talk at FOSDEM 2020!

    Show this thread
    Undo
  4. Retweeted
    Jan 16

    Hiring kernel developers at Juniper Networks. Bonus if you have experience with eBPF and/or XDP. - DM or @ me.

    Undo
  5. Retweeted
    Jan 16

    in a lovely, unintentional turn of events I'm creating the demand I have long wanted to see: I'm hiring (contract) P4 developers. specifically with experience / understanding of eBPF & XDP as a target. remote only. students/academic/researchers preferred!

    Show this thread
    Undo
  6. 10 Dec 2019

    Only 4 new lines in the BPF verifier between the last two Linux releases! Did someone kidnap the BPF contributors??

    Undo
  7. Retweeted
    23 Oct 2019

    I'm looking forward to , where I will have a pleasure to present how Open vSwitch can be extended at runtime using and . The enhancement is developed by my team from and is based on the 's solution (Oko switch).

    Undo
  8. 11 Oct 2019

    GitHub Pages now support BPF bytecode highlighting!

    Undo
  9. 9 Oct 2019

    The code for the BPF interpreter is available at and written in Rosette, an extension of the Racket language. has lots of other references and details.

    Show this thread
    Undo
  10. 9 Oct 2019

    And a third (proof-of-concept) BPF verifier! In this paper, et al. explain how they automatically transform a BPF interpreter into a BPF verifier using symbolic execution. They then use it to find 15 bugs in Linux's JIT compilers!

    Screenshot of the paper "Scaling symbolic evaluation for automated verification of systems code with Serval" by Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang.
    Show this thread
    Undo
  11. 2 Oct 2019

    .'s warning () is still valid: strace shouldn't be used in production! --seccomp-bpf is just a step in the right direction.

    Show this thread
    Undo
  12. 19 Aug 2019

    That's all I have for today (and until I get my hands on a microcode manual)!

    Show this thread
    Undo
  13. 19 Aug 2019

    hashmap_ops() first looks up the map (with hashmap_get_fd()) and the entry matching the key, then applies the hashmap operation. For example, in case of a lookup, it reads the hashmap entry in out_ent_addr with macro __hashmap_read_field().

    This code snippet shows the macro argument OP being compared to HASHMAP_OP_LOOKUP, after what __hashmap_read_field is called and the map lock released.
    Show this thread
    Undo
  14. 19 Aug 2019

    htab_map_lookup_subr_func() defines a few return cases, but most of the code is in hashmap_ops(), a single macro for lots of different hashmap operations.

    Show this thread
    Undo
  15. 19 Aug 2019

    One missing piece of the BPF offload are the helpers. Most of them are inlined to microcode by the JIT compiler, except... the map helpers! The htab_map_lookup_subr_func() macro, for example, implements the hashmap lookups.

    Show this thread
    Undo
  16. 19 Aug 2019

    Looks like the ebpf_reentry() macro above ebpf_call() handles the return from BPF programs. It updates the statistics and applies the action (drop, pass to continue, or transmit on wire).

    Show this thread
    Undo
  17. 19 Aug 2019

    We haven't seen how the BPF program is actually executed though. That happens in the microcode macro ebpf_call() in the NIC's datapath. It computes the jump offset, prepares the BPF stack, and jumps to the loaded program.

    This screenshot shows the 20 lines of microcode used to compute the jump offset, prepare the BPF stack, and jump to the loaded program.
    Show this thread
    Undo
  18. 19 Aug 2019

    That's it! Loading BPF programs is pretty simple since most of the heavy lifting is performed in the kernel, thanks to the Netronome-specific JIT compiler:

    Show this thread
    Undo
  19. 19 Aug 2019

    The MicroC function update_bpf_prog() writes the BPF program to the NIC's code store. Most of the code is there to ensure the write is atomic (since there are multiple threads per Flow Processing Core).

    This code snippet shows the content of function update_bpf_prog. It first signals the threads to go quiescent. It then computes the offset for the write and write the BPF program to the code store in chunks.
    Show this thread
    Undo
  20. 19 Aug 2019

    The BPF program is received by the NIC's control plane (the README is worth a read, to get a grasp of the overall architecture).

    The code snippet shows the content of function process_pf_reconfig. In particular, the update type is compared against NFP_NET_CFG_UPDATE_BPF, and if it matches, nic_local_bpf_reconfig is called.
    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·