ebpf icon indicating copy to clipboard operation
ebpf copied to clipboard

Published 20 hours ago verified publisher icon cilium

Add support for netkit device

Open hemanthmalla opened this issue 1 year ago • 5 comments

Adds support for attaching bpf programs to netkit devices using bpf links.

Generated code is currently based on 6.7-rc4

TODO :

  • [x] Decide on a way to create netkit device in CI for testing.
  • [x] Re-gen code once 6.7 is out and validate for any changes.

hemanthmalla avatar Dec 06 '23 15:12 hemanthmalla

Thanks for this great work!

chent1996 avatar Dec 27 '23 02:12 chent1996

@hemanthmalla happy new year! Given 6.7 is officially released now, could you move forward with the PR? Thanks! :)

borkmann avatar Jan 08 '24 14:01 borkmann

@lmb I remember reading somewhere, that cilium/ebpf prefers not to have libs like vishvananda/netlink as dependencies. Do you have thoughts on how we should go about creating a netkit device in CI for tests? Is shelling out to do something like ip link add nk0 type netkit the best option here ?

hemanthmalla avatar Jan 26 '24 20:01 hemanthmalla

@lmb I remember reading somewhere, that cilium/ebpf prefers not to have libs like vishvananda/netlink as dependencies. Do you have thoughts on how we should go about creating a netkit device in CI for tests? Is shelling out to do something like ip link add nk0 type netkit the best option here ?

Interesting, I never realized we attached to ifindex 1 in the XDP tests, but that obviously won't work for netkit. I think newer versions of Go automatically prune testing-only module dependencies, so technically there wouldn't be any downside to importing e.g. jsimonetti/rtnetlink. (e.g. vendoring the lib doesn't automatically pull in quicktest either, afaik)

I think we can soften our stance on importing a netlink lib for testing if this is the case. Not sure if we can do the same for examples. I think shelling out to ip would be strictly worse, since we'll need to deal with the various failure cases then. Using a library would make it easier to degrade gracefully (e.g. skip a test if creating a netkit dev returns EINVAL etc.) without resorting to screen scraping ip. I'd like to avoid that.

ti-mo avatar Jan 29 '24 16:01 ti-mo

Test failures seem flaky to me. Previously only ci / Run tests on previous stable Go failed, re-triggered the tests on same commit changes and now Run tests on pre-built kernel (6.7) seems to fail. How do I re-trigger just the failed test ?

hemanthmalla avatar Feb 28 '24 19:02 hemanthmalla