Topics

how to make redirect_map work?

forrest0579@...
 

Hi all,

Recently I try to build a network topology to test redirect_map, the topology is as below and the build script in the attachment(setup_env.sh).


My test case is run `ping` from netns ns1 to 192.168.2.2 in netns ns2.
I load xdp prog to vhost1 and vhost2. What the prog do is just use redirect_map to redirect package from one ingress to another egress(AFAIK, redirect func is working for that, ifx me if I am wrong).

The result is I can't ping from one netns to another. The xdp prog is in the attachment(xdp_ping.py).

Thanks for helping me!

Forrest

Mauricio Vasquez
 


On 5/30/19 4:46 AM, forrest0579@... wrote:
Hi all,

Recently I try to build a network topology to test redirect_map, the topology is as below and the build script in the attachment(setup_env.sh).


My test case is run `ping` from netns ns1 to 192.168.2.2 in netns ns2.
I load xdp prog to vhost1 and vhost2. What the prog do is just use redirect_map to redirect package from one ingress to another egress(AFAIK, redirect func is working for that, ifx me if I am wrong).

The result is I can't ping from one netns to another. The xdp prog is in the attachment(xdp_ping.py).

Thanks for helping me!

Forrest

Hello Forrest,

You're using veth interfaces, in this case you have to attach the program in SKB mode, to do it set flags = 1 << 1.

Mauricio.


forrest0579@...
 

On Thu, May 30, 2019 at 05:40 AM, Mauricio Vasquez wrote:

You're using veth interfaces, in this case you have to attach the program in SKB mode, to do it set flags = 1 << 1.

 

Why should I attach xdp in SKB mode when using veth interface, is there any docs for that? Is it because I use DEVMAP?
In my test, I can attach my xdp program in driver mode using veth and just works as my expect when I just return XDP_DROP or XDP_PASS.
My kerner version is "5.0.0-15"(ubuntu/disco64) which support veth xdp in driver mode. https://github.com/xdp-project/xdp-project/issues/23

And when I test my program in SKB mode, the connection also can't be built.

Toshiaki Makita
 

On 2019/05/31 11:25, forrest0579@... wrote:
On Thu, May 30, 2019 at 05:40 AM, Mauricio Vasquez wrote:
You're using veth interfaces, in this case you have to attach the
program in SKB mode, to do it set flags = 1 << 1.
Why should I attach xdp in SKB mode when using veth interface, is there any docs for that? Is it because I use DEVMAP?
You should not need SKB mode on kernel 5.0.
Do you attach any XDP program on vbox1 and vbox2? If not, redirected packets will be dropped.
Please refer to the slides below for details.
https://netdevconf.org/0x13/session.html?talk-veth-xdp

Toshiaki Makita

In my test, I can attach my xdp program in driver mode using veth and just works as my expect when I just return XDP_DROP or XDP_PASS.
My kerner version is "5.0.0-15"(ubuntu/disco64) which support veth xdp in driver mode. https://github.com/xdp-project/xdp-project/issues/23
And when I test my program in SKB mode, the connection also can't be built.

forrest0579@...
 

On Mon, Jun 3, 2019 at 02:53 AM, Toshiaki Makita wrote:
You should not need SKB mode on kernel 5.0.
Do you attach any XDP program on vbox1 and vbox2? If not, redirected packets will be dropped.
Please refer to the slides below for details.
https://netdevconf.org/0x13/session.html?talk-veth-xdp
Thanks for your material. It is really helpful. 
After attach XDP_PASS program on vbox1 and vbox2, and set the right dst mac address in xdp redirect program, I can now ping success from ns1 to ns2 (192.168.1.2->192.168.2.2) :)




 

Mauricio Vasquez
 


On 5/30/19 9:25 PM, forrest0579@... wrote:
On Thu, May 30, 2019 at 05:40 AM, Mauricio Vasquez wrote:

You're using veth interfaces, in this case you have to attach the program in SKB mode, to do it set flags = 1 << 1.

 

Why should I attach xdp in SKB mode when using veth interface, is there any docs for that? Is it because I use DEVMAP?
In my test, I can attach my xdp program in driver mode using veth and just works as my expect when I just return XDP_DROP or XDP_PASS.
My kerner version is "5.0.0-15"(ubuntu/disco64) which support veth xdp in driver mode. https://github.com/xdp-project/xdp-project/issues/23

And when I test my program in SKB mode, the connection also can't be built.

I am sorry, I was not clear enough. If you attach the program in SKB mode you won't need to attach any XDP program on vbox1 and vbox2, on the other hand, if you use DRV mode you need to have an XDP pass program attached to vbox1 and vbox2 (as indicated by Toshiaki Makita).

Mauricio.


forrest0579@...
 

On Tue, Jun 4, 2019 at 12:36 PM, Mauricio Vasquez wrote:
I am sorry, I was not clear enough. If you attach the program in SKB mode you won't need to attach any XDP program on vbox1 and vbox2, on the other hand, if you use DRV mode you need to have an XDP pass program attached to vbox1 and vbox2 (as indicated by Toshiaki Makita).
I'm sorry, it's my fault. I've re-test use SKB mode and it works now. I think the reason why I failed before was I didn't change the dst MAC address so the kernel drops it.

Forrest