eBPF library support for SONiC applications

It provides a generic library support for filtering the netlink message using eBPF based packet filtering. Linux netlink messaging system is a broadcast domain, every netlink message is broadcasted to all the subscribed appplications regardless whether the application is interested in it or not. In a scaled scenario, more than 1 million message is being broadcasted across applications. This framework helps to filter the unwanted netlink message at the kernel space itself and eliminates the unnecessary passing of message to the user space application and then it get dropped. This improves the system performance and scale the system to higher level.
sonic-net · Dec 18, 2020 · 4554211 · 4554211
1 parent 54681f1
commit 4554211
Show file tree

Hide file tree

Showing 30 changed files with 3,599 additions and 0 deletions.
diff --git a/dockers/docker-base-stretch/Dockerfile.j2 b/dockers/docker-base-stretch/Dockerfile.j2
@@ -111,6 +111,9 @@ RUN apt-get -y purge   \
 {{ install_debian_packages(docker_base_stretch_debs.split(' ')) }}
 {%- endif %}
 
+# Base packages for bpf
+RUN apt-get install -f -y libbpf-dev libelf-dev
+
 # Clean up apt
 # Remove /var/lib/apt/lists/*, could be obsoleted for derived images
 RUN apt-get clean -y                     && \

diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2
@@ -390,6 +390,8 @@ start() {
 {%- if sonic_asic_platform != "mellanox" %}
         --tmpfs /tmp \
 {%- endif %}
+        -v /sys/kernel/debug:/sys/kernel/debug \
+        --ulimit memlock=67108864:67108864 \
         --tmpfs /var/tmp \
         --env "NAMESPACE_ID"="$DEV" \
         --env "NAMESPACE_PREFIX"="$NAMESPACE_PREFIX" \

diff --git a/rules/libebpf.dep b/rules/libebpf.dep
@@ -0,0 +1,10 @@
+
+SPATH       := $($(LIBEBPF)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/libebpf.mk rules/libebpf.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(LIBEBPF)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(LIBEBPF)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(LIBEBPF)_DEP_FILES   := $(DEP_FILES)
+
diff --git a/rules/libebpf.mk b/rules/libebpf.mk
@@ -0,0 +1,13 @@
+# BPF package
+BPF_VERSION := 1.0.0
+LIBEBPF = libebpf_$(BPF_VERSION)_$(CONFIGURED_ARCH).deb
+$(LIBEBPF)_SRC_PATH = $(SRC_PATH)/libebpf
+$(LIBEBPF)_DEPENDS += $(LINUX_HEADERS) $(LINUX_COMMON_HEADERS)
+SONIC_MAKE_DEBS += $(LIBEBPF)
+
+LIBEBPF_DBG = libebpf-dbgsym_$(BPF_VERSION)_$(CONFIGURED_ARCH).deb
+$(LIBEBPF_DBG)_DEPENDS += $(LIBEBPF)
+$(eval $(call add_derived_package,$(LIBEBPF),$(LIBEBPF_DBG)))
+
+export LIBEBPF LIBEBPF_DBG BPF_VERSION
+
diff --git a/sonic-slave-stretch/Dockerfile.j2 b/sonic-slave-stretch/Dockerfile.j2
@@ -291,6 +291,11 @@ RUN apt-get update && apt-get install -y \
 # For iptables
         libnetfilter-conntrack-dev \
         libnftnl-dev \
+# eBPF tools		
+        clang-6.0 \
+        llvm-6.0 \
+        libbpf-dev \
+        libelf-dev \
 # For SAI3.7
         protobuf-compiler \
         libprotobuf-dev \

diff --git a/src/libebpf/Makefile b/src/libebpf/Makefile
@@ -0,0 +1,14 @@
+SHELL = /bin/bash
+.ONESHELL:
+.SHELLFLAGS += -e
+
+MAIN_TARGET := libebpf_$(EBPF_VERSION)_$(CONFIGURED_ARCH).deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+
+	pushd src
+	[ ! -f ./autogen.sh ] || ./autogen.sh 
+	dpkg-buildpackage -us -uc -b -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $(LIBEBPF_DBG) $* $(DEST)/
diff --git a/src/libebpf/src/Makefile.am b/src/libebpf/src/Makefile.am
@@ -0,0 +1,3 @@
+ACLOCAL_AMFLAGS = -I m4
+
+SUBDIRS = libutil samples/ebpf-kern-mod  samples/ebpf-user-mod
diff --git a/src/libebpf/src/autogen.sh b/src/libebpf/src/autogen.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+libtoolize --force --copy &&
+autoreconf --force --install -I m4
+rm -Rf autom4te.cache
+
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		ACLOCAL_AMFLAGS = -I m4

		SUBDIRS = libutil samples/ebpf-kern-mod samples/ebpf-user-mod