x/net/bpf: consider adding bpftest package #16055
Comments
|
Having a Go implementation of the BPF VM sounds great to have in x/net/bpf directly, IMO. It only grows the package API by one function (or is there more?), and it's a natural fit. The package docs will need to be tweaked to point out that this is not how you access the in-kernel filtering functionality, but that's simple enough. My standard concern when implementing something like that is having a good interoperability test, to make sure the VM matches the reference implementation's behavior. Do you have such a test already? I'm -0.5 on having automagic use of the VM on platforms that don't support BPF. To me, the packet filtering performance is part of the BPF contract when you attach a program to a socket, so having it sometimes be fast and sometimes be much slower is an undesirably surprising behavior. If a caller wants that behavior, I'd rather have it be explicit in their code, where they do a RecvFrom followed by running the Go VM themselves. |
This is exactly my intent as well. Provide the capability to do so, but only if configured manually. |
|
As far as interoperability tests, I do not have any yet. I agree that it is a good idea though and will look into doing so with Linux in the near future. |
|
As of today, my You can see the code at: https://github.com/mdlayher/bpftest. Should I submit a CL for review, or are there any further concerns? |
|
Very cool, thanks so much for doing that work! I'd suggest making the interop tests Skip() themselves when not run on linux, that'll make them always run with Go's own test infrastructure, without having to do manual tweaking of tags. Sending a CL sounds great to me. I don't have commit rights to x/net, but I'll gladly throw in a review/+1. |
|
@danderson CL submitted: https://go-review.googlesource.com/#/c/24136/. I tried to rearrange the files a bit to make it more concise, but left the tests broken up because the files are fairly lengthy. Let me know if I'm on the right track. |
|
CL https://golang.org/cl/24136 mentions this issue. |
When working with
x/net/bpfrecently, I realized it would be quite useful to be able to load my BPF programs into an emulated virtual machine, and test them against a variety of byte slice inputs.I created this package to fulfill that need: https://github.com/mdlayher/bpftest.
While it is useful on its own for testing, I have two questions:
x/net/bpf? Perhaps even in a package likex/net/bpf/bpftest, akin tonet/http/httptest.This package is useful for testing the logic of complicated BPF programs, without needing to actually create a socket and load the BPF program directly. This also allows testing of BPF programs on platforms like Windows, which do not have BPF.
For example, on Windows, there is no BPF. But, perhaps this package could be used as a pseudo-BPF guarded by build tags, so that additional filtering logic would not need to be written when running a program that makes use of a BPF filter on Windows. Of course, this approach would not be nearly as fast as using the in-kernel VM on Linux or BSD, but it would help reduce code duplication.
I'd love to hear your thoughts on these ideas, @danderson and @mikioh . Ultimately, it may just be better for the package to continue existing on my personal GitHub, but I figured I would at least get a discussion around it started. Thanks for your time!
The text was updated successfully, but these errors were encountered: