rtnetlink dump filtering in the kernel
play

Rtnetlink dump filtering in the kernel Roopa Prabhu Proceedings of - PowerPoint PPT Presentation

Nov 10, 2023 •116 likes •367 views

Rtnetlink dump filtering in the kernel Roopa Prabhu Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada Agenda Introduction to kernel rtnetlink dumps Applications using rtnetlink dumps Scalability problems with

  1. Rtnetlink dump filtering in the kernel Roopa Prabhu Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  2. Agenda ● Introduction to kernel rtnetlink dumps ● Applications using rtnetlink dumps ● Scalability problems with rtnetlink dumps ● Better Dump filtering in the kernel Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  3. Introduction ● Rtnetlink is a Netlink protocol bus: provides an UAPI to manage Linux kernel networking object ○ database ● Networking subsystems register handlers to manage kernel networking objects (with family and message type) ● Rtnetlink dump handlers: registered with the RTM_GET* message type ○ and invoked when the netlink reqest contains RTM_GET* message ○ with the NLM_F_DUMP flag Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  4. Applications: short lived Mostly poll for kernel database changes: ● Connect to kernel ● Get kernel database dump ● Process messages ● Filter msgs ● Throw away all the data until next poll interval Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  5. Applications: short lived example Look for stale neighbour entries every 30s $ip neigh show | grep ‘stale’ Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  6. Applications: Long running apps/daemons Build userspace kernel object database caches: ● Connect to kernel ● Get kernel database dump ● Listen to kernel netlink notifications to keep the cache current ● App traverses the cached objects to do work Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  7. Applications: Long running daemons example Userspace routing daemons: ● Push routes to kernel ● Build cache of what the kernel has ● React to notifications from the kernel Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  8. Current Problems: ● In most cases there is no way to query the kernel via RTnetlink based UAPI on a few attributes ● short lived apps suffer: ○ Its a problem if the neigh database is 16k entries with only a few stale entries $ip neigh show | grep ‘stale’ Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  9. example # the below iproute command execution requires requesting the # kernel for a full dump of all interface details in the system and # then looking for eth0 in users-space ip addr show dev eth0 # showing all bridge interfaces in the system requires iproute2 to get a # dump of details of all interfaces in the system and # filter bridge devices in user-space ip link show type bridge Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  10. Existing Solutions for efficient dumps: 1. BPF socket filters for netlink messages 2. Use netlink mmap to speed up large dumps 3. IFLA_EXT_MASK (u32) netlink attribute which takes a few predefined mask values to filter dumps 4. Filter dump responses with attributes in the dump request messages This talk is about 4) and in the context of short lived applications Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  11. Guidelines for dump request messages: ● RTM_GET* messages with and without NLM_F_DUMP flags must follow the same message format as the RTM_NEW* message (This is not a new requirement, but is required for consistent dump filtering across subsystems) Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  12. userspace kernel Res: all fdb entries RTM_GETNEIGH , PF _BRIDGE Req: RTM_GETNEIGH (NLM_F_DUMP) netlink App1 handler socket (filter on NDA_VLAN) Req: RTM_GETNEIGH (NLM_F_DUMP, with NDA_VLAN = 10) App2 Res: fdb entries in vlan 10 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  13. Next few slides walks through a few such messages Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  14. Link dumps: RTM_GETLINK ● Link dumps can be filtered on any fields in the incoming 'struct ifinfomsg', like interface flags ● They can also be filtered based on the supported netlink attributes. e. g., ● IFLA_GROUP to filter interfaces belonging to a group ● IFLA_MASTER to filter interfaces with a specific master interface ● IFLA_LINK to filter logical interfaces with this interface as the link Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  15. example ip link show type bridge ip link show group test ip link show master br0 ip link show link eth1 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  16. Fdb dumps: RTM_GETNEIGH ● Filter fdb dumps on any fields in the incoming 'struct ndmsg' ● Bridge and vxlan FDB dumps can be filtered on any of the below fields in 'struct ndmsg': ● ndm_state – state of the fdb entry (NUD_PERMANENT, NUD_REACHABLE and others) ● ndm_type - type of entry (static or local) ● ndm_ifindex – interface the fdb entry points to Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  17. Fdb dumps: RTM_GETNEIGH (Contd) They can also be filtered based on any of the NDA_* netlink neigh attributes: bridge fdb entries can be filtered based on the below attributes: ● NDA_DST - filter by dst ● NDA_LLADDR - filter by addr ● NDA_VLAN - filter by vlan ● NDA_MASTER - filter by master interface index vxlan fdb entries can be filtered based on the below attributes: ● NDA_DST - filter by dst ● NDA_LLADDR - filter by addr ● NDA_PORT - filter by remote port ● NDA_VNI filter - by vni id for vxlan fdb ● NDA_IFINDEX - filter by remote port ifindex for vxlan fdb Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  18. example # iproute2 example showing bridge fdb dump # show fdb entries with vlan 10 filtering bridge fdb show vlan 10 # show fdb for bridge br0 # show vxlan fdb entries with vni 100 bridge fdb show br br0 bridge fdb show vni 100 # show fdb for bridge port eth0 # show vxlan fdb entries with remote port 4783 bridge fdb show brport eth0 bridge fdb show port 4783 # show static fdb entries bridge fdb show static # show fdb entries with dst 172.16.20.103 bridge fdb show dst 172.16.20.103 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  19. Neigh table dumps: RTM_GETNEIGH Neighbour table entries can be filtered by fields in 'struct ndmsg': ● ndm_state (NUD_PERMANENT, NUD_REACHABLE and others) ● ndb_type - neighbour entry type (static or local) ● ndm_ifindex – neighbour entry pointing to an interface Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  20. example # iproute2 examples filtering neigh dumps # show reachable neigh entries ip neigh show nud reachable # show permanent neigh entries ip neigh show nud permanent # show stale neigh entries ip neigh show nud stale # show neigh entries for dev eth0 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada ip neigh show dev eth0

  21. address dumps Address table entries can be filtered on fields in 'struct ifaddrmsg': ● ifa_flags - filter addresses with address flags ● ifa_scope - filter address with given scope ● ifa_index - dump addresses belonging to an interface They can also be filtered based on the below netlink attributes: ● IFA_LABEL - filter addresses with a given label ● IFLA_FLAGS - filter on flags like permanent, dynamic, secondary, primary Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  22. Example # show addresses belonging to an interface ip addr show dev eth0 Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

  23. Numbers: address filtering in kernel with 2000 interfaces No filtering in kernel: 2000 interfaces with ip Filtering in kernel: 2000 interfaces with ip addresses (orig) addresses # time ip addr show dev eth0 # time ip addr show dev eth0 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 1000 link/ether 00:01:00:00:01:cc brd ff:ff:ff:ff:ff:ff link/ether 00:01:00:00:01:cc brd ff:ff:ff:ff:ff:ff inet 192.168.0.15/24 brd 192.168.0.255 scope global inet 192.168.0.15/24 brd 192.168.0.255 scope global eth0 eth0 valid_lft forever preferred_lft forever valid_lft forever preferred_lft forever real 0m0.060s real 0m0.028s user 0m0.040s user 0m0.004s sys 0m0.020s Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada sys 0m0.020s

  24. Futures ● Post patches ● Explore other ways to filter dumps in the kernel Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

rtnl mutex, the network stack big kernel lock Red Hat Florian Westphal 4096R/AD5FF600

rtnl mutex, the network stack big kernel lock Red Hat Florian Westphal 4096R/AD5FF600

rtnl mutex, the network stack big kernel lock Red Hat Florian Westphal 4096R/AD5FF600 fw@strlen.de 80A9 20C5 B203 E069 F586 AE9F 7091 A8D9 AD5F F600 netdev 2.2, Seoul, November 2017 Agenda 1 Intro: What is rtnetlink? 2 rtnetlink then and now

641 views • 17 slides
Kernel Crash Logging and Core Dump Cong Wang &lt;amwang@redhat.com&gt; Software Engineer Red Hat

Kernel Crash Logging and Core Dump Cong Wang &lt;amwang@redhat.com&gt; Software Engineer Red Hat

Kernel Crash Logging and Core Dump Cong Wang &lt;amwang@redhat.com&gt; Software Engineer Red Hat 1 Why we need these? We want to diagnose kernel failures Kernel logging messages may be lost in user-space We want to gather as much useful

666 views • 14 slides
Unifying network filtering rules for the Linux kernel with eBPF Quentin Monnet

Unifying network filtering rules for the Linux kernel with eBPF Quentin Monnet

FOSDEM19 Brussels, 2019-02-02 Unifying network filtering rules for the Linux kernel with eBPF Quentin Monnet &lt;quentin.monnet@netronome.com&gt; @qeole Outline Several network filtering mechanisms in the Linux kernel What are they,

415 views • 22 slides
Dump Stoppers Program Development 2002: Funding from USFS to clean up dump sites on

Dump Stoppers Program Development 2002: Funding from USFS to clean up dump sites on

Dump Stoppers Program Development 2002: Funding from USFS to clean up dump sites on forestlands Developed partnerships: County, Federal, State, non- profits, private forestland owners, and more The Dump Stoppers Program began

562 views • 28 slides
XPOC XPOC external post-operational checks for the LHC beam dump for the LHC beam dump LBDS

XPOC XPOC external post-operational checks for the LHC beam dump for the LHC beam dump LBDS

XPOC XPOC external post-operational checks for the LHC beam dump for the LHC beam dump LBDS Audit, 28/ 01/ 2008 Gallet Eric, AB/ BT 1 XPOC: Goal C G l Verify that the dump was correctly V if th t th d tl executed Launch

114 views • 10 slides
Beam Dump &amp; Cooling Beam Dump &amp; Cooling Introduction (Location, Access &amp; Driving

Beam Dump &amp; Cooling Beam Dump &amp; Cooling Introduction (Location, Access &amp; Driving

Beam Dump &amp; Cooling Beam Dump &amp; Cooling Introduction (Location, Access &amp; Driving Parameter) Components (Graphite, Iron, Aluminium) Cooling System Layout Installation NBI 2003 - Beam Dump and Cooling 11/ 11/ 2003 1 1 Present

410 views • 20 slides
1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

1 An Filtering System that Monitors Document Search Engines Can Help, But Not Enough!

Filtering May be Your Work Adaptive Information Filtering Using Bayesian Graphical Models Yi Zhang Baskin School of Engineering University of California Santa Cruz yiz@soe.ucsc.edu 1 2 Filtering May be Your Work Filtering May be Your Work

415 views • 8 slides
Trigger Synchronisation Unit LHC Beam Dump System LHC Beam Dump System Technical Audit Topics

Trigger Synchronisation Unit LHC Beam Dump System LHC Beam Dump System Technical Audit Topics

Trigger Synchronisation Unit LHC Beam Dump System LHC Beam Dump System Technical Audit Topics Topics Requirements Architecture Architecture Timing unit Dump request client interface D li i f Dump request management

400 views • 14 slides
A Photon Dump Study for ILC Undulator Positron Source Yu Morikawa 2017/9/20 1 ILC Beam Dumps

A Photon Dump Study for ILC Undulator Positron Source Yu Morikawa 2017/9/20 1 ILC Beam Dumps

A Photon Dump Study for ILC Undulator Positron Source Yu Morikawa 2017/9/20 1 ILC Beam Dumps : Electron Beam Dump : Positron Beam Dump Photon Dump Total 15 Beam dumps in ILC . Beam dumps are classified into 5 types. Type Power Purpose

587 views • 32 slides
Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to

Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to

Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to pixels further from 16 the center of the window 1 2 1 This kernel is an approximation of a Gaussian function Gaussian filtering versus mean

405 views • 11 slides
MLXSW UPDATES August 2020 PLANNED FEATURES 2 DEVICE METRICS Netdev-centric metrics (rtnetlink

MLXSW UPDATES August 2020 PLANNED FEATURES 2 DEVICE METRICS Netdev-centric metrics (rtnetlink

MLXSW UPDATES August 2020 PLANNED FEATURES 2 DEVICE METRICS Netdev-centric metrics (rtnetlink / ethtool) Not configurable (e.g., enable / disable, histograms) Hardware-specific metrics, not mapped to software objects HW VTEP Algorithmic

598 views • 33 slides
Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering Rate limits Protection against traffic analysis Padding Routing control Lecture 9 Page 1 CS 236 Online Source Address Filtering

366 views • 11 slides
CS490W: What is Collaborative Filtering? Collaborative Filtering (CF): Making recommendation

CS490W: What is Collaborative Filtering? Collaborative Filtering (CF): Making recommendation

CS490W: What is Collaborative Filtering? Collaborative Filtering (CF): Making recommendation decisions for a specific CS-490W user based on the judgments of users with similar tastes Collaborative Filtering Luo Si Train_User 1 1 5 3 3 4

628 views • 6 slides
Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014

Memory Forensics of a Java Card Dump jean-louis.lanet@inria.fr Cardis 2014 Paris Nov. 5-7 2014 Episode 2 Previous episode: how to obtain a dump Hypothesis Find the code Reverse it Conclusion Memory Dump At that time we

719 views • 15 slides
Experimental study of electrostatic residual ion dump A.A.Panasenkov, E.D.Dlougach NRC

Experimental study of electrostatic residual ion dump A.A.Panasenkov, E.D.Dlougach NRC

National Research Centre KURCHATOV INSTITUTE Experimental study of electrostatic residual ion dump A.A.Panasenkov, E.D.Dlougach NRC Kurchatov Institute, Moscow, Russia NIBS-2018 1 Reference design of the Residual Ion Dump (RID) for the

326 views • 15 slides
PRESENTATION ON FAILURE OF BELLY DUMP TRAILERS Peter Airey 1 ABSTRACT: There are some forensic

PRESENTATION ON FAILURE OF BELLY DUMP TRAILERS Peter Airey 1 ABSTRACT: There are some forensic

PRESENTATION ON FAILURE OF BELLY DUMP TRAILERS Peter Airey 1 ABSTRACT: There are some forensic investigations which cross the boundaries between Mechanical and Structural Engineering. The investigation of the failures within Belly Dump

340 views • 4 slides
CSCI 1112 Data Structures &amp; Algorithms I Mona Diab Lecture 1 RoadMap Class Logistics

CSCI 1112 Data Structures &amp; Algorithms I Mona Diab Lecture 1 RoadMap Class Logistics

CSCI 1112 Data Structures &amp; Algorithms I Mona Diab Lecture 1 RoadMap Class Logistics Brief Introduction Survey Class Logistics Instructor: Mona Diab Lab TA: Tianyi Song Grading TA: Hanan AlDarmaki Class: TH

568 views • 31 slides
Data Structures and Java Collections Framework 1 Algorithms and Data Structures

Data Structures and Java Collections Framework 1 Algorithms and Data Structures

IS311 Data Structures and Java Collections Framework 1 Algorithms and Data Structures Algorithm Sequence of steps used to solve a problem Operates on collection of data Each element of collection - &gt; data structure

793 views • 54 slides
Week 6 - Friday What did we talk about last time? Loop examples do-while loops I

Week 6 - Friday What did we talk about last time? Loop examples do-while loops I

Week 6 - Friday What did we talk about last time? Loop examples do-while loops I said that the do-while loop is rarely used, but certain kinds of input are well suited to a do-while For example, what about a program that gives a

729 views • 26 slides
WITH C++ Prof. Amr Goneid AUC Part 10. Pointers &amp; Dynamic Data Structures Prof. amr

WITH C++ Prof. Amr Goneid AUC Part 10. Pointers &amp; Dynamic Data Structures Prof. amr

CSCE 110 PROGRAMMING FUNDAMENTALS WITH C++ Prof. Amr Goneid AUC Part 10. Pointers &amp; Dynamic Data Structures Prof. amr Goneid, AUC 1 Pointers &amp; Dynamic Data Structures Prof. amr Goneid, AUC 2 Pointers &amp; Dynamic Data

1.26k views • 39 slides
Direct Numerical Simulation of Pressure Fluctuations Induced by Supersonic Turbulent Boundary

Direct Numerical Simulation of Pressure Fluctuations Induced by Supersonic Turbulent Boundary

Direct Numerical Simulation of Pressure Fluctuations Induced by Supersonic Turbulent Boundary Layers PI: Lian Duan --- NSF PRAC ACI-1640865- --- Missouri U. of S&amp;T Project Members: Chao Zhang, Junji Huang, Ryan Krattiger NCSA POC: Dr.

603 views • 35 slides
Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security

Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security

Coverage-Guided Fuzzing Dynamic Static Smart Coverage Structure Algorithms Security Testing Andreas Zeller, Saarland University Our Goal We want to cause the program to fail We have seen random (unstructured) input

868 views • 69 slides
Configuration 2 What system configuration does zsim simulate? Type and number of cores,

Configuration 2 What system configuration does zsim simulate? Type and number of cores,

MICRO 2015 Waikiki, Hawaii 5 Dec 2015 ZS IM T UTORIAL Configuration and Stats Configuration 2 What system configuration does zsim simulate? Type and number of cores, caches, how different components are connected to each other.

560 views • 22 slides
SAFE OBJECT SHARING UNDER THE JVM 1 Topics Visibility Publication &amp; Escape

SAFE OBJECT SHARING UNDER THE JVM 1 Topics Visibility Publication &amp; Escape

SAFE OBJECT SHARING UNDER THE JVM 1 Topics Visibility Publication &amp; Escape Thread Confinement Immutability (revisited) Design Options Safe Publication / Sharing Objects Safely 2 Visibility of Reads &amp; Writes

445 views • 20 slides

More recommend