Hi Jamal,
We really appreciate the introduction. It looks pretty cool =).
Regards, -- Lourival Vieira Neto
On Wed, Jan 29, 2020 at 12:54 PM Jamal Hadi Salim jhs@mojatatu.com wrote:
I'll spend a bit more time summarizing this talk because it will no doubt generate passions in (some) people and curiosity in others.
If you thought that eBPF is the only approach to extend the kernel, think again. In this talk, Lourival Vieira Neto et al describe a framework, Lunatik, which facilitates dynamically injecting Lua scripts into the kernel to extend kernel mechanisms.
Some context:
what is Lua?
- It is a scripting language that is very widely deployed as an
embededable _extension language_. Game programming in particular predominantly uses it for extensions. Openwrt uses it as config language and there are many others listed here: https://en.wikipedia.org/wiki/List_of_applications_using_Lua. Wide deployment means it has seen exposure in many environments. The _extension 2) It is a tiny language (the whole language is about 200KB) that is designed to be easy to embed - in particular in C 3) It is considered relatively secure. Despite the wide deployment over many years there have been very few CVEs reported against Lua in more than a decade. See: https://www.cvedetails.com/product/28436/LUA-LUA.html?vendor_id=13641).
Why scripting? Extending kernels with scripts is nothing new. But: The simple answer to this question is to compare a compiler driven approach (think C) vs a scripting language(think Bash or python). The former requires a complex development environment (think eBPF needing latest clang, gcc, correct libbpf, etc) while the later provides faster turnarounds to development and deployment (you need a kernel with the Lua VM but not much after that in terms of tooling) and of course, a much simpler and stable ABI. Script based execution is often not as performant but often more usable relatively speaking.
And back to the talk... The Lunatik framework has rich coverage across different kernel hooks and has been used to script different Linux subsystems such as CPUfreq, Sockets, RCU, ULP, Netfilter, and now XDP. Lunatik has been around for a while, just not upstreamed - and to give a little sample space of its deployment: NFLua is currently deployed _in production in over 20 million home routers_!
You dont want a rogue script kill your kernel and system. Lourival et al will discuss the challenges and approach taken in allowing script injection into the kernel while still maintaining correctness, isolation, and liveness. They will then describe NFLua and introduce XPDLua, which allows users to extend XDP with Lua. XDPLua aims to replace NFLua. The authors will detail how Lua can be used within XDP: as a standalone to directly invoke currently exposed eBPF helpers or alternatively have eBPF programs invoke Lua scripts.
And last but not least: Lourival et al will provide comparison performance data for packet filtering between with Iptables, eBPF, NFLua and XDPLua.
sounds exciting? Come to the conference, listen, learn, and engage the speakers!
More info: https://netdevconf.info/0x14/session.html?talk-linux-network-scripting-with-...
Reminder, registration is now open and early bird is still in effect. https://netdevconf.info/0x14/registration.html
cheers, jamal