[NetDev-People] 0x14: Moonshot talk, Linux Kernel Network Scripting with Lua

Lourival Vieira Neto lourival.neto at ring-0.io
Wed Jan 29 21:33:51 UTC 2020


Hi Jamal,

We really appreciate the introduction. It looks pretty cool =).

Regards,
--
Lourival Vieira Neto

On Wed, Jan 29, 2020 at 12:54 PM Jamal Hadi Salim <jhs at mojatatu.com> wrote:
>
>
>
> I'll spend a bit more time summarizing this talk because it will no
> doubt generate passions in (some) people and curiosity in others.
>
> If you thought that eBPF is the only approach to extend the kernel,
> think again. In this talk, Lourival Vieira Neto et al describe a
> framework, Lunatik, which facilitates dynamically injecting Lua scripts
> into the kernel to extend kernel mechanisms.
>
> Some context:
>
> what is Lua?
> 1) It is a scripting language that is very widely deployed as an
> embededable _extension language_. Game programming in particular
> predominantly uses it for extensions. Openwrt uses it as config
> language and there are many others listed here:
> https://en.wikipedia.org/wiki/List_of_applications_using_Lua.
> Wide deployment means it has seen exposure in many environments.
> The _extension
> 2) It is a tiny language (the whole language is about 200KB) that is
> designed to be easy to embed - in particular in C
> 3) It is considered relatively secure. Despite the wide deployment
> over many years there have been very few CVEs reported against Lua in
> more than a decade. See:
> https://www.cvedetails.com/product/28436/LUA-LUA.html?vendor_id=13641).
>
> Why scripting?
> Extending kernels with scripts is nothing new. But:
> The simple answer to this question is to compare a compiler driven
> approach (think C) vs a scripting language(think Bash or python).
> The former requires a complex development environment (think eBPF
> needing latest clang, gcc, correct libbpf, etc) while the later
> provides faster turnarounds to development and deployment (you need
> a kernel with the Lua VM but not much after that in terms of tooling)
> and of course, a much simpler and stable ABI. Script based execution
> is often not as performant but often more usable relatively speaking.
>
> And back to the talk...
> The Lunatik framework has rich coverage across different kernel hooks
> and has been used to script different Linux subsystems such as CPUfreq,
> Sockets, RCU, ULP, Netfilter, and now XDP. Lunatik has been around for a
> while, just not upstreamed - and to give a little sample space of its
> deployment: NFLua is currently deployed _in production in over 20
> million home routers_!
>
> You dont want a rogue script kill your kernel and system.
> Lourival et al will discuss the challenges and approach taken in
> allowing script injection into the kernel while still maintaining
> correctness, isolation, and liveness.
> They will then describe NFLua and introduce XPDLua, which allows
> users to extend XDP with Lua. XDPLua aims to replace NFLua.
> The authors will detail how Lua can be used within XDP:
> as a standalone to directly invoke currently exposed eBPF helpers
> or alternatively have eBPF programs invoke Lua scripts.
>
> And last but not least: Lourival et al will provide comparison
> performance data  for packet filtering between with Iptables, eBPF,
> NFLua and XDPLua.
>
> sounds exciting? Come to the conference, listen, learn, and engage
> the speakers!
>
> More info:
> https://netdevconf.info/0x14/session.html?talk-linux-network-scripting-with-lua
>
> Reminder, registration is now open and early bird is still in effect.
> https://netdevconf.info/0x14/registration.html
>
> cheers,
> jamal


More information about the people mailing list