Questions tagged [xdp-bpf]

XDP/BPF and AF_XDP. XDP (eXpress Data Path) is a component of the Linux kernel working in collaboration with the networking stack to enable fast packet processing. It can be used to run BPF programs on packets at the driver level, just as they exit the NIC and before they reach the stack. Or, as AF_XDP sockets, it can be use to efficiently filter and drive packets to user space applications.

XDP (eXpress Data Path) is a component of the Linux kernel working in collaboration with the networking stack to enable fast packet processing. It can be used to run BPF programs on packets at the driver level, just as they exit the NIC (Network Interface Card) and before they reach the stack. Or, as AF_XDP sockets, it can be used to efficiently filter and drive packets to user space applications.

XDP itself mostly consists in hooks for BPF programs in network card drivers. BPF is documented in the Linux kernel documentation or as part of the Cilium documentation. There is also a tutorial to get started with XDP.

Documentation on AF_XDP can be found within the Linux kernel documentation. Assistance can also be found in the xdp-newbies mailing list.

151 questions

votes

1 answer

is it possible to build fragmented Ipv4 packet, and detect tear drop atack in xdp / ebpf program?

Well, i'm trying to realize tear drop atack packet filtering based on the eBPF and xdp driver. And i dont know how to do it... Is it possible to detect ipv4 fragment overlaping by using these instruments?

ebpf xdp-bpf

asked Mar 13 '20 at 00:42

Ivan Kamynin

votes

1 answer

BPF: `bpf_obj_get_info_by_fd` fails with `Invalid argument`

I try to get the fd of the BPF_MAP_TYPE_XSKMAP in my user-space program. This is the code: ret = bpf_get_link_xdp_id(cfg->ifindex, &cfg->prog_id, cfg->xdp_flags); if (ret) { fprintf(stderr, "`bpf_get_link_xdp_id` returned error: %s\n",…

c linux sockets xdp-bpf

asked Mar 12 '20 at 12:48

binaryBigInt

1,526
2
18
44

votes

0 answers

samples/bpf/xdpsock_user.c:xsk_configure_socket:331: errno: 1/"Operation not permitted"

I have a similar issue to XDP program ip link error: Prog section rejected: Operation not permitted, except on Linux 5.4.0. I am able to run some XDP eBPF programs, but not AF_XDP: ➜ uname -r 5.4.0 ➜ sudo strace -e bpf ./xdpsock -i eth0 -t -q1…

linux networking ebpf xdp-bpf

asked Mar 11 '20 at 20:48

akn320

votes

1 answer

AF_XDP: map `(SRC-IP, DST-IP, DST-Port)` to index to `BPF_MAP_TYPE_XSKMAP`

I want to spawn multiple user-space processes with each one processing packets from a single source (triple of (SRC-IP, DST-IP, DST-Port)). Because there are going to pass a lot of packets through the AF-XDP kernel program and time is critical, I…

linux networking xdp-bpf

asked Mar 09 '20 at 11:09

binaryBigInt

1,526
2
18
44

votes

0 answers

AF_XDP: Relationship between `FRAME_SIZE` and actual size of packet

My AF-XDP userspace program is based on this tutorial: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP I am currently trying to parse ~360.000 RTP-packets per second (checking for continuous sequence numbers) but I loose…

c linux sockets bpf xdp-bpf

asked Mar 04 '20 at 10:00

binaryBigInt

1,526
2
18
44

votes

1 answer

AF-XDP: How do I get `ctx->data_meta` from kernel into user-space?

I want to measure packet latency for my AF-XDP program. I was looking at this reference: https://github.com/xdp-project/xdp-project/blob/master/areas/arm64/xdp_for_tsn.org and adapted it to this: SEC("xdp_sock") int xdp_sock_prog(struct xdp_md *ctx)…

c linux sockets kernel xdp-bpf

asked Mar 02 '20 at 11:28

binaryBigInt

1,526
2
18
44

votes

1 answer

AF_XDP: No packets from multicast although steered on RX-Queue 0

I am still playing with the AF_XDP socket and my program is still largely based on: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP I now want to receive multiple multicast streams (which works fine the way I register the…

c linux sockets bpf xdp-bpf

asked Feb 27 '20 at 15:08

binaryBigInt

1,526
2
18
44

votes

1 answer

AF_XDP - userspace program continues to receive `ping` packets even though `XDP_DROP` in Kernel

I started my application from this repository: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP Just as a "proof of concept" I wanted to change the supplied application to drop every other received packet in the…

c linux xdp-bpf

asked Feb 21 '20 at 15:01

binaryBigInt

1,526
2
18
44

votes

0 answers

AF_XDP not working on Kernel `4.18.0-25-generic`

I am currently trying to get the AF_XDP-Tutorial running from here: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP I was able to compile it but if I try to put the xdp-code into the kernel via: sudo ./af_xdp_user --dev…

linux bpf xdp-bpf

asked Feb 20 '20 at 08:15

binaryBigInt

1,526
2
18
44

votes

2 answers

C fastest way to continously write data to file

I have a string composed of some packet statistics, such as packet length, etc. I would like to store this to a csv file, but if I use the standard fprintf to write to a file, it writes incredibly slowly, and I end up losing information. How do I…

c io packet hard-drive xdp-bpf

asked Jan 14 '20 at 19:38

Sameer Khanna

votes

0 answers

stdio.h header not working with eBPF kernel program

I'm trying to see if I can use stdio.h with a simple XDP code that blocks every packet. #include #include int main() { return XDP_DROP; } This code works without stdio.h but it wouldn't compile…

ebpf xdp-bpf

asked Dec 26 '19 at 19:22

Rosè

-1

votes

1 answer

bpf verifier log is truncated, how to get the full log?

As the following, bpf verifier log is truncated at the last. How could I get the full log ? 368=mmmmmmmm fp-376=mmmmmmmm fp-432=mmmmmmmm fp-440=inv fp-448=inv fp-456=map_value fp-464=inv 389: (73) *(u8 *)(r3 +322) = r1 390: (71) r1 = *(u8 *)(r2…

bpf ebpf xdp-bpf

asked Aug 17 '21 at 10:14

hi_glenn

-1

votes

2 answers

ebpf packet filter on payload matching

I am new in ebpf & xdp topic and want to do learn it. My question is how to use ebpf filter to filter the packet on specific payload matching? for example, if the data(payload) of the packet is 1234 its passes to the network stack otherwise it…

linux linux-kernel bpf xdp-bpf

asked May 26 '20 at 23:11

Linux baby

-1

votes

1 answer

verifier failure for a xdp code computing icmp checksum?

I am using xdp(use XDP_TX action) to construct an icmp resv packets. linux: centos8 kernel 4.18.0-80.el8.x86_64 llvm: 7.0.1 clang: clang version 7.0.1 (tags/RELEASE_701/final) Here is my code: SEC("xdp_icmp") int _xdp_icmp(struct xdp_md *xdp) { …

c linux-kernel bpf xdp-bpf

asked Feb 04 '20 at 08:44

Vector

-2

votes

1 answer

How to create a graph of packets received vs packets allowed to pass

I have an XDP program where I am dropping every other packet received on the loopback device (will use a physical device in the future). I would like to create a graph of how many packets are received by the device (or the xdp program) vs how many…

linux network-programming analytics ebpf xdp-bpf

asked Jan 05 '22 at 17:18

rhoward

Prev 1 2 3

…