Stack Overflow
Stack Overflow

Questions tagged [xdp-bpf]

XDP/BPF and AF_XDP. XDP (eXpress Data Path) is a component of the Linux kernel working in collaboration with the networking stack to enable fast packet processing. It can be used to run BPF programs on packets at the driver level, just as they exit the NIC and before they reach the stack. Or, as AF_XDP sockets, it can be use to efficiently filter and drive packets to user space applications.

XDP (eXpress Data Path) is a component of the Linux kernel working in collaboration with the networking stack to enable fast packet processing. It can be used to run BPF programs on packets at the driver level, just as they exit the NIC (Network Interface Card) and before they reach the stack. Or, as AF_XDP sockets, it can be used to efficiently filter and drive packets to user space applications.

XDP itself mostly consists in hooks for BPF programs in network card drivers. BPF is documented in the Linux kernel documentation or as part of the Cilium documentation. There is also a tutorial to get started with XDP.

Documentation on AF_XDP can be found within the Linux kernel documentation. Assistance can also be found in the xdp-newbies mailing list.

151 questions
2
votes
1 answer

Xdp how to determine traffic direction?

How do I know inside the xdp function whether a packet is incoming or outgoing? I want to handle only outgoing packets, but I can't find how to identify them. Command example: ip link set eth1 xdpgeneric obj ebpf.o sec entry
Pagran
  • 23
  • 2
2
votes
1 answer

Unable to initialize BPF_MAP_TYPE_PERCPU_ARRAY

Here's how I'm trying to initialize a BPF_MAP_TYPE_PERCPU_ARRAY of structs to a default value. The array contains counters the user space program will read. #include #include struct xdp_stats_t { __u64…
user2233706
  • 6,148
  • 5
  • 44
  • 86
2
votes
0 answers

Unable to unload/unpin/detach BPF maps and programs in SKB mode

When a XDP program is loaded in SKB mode, I am unable to remove any maps and some programs from code. I can't remove these same BPF entities using bpftool either. Here's my code for cleaning up the entities: type BpfObjects struct { …
user2233706
  • 6,148
  • 5
  • 44
  • 86
2
votes
1 answer

Unable to unload BPF program

I am unable to unload a BPF program from code. I am using the Cilium eBPF library to load the program and netlink to add the BPF function to an interface. Here's what I'm doing: type BpfObjects struct { CollectIpsProg *ebpf.Program …
user2233706
  • 6,148
  • 5
  • 44
  • 86
2
votes
1 answer

BPF tail call not called

In the following code BPF program tail_prog is not getting tail called from main_prog: #include #include struct bpf_map_def SEC("maps") jump_table = { .type = BPF_MAP_TYPE_PROG_ARRAY, .key_size =…
user2233706
  • 6,148
  • 5
  • 44
  • 86
2
votes
0 answers

Different byte order in BPF program

I have two different types of BPF programs where I am printing the ip address with bpf_printk("%pI4", &ipv4.s_addr);. The xdp program is loaded in the loopback dev and the other is a bpf socket filter; i have a server and a client program that sends…
rhoward
  • 131
  • 2
  • 3
  • 10
2
votes
1 answer

Accessing BPF maps from kernel space

I am beginning with XDP and BPF maps. I understand that to access a BPF map from userspace, we use bpf_* syscalls. For example, bpf_map_lookup_elem() is used to lookup an element of a BPF map in the userspace program. However, I noticed that the…
diviquery
  • 569
  • 5
  • 19
2
votes
1 answer

How to read/understand the bpf kernel verifier analysis to debug the error?

I am new to XDP eBPF. I have a BPF program intended to Drop the UDP packets but it's unable to load since it gets rejected by the kernel verifier. Below is the code: #include #include #include #include…
Zarrar
  • 63
  • 3
2
votes
1 answer

write and read netfilter connectrack using eBPF/XDP

i'm working on a NAT server in pure XDP. but to have a robust nat functionality i wanted to track the connection (storing and fetching tracking data) and i was thinking about using the already exist netfilter conntrack data structure and functions…
walid barakat
  • 455
  • 1
  • 6
  • 17
2
votes
1 answer

Cannot drop outgoing traffic using XDP

I'm just learning about XDP. During my journey, I came across a case which I could not make any sense of. I was trying some fancy things on certain UDP packets when I noticed nothing was changing. So I tried to reproduce the problem with a minimal…
Yağmur Oymak
  • 467
  • 4
  • 13
2
votes
1 answer

XDP - having AF_XDP socket per destination IP/PORT?

We've made the silly mistake of writing several bpf programs (each group wrote one) to later figure out we cannot attach more than one at the same time. Now we want to redesign and make each group have their own AF_XDP socket and the eBPF program…
ben.pere
  • 303
  • 4
  • 14
2
votes
1 answer

How can I redirect traffic from one port to another in the same interface?

I need the traffic that gets into the docker container to a specific port to be redirected to another container, the ip of which I know, to another port using xdp. For this, I change the checksum of the iphdr structure: // Backup old dest address …
Alexandr Ershov
  • 45
  • 1
  • 3
2
votes
0 answers

AF_XDP-Socket vs Linux Sockets: Why does my AF-XDP Socket lose packets whereas a generic linux socket doesn't?

I am comparing AF-XDP sockets vs Linux Sockets in terms of how many packets they can process without packet-loss (packet-loss is defined as the RTP-sequence number of the current packet is not equal to the RTP-sequence number of the previous packet…
binaryBigInt
  • 1,526
  • 2
  • 18
  • 44
2
votes
1 answer

AF-XDP: Implement Shared Umem sockets

I want to implement XDP_SHARED_UMEM: https://www.kernel.org/doc/html/latest/networking/af_xdp.html#xdp-shared-umem-bind-flag The libbpf library function xsk_socket__create (https://github.com/libbpf/libbpf/blob/master/src/xsk.c) checks the…
binaryBigInt
  • 1,526
  • 2
  • 18
  • 44
2
votes
2 answers

AF_XDP: invalid indirect read from stack

I tried to implement the mapping I talked about in this post: AF_XDP: map `(SRC-IP, DST-IP, DST-Port)` to index to `BPF_MAP_TYPE_XSKMAP` My Kernelprogram has this map: struct bpf_map_def SEC("maps") xdp_packet_mapping = { .type =…
binaryBigInt
  • 1,526
  • 2
  • 18
  • 44
1
2
3
9 10