Page MenuHomeVyOS Platform

Packet Processing with eBPF and XDP
Open, Requires assessmentPublicFEATURE REQUEST

Description

eBPF can be used to program the eXpress Data Path (XDP), a kernel network layer that processes packets closer to the NIC for fast packet processing.
XDP is the lowest layer of the Linux network stack.
So we can start with "set accelerated firewall".

https://github.com/xdp-project/xdp-tutorial
https://blog.cloudflare.com/how-to-drop-10-million-packets/
eBPF samples https://github.com/torvalds/linux/tree/v4.19/samples/bpf
Load programs with ip route https://medium.com/@fntlnz/load-xdp-programs-using-the-ip-iproute2-command-502043898263

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

pasik added a subscriber: pasik.Jul 2 2020, 12:27 PM

The kernel is missing an option " CONFIG_XDP_SOCKETS y"

vyos@r-roll:~$ sudo cat /boot/config-4.19.131-amd64-vyos  | grep -i xdp
# CONFIG_XDP_SOCKETS is not set
c-po added a subscriber: c-po.EditedJul 21 2020, 2:23 PM

Option set! Kernel rebuilding