Page MenuHomeVyOS Platform

Packet Processing with eBPF and XDP
Closed, ResolvedPublicFEATURE REQUEST

Description

eBPF can be used to program the eXpress Data Path (XDP), a kernel network layer that processes packets closer to the NIC for fast packet processing.
XDP is the lowest layer of the Linux network stack.
So we can start with "set accelerated firewall".

https://github.com/xdp-project/xdp-tutorial
https://blog.cloudflare.com/how-to-drop-10-million-packets/
eBPF samples https://github.com/torvalds/linux/tree/v4.19/samples/bpf
Load programs with ip route https://medium.com/@fntlnz/load-xdp-programs-using-the-ip-iproute2-command-502043898263

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

The kernel is missing an option " CONFIG_XDP_SOCKETS y"

vyos@r-roll:~$ sudo cat /boot/config-4.19.131-amd64-vyos  | grep -i xdp
# CONFIG_XDP_SOCKETS is not set

Option set! Kernel rebuilding

c-po changed the task status from Open to Needs testing.EditedDec 17 2020, 6:15 PM
c-po triaged this task as Normal priority.

The CLI command set interfaces ethernet <interface> offload-options xdp enables the XDP generic mode on the given interface.

vyos@vyos:~$ show interfaces ethernet eth1
eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 xdpgeneric/id:151 qdisc mq state DOWN group default qlen 1000

link/ether 00:50:56:bf:ef:aa brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:febf:efaa/64 scope link tentative
   valid_lft forever preferred_lft forever

We start with XDP generic until the mode can be auto determined when installing the BPF program