Page MenuHomeVyOS Platform

XDP broken for VLAN/vif interfaces with hardware offloading
Confirmed, Requires assessmentPublicBUG

Description

By default it seems that hardware offloading for 802.1q frames, breaks XDP to see and thus forward them to the correct place. Disabling it fixes it...
The VyOS instance will still be able to ping/generate frames to send onto devices within those networks, but frames being routed by XDP disappear.

# sudo xdp_stats -d eth3

Collecting stats from BPF map
 - BPF map (bpf_map_type:6) id:89 name:xdp_stats_map key_size:4 value_size:16 max_entries:5
XDP-action
XDP_ABORTED            0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:0.250128
XDP_DROP               0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:0.250130
XDP_PASS       233320526 pkts (      2970 pps)    15915955 Kbytes (     1 Mbits/s) period:0.250135
XDP_TX                 0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:0.250141
XDP_REDIRECT        1269 pkts (         0 pps)          84 Kbytes (     0 Mbits/s) period:0.250147

XDP-action
XDP_ABORTED            0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:2.000229
XDP_DROP               0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:2.000235
XDP_PASS       233326590 pkts (      3032 pps)    15916331 Kbytes (     2 Mbits/s) period:2.000235
XDP_TX                 0 pkts (         0 pps)           0 Kbytes (     0 Mbits/s) period:2.000236
XDP_REDIRECT        1269 pkts (         0 pps)          84 Kbytes (     0 Mbits/s) period:2.000237

# sudo ethtool -k eth3 | grep vlan
 rx-vlan-offload: on
 tx-vlan-offload: on

# ethtool --offload bond0 rxvlan off txvlan off
# sudo ethtool -k eth3 | grep vlan
 rx-vlan-offload: off
 tx-vlan-offload: off

XDP_REDIRECT will no longer increment and hosts will receive frames as expected again.

Details

Difficulty level
Unknown (require assessment)
Version
1.4 Rolling
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

c-po changed the task status from Open to Confirmed.Jan 18 2022, 5:41 AM
c-po added a subscriber: c-po.

The XDP proof of concept program that is availbale in 1.4 does not support 802.1q - those headers are not parsed and processed.