This directory contains tools for using XDP and, importantly, provides examples.
The xdp_loader program can attach one of three programs to a network device.
Those programs, specified via the -program flag, can be:
pass- Allow all traffic, passing it on to the kernel network stack.drop- Drop all traffic before it hits the kernel network stack.tcpdump- Use anAF_XDPsocket to print all network traffic. Unlike the normaltcpdumptool, intercepted packets are not also passed to the kernel network stack.
The XDP pass and drop programs simply allow or drop all traffic on a given NIC. These examples give an idea of how to use the Cilium eBPF library and how to build eBPF programs within gVisor.
The code supporting tcpdump is a minimal example of using an AF_XDP socket
to receive packets. There are very few other examples of AF_XDP floating
around the internet. They all use the in-tree libbpf library
unfortunately.1
The XDP project has a useful example that uses libbpf. One must also look at libbpf itself to understand what's really going on.
- Kernel version < 5.4 has some weird offsets behavior. Just don't run on those machines.
- Implement SHARED, although it looks like we usually run with only 1 dispatcher.
- Add a -redirect $fromdev $todev option in order to test fast path.
Footnotes
-
XDP functionality has since moved to libxdp, but nobody seems to be using it yet. ↩