Page MenuHomeVyOS Platform
Create Task
Maniphest T2666

Packet Processing with eBPF and XDP
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

eBPF can be used to program the eXpress Data Path (XDP), a kernel network layer that processes packets closer to the NIC for fast packet processing.
XDP is the lowest layer of the Linux network stack.
So we can start with "set accelerated firewall".

https://github.com/xdp-project/xdp-tutorial
https://blog.cloudflare.com/how-to-drop-10-million-packets/
eBPF samples https://github.com/torvalds/linux/tree/v4.19/samples/bpf
Load programs with ip route https://medium.com/@fntlnz/load-xdp-programs-using-the-ip-iproute2-command-502043898263

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

Viacheslav created this task.Jul 1 2020, 7:32 AM
pasik added a subscriber: pasik.Jul 2 2020, 12:27 PM
thomas-mangin added a subscriber: thomas-mangin.Jul 13 2020, 1:45 PM

https://lwn.net/Articles/822744/

Viacheslav added a comment.Jul 21 2020, 10:15 AM

The kernel is missing an option " CONFIG_XDP_SOCKETS y"

vyos@r-roll:~$ sudo cat /boot/config-4.19.131-amd64-vyos  | grep -i xdp
# CONFIG_XDP_SOCKETS is not set
jack9603301 added a subscriber: jack9603301.Jul 21 2020, 10:31 AM
c-po added a subscriber: c-po.EditedJul 21 2020, 2:23 PM

Option set! Kernel rebuilding

c-po claimed this task.Dec 16 2020, 6:59 AM
c-po changed the task status from Open to Needs testing.EditedDec 17 2020, 6:15 PM
c-po triaged this task as Normal priority.

The CLI command set interfaces ethernet <interface> offload-options xdp enables the XDP generic mode on the given interface.

vyos@vyos:~$ show interfaces ethernet eth1
eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 xdpgeneric/id:151 qdisc mq state DOWN group default qlen 1000

link/ether 00:50:56:bf:ef:aa brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:56ff:febf:efaa/64 scope link tentative
   valid_lft forever preferred_lft forever

We start with XDP generic until the mode can be auto determined when installing the BPF program

c-po closed this task as Resolved.Dec 28 2020, 8:30 PM
eronlloyd added a subscriber: eronlloyd.Aug 28 2021, 3:06 PM
erkin set Issue type to Feature (new functionality).Aug 29 2021, 1:59 PM
erkin removed a subscriber: Active contributors.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:21 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.