Express Data Path (XDP) is a safe, programmable, high-performance, kernel-integrated packet processor in the Linux network data path that executes BPF programs when the NIC driver receives a packet. This allows XDP programs to make decisions regarding the received packet (drop, modify, or just allow it) at the earliest possible point in time.
The execution point is not the only aspect that makes XDP programs fast; other design decisions play a role in that:
There are no memory allocations while doing packet processing with XDP.
XDP programs work only with linear, unfragmented packets and have the start and end pointers of the packet.
There’s no access to full packet metadata, which is why the input context this kind of program receives will be of type
xdp_buff instead of the
sk_buff struct you encountered in Chapter 6.
Because they are eBPF programs, XDP programs have a bounded execution time, and the consequence of this is that their usage has a fixed cost in the networking pipeline.
When talking about XDP, it is important to remember that it is not a kernel bypass mechanism; it is designed to be integrated with other kernel components and the internal Linux security model.
xdp_buff struct is used to present a packet context to a BPF program that uses the direct packet access mechanism provided by the XDP framework. Think of it as a “lightweight” version of the
The difference between the two is that
sk_buff also holds and ...