Chapter 7. Express Data Path
Express Data Path (XDP) is a safe, programmable, high-performance, kernel-integrated packet processor in the Linux network data path that executes BPF programs when the NIC driver receives a packet. This allows XDP programs to make decisions regarding the received packet (drop, modify, or just allow it) at the earliest possible point in time.
The execution point is not the only aspect that makes XDP programs fast; other design decisions play a role in that:
-
There are no memory allocations while doing packet processing with XDP.
-
XDP programs work only with linear, unfragmented packets and have the start and end pointers of the packet.
-
There’s no access to full packet metadata, which is why the input context this kind of program receives will be of type
xdp_buffinstead of thesk_buffstruct you encountered in Chapter 6. -
Because they are eBPF programs, XDP programs have a bounded execution time, and the consequence of this is that their usage has a fixed cost in the networking pipeline.
When talking about XDP, it is important to remember that it is not a kernel bypass mechanism; it is designed to be integrated with other kernel components and the internal Linux security model.
Note
The xdp_buff struct is used to present a packet context to a BPF program that uses the direct packet access mechanism provided by the XDP framework. Think of it as a “lightweight” version of the sk_buff.
The difference between the two is that sk_buff also holds and ...
Get Linux Observability with BPF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
