gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/tools/xdp/README.md (about) 1 # XDP 2 3 This directory contains tools for using XDP and, importantly, provides examples. 4 5 The `xdp_loader` program can attach one of three programs to a network device. 6 Those programs, specified via the `-program` flag, can be: 7 8 - `pass` - Allow all traffic, passing it on to the kernel network stack. 9 - `drop` - Drop all traffic before it hits the kernel network stack. 10 - `tcpdump` - Use an `AF_XDP` socket to print all network traffic. Unlike the 11 normal `tcpdump` tool, intercepted packets are not also passed to the kernel 12 network stack. 13 14 # How do the examples work? 15 16 ## `XDP` 17 18 The XDP pass and drop programs simply allow or drop all traffic on a given NIC. 19 These examples give an idea of how to use the Cilium eBPF library and how to 20 build eBPF programs within gVisor. 21 22 ## `AF_XDP` 23 24 The code supporting `tcpdump` is a minimal example of using an `AF_XDP` socket 25 to receive packets. There are very few other examples of `AF_XDP` floating 26 around the internet. They all use the in-tree libbpf library 27 unfortunately.[^libxdp] 28 29 The XDP project has a useful [example][af_xdp_tutorial] that uses libbpf. One 30 must also look at [libbpf itself][libbpf] to understand what's really going on. 31 32 ## TODO 33 34 - Kernel version < 5.4 has some weird offsets behavior. Just don't run on 35 those machines. 36 - Implement SHARED, although it looks like we usually run with only 1 37 dispatcher. 38 - Add a -redirect $fromdev $todev option in order to test fast path. 39 40 [af_xdp_tutorial]: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP 41 [libbpf]: https://github.com/torvalds/linux/tree/master/tools/testing/selftests/bpf/xsk.c 42 [^libxdp]: XDP functionality has since moved to libxdp, but nobody seems to be 43 using it yet.