DEV Community: Ahmed Abir

Install GO in UBUNTU machines

Ahmed Abir — Fri, 05 Jul 2024 19:23:36 +0000

Download Source

Download source from this link Go Binaries

Unpack Packages

After downloading the binary file may be in your ~/Downloads folder from terminal
use this command

cd Downloads

Then list the items in the directory by this command

ls -l | grep go

Extract the binary files from the go1.22.2.linux-amd64.tar.gz file in the download folder (you may have download the another version) use this command

sudo tar -C /usr/local -xzf go1.22.2.linux-amd64.tar.gz

This command will extract the file into /usr/local folder

Add to PATH variable

Where the go binaries are you need to find it and then the path should be added to you path variable otherwise you will encounter some problems like go command not found by this command will be able to locate the go binary where it is

whereis go

Now copy the path and use below command

export PATH=$PATH:{your_copied_path_here}/bin

Verify Installation

Now use below command to verify your Installation

go version

How to setup Host for learning eBPF and XDP

Ahmed Abir — Fri, 05 Jul 2024 19:15:22 +0000

Install Necessary Packages

First update your linux package index

sudo apt-get update

Then install the following packages :

clang compiler for compiling eBPF programs

sudo apt-get install -y clang

llvm provides libraries and tools for manipulating intermediate code, used by clang.

sudo apt-get install -y llvm

libelf-dev helps in working with ELF (Executable and Linkable Format) files, which are used for eBPF bytecode.

sudo apt-get install -y libelf-dev

libbpf-dev library for loading and interacting with eBPF programs.

sudo apt-get install -y libbpf-dev

libpcap-dev provides functions for network packet capture, useful for testing and debugging.

sudo apt-get install -y libpcap-dev

gcc-multilib allows compiling programs for both 32-bits and 64-bits architechtures.

sudo apt-get install -y gcc-multilib

build-essential package that includes essential tools for compiling software (like gcc,make).

sudo apt-get install -y build-essential

linux-tools-common provides common tools for kernel developers.

sudo apt-get install -y linux-tools-common

linux-headers-$(uname -r) kernel headers specific to your sudoning kernel version, needed for compiling kernel modules.

sudo apt-get install -y linux-headers-$(uname -r)

linux-tools-$(uname -r) tools specific to your sudoning kernel version, useful for performance monitoring.

sudo apt-get install -y linux-tools-$(uname -r)

linux-headers-generic generic kernel headers, useful for compiling kernel modules across different kernel versions.

sudo apt-get install -y linux-headers-generic

linux-tools-generic generic tools for various kernel versions, useful for performance and debugging.

sudo apt-get install -y linux-tools-generic

iproute2 collection of utilities for network configuration and management.

sudo apt-get install -y iproute2

iputils-ping provides the ping utility for testing network connectivity.

sudo apt-get install -y iputils-ping

dwarves contains tools like pahole to inspect the structure of compiled programs.

sudo apt-get install -y dwarves

tcpdump a packet analyzer that allows you to capture and display network packets.

sudo apt-get install -y tcpdump

bind9-dnsutils provides tools for DNS querying and testing. (nslookup, dig like tools)

sudo apt-get install -y bind9-dnsutils

Install All

sudo apt-get update 

sudo apt-get install -y clang llvm libelf-dev libbpf-dev libpcap-dev gcc-multilib build-essential linux-tools-common

sudo apt-get install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-headers-generic linux-tools-generic

sudo apt-get install -y iproute2 iputils-ping dwarves tcpdump bind9-dnsutils

Get Started With XDP e-BPF

Ahmed Abir — Wed, 26 Jun 2024 08:28:00 +0000

Introduction
Why XDP and What problems does it solves
Attaching Approaches of XDP
Operation of XDP
References

Introduction

I'm beginning a series on packet processing and the basics of XDP. In this post, you'll be introduced to the use cases and benefits of XDP, as well as its various operations. This guide aims to provide a clear and professional understanding of how XDP can enhance network performance and security.

eBPF (Extended Berkeley Packet Filter)

It is a technology in the linux kernel that allows running custom code in response to various system events.

Some of the applications of this tech

Network Monitoring Analyze network traffic without delay in processing.
Security Implement custom security policies to detect anomalies.
Performance Profiling Collect performance metrics and trace system calls.

It allows deep inspection and modification of the system behaviour with minimal overhead, enhancing security, performance, and observability.

XDP (eXpress Data Path)

A feature of eBPF focused on high-performance packet processing at the network interface level.

Some of the applications of this feature

DDOS Protection Drop malicious traffic before it reaches the operating system.
Load Balancing Distribute network traffic efficiently across multiple servers.
Packet Filtering Apply custom filtering rules at the earliest point in the network stack.

It offers extremely fast packet processing capabilities, reducing latency and improving throughput.

Why XDP and What problems does it solves

In traditional way to packet processing is to kernel bypass. This technique allows applications to directly access hardware resources, such as network interface cards (NICs), without involving the operating system kernel.

How kernel bypass works?

Traditional networking involves multiple steps through the kernel (e.g., context switches, network stack processing, and interrupts).
With kernel bypass, applications or eBPF programs interact directly with the NIC, skipping these kernel steps. This kernel bypass technique has some drawbacks.
eBPF programs need to write their own drivers and handle low-level hardware interactions. This creates extra works for the developers.
Applications must implement network functions typically handled by the kernel, increasing development effort.

XDP can solve the upper drawbacks. XDP provides following advantages over the traditional technique :

Simplifies high-performance networking with eBPF.
Allows direct reading and writing of network packet data.
Enables decision-making on packet processing before kernel involvement.
XDP provides a framework that simplifies packet-processing, allowing developers to focus on the core functionality of their eBPF programs without dealing with low-level driver details.

Attaching Approaches of XDP programs

XDP (eXpress Data Path) can be attached at specific points in the network stack to enable high-performance packet processing. Here are the places where you can attach XDP programs:

Network Interface Cards (NICs)
- Driver Mode: Attaches directly to the network driver, allowing packet processing at the earliest point possible, right after the packet is received by the NIC. In this approach it is called native XDP
- Hardware Offload: Some NICs support offloading XDP programs to the hardware, which can further reduce latency and CPU usage. In this approach it is called offloaded XDP
Virtual Network Devices XDP can be attached to virtual network interfaces like veth pairs, tap devices, which are often used in container networking setups. This allows for efficient packet processing in virtualized environments.
General Networking Stack XDP can be attached at the general network stack level, providing flexibility for packet processing without requiring specific hardware support. In this approach it is called generic XDP

Operations of XDP programs

XDP programs processes network packets. So, it performs some operations on the packets. Here are the fundamental operations of XDP program can perform with the packets it recieves, once it is connected to a network interface.

XDP_DROP
- Drops the packet and does not process it further.

Use Case: Analyzing traffic patterns and using filters to drop specific types of packets, such as malicious traffic.

XDP_PASS
- Forwards the packet to the normal network stack for further processing.

Use Case: The XDP program can modify the content of the packet before it is processed by the normal network stack.

XDP_TX
- Forwards the packet, possibly modified, to the same network interface that received it.

Use Case: Immediate retransmission or forwarding on the same interface.

XDP_REDIRECT
- Bypasses the normal network stack and redirects the packet to another network interface.

Use Case: Directing traffic to a different NIC without passing through the kernel’s network stack.