In the previous episode, we took a detailed look at uProbes with eBPF. In hindsight, it was more of an in-depth exploration of what we had seen with Tracepoints. In particular, I discovered the great tool that is bpftrace, which allowed me to take a slightly different angle on eBPF programs.
For the next episode, I needed an eBPF program that was really different from anything related to tracing. There were two categories of eBPF programs left: network-oriented and security-oriented.
As its acronym suggests, eBPF (extended Berkeley Packet Filter) was originally designed for networking. It would have been a shame not to continue this journey into the world of eBPF without exploring this essential dimension. At first, I immediately ruled out XDP: too many examples, too many articles. It would have been difficult to stand out.
But after much thought:
“Cilium mainly uses the classifier, which can be quite useful.”
“XDP is still the ultimate eBPF program.”
“Were you familiar with the classifier before you became interested in eBPF?”
“XDP is the ultimate proof that it's more powerful than Iptables.”
“XDP is the gateway to networking in eBPF.”
I ended up changing my mind.
XDP
XDP stands for eXpress Data Path.
Why “express”?
Because this eBPF program reacts very quickly, even before the packet arrives in the Linux kernel network stack!
However, this advantage comes with some constraints: we have to do some sewing in the network packet...
The rest is in my article:
XDP: The Ultra-Fast Firewall Inside Linux · The Little Jo’s Blog
An introduction to XDP with Aya
blog.littlejo.link
Top comments (0)