[XDP (eXpress Data Path) Playground](https://github.com/foxhoundsk/xlb/tree/xdp-playground)

# [XDP (eXpress Data Path) Playground](https://github.com/foxhoundsk/xlb/tree/xdp-playground) A playground for newbie to the XDP. [Slide](https://docs.google.com/presentation/d/1XIbH5RYABRJDPjxMzMRLe3MncDy7AOQz4AWKPBY7f44/edit?usp=sharing) ## Environment Setup We use Clang as compiler for the eBPF, which requires at least `v3.4.0` in order to build eBPF program. Note that [GCC also has support for eBPF since version 10](https://www.phoronix.com/scan.php?page=news_item&px=GCC-10-eBPF-Port-Lands). First, create a virtual network environment for playing with the XDP safely: ``` $ sudo ./testenv.sh setup --name=play ``` Now, we have the following environment: ``` +-----------------------------+ +-----------------------------+ | Root namespace | | Testenv namespace 'play' | | | From 'play' | | | +--------+ TX-> RX-> +--------+ | | | play +--------------------------+ veth0 | | | +--------+ <-RX <-TX +--------+ | | | From 'veth0' | | +-----------------------------+ +-----------------------------+ ``` where the network namespace is in short a separated environment against the default network namespace, which contains your phy./virt. NIC. It allows you to do arrangement for the NICs or test network configurations safely and neatly. Add an alias for convenient ops later: ``` $ alias t='sudo ip netns exec play' ``` ## Packet Dropping This lab hooks a XDP program which drops all of the incoming packets. Assume you are under the root directory of the playground, run command: ``` $ make ``` to build the eBPF programs. > If somehow your `make` command failed, it might be caused by lacking the following packages: > - gcc-multilib > - libelf-dev > > Simply install these packages solves the build error. If all goes well, we have eBPF programs located at the root directory now. `ping` the interface (`play` here) inside the root namespace to ensure that it works properly: ``` $ t ping fc00:dead:cafe:1::1 ``` Run the following command to hook the eBPF packet dropping program onto the interface we just created: ``` $ sudo ip link set dev play xdp obj play.o sec drop ``` `ping` again, still replying? ``` $ t ping fc00:dead:cafe:1::1 ``` If not, the eBPF program is now working, cheers! Note, you can check whether the XDP program is loaded by run command: ``` $ ip a ``` There should exist an entry like this: ``` 7: play@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 xdp/id:128 qdisc noqueue state UP group default qlen 1000 link/ether 96:44:47:1d:de:0f brd ff:ff:ff:ff:ff:ff link-netns play inet6 fc00:dead:cafe:1::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::9444:47ff:fe1d:de0f/64 scope link valid_lft forever preferred_lft forever ``` where `xdp/id:128` indicates that the interface has XDP program loaded, and the program has ID `128`, which may varies on your machine. ## Packet Filtering This lab hooks a XDP program which filters packet with odd sequence number within the ICMP header. Run the following command to unload the previously loaded eBPF program: ``` $ sudo ip link set dev play xdp off ``` Hook the packet filtering program onto the interface: ``` $ sudo ip link set dev play xdp obj play.o sec filter ``` `ping` the interface, how is the reply going? If you see only even seq. number `ping` replies, then we have managed to filter the odd ones with XDP. ## Tearing Down the Environment Simply run: ``` $ sudo ./testenv.sh teardown; unalias t ``` You are now outside of the playground, see ya! ## XLB Except `bpf/play.c`, `testenv.sh`, `config.sh` and `setup-env.sh`, the rest of the files are all XLB related sources. If one is interested in, `xlb_intro.md` contains its build instructions and usage. Enjoy your journey!