Hacker News new | past | comments | ask | show | jobs | submit login
The eXpress Data Path: Fast Programmable Packet Processing in the OS Kernel [pdf] (github.com)
39 points by okket 5 months ago | hide | past | web | favorite | 6 comments



Cloudflare is using XDP to mitigate DDoS

https://blog.cloudflare.com/how-to-drop-10-million-packets/


> With XDP we can run eBPF code in the context of a network driver.

This looks interesting, but it also looks like it was designed to run this eBPF code on the network adapter itself, when it allows it. Otherwise, why the bytecode?


The byte code is used as a target for verification, and is designed to be easily JITable on x86 and arm.

There are network cards which offer eBPF offload, but they only implement a subset of features available in the kernel. I imagine that keeping up is hard, since the technology is moving quickly.

Netronome seems to have the most advanced eBPF offload available.


Though the parent mentions AF_XDP can be used in user space, it will require BPF maps to route the queues properly.

If you’re interested in XDP and the like, also check out DPDK (BSD licensed, https://www.dpdk.org).


Also netmap, which I find easier to use: http://info.iet.unipi.it/~luigi/netmap/


Pretty cool but no mention of the implications for Spectre attacks...




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: