-
Notifications
You must be signed in to change notification settings - Fork 50
XDP Notes
This page describes the Libtrace XDP support that has been added in libtrace 4.0.14. This format is considered experimental.
XDP (eXpress Data Path) is an eBPF based high-performance data path designed as an alternative to DPDK. Libtrace uses XDP to redirect packets directly to userspace applications bypassing the kernel IP stack altogether. XDP is only available for Linux (and requires a relatively recent kernel).
Warning: Running Libtrace with XDP will redirect all traffic on the configured interface to Libtrace. This prevents the kernel IP stack from seeing the packet altogether; be warned not to use XDP to capture from the interface used to connect to the server (i.e. over ssh) or you will lose connectivity to the server.
To build libtrace with XDP support, you will need to have the libbpf-dev and libelf-dev libraries.
Kernel version >= 4.18 is needed read support.
Kernel version >= 5.1 is needed for write support.
libelf-dev packages are available for Debian / Ubuntu and Centos / RHEL based distros and can be installed with:
Debian / Ubuntu:
sudo apt install libelf-dev
Centos / RHEL:
sudo yum install elfutils-libelf-devel
Libbpf >= 0.0.6 packages are not currently available to all distros and are best compiled from source with:
cd /usr/local/src
git clone https://github.com/libbpf/libbpf
cd libbpf/src
make
sudo make install
echo "/usr/lib64" | sudo tee -a /etc/ld.so.conf.d/lib64.conf
sudo ldconfig
Libtrace can now be compiled by following Building from source. XDP compilation support can be confirmed with a configure output which will include:
configure: Compiled with XDP capture support: Yes
If configure does not indicate this passing the configure flag --with-xdp should reveal more information on what requirements are missing.
Note: Kernel versions < 5.4 may complain about missing XDP headers and/or undeclared libbpf definitions. If this happens include the headers from libbpf in the libtrace configure command like (replace /usr/local/src/ with the path to your libbpf git clone if you cloned to a different directory):
./configure CFLAGS="-I/usr/local/src/libbpf/include/uapi"
Libtrace ships with a precompiled eBPF program which is used by Libtrace to perform RSS hashing and statistics counting. If you wish to build this yourself you are required to install the XDP requirements above along with clang >= 3.4.0, llvm >= 3.7.1 and gcc-multilib with:
Debian / Ubuntu:
sudo apt install clang llvm gcc-multilib
Centos / RHEL:
sudo yum install clang llvm
Note: LLVM's tool 'llc' must support target 'bpf', list version and supported targets with command:
llc --version
Configure will now detect the requirements to build the eBPF program. This can be confirmed by the output of configure which will include:
configure: XDP Libtrace BPF program will be compiled: Yes
If configure does not indicate this passing the configure flag --enable-ebpf-build should reveal more information on what requirements are missing.
Note: Kernel versions < 5.4 may complain about undeclared identifiers. If this happens include the UAPI headers from libbpf in the libtrace configure command like (replace /usr/local/src/ with the path to your libbpf git clone if you cloned to a different directory):
./configure CFLAGS="-I/usr/local/src/libbpf/include/uapi"
Libtrace supports loading a custom eBPF program instead of the one supplied by Libtrace. A custom eBPF program is loaded by supplying the program file along with the program name within the XDP URI such as:
xdp:/path/to/ebpf/program:programname:<interface>
Note: Loading a custom eBPF program will inhibit RSS hashing and statistics counting from being performed by eBPF and will instead be handled by Libtrace itself which may have a performance impact. If a user wants to add custom features to the eBPF program it is recommended to base their program on the Libtrace supplied eBPF program so these features are still performed by the eBPF program.