lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 1 Apr 2019 16:25:47 +0000
From:   Jonathan Lemon <>
To:     William Tu <>
CC:     "" <>,
        Magnus Karlsson <>,
        Björn Töpel <>,
        "" <>,
        Saeed Mahameed <>
Subject: Re: [RFC] xdp, multiple rss objects

On 30 Mar 2019, at 8:52, William Tu wrote:

> Hi Jonathan,
> Sorry I don't have good suggestions but I have a couple of questions.
> On Fri, Mar 29, 2019 at 9:17 AM Jonathan Lemon <> wrote:
>> Background:
>> With AF_XDP, packets are placed on queues which are serviced directly 
>> from
>> an application running in user space, which promises greatly 
>> increased
>> performance.  However, not all incoming packets should be delivered 
>> to the
>> application; there may be management traffic, or packets which should 
>> be
>> handled by normal Linux networking applications.
> I thought we can put a XDP program to filter for AF_XDP.
> So pass the management traffic to normal linux networking stack, and
> other traffic to AF_XDP socket. Does this help?

It's not an ideal situation - the CPU still has to handle the redirected

>> Having the AF_XDP application handle the packets and return them to 
>> the
>> kernel for processing is not ideal, nor is adding a bpf filter at the 
>> kernel
>> level which performs the redirection.  It would be nicer if the 
>> redirection
>> was done in the NIC itself.  Fortunately, there is a facility for 
>> this: the
>> RX network flow classification.
> May I know your use case for packets handled in AF_XDP, and then
> return/re-inject to kernel?
> Our case is that when packets received from AF_XDP netdev, we want
> to forward to a vm (tun/tap) or container (veth), so have to reinject 
> to kernel.

One of the cases I'm targeting is QUIC, another is a custom application. 
both cases these AF_XDP applications are not the only thing running on 
the box.
Packets for these applications would be received, and then sent out 
while packets for other apps would be handled via the kernel normally.

Powered by blists - more mailing lists