Speakers
Description
XDP has come a long way in the Linux kernel's networking stack, powering use cases ranging from high-performance load balancers (e.g., Katran, Unimog, Cilium) and DDoS scrubbing engines (e.g., L4Drop) to firewalls, gateways, and beyond. While the core XDP building blocks were merged into the kernel nearly a decade ago, several limitations remain today.
In this talk, we propose a redesign of the XDP API to better address future needs. The work includes a conversion to bpf_mprog to enable multi-attach capabilities - introduced with tcx and later extended to per-cgroup programs - along with support for per-queue / RSS-context attachment of BPF programs, TX-side attachment (particularly relevant for the AF_XDP zero-copy use case), and a discussion of how these changes impact the current / legacy API.
Although this API rework is broadly applicable, we will highlight two specific use cases: improving the integration between XDP and QEMU's AF_XDP backend, and expanding Cilium's multi-attach capabilities into XDP to provide a unified user experience.