1.. SPDX-License-Identifier: GPL-2.0 2 3====== 4AF_XDP 5====== 6 7Overview 8======== 9 10AF_XDP is an address family that is optimized for high performance 11packet processing. 12 13This document assumes that the reader is familiar with BPF and XDP. If 14not, the Cilium project has an excellent reference guide at 15http://cilium.readthedocs.io/en/doc-1.0/bpf/. 16 17Using the XDP_REDIRECT action from an XDP program, the program can 18redirect ingress frames to other XDP enabled netdevs, using the 19bpf_redirect_map() function. AF_XDP sockets enable the possibility for 20XDP programs to redirect frames to a memory buffer in a user-space 21application. 22 23An AF_XDP socket (XSK) is created with the normal socket() 24syscall. Associated with each XSK are two rings: the RX ring and the 25TX ring. A socket can receive packets on the RX ring and it can send 26packets on the TX ring. These rings are registered and sized with the 27setsockopts XDP_RX_RING and XDP_TX_RING, respectively. It is mandatory 28to have at least one of these rings for each socket. An RX or TX 29descriptor ring points to a data buffer in a memory area called a 30UMEM. RX and TX can share the same UMEM so that a packet does not have 31to be copied between RX and TX. Moreover, if a packet needs to be kept 32for a while due to a possible retransmit, the descriptor that points 33to that packet can be changed to point to another and reused right 34away. This again avoids copying data. 35 36The UMEM consists of a number of equally size frames and each frame 37has a unique frame id. A descriptor in one of the rings references a 38frame by referencing its frame id. The user space allocates memory for 39this UMEM using whatever means it feels is most appropriate (malloc, 40mmap, huge pages, etc). This memory area is then registered with the 41kernel using the new setsockopt XDP_UMEM_REG. The UMEM also has two 42rings: the FILL ring and the COMPLETION ring. The fill ring is used by 43the application to send down frame ids for the kernel to fill in with 44RX packet data. References to these frames will then appear in the RX 45ring once each packet has been received. The completion ring, on the 46other hand, contains frame ids that the kernel has transmitted 47completely and can now be used again by user space, for either TX or 48RX. Thus, the frame ids appearing in the completion ring are ids that 49were previously transmitted using the TX ring. In summary, the RX and 50FILL rings are used for the RX path and the TX and COMPLETION rings 51are used for the TX path. 52 53The socket is then finally bound with a bind() call to a device and a 54specific queue id on that device, and it is not until bind is 55completed that traffic starts to flow. 56 57The UMEM can be shared between processes, if desired. If a process 58wants to do this, it simply skips the registration of the UMEM and its 59corresponding two rings, sets the XDP_SHARED_UMEM flag in the bind 60call and submits the XSK of the process it would like to share UMEM 61with as well as its own newly created XSK socket. The new process will 62then receive frame id references in its own RX ring that point to this 63shared UMEM. Note that since the ring structures are single-consumer / 64single-producer (for performance reasons), the new process has to 65create its own socket with associated RX and TX rings, since it cannot 66share this with the other process. This is also the reason that there 67is only one set of FILL and COMPLETION rings per UMEM. It is the 68responsibility of a single process to handle the UMEM. 69 70How is then packets distributed from an XDP program to the XSKs? There 71is a BPF map called XSKMAP (or BPF_MAP_TYPE_XSKMAP in full). The 72user-space application can place an XSK at an arbitrary place in this 73map. The XDP program can then redirect a packet to a specific index in 74this map and at this point XDP validates that the XSK in that map was 75indeed bound to that device and ring number. If not, the packet is 76dropped. If the map is empty at that index, the packet is also 77dropped. This also means that it is currently mandatory to have an XDP 78program loaded (and one XSK in the XSKMAP) to be able to get any 79traffic to user space through the XSK. 80 81AF_XDP can operate in two different modes: XDP_SKB and XDP_DRV. If the 82driver does not have support for XDP, or XDP_SKB is explicitly chosen 83when loading the XDP program, XDP_SKB mode is employed that uses SKBs 84together with the generic XDP support and copies out the data to user 85space. A fallback mode that works for any network device. On the other 86hand, if the driver has support for XDP, it will be used by the AF_XDP 87code to provide better performance, but there is still a copy of the 88data into user space. 89 90Concepts 91======== 92 93In order to use an AF_XDP socket, a number of associated objects need 94to be setup. 95 96Jonathan Corbet has also written an excellent article on LWN, 97"Accelerating networking with AF_XDP". It can be found at 98https://lwn.net/Articles/750845/. 99 100UMEM 101---- 102 103UMEM is a region of virtual contiguous memory, divided into 104equal-sized frames. An UMEM is associated to a netdev and a specific 105queue id of that netdev. It is created and configured (frame size, 106frame headroom, start address and size) by using the XDP_UMEM_REG 107setsockopt system call. A UMEM is bound to a netdev and queue id, via 108the bind() system call. 109 110An AF_XDP is socket linked to a single UMEM, but one UMEM can have 111multiple AF_XDP sockets. To share an UMEM created via one socket A, 112the next socket B can do this by setting the XDP_SHARED_UMEM flag in 113struct sockaddr_xdp member sxdp_flags, and passing the file descriptor 114of A to struct sockaddr_xdp member sxdp_shared_umem_fd. 115 116The UMEM has two single-producer/single-consumer rings, that are used 117to transfer ownership of UMEM frames between the kernel and the 118user-space application. 119 120Rings 121----- 122 123There are a four different kind of rings: Fill, Completion, RX and 124TX. All rings are single-producer/single-consumer, so the user-space 125application need explicit synchronization of multiple 126processes/threads are reading/writing to them. 127 128The UMEM uses two rings: Fill and Completion. Each socket associated 129with the UMEM must have an RX queue, TX queue or both. Say, that there 130is a setup with four sockets (all doing TX and RX). Then there will be 131one Fill ring, one Completion ring, four TX rings and four RX rings. 132 133The rings are head(producer)/tail(consumer) based rings. A producer 134writes the data ring at the index pointed out by struct xdp_ring 135producer member, and increasing the producer index. A consumer reads 136the data ring at the index pointed out by struct xdp_ring consumer 137member, and increasing the consumer index. 138 139The rings are configured and created via the _RING setsockopt system 140calls and mmapped to user-space using the appropriate offset to mmap() 141(XDP_PGOFF_RX_RING, XDP_PGOFF_TX_RING, XDP_UMEM_PGOFF_FILL_RING and 142XDP_UMEM_PGOFF_COMPLETION_RING). 143 144The size of the rings need to be of size power of two. 145 146UMEM Fill Ring 147~~~~~~~~~~~~~~ 148 149The Fill ring is used to transfer ownership of UMEM frames from 150user-space to kernel-space. The UMEM indicies are passed in the 151ring. As an example, if the UMEM is 64k and each frame is 4k, then the 152UMEM has 16 frames and can pass indicies between 0 and 15. 153 154Frames passed to the kernel are used for the ingress path (RX rings). 155 156The user application produces UMEM indicies to this ring. 157 158UMEM Completetion Ring 159~~~~~~~~~~~~~~~~~~~~~~ 160 161The Completion Ring is used transfer ownership of UMEM frames from 162kernel-space to user-space. Just like the Fill ring, UMEM indicies are 163used. 164 165Frames passed from the kernel to user-space are frames that has been 166sent (TX ring) and can be used by user-space again. 167 168The user application consumes UMEM indicies from this ring. 169 170 171RX Ring 172~~~~~~~ 173 174The RX ring is the receiving side of a socket. Each entry in the ring 175is a struct xdp_desc descriptor. The descriptor contains UMEM index 176(idx), the length of the data (len), the offset into the frame 177(offset). 178 179If no frames have been passed to kernel via the Fill ring, no 180descriptors will (or can) appear on the RX ring. 181 182The user application consumes struct xdp_desc descriptors from this 183ring. 184 185TX Ring 186~~~~~~~ 187 188The TX ring is used to send frames. The struct xdp_desc descriptor is 189filled (index, length and offset) and passed into the ring. 190 191To start the transfer a sendmsg() system call is required. This might 192be relaxed in the future. 193 194The user application produces struct xdp_desc descriptors to this 195ring. 196 197XSKMAP / BPF_MAP_TYPE_XSKMAP 198---------------------------- 199 200On XDP side there is a BPF map type BPF_MAP_TYPE_XSKMAP (XSKMAP) that 201is used in conjunction with bpf_redirect_map() to pass the ingress 202frame to a socket. 203 204The user application inserts the socket into the map, via the bpf() 205system call. 206 207Note that if an XDP program tries to redirect to a socket that does 208not match the queue configuration and netdev, the frame will be 209dropped. E.g. an AF_XDP socket is bound to netdev eth0 and 210queue 17. Only the XDP program executing for eth0 and queue 17 will 211successfully pass data to the socket. Please refer to the sample 212application (samples/bpf/) in for an example. 213 214Usage 215===== 216 217In order to use AF_XDP sockets there are two parts needed. The 218user-space application and the XDP program. For a complete setup and 219usage example, please refer to the sample application. The user-space 220side is xdpsock_user.c and the XDP side xdpsock_kern.c. 221 222Naive ring dequeue and enqueue could look like this:: 223 224 // typedef struct xdp_rxtx_ring RING; 225 // typedef struct xdp_umem_ring RING; 226 227 // typedef struct xdp_desc RING_TYPE; 228 // typedef __u32 RING_TYPE; 229 230 int dequeue_one(RING *ring, RING_TYPE *item) 231 { 232 __u32 entries = ring->ptrs.producer - ring->ptrs.consumer; 233 234 if (entries == 0) 235 return -1; 236 237 // read-barrier! 238 239 *item = ring->desc[ring->ptrs.consumer & (RING_SIZE - 1)]; 240 ring->ptrs.consumer++; 241 return 0; 242 } 243 244 int enqueue_one(RING *ring, const RING_TYPE *item) 245 { 246 u32 free_entries = RING_SIZE - (ring->ptrs.producer - ring->ptrs.consumer); 247 248 if (free_entries == 0) 249 return -1; 250 251 ring->desc[ring->ptrs.producer & (RING_SIZE - 1)] = *item; 252 253 // write-barrier! 254 255 ring->ptrs.producer++; 256 return 0; 257 } 258 259 260For a more optimized version, please refer to the sample application. 261 262Sample application 263================== 264 265There is a xdpsock benchmarking/test application included that 266demonstrates how to use AF_XDP sockets with both private and shared 267UMEMs. Say that you would like your UDP traffic from port 4242 to end 268up in queue 16, that we will enable AF_XDP on. Here, we use ethtool 269for this:: 270 271 ethtool -N p3p2 rx-flow-hash udp4 fn 272 ethtool -N p3p2 flow-type udp4 src-port 4242 dst-port 4242 \ 273 action 16 274 275Running the rxdrop benchmark in XDP_DRV mode can then be done 276using:: 277 278 samples/bpf/xdpsock -i p3p2 -q 16 -r -N 279 280For XDP_SKB mode, use the switch "-S" instead of "-N" and all options 281can be displayed with "-h", as usual. 282 283Credits 284======= 285 286- Björn Töpel (AF_XDP core) 287- Magnus Karlsson (AF_XDP core) 288- Alexander Duyck 289- Alexei Starovoitov 290- Daniel Borkmann 291- Jesper Dangaard Brouer 292- John Fastabend 293- Jonathan Corbet (LWN coverage) 294- Michael S. Tsirkin 295- Qi Z Zhang 296- Willem de Bruijn 297 298