XDP RX Metadata

This document describes how an eXpress Data Path (XDP) program can access hardware metadata related to a packet using a set of helper functions, and how it can pass that metadata on to other consumers.

General Design

XDP has access to a set of kfuncs to manipulate the metadata in an XDP frame. Every device driver that wishes to expose additional packet metadata can implement these kfuncs. The set of kfuncs is declared in include/net/xdp.h via XDP_METADATA_KFUNC_xxx.

Currently, the following kfuncs are supported. In the future, as more metadata is supported, this set will grow:

__bpf_kfunc int bpf_xdp_metadata_rx_timestamp(const struct xdp_md *ctx, u64 *timestamp)

Read XDP frame RX timestamp.

Parameters

const struct xdp_md *ctx

XDP context pointer.

u64 *timestamp

Return value pointer.

Return

  • Returns 0 on success or -errno on error.

  • -EOPNOTSUPP : means device driver does not implement kfunc

  • -ENODATA : means no RX-timestamp available for this frame

__bpf_kfunc int bpf_xdp_metadata_rx_hash(const struct xdp_md *ctx, u32 *hash, enum xdp_rss_hash_type *rss_type)

Read XDP frame RX hash.

Parameters

const struct xdp_md *ctx

XDP context pointer.

u32 *hash

Return value pointer.

enum xdp_rss_hash_type *rss_type

Return value pointer for RSS type.

Description

The RSS hash type (rss_type) specifies what portion of packet headers NIC hardware used when calculating RSS hash value. The RSS type can be decoded via enum xdp_rss_hash_type either matching on individual L3/L4 bits XDP_RSS_L* or by combined traditional RSS Hashing Types XDP_RSS_TYPE_L*.

Return

  • Returns 0 on success or -errno on error.

  • -EOPNOTSUPP : means device driver doesn't implement kfunc

  • -ENODATA : means no RX-hash available for this frame

__bpf_kfunc int bpf_xdp_metadata_rx_vlan_tag(const struct xdp_md *ctx, __be16 *vlan_proto, u16 *vlan_tci)

Get XDP packet outermost VLAN tag

Parameters

const struct xdp_md *ctx

XDP context pointer.

__be16 *vlan_proto

Destination pointer for VLAN Tag protocol identifier (TPID).

u16 *vlan_tci

Destination pointer for VLAN TCI (VID + DEI + PCP)

Description

In case of success, vlan_proto contains Tag protocol identifier (TPID), usually ETH_P_8021Q or ETH_P_8021AD, but some networks can use custom TPIDs. vlan_proto is stored in network byte order (BE) and should be used as follows: if (vlan_proto == bpf_htons(ETH_P_8021Q)) do_something();

vlan_tci contains the remaining 16 bits of a VLAN tag. Driver is expected to provide those in host byte order (usually LE), so the bpf program should not perform byte conversion. According to 802.1Q standard, VLAN TCI (Tag control information) is a bit field that contains: VLAN identifier (VID) that can be read with vlan_tci & 0xfff, Drop eligible indicator (DEI) - 1 bit, Priority code point (PCP) - 3 bits. For detailed meaning of DEI and PCP, please refer to other sources.

Return

  • Returns 0 on success or -errno on error.

  • -EOPNOTSUPP : device driver doesn't implement kfunc

  • -ENODATA : VLAN tag was not stripped or is not available

An XDP program can use these kfuncs to read the metadata into stack variables for its own consumption. Or, to pass the metadata on to other consumers, an XDP program can store it into the metadata area carried ahead of the packet. Not all packets will necessary have the requested metadata available in which case the driver returns -ENODATA.

Not all kfuncs have to be implemented by the device driver; when not implemented, the default ones that return -EOPNOTSUPP will be used to indicate the device driver have not implemented this kfunc.

Within an XDP frame, the metadata layout (accessed via xdp_buff) is as follows:

+----------+-----------------+------+
| headroom | custom metadata | data |
+----------+-----------------+------+
           ^                 ^
           |                 |
 xdp_buff->data_meta   xdp_buff->data

An XDP program can store individual metadata items into this data_meta area in whichever format it chooses. Later consumers of the metadata will have to agree on the format by some out of band contract (like for the AF_XDP use case, see below).

AF_XDP

AF_XDP use-case implies that there is a contract between the BPF program that redirects XDP frames into the AF_XDP socket (XSK) and the final consumer. Thus the BPF program manually allocates a fixed number of bytes out of metadata via bpf_xdp_adjust_meta and calls a subset of kfuncs to populate it. The userspace XSK consumer computes xsk_umem__get_data() - METADATA_SIZE to locate that metadata. Note, xsk_umem__get_data is defined in libxdp and METADATA_SIZE is an application-specific constant (AF_XDP receive descriptor does _not_ explicitly carry the size of the metadata).

Here is the AF_XDP consumer layout (note missing data_meta pointer):

+----------+-----------------+------+
| headroom | custom metadata | data |
+----------+-----------------+------+
                             ^
                             |
                      rx_desc->address

XDP_PASS

This is the path where the packets processed by the XDP program are passed into the kernel. The kernel creates the skb out of the xdp_buff contents. Currently, every driver has custom kernel code to parse the descriptors and populate skb metadata when doing this xdp_buff->skb conversion, and the XDP metadata is not used by the kernel when building skbs. However, TC-BPF programs can access the XDP metadata area using the data_meta pointer.

In the future, we'd like to support a case where an XDP program can override some of the metadata used for building skbs.

bpf_redirect_map

bpf_redirect_map can redirect the frame to a different device. Some devices (like virtual ethernet links) support running a second XDP program after the redirect. However, the final consumer doesn't have access to the original hardware descriptor and can't access any of the original metadata. The same applies to XDP programs installed into devmaps and cpumaps.

This means that for redirected packets only custom metadata is currently supported, which has to be prepared by the initial XDP program before redirect. If the frame is eventually passed to the kernel, the skb created from such a frame won't have any hardware metadata populated in its skb. If such a packet is later redirected into an XSK, that will also only have access to the custom metadata.

bpf_tail_call

Adding programs that access metadata kfuncs to the BPF_MAP_TYPE_PROG_ARRAY is currently not supported.

Supported Devices

It is possible to query which kfunc the particular netdev implements via netlink. See xdp-rx-metadata-features attribute set in Documentation/netlink/specs/netdev.yaml.

Example

See tools/testing/selftests/bpf/progs/xdp_metadata.c and tools/testing/selftests/bpf/prog_tests/xdp_metadata.c for an example of BPF program that handles XDP metadata.