xdp-tutorial
xdp-tutorial copied to clipboard
xdp-project
Enlarging packet
In https://github.com/xdp-project/xdp-tutorial/tree/master/packet02-rewriting#enlarging-and-shrinking-packet-size, it mentions "there is not enough space in memory before the start of the packet (packet data is put at a fixed offset from the start of the memory page).", how can I know the fixed offset?
It's technically up to the driver to set this, and there's no way to query the kernel for the value chosen. But a common value is XDP_PACKET_HEADROOM which is 256 bytes. From this you need to subtract 32 bytes to hold a struct xdp_frame, so you can head-extend the packet by 224 bytes. Note that this space is shared with the packet metadata (set using bpf_xdp_adjust_meta()), so you can only get the full 224 bytes if you don't use the metadata area.
Thanks for your reply. :) I have two more questions. What is metadata used for? What's the difference between xdp_frame and xdp_buff? If you have some good documents/blogs, I can investigate by myself. Thanks in advance.
The metadata area is just an area that sits before the packet that XDP programs can write whatever they want to. This is also accessible from the TC BPF hook, so it can be used to communicate application-specific information between hooks. In the future, the kernel itself will start using it for metadata coming from the hardware, but that feature is still in development.
The xdp_buff structure is allocated on the stack in the drivers and used as the context object for the XDP program. But when redirecting a packet, this structure is no longer available, so a compressed version of it is allocated in the memory area before the packet data, so it follows the packet around. The xdp_frame structure is the state-compressed version, which is why it takes up space from the packet data.
Can I interpret it this way, xdp_buff represents the packet data (or it's the packet data itself?) xdp_frame is a small structure and one of its fields point to the raw packet data xdp_frame is located before packet data
No, they represent the same: it's the internal structure the kernel uses to keep track of the pointers to the packet data. The only difference is that xdp_frame is a state-compressed version of the xdp_buff struct.
Like the 'sk_buff' structure for the regular networking stack. It's an internal data structure, though, so not exposed to XDP programs at all (they see the virtual xdp_md context structure instead; the others are what the kernel uses internally to back that).