Tizian-Maxime-Weigt/l3-l4-forwarding-in-xdp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Tizian Maxime Weigt 8f988b0a0f xdp: Fix L4 header bounds checking and IPv6 extension header parsing in l3fwd 
Fix critical bounds checking issues and add proper IPv6 extension header
support in XDP L3 forwarding program.

Issues fixed:

1. L4 Header Bounds Checking
   - Previous code checked bounds for udphdr size (8 bytes) but then
     accessed tcphdr struct (20+ bytes), causing potential out-of-bounds
     reads and verifier rejection
   - Now each protocol (TCP/UDP) has separate, proper bounds validation
     before accessing headers

2. IPv6 Extension Header Parsing
   - Added skip_ip6hdrext() function to parse IPv6 extension headers
     (Hop-by-Hop, Routing, Fragment, Destination Options, AH, MH)
   - Ensures accurate L4 protocol identification and flow tracking for
     IPv6 packets with extension headers
   - Supports up to 6 chained extension headers with fallback

3. PERCPU Map Performance
   - Changed bpf_map_update_elem() flag from BPF_NOEXIST to BPF_ANY
   - Eliminates unnecessary overhead since PERCPU maps have no
     contention and lookup-update race window is negligible

4. L4 Offset Calculation
   - Properly calculate L4 header offset separately for bounds checking
   - Use offset-based addressing instead of pointer arithmetic for
     verifier compliance

These fixes ensure the program passes BPF verifier checks, handles all
packet types correctly, and only records flow statistics for packets
that successfully pass FIB lookup and port validation.

Tested with: IPv4/IPv6 traffic, VLAN-tagged packets, IPv6 with extension
headers (fragmentation, routing headers), TCP/UDP flows.
2025-10-28 13:05:26 +00:00
LICENSE
Initial commit
2025-10-27 16:01:24 +00:00
main.c
xdp: Fix L4 header bounds checking and IPv6 extension header parsing in l3fwd
2025-10-28 13:05:26 +00:00
main.o
Adding precompiled version of code to easy use.
2025-10-27 23:01:29 +01:00
README.md
README.md aktualisiert
2025-10-28 09:36:31 +00:00

README.md

l3-forwarding-xdp

L3/L4 XDP-based forwarding system for BIRD and Linux routers for achieving line-speed forwarding.

This project implements Layer 3 (IP) and Layer 4 (TCP/UDP) packet forwarding using eBPF and XDP (eXpress Data Path). It leverages the high-performance capabilities of XDP for efficient packet processing in the Linux kernel with bird or FRR.

Note: xdp-tools is highly recommended for loading and managing the XDP program.

Installation

Install the necessary dependencies using apt:

apt update
apt install clang llvm libbpf-dev libelf-dev pkg-config make git bpftool xdp-tools

Compilation

Compile the eBPF program from the source code:

clang -O2 -g -Wall -target bpf -D__BPF_TRACING__  -I /usr/src/linux-headers-$(uname -r)/include   -c main.c -o main.o

This will generate the object file main.o which contains the compiled eBPF code.

Usage

Attach to the Interface

Load the XDP program onto a network interface (e.g., eth0):

xdp-loader load eth0 ./main.o

Check the status of loaded XDP programs:

xdp-loader status

Monitoring and Debugging

Use bpftool to inspect maps and statistics:

bpftool map show

These commands will display information about the eBPF maps used in the program, such as flow statistics.

Unloading the Program

To unload the XDP program from the interface:

xdp-loader unload eth0
Description
L3-L4 xdp based forwarding / offloading for archiving line rates with linux based routers
Readme Apache-2.0 126 KiB
Languages
C 100%