From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f41.google.com ([209.85.218.41]:36405 "EHLO mail-oi0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932424AbeD0Nl5 (ORCPT ); Fri, 27 Apr 2018 09:41:57 -0400 Received: by mail-oi0-f41.google.com with SMTP id v2-v6so1607842oif.3 for ; Fri, 27 Apr 2018 06:41:56 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: Bobby Powers Date: Fri, 27 Apr 2018 09:41:55 -0400 Message-ID: Subject: Re: egress packet filtering Content-Type: text/plain; charset="UTF-8" Sender: xdp-newbies-owner@vger.kernel.org List-ID: To: Edward Cree Cc: xdp-newbies@vger.kernel.org On Fri, Apr 27, 2018 at 9:36 AM, Edward Cree wrote: > The higher performance of XDP is because the processing, being done in > the driver, happens earlier in the RX path (thus avoiding the bulk of > network stack processing for packets that e.g. are only going to be > dropped anyway). > But on TX, the analogous driver code would be the _last_ thing in the > path, rather than the first, so in such a case the `tc` approach > should probably perform better than an XDP analogue. Thanks, that is super useful for my mental model! Does that mean it is possible (if slow) to use an XDP filter for TX? I attached a simple one based on the DDOS filter from here: https://github.com/netoptimizer/prototype-kernel/tree/master/kernel/samples/bpf that just debug logged IPs + ports, and I only seemed to see incoming (and not outgoing) packets in the logs. Is there a different/extra flag to pass to have an XDP filter run on TX? yours, Bobby