58. Berkeley Packet Filter Library
The DPDK provides an BPF library that gives the ability to load and execute Enhanced Berkeley Packet Filter (eBPF) bytecode within user-space dpdk application.
It supports basic set of features from eBPF spec. Please refer to the eBPF spec for more information. Also it introduces basic framework to load/unload BPF-based filters on eth devices (right now only via SW RX/TX callbacks).
The library API provides the following basic operations:
- Create a new BPF execution context and load user provided eBPF code into it.
- Destroy an BPF execution context and its runtime structures and free the associated memory.
- Execute eBPF bytecode associated with provided input parameter.
- Provide information about natively compiled code for given BPF context.
- Load BPF program from the ELF file and install callback to execute it on given ethdev port/queue.
58.1. Packet data load instructions
DPDK supports two non-generic instructions:
(BPF_ABS | size | BPF_LD)
(BPF_IND | size | BPF_LD) which are used to access packet data.
These instructions can only be used when execution context is a pointer to
struct rte_mbuf and have seven implicit operands.
R6 is an implicit input that must contain pointer to
R0 is an implicit output which contains the data fetched from the
R1-R5 are scratch registers
and must not be used to store the data across these instructions.
These instructions have implicit program exit condition as well. When
eBPF program is trying to access the data beyond the packet boundary,
the interpreter will abort the execution of the program. JIT compilers
therefore must preserve this property.
imm32 fields are
explicit inputs to these instructions.
(BPF_IND | BPF_W | BPF_LD) means:
uint32_t tmp; R0 = rte_pktmbuf_read((const struct rte_mbuf *)R6, src_reg + imm32, sizeof(tmp), &tmp); if (R0 == NULL) return FAILED; R0 = ntohl(*(uint32_t *)R0);
R1-R5 were scratched.
58.2. Not currently supported eBPF features
- JIT support only available for X86_64 and arm64 platforms
- tail-pointer call
- eBPF MAP
- external function calls for 32-bit platforms