diff --git a/src/21-xdp/README_en.md b/src/21-xdp/README_en.md index 2dde65f..a7aef4a 100644 --- a/src/21-xdp/README_en.md +++ b/src/21-xdp/README_en.md @@ -1,23 +1,23 @@ -# eBPF 入门实践教程二十一:使用 xdp 实现可编程包处理 +# eBPF Beginner Tutorial 21: Programmable Packet Processing with XDP -## 背景 +## Background -xdp(eXpress Data Path)是 Linux 内核中新兴的一种绕过内核的、可编程的包处理方案。相较于 cBPF,xdp 的挂载点非常底层,位于网络设备驱动的软中断处理过程,甚至早于 skb_buff 结构的分配。因此,在 xdp 上挂载 eBPF 程序适用于很多简单但次数极多的包处理操作(如防御 Dos 攻击),可以达到很高的性能(24Mpps/core)。 +XDP (eXpress Data Path) is an emerging scheme in the Linux kernel for programmable packet processing that bypasses the kernel. Compared to cBPF, XDP operates at a much lower level, residing within the network device driver's soft interrupt processing, even before the allocation of the `skb_buff` structure. Thus, eBPF programs mounted on XDP are suitable for many simple yet frequent packet processing operations (like defending against DoS attacks), achieving high performance (24Mpps/core). -## XDP 概述 +## Overview of XDP -xdp 不是第一个支持可编程包处理的系统,在此之前,以 DPDK(Data Plane Development Kit)为代表的内核旁路方案甚至能够取得更高的性能,其思路为完全绕过内核,由用户态的网络应用接管网络设备,从而避免了用户态和内核态的切换开销。然而,这样的方式具有很多天然的缺陷: +XDP isn't the first system supporting programmable packet processing. Before it, kernel-bypass solutions like DPDK (Data Plane Development Kit) could even achieve higher performance. The idea behind such solutions is to completely bypass the kernel and let user-level network applications take over network devices, eliminating the overhead of transitioning between user and kernel mode. However, this approach has inherent drawbacks: -+ 无法与内核中成熟的网络模块集成,而不得不在用户态将其重新实现; -+ 破坏了内核的安全边界,使得内核提供的很多网络工具变得不可用; -+ 在与常规的 socket 交互时,需要从用户态重新将包注入到内核; -+ 需要占用一个或多个单独的 CPU 来进行包处理; ++ Inability to integrate with mature network modules in the kernel, necessitating reimplementation in user space. ++ Breaking the kernel's security boundary, rendering many kernel-provided networking tools unusable. ++ When interacting with conventional sockets, packets must be reinjected into the kernel from user space. ++ Requires dedicating one or more separate CPUs for packet processing. -除此之外,利用内核模块和内核网络协议栈中的 hook 点也是一种思路,然而前者对内核的改动大,出错的代价高昂;后者在整套包处理流程中位置偏后,其效率不够理想。 +Additionally, using kernel modules and hook points in the kernel's network protocol stack is another approach. However, the former entails extensive kernel modifications with high error costs, while the latter, due to its position in the whole packet processing workflow, isn't as efficient. -总而言之,xdp + eBPF 为可编程包处理系统提出了一种更为稳健的思路,在某种程度上权衡了上述方案的种种优点和不足,获取较高性能的同时又不会对内核的包处理流程进行过多的改变,同时借助 eBPF 虚拟机的优势将用户定义的包处理过程进行隔离和限制,提高了安全性。 +In summary, XDP + eBPF presents a more robust approach for programmable packet processing. It balances the strengths and weaknesses of the aforementioned solutions, achieving high performance without altering the kernel's packet processing workflow too much. Moreover, the eBPF virtual machine isolates and constrains user-defined packet processing routines, enhancing security. -## 编写 eBPF 程序 +## Writing an eBPF Program ```C #include "vmlinux.h" @@ -39,9 +39,9 @@ int xdp_pass(struct xdp_md* ctx) { char __license[] SEC("license") = "GPL"; ``` -这是一段 C 语言实现的 eBPF 内核侧代码,它能够通过 xdp 捕获所有经过目标网络设备的数据包,计算其大小并输出到 `trace_pipe` 中。 +This is a kernel-side eBPF code written in C. It captures all packets passing through the target network device using XDP, calculates their size, and outputs it to `trace_pipe`. -值得注意的是,在代码中我们使用了以下注释: +It's worth noting the following annotations in the code: ```C /// @ifindex 1 @@ -49,23 +49,23 @@ char __license[] SEC("license") = "GPL"; /// @xdpopts {"old_prog_fd":0} ``` -这是由 eunomia-bpf 提供的功能,我们可以通过这样的注释告知 eunomia-bpf 加载器此 xdp 程序想要挂载的目标网络设备编号,挂载的标志和选项。 +This functionality is provided by eunomia-bpf, which allows these annotations to inform the eunomia-bpf loader about the desired target network device number, mounting flags, and options for this XDP program. -这些变量的设计基于 libbpf 提供的 API,可以通过 [patchwork](https://patchwork.kernel.org/project/netdevbpf/patch/20220120061422.2710637-2-andrii@kernel.org/#24705508) 查看接口的详细介绍。 +These variables are based on the API provided by libbpf. Detailed information about the interface can be viewed [here](https://patchwork.kernel.org/project/netdevbpf/patch/20220120061422.2710637-2-andrii@kernel.org/#24705508). -`SEC("xdp")` 宏指出 BPF 程序的类型,`ctx` 是此 BPF 程序执行的上下文,用于包处理流程。 +The `SEC("xdp")` macro indicates the type of the BPF program, while `ctx` is the execution context of this BPF program for packet processing. -在程序的最后,我们返回了 `XDP_PASS`,这表示我们的 xdp 程序会将经过目标网络设备的包正常交付给内核的网络协议栈。可以通过 [XDP actions](https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html) 了解更多 xdp 的处理动作。 +At the end of the program, we return `XDP_PASS`, signaling that our XDP program will deliver packets passing through the target network device to the kernel's network protocol stack as usual. For more on XDP actions, see [XDP actions](https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/implementation/xdp_actions.html). -## 编译运行 +## Compilation and Execution -通过容器编译: +To compile using a container: ```console docker run -it -v `pwd`/:/src/ ghcr.io/eunomia-bpf/ecc-`uname -m`:latest ``` -或是通过 `ecc` 编译: +Or compile with `ecc`: ```console $ ecc xdp.bpf.c @@ -73,13 +73,13 @@ Compiling bpf object... Packing ebpf object and config into package.json... ``` -并通过 `ecli` 运行: +Then, run with `ecli`: ```console sudo ecli run package.json ``` -可以通过如下方式查看程序的输出: +To view the program's output: ```console $ sudo cat /sys/kernel/tracing/trace_pipe @@ -89,13 +89,13 @@ $ sudo cat /sys/kernel/tracing/trace_pipe node-1939 [000] d.s11 1601.275860: bpf_trace_printk: packet size is 344 ``` -## 总结 +## Conclusion -本文介绍了如何使用 xdp 来处理经过特定网络设备的包,基于 eunomia-bpf 提供的通过注释向 libbpf 传递参数的方案,我们可以将自己编写的 xdp BPF 程序以指定选项挂载到目标设备,并在网络包进入内核网络协议栈之前就对其进行处理,从而获取高性能的可编程包处理能力。 +This article introduces how to use XDP to process packets passing through a specific network device. With eunomia-bpf's annotation-based approach for passing parameters to libbpf, we can mount our custom XDP BPF program onto the target device with specified options. This allows packet processing even before they enter the kernel's network protocol stack, achieving high-performance programmable packet processing. -如果您希望学习更多关于 eBPF 的知识和实践,可以访问我们的教程代码仓库 以获取更多示例和完整的教程。 +For those interested in further exploring eBPF, visit our tutorial code repository at for more examples and a comprehensive guide. -## 参考资料 +## References + +