Challenge 1: XDP Return Codes
As part of my newsletter, I've decided to occasionally share a short challenge or exercise with you.
My goal is to help make learning certain aspects of eBPF programming more approachable.
The exercises will vary in difficulty, and to start, today’s challenge is relatively simple.
Challenge
Given that the return code 0; usually indicates success in C programming, one might think that doing the same in XDP can’t do any harm.
But is this really the case?
What would really happen to the packet if we do return 0; in the XDP code?
The Solution
return 0; may seem not to do any harm, but it’s really the opposite.
The eBPF XDP (eXpress Data Path) program type provides five distinct return codes, each influencing the handling of network packets in a specific way:
XDP_ABORTED: Processing of the packet has failed, and it should not be further processed → Return code 0
XDP_DROP: Packet should be dropped → Return code 1
XDP_PASS: Packet should be passed up to the traditional Linux network stack for further processing → Return code 2
XDP_TX: Transmit the packet back out of the same network interface (NIC) it was received from → Return code 3
XDP_REDIRECT: Redirects the packet to a different network interface (NIC), not necessarily out → Return code 4
If you return a 0 value from an XDP program, this corresponds to XDP_ABORTED return code, which tells the kernel to abort any further processing of this packet and drop it.
Although eBPF is designed to be generally safe for runtime attachment to any system, a program like this would not only drop all incoming network traffic but also prevent one from accessing the machine via SSH to resolve the issue remotely.
In other words, you've locked your system and will need to restart it manually.
I hope you find this resource as interesting as I do. Stay tuned for more exciting developments and updates in the world of eBPF in next week's newsletter.
Until then, keep 🐝-ing!
Warm regards, Teodor